79ee1c91ea5545d6de00ddedfeada11b71df432015127ea18692dd90827f0046[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

79ee1c91ea5545d6de00ddedfeada11b71df432015127ea18692dd90827f0046.exe
Size

1.5MB
MD5

d61e81f0e8eab297210d6ac0b971b1a2
SHA1

0da339927bd348696a743915bc7b6499d32fc97f
SHA256

79ee1c91ea5545d6de00ddedfeada11b71df432015127ea18692dd90827f0046
SHA512

d41007c500ec99b4dbadd319bebe7aa4bbe9e5e226cbd0f27632abdb8dd2954aefccb811c9579094b2a8c08fdec3973a0dcf8d64994c6a9338b381bdea3e6af6
SSDEEP

24576:XfWzK0OUHSihN6Qr2/1A/g4jzkQlC+eEN7tbalAK6w6hC4O8b8ITDnloH2:OzK0OUymN29A/gu7eEJtbqAK6w6hC4O+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
79ee1c91ea5545d6de00ddedfeada11b71df432015127ea18692dd90827f0046.exe

Files

79ee1c91ea5545d6de00ddedfeada11b71df432015127ea18692dd90827f0046.exe
.exe windows:5 windows x86 arch:x86

ba0ed8c3055a9f8af2300ab876d78170

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AcroRd32Exe.pdb

Imports

kernel32

OpenProcess
LockResource
FindResourceExW
GetProcessHeap
HeapSetInformation
CreateSemaphoreW
ReleaseSemaphore
GetTempPathW
AddAtomW
SetErrorMode
GetSystemTimeAsFileTime
MulDiv
GlobalFree
GlobalUnlock
GetCurrentDirectoryW
GlobalAlloc
GetSystemDirectoryW
FindFirstFileW
FindClose
lstrcmpW
lstrcmpA
LocalAlloc
GetCommandLineW
SetCurrentDirectoryW
SetDllDirectoryW
GetExitCodeProcess
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
LoadLibraryExW
lstrcmpiW
OutputDebugStringA
GetModuleFileNameW
IsProcessInJob
ProcessIdToSessionId
QueryInformationJobObject
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
RaiseException
InterlockedExchange
InterlockedExchangeAdd
InterlockedCompareExchange
GetVersion
GetFileAttributesW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
GetTickCount
GetVolumeInformationW
lstrlenW
Sleep
OpenMutexW
CreateEventW
CreateNamedPipeW
ResetEvent
CreateThread
InitializeCriticalSection
GetModuleHandleW
ConnectNamedPipe
ReadFile
WriteFile
InterlockedPopEntrySList
InterlockedPushEntrySList
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
DisconnectNamedPipe
CreateMutexW
GetCurrentProcess
LocalFree
DeleteCriticalSection
SetEvent
WaitForSingleObject
SetLastError
GetLastError
WaitNamedPipeW
GetCurrentProcessId
SetNamedPipeHandleState
TransactNamedPipe
CreateFileW
GetFileType
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
GlobalLock
SetStdHandle
WriteConsoleW
GetTimeZoneInformation
QueryPerformanceCounter
SetHandleCount
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
LCMapStringW
GetCPInfo
GetSystemInfo
VirtualAlloc
GetFullPathNameW
HeapReAlloc
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
ReleaseMutex
DeleteFileW
SetFilePointer
GetNativeSystemInfo
ExpandEnvironmentStringsW
SetInformationJobObject
GetProcessId
DuplicateHandle
CreateProcessW
GetStdHandle
TerminateProcess
ResumeThread
AssignProcessToJobObject
GetCPInfoExW
WideCharToMultiByte
GetCurrentThreadId
GetLocaleInfoW
GetLongPathNameW
WriteProcessMemory
VirtualProtectEx
TerminateThread
GetCurrentThread
QueryDosDeviceW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
GetDriveTypeW
GetEnvironmentVariableW
GetProfileStringW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
DeviceIoControl
GetFileInformationByHandle
PostQueuedCompletionStatus
UnregisterWaitEx
TerminateJobObject
GetQueuedCompletionStatus
RegisterWaitForSingleObject
CreateIoCompletionPort
DebugBreak
VirtualAllocEx
VirtualQueryEx
GetThreadContext
GetStartupInfoW
SignalObjectAndWait
VirtualFree
VirtualFreeEx
CreateJobObjectW
HeapAlloc
SearchPathW
ExitThread
VirtualQuery
ReadProcessMemory
SuspendThread
WaitForMultipleObjects
GetTempFileNameW
GetProcessTimes
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalAddAtomW
MoveFileExW
CreateDirectoryW
GetExitCodeThread
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
CreateDirectoryExW
FlushFileBuffers
FindNextFileW
GlobalSize
VirtualProtect
FlushInstructionCache
lstrlenA
GlobalHandle
GetStringTypeW
EncodePointer
DecodePointer
RtlUnwind
HeapFree
HeapCreate
HeapDestroy
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress

