f69ec74c4b1ee72c447dc19b87bbca2cbeee7a9d579e7a2daa2a4150a65a11ae

Sharing

Copy URL

Twitter E-mail

General

Target

f69ec74c4b1ee72c447dc19b87bbca2cbeee7a9d579e7a2daa2a4150a65a11ae
Size

2.4MB
MD5

4accfbea1f51f6a42273478f4257ede7
SHA1

990a173e1ec7a58277ac54dc6346659e0a610304
SHA256

f69ec74c4b1ee72c447dc19b87bbca2cbeee7a9d579e7a2daa2a4150a65a11ae
SHA512

cea477e8d400ea3fc718689506f50728ac0ad1d6853075a19d2a4a8db76617076709117d0677cd6249024772149fd164e6d6b882624292cc4ba4c788bfcf1808
SSDEEP

49152:pgu+W6rE7Xp2kosL3gQC/QTiPIXn6iAaNuyFYOKB+:N+W6rETpe23L/XnVAaW+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f69ec74c4b1ee72c447dc19b87bbca2cbeee7a9d579e7a2daa2a4150a65a11ae

Files

f69ec74c4b1ee72c447dc19b87bbca2cbeee7a9d579e7a2daa2a4150a65a11ae
.exe windows:5 windows x86 arch:x86

8db8014794402b36087880b3566c9471

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW
SHDeleteKeyW

kernel32

HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalFree
LocalAlloc
VirtualAlloc
VirtualFree
GetCurrentThreadId
WaitForSingleObject
Sleep
GetModuleHandleW
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetVolumeInformationW
GetSystemInfo
GetTickCount
GetVersionExW
CreateMutexW
EnterCriticalSection
LeaveCriticalSection
DeviceIoControl
OutputDebugStringA
SetPriorityClass
DeleteFiber
CreateDirectoryW
GetDriveTypeW
GetEnvironmentVariableW
GetLogicalDriveStringsW
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
DecodePointer
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetLongPathNameW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
GetFileAttributesExW
SetFileAttributesW
CreateFileW
lstrcpyW
FileTimeToSystemTime
ReadFile
WriteFile
GetFileSize
GetCurrentProcess
GetCurrentProcessId
FormatMessageW
GetLastError
LocalFree
GetPrivateProfileStringW
TerminateProcess
OpenProcess
GetTempPathW
CreateThread
lstrlenW
MoveFileExW
FindNextFileW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
SwitchToFiber
GetModuleHandleExW
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerSetConditionMask
ExpandEnvironmentStringsA
PeekNamedPipe
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetCommandLineA
WTSGetActiveConsoleSessionId
FindClose
GetSystemDirectoryW
LoadLibraryW
CloseHandle
GetProcAddress
FreeLibrary
ReleaseMutex
GetStdHandle
GetFileType
WaitForMultipleObjects
SleepEx
InitializeCriticalSection
GetUserDefaultLCID
IsValidLocale
FormatMessageA
GetConsoleCP
GetACP
SetConsoleCtrlHandler
ExitProcess
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
ExitThread
RtlUnwind
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
SetEvent
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SystemTimeToFileTime
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
SwitchToThread
GetCurrentThread
EncodePointer
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
CreateFiber

user32

LoadStringW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW

advapi32

OpenProcessToken
ReportEventW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegOpenKeyW
DuplicateTokenEx
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
RegEnumKeyW
RegDeleteKeyExW
RegCreateKeyExA
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegSetValueExW
RegisterEventSourceW

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

crypt32

CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertFindCertificateInStore
CryptMsgGetParam

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessImageFileNameW

wldap32

ord32
ord46
ord211
ord60
ord301
ord200
ord30
ord79
ord35
ord33
ord143
ord27
ord26
ord22
ord41
ord50

ws2_32

WSACleanup
send
WSAStartup
WSAGetLastError
__WSAFDIsSet
gethostname
ioctlsocket
select
WSASetLastError
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
recv

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 531KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8db8014794402b36087880b3566c9471

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

crypt32

psapi

wldap32

ws2_32

wtsapi32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 531KB - Virtual size: 531KB

.data Size: 19KB - Virtual size: 44KB

.rsrc Size: 168KB - Virtual size: 168KB

.reloc Size: 144KB - Virtual size: 144KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 531KB - Virtual size: 531KB

.data
Size: 19KB - Virtual size: 44KB

.rsrc
Size: 168KB - Virtual size: 168KB

.reloc
Size: 144KB - Virtual size: 144KB