5851e2958f3afcb152557673a25e4c8b04a42aada210ce166e664d8ece9e7576

Sharing

Copy URL Twitter E-mail

General

Target

5851e2958f3afcb152557673a25e4c8b04a42aada210ce166e664d8ece9e7576
Size

572KB
MD5

26e576bcc89e1344463dcef9254b6563
SHA1

720888b003534199d892d64d5eaacae5f98acc09
SHA256

5851e2958f3afcb152557673a25e4c8b04a42aada210ce166e664d8ece9e7576
SHA512

7ded244a81e69e54b68511bc387f591a6ba00bea0dc5c94d82ff7b71b4f8d449b12b9ae883977eb0ace538fe8a43338948b1d685d02beaa347dd6b7c8effca94
SSDEEP

6144:QJ2rJNNgJfOzRQXvO9LzsPQafwGoGNN8y930yBdGy1oLWLd2GtnHHGBXeJkdHkFO:RrJHgFNwGoGNbG3WoKnGmF6/VOK3/5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5851e2958f3afcb152557673a25e4c8b04a42aada210ce166e664d8ece9e7576

Files

5851e2958f3afcb152557673a25e4c8b04a42aada210ce166e664d8ece9e7576
.exe windows x86

4938e69fa4eb697d8e41b493f159faca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

bind
listen
closesocket
WSASocketA
WSAResetEvent
WSAWaitForMultipleEvents
WSAGetLastError
htons
WSASend
WSARecv
gethostname
WSAGetOverlappedResult
getpeername
inet_ntoa
WSAAccept
gethostbyname
setsockopt
WSACreateEvent
WSAEventSelect
WSACloseEvent
WSAEnumNetworkEvents

advapi32

RegDeleteValueA
ImpersonateSelf
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyA
RegOpenKeyA
RegEnumValueA
OpenThreadToken
GetTokenInformation
LookupAccountSidA
RevertToSelf
GetUserNameA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA

shell32

ord2
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteA
SHGetPathFromIDListA
SHGetFileInfoA

kernel32

GetProcessVersion
GetProcessTimes
GetWindowsDirectoryA
GetTempPathA
GetVolumeInformationA
GetDriveTypeA
GetDiskFreeSpaceA
lstrlenA
GlobalMemoryStatus
GetSystemInfo
Sleep
GetLogicalDrives
FindClose
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
CreateDirectoryA
RemoveDirectoryA
LocalFree
LocalAlloc
SetFileAttributesA
GetPriorityClass
GetDiskFreeSpaceExA
lstrcmpiA
GetCurrentThreadId
CreateFileA
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
SetUnhandledExceptionFilter
CreateMutexA
ResetEvent
SetEvent
WaitForSingleObject
WaitForMultipleObjects
LoadLibraryExA
FlushViewOfFile
CreateFileMappingA
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
ReleaseMutex
GetExitCodeProcess
MultiByteToWideChar
QueryPerformanceCounter
InterlockedIncrement
InterlockedDecrement
GetFileSize
GetFileTime
lstrcpynA
FormatMessageA
DuplicateHandle
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
GetFullPathNameA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
lstrcmpA
lstrlenW
SuspendThread
GlobalFlags
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
RtlUnwind
RaiseException
ExitProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitThread
GetStartupInfoA
GetCommandLineA
SetStdHandle
GetFileType
GetACP
HeapSize
HeapReAlloc
SetHandleCount
LCMapStringA
LCMapStringW
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentProcessId
GetVersionExA
SetLastError
GetLocaleInfoA
EnterCriticalSection
LeaveCriticalSection
TerminateThread
CreateThread
GetModuleHandleA
GetEnvironmentVariableA
lstrcpyA
lstrcatA
GetCurrentThread
SetThreadPriority
CreateProcessA
ResumeThread
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
DeleteFileA
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
GetComputerNameA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
OpenProcess
CloseHandle
GetSystemDirectoryA
GetStdHandle
CopyFileA
WideCharToMultiByte
GetTickCount
HeapCreate
HeapAlloc
HeapFree
HeapDestroy
GetLastError
GetProcAddress
FreeLibrary
GetModuleFileNameA
LoadLibraryA
AreFileApisANSI
LockFileEx
CreateFileW
GetTempPathW
GetFileAttributesW
DeleteFileW
GetFullPathNameW
LoadLibraryW
GetFileAttributesA
GetSystemTimeAsFileTime

user32

ValidateRect
GetActiveWindow
GetMessageA
PtInRect
SetWindowTextA
IsWindowEnabled
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
PostQuitMessage
LoadCursorA
GetSysColorBrush
DestroyMenu
GetWindowPlacement
GetWindowRect
GrayStringA
TabbedTextOutA
ClientToScreen
CharUpperA
MessageBoxA
IsCharAlphaA
WaitForInputIdle
MessageBoxW
DrawTextA
mouse_event
keybd_event
GetClientRect
GetCursorPos
SetTimer
PeekMessageA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
GetWindow
IsWindow
GetClassLongA
GetWindowDC
EnumDisplaySettingsA
RegisterClassA
CreateWindowExA
PostMessageA
DefWindowProcA
DestroyWindow
CreateDialogParamA
DialogBoxParamA
MoveWindow
SetWindowPos
GetWindowLongA
SetWindowLongA
ShowWindow
ExitWindowsEx
SystemParametersInfoA
EnumWindows
EnumChildWindows
GetWindowTextA
GetClassNameA
RegisterWindowMessageA
SendMessageTimeoutA
GetDesktopWindow
GetDC
ReleaseDC
GetForegroundWindow
GetWindowThreadProcessId
GetSystemMetrics
LoadStringA
LoadIconA
MapWindowPoints
GetSysColor
GetFocus
SetFocus
AdjustWindowRectEx
CopyRect
IsWindowVisible
EnableWindow
GetParent
GetCapture
WinHelpA
GetClassInfoA
GetMenu
GetMenuItemCount
GetTopWindow
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetDlgCtrlID
GetKeyState
SetWindowsHookExA
CallNextHookEx
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
SetForegroundWindow
SendMessageA
IsIconic

gdi32

Escape
ExtTextOutA
RectVisible
CreateBitmap
PtVisible
GetTextExtentPoint32A
TextOutA
DeleteObject
GetStockObject
SelectPalette
RealizePalette
GetDIBits
GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetTextMetricsA
GetDeviceCaps
CreateICA
GetPixel
SetTextColor
SaveDC
RestoreDC
SetBkColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
CreateCompatibleDC

comdlg32

GetFileTitleA

winspool.drv

EnumPrintersA
OpenPrinterA
FindClosePrinterChangeNotification
FreePrinterNotifyInfo
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
ClosePrinter
DocumentPropertiesA

comctl32

ord17

ole32

CoCreateGuid
CoInitialize

oleaut32

VariantClear
VarBstrFromDate

ppdata

ord4
ord40
ord2
ord6
ord18
ord17
ord9
ord45
ord52
ord47
ord39
ord38
ord8
ord5
ord26

shlwapi

PathFileExistsA

wsock32

WSAStartup
WSACleanup

Sections

.text
Size: 456KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4938e69fa4eb697d8e41b493f159faca

Headers

File Characteristics

Imports

ws2_32

advapi32

shell32

kernel32

user32

gdi32

comdlg32

winspool.drv

comctl32

ole32

oleaut32

ppdata

shlwapi

wsock32

Sections

.text Size: 456KB - Virtual size: 452KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 40KB - Virtual size: 69KB

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 456KB - Virtual size: 452KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 40KB - Virtual size: 69KB

.rsrc
Size: 28KB - Virtual size: 25KB