811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94

Sharing

Copy URL

Twitter E-mail

General

Target

811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94
Size

4.0MB
MD5

5903c117f48011c0df6606003e47c4f5
SHA1

16c49da798dc08bdf567a08454bcbbb790920441
SHA256

811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94
SHA512

e10c2aadc80d928aef0d377ea8b226eea519d757ba04b0326a1e0830282b98851f5d1e82e1a2f5391021e8292c0aade9a7b69c983f38eca5936228daf859da8b
SSDEEP

98304:4gqIctyETh4cCpI0kwJF4vY5SK63dzBEZht5f/LyXtcH/:Pqtyih9Cawjr/6NAjyX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94

Files

811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94
.exe windows:10 windows x86 arch:x86

007db55b0c9d2f882a812da02400b3b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

upgraderstub.pdb

Imports

advapi32

EnableTraceEx2
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
QueryTraceW
EventUnregister
ControlTraceW
RegOpenKeyExW
RegSetValueExW
RegSetKeySecurity
EventSetInformation
RegCreateKeyExW
RegDeleteKeyW
EventRegister
EventWriteTransfer
RegCloseKey
StartTraceW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
OpenProcessToken
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetAclInformation
RevertToSelf
OpenEncryptedFileRawW
WriteEncryptedFileRaw
CloseEncryptedFileRaw

kernel32

GetVolumePathNamesForVolumeNameW
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
WaitForMultipleObjectsEx
GlobalMemoryStatusEx
GetVolumeInformationByHandleW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateSemaphoreW
WaitForMultipleObjects
GetPrivateProfileSectionW
UnlockFileEx
LockFileEx
InitializeCriticalSectionAndSpinCount
CreateEventW
GetVolumeInformationW
GetCurrentThread
SetThreadIdealProcessor
GetSystemInfo
GetOverlappedResult
GetHandleInformation
DeleteCriticalSection
LocalFree
CreateThread
GlobalFree
DeleteFileW
InitOnceComplete
GetExitCodeThread
GetFileAttributesW
LocalAlloc
CreateMutexW
GetTempPathW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetFullPathNameW
GetCommandLineW
EnterCriticalSection
SetDefaultDllDirectories
CompareStringW
WritePrivateProfileStringW
InitOnceBeginInitialize
CreateDirectoryW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetFileInformationByHandleEx
FindFirstFileW
FindNextFileW
DeviceIoControl
FindClose
CreateFileW
SetFileAttributesW
GetFileInformationByHandle
SetFileInformationByHandle
CopyFileExW
FlushFileBuffers
GetFileSizeEx
GetCurrentDirectoryW
FreeLibrary
LoadLibraryExW
GetLongPathNameW
GetFinalPathNameByHandleW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetDriveTypeW
GetEnvironmentVariableW
SetEvent
ResetEvent
WideCharToMultiByte
MultiByteToWideChar
RemoveDirectoryW
CreateFileA
GlobalAlloc
SetFilePointerEx
ReadFile
WriteFile
SetFilePointer
HeapReAlloc
HeapSize
GetShortPathNameW
SetEndOfFile
DuplicateHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
OpenProcess
OpenMutexW
LoadLibraryW
GetTempFileNameW
MoveFileW
VerifyVersionInfoW
UnhandledExceptionFilter
VerSetConditionMask

user32

LoadStringW
CharUpperW
MessageBoxW

msvcrt

memcmp
strcpy_s
memcpy
memmove
_wcsicmp
wcsrchr
_wcsnicmp
iswspace
towupper
_vscwprintf
qsort
_except_handler4_common
_controlfp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
sprintf_s
memmove_s
wcschr
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_purecall
iswdigit
wcsnlen
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler3
swscanf_s
wcsncmp
wcsstr
memset

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW

shlwapi

PathRemoveFileSpecW
StrStrIW
PathFindFileNameW

cabinet

ord22
ord20
ord23

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ntdll

NtYieldExecution
NtQueryInformationFile
RtlAdjustPrivilege
RtlGetLastNtStatus
RtlSetControlSecurityDescriptor
RtlFindAceByType
NtSetSecurityObject
NtQueryVolumeInformationFile
NtQueryInformationProcess
RtlDosPathNameToNtPathName_U
NtCreateFile
NtClose
RtlInitializeResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
RtlDeleteResource
RtlImpersonateSelf
NtSetEaFile
DbgPrintEx
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
NtSetInformationFile
RtlReAllocateHeap
RtlRaiseStatus

psapi

GetModuleFileNameExW
EnumProcesses

bcrypt

BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptGetProperty

Sections

.text
Size: 462KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boxload
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

007db55b0c9d2f882a812da02400b3b4

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ole32

rpcrt4

shell32

shlwapi

cabinet

version

ntdll

psapi

bcrypt

Sections

.text Size: 462KB - Virtual size: 462KB

.data Size: 1KB - Virtual size: 7KB

.idata Size: 7KB - Virtual size: 7KB

.boxload Size: 512B - Virtual size: 140B

.rsrc Size: 263KB - Virtual size: 264KB

.reloc Size: 3.2MB - Virtual size: 3.2MB

.text
Size: 462KB - Virtual size: 462KB

.data
Size: 1KB - Virtual size: 7KB

.idata
Size: 7KB - Virtual size: 7KB

.boxload
Size: 512B - Virtual size: 140B

.rsrc
Size: 263KB - Virtual size: 264KB

.reloc
Size: 3.2MB - Virtual size: 3.2MB