68d85f6a17376aff152b3908edbee59c42ba7f2fb5e69fdd6593b9be801595f8N

Sharing

Copy URL

Twitter E-mail

General

Target

68d85f6a17376aff152b3908edbee59c42ba7f2fb5e69fdd6593b9be801595f8N
Size

52KB
MD5

ae448bfdbcb5ca18aaa5a589678d96b0
SHA1

3a4ce5a1c233a24f4b01092b22344a5f4e490205
SHA256

68d85f6a17376aff152b3908edbee59c42ba7f2fb5e69fdd6593b9be801595f8
SHA512

83c8fae291a3a8baab9243c7e3f31e3366578aa17077c7f7d20dfb18c8b7c284f54188b5f5fa8f245942df2bf23de2b7dc06167f8658bcb97ef4536a68fd8ce6
SSDEEP

1536:FEIA8a5XNCV/ZH62OGIKd8vaOQlGlWD5qo87hQos:F5uXNE/ZHHhiaOMG0D8o6GT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/aclua.dll

Files

68d85f6a17376aff152b3908edbee59c42ba7f2fb5e69fdd6593b9be801595f8N
.cab
aclua.dll
.dll windows:5 windows x86 arch:x86

561d9c3f4adeedc3b8129de8ba091885

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AcLua.pdb

Imports

ntdll

RtlInitAnsiString
RtlAnsiStringToUnicodeString
NtRaiseHardError
RtlFreeUnicodeString
NtQueryVolumeInformationFile
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenKey
NtQueryValueKey
RtlAllocateHeap
NtClose
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlUnwind
NtQueryInformationProcess
RtlFreeHeap

kernel32

GetModuleFileNameW
GetFileAttributesW
ExpandEnvironmentStringsW
GetLastError
CreateDirectoryW
MultiByteToWideChar
SetLastError
GetVolumeInformationW
CopyFileW
SetEnvironmentVariableW
GetFullPathNameW
CreateFileW
DeleteFileW
SetFileAttributesW
MoveFileW
RemoveDirectoryW
GetTempFileNameW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStructW
WritePrivateProfileStructW
WideCharToMultiByte
FileTimeToDosDateTime
GetFileTime
SearchPathA
GetFullPathNameA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FindNextFileW
FindFirstFileW
FindClose
GetEnvironmentVariableW
WriteFile
SetEndOfFile
SetFilePointer
OpenFile
_lopen
_lcreat
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
HeapCreate
HeapAlloc
HeapFree
HeapReAlloc
GetSystemWindowsDirectoryW
ReleaseMutex
WaitForSingleObject
lstrlenW
CreateMutexA
VirtualProtect
IsBadWritePtr
IsBadReadPtr
GetCurrentProcess
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
GetSystemInfo
VirtualFree
VirtualAlloc
IsBadCodePtr
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
ExitProcess
GetProcAddress
GetModuleHandleA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
VirtualQuery
LCMapStringA
LCMapStringW
HeapSize
InterlockedExchange
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
GetLongPathNameW
CloseHandle
InterlockedDecrement

advapi32

RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
MapGenericMask
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyW
RegSetValueExA
RegSetValueExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegQueryValueW
RegLoadKeyW
RegEnumKeyExW
RegCreateKeyExW
RegUnLoadKeyW
RegCloseKey
OpenProcessToken
RegQueryValueExW
RegQueryInfoKeyW

userenv

GetUserProfileDirectoryW

apphelp

SdbQueryDataExTagID
SdbOpenDatabase
SdbResolveDatabase
SdbGUIDFromString

sfc_os

SfcIsFileProtected

Exports

Exports

GetHookAPIs
LuaCopyFileW
LuaCreateDirectoryW
LuaCreateFileW
LuaDeleteFileW
LuaFSInit
LuaGetFileAttributesW
LuaGetPrivateProfileIntW
LuaGetPrivateProfileSectionW
LuaGetPrivateProfileStringW
LuaGetPrivateProfileStructW
LuaGetTempFileNameW
LuaMoveFileW
LuaRegCloseKey
LuaRegCreateKeyExW
LuaRegCreateKeyW
LuaRegDeleteKeyW
LuaRegEnumKeyExW
LuaRegEnumKeyW
LuaRegEnumValueW
LuaRegInit
LuaRegOpenKeyExW
LuaRegOpenKeyW
LuaRegQueryValueExW
LuaRegQueryValueW
LuaRegSetValueExW
LuaRegSetValueW
LuaRemoveDirectoryW
LuaSetFileAttributesW
LuaShouldApplyShim
LuaWritePrivateProfileSectionW
LuaWritePrivateProfileStringW
LuaWritePrivateProfileStructW
LuacCreateFileW
LuacDeleteFileW
LuacFSCleanup
LuacFSInit
LuacFindFirstFileW
LuacGetFileAttributesW
LuacRegCleanup
LuacRegCloseKey
LuacRegDeleteKeyW
LuacRegEnumKeyExW
LuacRegEnumKeyW
LuacRegInit
LuacRegOpenKeyExW
LuacRegOpenKeyW
LuacRemoveDirectoryW
LuatCopyFileW
LuatCreateDirectoryW
LuatCreateFileW
LuatDeleteFileW
LuatFSCleanup
LuatFSInit
LuatGetTempFileNameW
LuatMoveFileW
LuatRemoveDirectoryW
LuatSetFileAttributesW
LuatWritePrivateProfileSectionW
LuatWritePrivateProfileStringW
LuatWritePrivateProfileStructW
NotifyShims

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

561d9c3f4adeedc3b8129de8ba091885

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

userenv

apphelp

sfc_os

Exports

Exports

Sections

.text Size: 101KB - Virtual size: 100KB

.data Size: 3KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 101KB - Virtual size: 100KB

.data
Size: 3KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 8KB - Virtual size: 8KB