97c9cdbabe362cec01c2e1e41a6fe04448759b2c9c36df597350681d45b3ece8

Sharing

Copy URL

Twitter E-mail

General

Target

97c9cdbabe362cec01c2e1e41a6fe04448759b2c9c36df597350681d45b3ece8
Size

537KB
MD5

a0b3f58eec735e6298388f6d3a713a82
SHA1

0409a02eba6eca9a63f0507da4dfe65eb12eb0e6
SHA256

97c9cdbabe362cec01c2e1e41a6fe04448759b2c9c36df597350681d45b3ece8
SHA512

324aa76c980b1968923d9d9509aabe8b770c4d7d01e66969cf6e2239ad1fcc6d2d54f4f9657ce9c0a2b06a6b801fe1aa9d735c14963abd530dff77c02a2e98f5
SSDEEP

12288:MbjgAW96VbAGMoEesS3NmsxuxOh7YVkyUPpYbEF7ESWORQO:MbjxW0MoEesSdPxYVkdPUEF7EWWO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97c9cdbabe362cec01c2e1e41a6fe04448759b2c9c36df597350681d45b3ece8

Files

97c9cdbabe362cec01c2e1e41a6fe04448759b2c9c36df597350681d45b3ece8
.exe windows:6 windows x86 arch:x86

f188d086fdba36c7f1315f95ecaf8041

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrCStdStubBuffer2_Release
NdrStubForwardingFunction
IUnknown_Release_Proxy
NdrOleFree
NdrStubCall2
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleAllocate

kernel32

CreateThread
GetCurrentThread
GetCurrentThreadId
GetVersionExW
LocalAlloc
LocalFree
GetLocalTime
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetShortPathNameW
RemoveDirectoryW
CopyFileW
MoveFileExW
CreateProcessW
ProcessIdToSessionId
OpenProcess
FindResourceExW
LockResource
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueueEx
OpenMutexW
GetCurrentProcessId
GetTickCount
GetWindowsDirectoryW
WritePrivateProfileStringW
CreateFileW
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
GetCurrentProcess
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetACP
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
GetCPInfo
Sleep
CreateEventW
CreateMutexW
WaitForSingleObject
SetEvent
CloseHandle
OutputDebugStringW
GetTempPathW
GetCommandLineW
MultiByteToWideChar
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
SetEndOfFile
GetLocaleInfoEx
GetStringTypeW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
CompareStringEx
IsValidLocale
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
WideCharToMultiByte
WaitForSingleObjectEx
InitOnceBeginInitialize
InitOnceComplete
QueryPerformanceCounter
EncodePointer
LCMapStringEx

user32

PostThreadMessageW
CharUpperW
MessageBoxW
DispatchMessageW
LoadStringW
GetMessageW
CharNextW
TranslateMessage

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ord680

ole32

CoUninitialize
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoTaskMemFree
CoReleaseServerProcess
CoInitializeSecurity
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoAddRefServerProcess
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
VariantClear
SysAllocString

advapi32

RegisterEventSourceW
RegCreateKeyExW
RegDeleteKeyW
SetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegQueryValueExW
ReportEventW
DeregisterEventSource
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetSecurityDescriptorSacl
GetLengthSid
CopySid
AddAccessAllowedAce
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey

shlwapi

PathAppendW
PathFindFileNameW
PathFileExistsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

crypt32

CertGetNameStringW

wintrust

WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f188d086fdba36c7f1315f95ecaf8041

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

user32

shell32

ole32

oleaut32

advapi32

shlwapi

version

wtsapi32

userenv

crypt32

wintrust

Sections

.text Size: 337KB - Virtual size: 336KB

.orpc Size: 512B - Virtual size: 69B

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 9KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 85KB - Virtual size: 88KB

.text
Size: 337KB - Virtual size: 336KB

.orpc
Size: 512B - Virtual size: 69B

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 9KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 85KB - Virtual size: 88KB