43a56aa102c3177c0dfaba14b4b01dc3c823b9e012926c1a19cc9e903e947299

Sharing

Copy URL

Twitter E-mail

General

Target

43a56aa102c3177c0dfaba14b4b01dc3c823b9e012926c1a19cc9e903e947299
Size

432KB
MD5

ee53bebaff4b8000f26abc91c62375ff
SHA1

299bc7b27630f1cfb4486409343d515bf3a6c415
SHA256

43a56aa102c3177c0dfaba14b4b01dc3c823b9e012926c1a19cc9e903e947299
SHA512

ded560b851ca872a5998e6aa597d2663c8e94a008c93e32b55a73377547bed2f2ead503d8f1eb5ce1316a53d0e72f718636238715298a44c668d271308ea12ba
SSDEEP

6144:WdOvoyKI0COYIN47ZGpimMK53wxD9sU+zcCE3fmzL8dav7gO/:1onXd47ZG4mx53wv+gCE0Rv0O/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43a56aa102c3177c0dfaba14b4b01dc3c823b9e012926c1a19cc9e903e947299

Files

43a56aa102c3177c0dfaba14b4b01dc3c823b9e012926c1a19cc9e903e947299
.exe windows:5 windows x86 arch:x86

5b11b7d662a3f1fcdab8806fbd37fda6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\xra_common\run32\Release_cqhhyd\ydr32.pdb

Imports

kernel32

FindResourceExW
DecodePointer
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
HeapSetInformation
RaiseException
GetCurrentThreadId
GetLastError
SetErrorMode
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
MultiByteToWideChar
LoadLibraryW
FindResourceW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LocalFree
CreateThread
OutputDebugStringA
GetFileType
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
EnumSystemLocalesW
WideCharToMultiByte
LockResource
IsDebuggerPresent
OutputDebugStringW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
WriteFile
GetACP
GetCurrentThread
GetStringTypeW
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
CreateFileW

user32

UnregisterClassW
DestroyWindow
CharNextW
DefWindowProcW

advapi32

RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

CommandLineToArgvW

ole32

CoTaskMemAlloc
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathIsRelativeW
PathFileExistsW
PathAppendW

comctl32

InitCommonControlsEx

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b11b7d662a3f1fcdab8806fbd37fda6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 87KB - Virtual size: 88KB

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 87KB - Virtual size: 88KB