Multiconection List Graber by ELMU986[.]exe

Resubmissions

02/05/2023, 06:23

230502-g5fh4shh65 3

02/05/2023, 06:19

230502-g29yjshh57 3

Sharing

Copy URL Twitter E-mail

General

Target

Multiconection List Graber by ELMU986.exe
Size

120KB
MD5

c828734bba7a58fbff3fc0c3a4e78ef4
SHA1

ac30b0f95ac6728a1a28a322f15ec151b8ef73f1
SHA256

21129194b589550a4c2438618f377b148a2f7b2c36507875b3c04dac3192f5ab
SHA512

01e164327462cf568162cb19b2298613bf58a823f4d1db7464c0b78a375dea483061197a5dcbc5cadca4977e9450efe28114bc979e6b106b36615b2cd8ce2088
SSDEEP

1536:iD5s9u/O4wppE7b6Ca9wOxibBjPm8YEZDVAguwWx4c6fFSqapezcu:4s9uWfE7mt+BzXYEZDVAgVWuc69Sqapm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Multiconection List Graber by ELMU986.exe

Files

Multiconection List Graber by ELMU986.exe
.exe windows x64

295d50c428c8af659837822a1523fb71

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
strncmp
memmove
strncpy
strstr
_strnicmp
_stricmp
strlen
strcmp
strcpy
strcat
memcpy
sprintf
fabs
ceil
malloc
floor
free
fclose
tolower

kernel32

GetModuleHandleA
HeapCreate
SetConsoleCtrlHandler
HeapDestroy
ExitProcess
RemoveDirectoryA
GetTempFileNameA
GetCommandLineA
FindResourceA
LoadResource
SizeofResource
GetShortPathNameA
GetSystemDirectoryA
HeapAlloc
HeapFree
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
InitializeCriticalSection
GetModuleFileNameA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
GetExitCodeProcess
CreateFileA
ReadFile
WriteFile
SetFilePointer
DeleteFileA
GetFileSize
HeapReAlloc
TerminateProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
GetVersionExA
SetLastError
HeapSize
TlsAlloc
CreateDirectoryA
GetTempPathA
SetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte

ole32

CoInitialize
CoTaskMemFree
RevokeDragDrop

shell32

ShellExecuteExA

shlwapi

PathQuoteSpacesA
PathAddBackslashA
PathUnquoteSpacesA
PathRemoveArgsA
PathGetArgsA
PathRenameExtensionA

user32

CharUpperA
CharLowerA
MessageBoxA
SendMessageA
PostMessageA
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongPtrA
GetForegroundWindow
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
DestroyWindow
GetDC
GetWindowTextLengthA
GetWindowTextA
SetRect
DrawTextA
GetWindowLongA
GetSystemMetrics
ReleaseDC
GetSysColor
GetSysColorBrush
CreateWindowExA
CallWindowProcA
SetWindowLongPtrA
SetFocus
RedrawWindow
RemovePropA
DefWindowProcA
SetPropA
GetPropA
GetParent
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRectEx
ShowWindow
CreateAcceleratorTableA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
EnumChildWindows
GetClientRect
FillRect
GetFocus
DefFrameProcA
GetWindowRect
IsChild
GetClassNameA
GetKeyState
DestroyIcon
RegisterWindowMessageA

gdi32

GetStockObject
SelectObject
SetTextColor
SetBkColor
GetTextExtentPoint32A
CreateSolidBrush
DeleteObject
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
GetObjectType
CreateDIBSection
BitBlt
CreateBitmap
SetPixel

comctl32

InitCommonControlsEx

Sections

.code
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

295d50c428c8af659837822a1523fb71

Headers

File Characteristics

Imports

msvcrt

kernel32

ole32

shell32

shlwapi

user32

gdi32

comctl32

Sections

.code Size: 17KB - Virtual size: 17KB

.text Size: 63KB - Virtual size: 63KB

.pdata Size: 4KB - Virtual size: 4KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 7KB - Virtual size: 10KB

.rsrc Size: 18KB - Virtual size: 17KB

.code
Size: 17KB - Virtual size: 17KB

.text
Size: 63KB - Virtual size: 63KB

.pdata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 7KB - Virtual size: 10KB

.rsrc
Size: 18KB - Virtual size: 17KB