e645bbdcedc44ae7616a9f61e0f15d9e05199226f7cb68c0306df894b7f5bc2cN

Sharing

Copy URL Twitter E-mail

General

Target

e645bbdcedc44ae7616a9f61e0f15d9e05199226f7cb68c0306df894b7f5bc2cN
Size

330KB
MD5

c0b9f64f4a6a63069bec34422cab8de0
SHA1

15a63fa1e4d814a4bde7f85bca12c750b95aaac7
SHA256

e645bbdcedc44ae7616a9f61e0f15d9e05199226f7cb68c0306df894b7f5bc2c
SHA512

2a5da17a35e932786e36077ce025a38c4fa6cd9437cb7ba23aa2d07f6fce558e5453981fef5cffa310bb80733d4a9e7d7799c9eeea43138a8372164c91647dbc
SSDEEP

6144:Rr6StdupusON99d/M4JQB5RgLBgX0k7iEEiEEsfByAwZZS4onQFj2jwmipTKd:IGErY9hMH4YXIB7GjFj2jwNpTKd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e645bbdcedc44ae7616a9f61e0f15d9e05199226f7cb68c0306df894b7f5bc2cN

Files

e645bbdcedc44ae7616a9f61e0f15d9e05199226f7cb68c0306df894b7f5bc2cN
.exe windows:6 windows x86 arch:x86

31f3152b13087ce3a99b026cdb451163

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wksprt.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
TraceMessage
RegQueryValueExW
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteTreeW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegGetValueW
RegSetKeyValueW
IsTextUnicode

kernel32

DeleteCriticalSection
EnterCriticalSection
DeleteFileW
FreeLibrary
InitializeCriticalSection
GetTempPathW
GetSystemWindowsDirectoryW
Sleep
FlushInstructionCache
GetCurrentProcess
SetLastError
LeaveCriticalSection
GetCommandLineW
TlsFree
TlsAlloc
GetUserDefaultUILanguage
GetCurrentThreadId
GetLocaleInfoW
GetSystemDefaultUILanguage
UnmapViewOfFile
MapViewOfFile
FormatMessageW
SystemTimeToFileTime
GetSystemTime
LoadLibraryW
GetVersionExW
LocalFree
LocalAlloc
ReadFile
GetFileSize
SetFilePointer
WriteFile
GetFileAttributesW
CreateFileW
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleA
OutputDebugStringA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedPushEntrySList
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
InterlockedCompareExchange
HeapFree
HeapAlloc
GetDateFormatW
CreateFileMappingW
GetTimeFormatW
WaitForMultipleObjects
CloseHandle
TerminateThread
CreateThread
CreateEventW
SearchPathW
GetCurrentProcessId
CompareStringW
InterlockedExchange
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
CreateTimerQueue
GetModuleHandleExA
DeleteTimerQueueEx
SetEvent
WideCharToMultiByte
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetLastError

user32

UnregisterClassW
GetMessageW
LoadStringW
PostThreadMessageW
SendMessageW
PostMessageW
AllowSetForegroundWindow
CharNextW
UnregisterClassA
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
CharUpperW
SetWindowLongW
DefWindowProcW
DestroyMenu
InsertMenuItemW
CreatePopupMenu
ShowWindow
LoadIconW
RegisterWindowMessageW
EnableMenuItem
GetMenuItemCount
GetMenuItemInfoW
RemoveMenu
EndMenu
PostQuitMessage
GetCursorPos
SetForegroundWindow
TrackPopupMenuEx
CreateDialogParamW
GetWindowLongW
CallWindowProcW
GetDlgItem
GetSystemMenu
SetWindowTextW
GetActiveWindow
DialogBoxParamW
EndDialog
GetClientRect

msvcrt

calloc
wcscat_s
?what@exception@@UBEPBDXZ
wcscpy_s
_wfopen_s
_errno
fputws
fclose
memset
_callnewh
_CxxThrowException
__CxxFrameHandler3
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_purecall
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
?terminate@@YAXXZ
_vsnwprintf
realloc
_lock
_unlock
__dllonexit
_onexit
_except_handler4_common
_controlfp
memcmp
memcpy
_wcsicmp
free
malloc
swprintf_s
_resetstkoflw
_exit
swscanf
_wcslwr
towlower
_wtol
wcstok_s
toupper
_wcsnicmp
wcsncmp
bsearch
wcsncpy_s
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memcpy_s
??1type_info@@UAE@XZ
memmove_s

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize
CoResumeClassObjects
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
CoSuspendClassObjects
CoTaskMemRealloc

oleaut32

UnRegisterTypeLi
RegisterTypeLi
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayGetUBound
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
SysAllocString
VarUI4FromStr
SafeArrayRedim
SysFreeString

comctl32

InitCommonControlsEx

shell32

ShellExecuteW
Shell_NotifyIconW

crypt32

CertFreeCertificateChain
CertGetCertificateContextProperty
CryptSignMessage
CryptVerifyDetachedMessageSignature
CertCloseStore
CertVerifyCertificateChainPolicy
CryptMsgOpenToDecode
CryptMsgUpdate
CertOpenStore
CryptMsgClose
CryptBinaryToStringW
CryptProtectData
CryptStringToBinaryW
CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateCertificateChain
CryptDecodeObject
CertGetEnhancedKeyUsage
CertFindExtension
CertGetCertificateChain

webservices

WsCall
WsCreateError
WsCreateHeap
WsCreateServiceProxy
WsOpenServiceProxy
WsFreeError
WsCloseServiceProxy
WsFreeServiceProxy
WsFreeHeap
WsGetErrorProperty
WsGetErrorString
WsAddMappedHeader

shlwapi

PathIsContentTypeW
ord388
PathRemoveFileSpecW

wininet

InternetCanonicalizeUrlW
InternetCombineUrlW

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

31f3152b13087ce3a99b026cdb451163

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

comctl32

shell32

crypt32

webservices

shlwapi

wininet

Sections

.text Size: 193KB - Virtual size: 192KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 90KB - Virtual size: 89KB

.reloc Size: 38KB - Virtual size: 38KB

.text
Size: 193KB - Virtual size: 192KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 90KB - Virtual size: 89KB

.reloc
Size: 38KB - Virtual size: 38KB