94bcee1f8f7e9a44736a4f4fef82f605e45f29b359b67b0bf4b49dd901df91df

Sharing

Copy URL

Twitter E-mail

General

Target

94bcee1f8f7e9a44736a4f4fef82f605e45f29b359b67b0bf4b49dd901df91df
Size

3.0MB
MD5

8cf860e3a1d35ee8322314512ae88aad
SHA1

5760826d7f66e6efade904fd6a1c482007d7cf37
SHA256

94bcee1f8f7e9a44736a4f4fef82f605e45f29b359b67b0bf4b49dd901df91df
SHA512

49ab91b56f3b8e53e760e32ec2b918bf8cbdf6d71c27f88e1f6b2485b0f9d30614a269b617a3f143cf074bd0ba0cfdaba3b814503a22520510116dca7313cbc1
SSDEEP

49152:D59ALytev92WNOtmSteoaU7eVzzVoz+zGQMk8EVemU13Wg5fXdBCn:D58p2mSUoaNu+z5M6VemkWGlBC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94bcee1f8f7e9a44736a4f4fef82f605e45f29b359b67b0bf4b49dd901df91df

Files

94bcee1f8f7e9a44736a4f4fef82f605e45f29b359b67b0bf4b49dd901df91df
.exe windows x86

ea695a55c11d7df49a40333d09cf6bd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
GetCommandLineW
MoveFileExW
CopyFileW
CreateToolhelp32Snapshot
WriteProcessMemory
GetExitCodeThread
LoadLibraryA
VirtualAllocEx
VirtualAlloc
LoadLibraryW
VirtualFreeEx
CreateRemoteThread
VirtualFree
DuplicateHandle
ReadFile
TerminateThread
WaitForSingleObject
CreateDirectoryW
GlobalAlloc
GlobalLock
CreateThread
SetFileAttributesW
GetPrivateProfileStringW
DeleteFileW
CloseHandle
GetCurrentThreadId
IsDebuggerPresent
DeviceIoControl
LockResource
GetLocalTime
GetProcAddress
GetLastError
RaiseException
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
TerminateProcess
IsBadWritePtr
SizeofResource
Sleep
WideCharToMultiByte
OpenProcess
WriteFile
IsBadReadPtr
GetTickCount
GetModuleHandleW
GetCurrentProcess
LoadResource
FreeLibrary
GlobalUnlock
SetFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
MulDiv
FreeResource
GetCurrentDirectoryW
IsBadCodePtr
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetVersion
GetCommandLineA
GetPrivateProfileStringA
WritePrivateProfileStringA
InitializeCriticalSection
CreateMutexA
OpenMutexA
lstrcpyn
QueryPerformanceFrequency
GetWindowsDirectoryA
GetVolumeInformationA
WritePrivateProfileStringW
GetTempPathW
ProcessIdToSessionId
Process32NextW
GetCurrentProcessId
Process32FirstW
RtlMoveMemory
GetProcessHeap
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetModuleHandleA
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
FindResourceW
GetLocaleInfoA
GetNativeSystemInfo
GetFileSize
ExitProcess
HeapAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetDoubleClickTime
GetWindowRect
PostMessageW
GetWindowLongW
IsIconic
IsWindowVisible
GetClassNameW
GetWindowThreadProcessId
EnumWindows
UnhookWindowsHookEx
GetParent
MonitorFromWindow
SetWindowPos
GetSystemMetrics
GetMonitorInfoW
GetWindow
PostQuitMessage
ReleaseDC
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
PeekMessageA
DefWindowProcW
SetWindowLongW
DispatchMessageW
SetFocus
GetMessageW
EnableWindow
SendMessageW
CallWindowProcW
GetPropW
SetPropW
RegisterClassW
LoadCursorW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
OffsetRect
UnionRect
wvsprintfW
GetWindowRgn
MoveWindow
DestroyWindow
GetKeyState
InvalidateRect
ScreenToClient
GetDC
CharNextW
GetFocus
MapWindowPoints
IntersectRect
GetUpdateRect
IsRectEmpty
EndPaint
BeginPaint
GetActiveWindow
IsZoomed
SetWindowRgn
MessageBoxW
GetWindowTextW
GetWindowTextLengthW
GetCaretPos
GetCaretBlinkTime
GetClientRect
InvalidateRgn
ClientToScreen
GetGUIThreadInfo
CreateAcceleratorTableW
DrawTextW
CharPrevW
SetRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetSysColor
GetWindowDC
IsWindow
WindowFromPoint
FlashWindowEx
SetForegroundWindow
SetCapture
PtInRect
GetCursorPos
SetCursor
ReleaseCapture
UnregisterHotKey
RegisterHotKey
SetTimer
KillTimer
LoadImageW
GetCursor
ShowWindow
SetWindowTextW
FillRect

gdi32

TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
CreateSolidBrush
RoundRect
DeleteObject
Rectangle
GetStockObject
SelectObject
CreatePen
SetROP2
PtInRegion
CreateRectRgn
DeleteDC
CreateCompatibleDC
CreateDIBSection
GetTextMetricsW
CreateFontIndirectW
GetObjectW
SetWindowOrgEx
RestoreDC
BitBlt
SaveDC
CreateCompatibleBitmap
CreateRoundRectRgn
GetObjectA
CreatePenIndirect
CreatePatternBrush
SetTextColor
SetBkMode
GetDeviceCaps
SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
CombineRgn
StretchBlt
SetStretchBltMode
ExtTextOutW
SetBkColor
LineTo
MoveToEx
GdiFlush

advapi32

CloseServiceHandle
OpenProcessToken
DeleteService
OpenSCManagerW
OpenServiceW
LookupPrivilegeValueW
CreateServiceW
GetTokenInformation
AdjustTokenPrivileges
StartServiceW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

iphlpapi

GetInterfaceInfo
GetAdaptersInfo
IpRenewAddress

shlwapi

PathFileExistsW

psapi

GetModuleFileNameExW

wininet

HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetOpenW

comctl32

_TrackMouseEvent
ord17

imm32

ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

gdiplus

GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipGetImageWidth
GdipLoadImageFromStream
GdipCloneImage
GdipCloneBrush
GdipGetFamily
GdipCreateFontFromLogfontA
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetPropertyItemSize
GdipGetPropertyItem
GdiplusShutdown
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteGraphics
GdipDeleteFontFamily
GdipDeleteFont
GdipDisposeImage
GdipCreateBitmapFromScan0
GdiplusStartup
GdipCreateLineBrushI
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipGraphicsClear
GdipDrawString
GdipDrawImage
GdipDrawImageRectI
GdipCreateFontFromDC

Sections

.text
Size: - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SP0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.SP1
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 893KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea695a55c11d7df49a40333d09cf6bd4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

iphlpapi

shlwapi

psapi

wininet

comctl32

imm32

oleaut32

gdiplus

Sections

.text Size: - Virtual size: 670KB

.rdata Size: - Virtual size: 104KB

.data Size: - Virtual size: 96KB

.SP0 Size: - Virtual size: 1.6MB

.SP1 Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 512B - Virtual size: 168B

.rsrc Size: 20KB - Virtual size: 893KB

.text
Size: - Virtual size: 670KB

.rdata
Size: - Virtual size: 104KB

.data
Size: - Virtual size: 96KB

.SP0
Size: - Virtual size: 1.6MB

.SP1
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 512B - Virtual size: 168B

.rsrc
Size: 20KB - Virtual size: 893KB