user32

GetDC
ReleaseDC
RegisterClipboardFormatW
DispatchMessageW
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
DdeDisconnect
DdeConnect
DdeCreateDataHandle
SystemParametersInfoW
PostThreadMessageW
GetThreadDesktop
GetProcessWindowStation
CloseWindowStation
GetDesktopWindow
CreateWindowStationW
CreateDesktopW
GetUserObjectInformationW
GetActiveWindow
SetTimer
GetAsyncKeyState
GetWindowInfo
UnregisterClassW
RegisterClassW
EnumChildWindows
EnableWindow
SetWindowTextW
GetRawInputDeviceList
GetRawInputDeviceInfoW
SetWindowPos
GetWindowRect
GetWindowTextLengthW
CreateIconFromResourceEx
UnhookWindowsHookEx
SetDlgItemTextW
SetWindowsHookExW
GetParent
FindWindowExW
SendDlgItemMessageW
LoadIconW
DdeClientTransaction
CloseWindow
SetActiveWindow
IsWindowEnabled
GetClipboardFormatNameA
OpenClipboard
CloseClipboard
GetClipboardData
EmptyClipboard
SetClipboardData
IsClipboardFormatAvailable
EnumClipboardFormats
CountClipboardFormats
GetClipboardFormatNameW
GetClipboardSequenceNumber
GetClipboardOwner
GetPriorityClipboardFormat
GetClipboardViewer
LoadCursorW
SetFocus
GetFocus
MoveWindow
GetClientRect
UpdateWindow
GetClassInfoExW
IsChild
GetMessageW
GetSysColor
ClientToScreen
ScreenToClient
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
ReleaseCapture
FillRect
CallWindowProcW
EndPaint
BeginPaint
DestroyAcceleratorTable
CreateAcceleratorTableW
IsDialogMessageW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
SetCursor
LoadBitmapW
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamW
GetWindowDC
PostQuitMessage
UnregisterClassA
DdeAddData
DdeGetData
EnumThreadWindows
IsWindowVisible
DdeInitializeW
DdeUninitialize
DdeFreeStringHandle
DdeCreateStringHandleW
DdeNameService
FindWindowA
RegisterWindowMessageA
SetWindowLongW
ShowWindow
SetProcessWindowStation
SetThreadDesktop
OpenInputDesktop
CloseDesktop
SendNotifyMessageW
DefWindowProcW
MessageBoxW
CreateWindowExW
RegisterClassExW
RegisterWindowMessageW
PostMessageW
DestroyWindow
EnumWindows
UserHandleGrantAccess
IsWindow
SetParent
GetWindowLongW
GetWindow
GetClassNameW
GetWindowTextW
FindWindowW
SetForegroundWindow
BringWindowToTop
GetSystemMetrics
GetForegroundWindow
AllowSetForegroundWindow
EndDialog
GetDlgItem
CharNextW
DialogBoxParamW
SendMessageW
SetPropW
GetPropW
GetGUIThreadInfo
GetWindowThreadProcessId
GetOpenClipboardWindow

advapi32

CryptGenKey
RegOpenKeyExA
AllocateAndInitializeSid
EqualSid
FreeSid
RegQueryValueExA
RegCreateKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CopySid
GetLengthSid
SetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
AccessCheck
MapGenericMask
GetNamedSecurityInfoW
DuplicateTokenEx
OpenThreadToken
SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo
AddAce
GetAce
GetAclInformation
SetTokenInformation
CreateWellKnownSid
RegDisablePredefinedCache
RevertToSelf
SetThreadToken
CreateProcessAsUserW
ConvertStringSidToSidW
GetSecurityDescriptorSacl
CreateRestrictedToken
DuplicateToken
LookupPrivilegeValueW
CheckTokenMembership
SaferiIsExecutableFileType
CryptGetProvParam
CryptSetProvParam
CryptGenRandom
CryptDecrypt
CryptHashData
CryptSignHashA
CryptSignHashW
CryptGetHashParam
CryptSetKeyParam
CryptAcquireContextA
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptContextAddRef
CryptImportKey
CryptGetUserKey
CryptCreateHash

shlwapi

UrlUnescapeW
PathIsUNCServerShareW
ord219
PathAddBackslashW
UrlCanonicalizeW
PathCreateFromUrlW
PathIsUNCW
PathFindFileNameW
PathCanonicalizeW
PathFindExtensionW
PathIsDirectoryW
AssocQueryStringW
UrlGetPartW
PathRemoveBackslashW
PathCombineW
PathIsRelativeW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
SHDeleteKeyW
PathIsURLW
UrlIsW

Exports

Exports

AcroRd32IsBrokerProcess

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba0ed8c3055a9f8af2300ab876d78170

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 253KB - Virtual size: 252KB

.data Size: 17KB - Virtual size: 31KB

.rsrc Size: 83KB - Virtual size: 83KB

.reloc Size: 69KB - Virtual size: 68KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 253KB - Virtual size: 252KB

.data
Size: 17KB - Virtual size: 31KB

.rsrc
Size: 83KB - Virtual size: 83KB

.reloc
Size: 69KB - Virtual size: 68KB

.zero
Size: 4KB - Virtual size: 3KB