9659a5dc0bc85f8afcb2f4e906ed441cab7de182f979edd8f93d27388da32697

Sharing

Copy URL Twitter E-mail

General

Target

9659a5dc0bc85f8afcb2f4e906ed441cab7de182f979edd8f93d27388da32697
Size

629KB
MD5

4cc5d0174e67ac3ae1f1934016ca3837
SHA1

a76293317dc19067a52eb30239b99f098eb84236
SHA256

9659a5dc0bc85f8afcb2f4e906ed441cab7de182f979edd8f93d27388da32697
SHA512

7bb816ec42b6f4d6ed7eca4a32d79c03c9eaf0e76b5881a72affbd401e04f0652560f2bef616e81c57fc546aa69f8be4a847a64dcc037f3a920b2890ce732d56
SSDEEP

12288:bjpby5mUJGQiW98hZ92N5TmorZy1Fzpldsbfw0/Y5J4Kb0eQZuooZtUMBvP:bdbysUPiF6NcAQFzLds7n/Yv4Kb0eQi1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9659a5dc0bc85f8afcb2f4e906ed441cab7de182f979edd8f93d27388da32697

Files

9659a5dc0bc85f8afcb2f4e906ed441cab7de182f979edd8f93d27388da32697
.exe windows x86

2365dfe3251d47ba577f6129c1f6b4df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
MoveFileExW
TerminateThread
WaitForSingleObject
WideCharToMultiByte
lstrlenA
SetFilePointer
ReadFile
CreateFileW
WriteFile
SetEndOfFile
GetFileAttributesW
CreateDirectoryW
GetTickCount
GetWindowsDirectoryW
FindClose
GetVersionExW
GetProcAddress
GetSystemDirectoryW
OpenProcess
LoadLibraryW
LocalAlloc
LocalFree
GetCurrentProcess
GetLocalTime
InterlockedCompareExchange
GetSystemInfo
FileTimeToSystemTime
FileTimeToLocalFileTime
GetUserDefaultLangID
GetDiskFreeSpaceExW
GetComputerNameA
DeviceIoControl
CreateFileA
LoadLibraryA
ExpandEnvironmentStringsW
OpenMutexW
OpenEventW
OpenSemaphoreW
GetCurrentProcessId
ProcessIdToSessionId
CreateProcessW
DeleteFileW
SetUnhandledExceptionFilter
CreateThread
SetEvent
GetLogicalDriveStringsW
QueryDosDeviceW
lstrcpyW
lstrcatW
GetTempPathW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
ExpandEnvironmentStringsA
FormatMessageA
GetSystemDirectoryA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentThreadId
LeaveCriticalSection
MultiByteToWideChar
InitializeCriticalSection
UnmapViewOfFile
InterlockedDecrement
CloseHandle
MapViewOfFileEx
FindResourceExW
CreateFileMappingW
InterlockedIncrement
LockResource
DeleteCriticalSection
GetLastError
lstrcmpiW
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
EnterCriticalSection
FindResourceW
LoadResource
GetModuleHandleW
SizeofResource
lstrlenW
VirtualQuery
SleepEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
SetLastError
GetSystemTime
RaiseException
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapCreate
VirtualAlloc
VirtualFree
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
InterlockedExchange
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
ExitThread
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime

user32

CharNextW
DefWindowProcW
UnregisterClassA
DestroyWindow

advapi32

EqualSid
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
FreeSid
RegOpenKeyExW
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize

oleaut32

VariantInit
SysStringLen
VarUI4FromStr
SysFreeString
SysAllocString
VariantClear

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
StrToIntW
PathFindFileNameW
PathFileExistsW
PathFindExtensionW
PathAppendW

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

rasapi32

RasEnumConnectionsW

iphlpapi

GetAdaptersInfo
IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

Sections

.text
Size: 376KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2365dfe3251d47ba577f6129c1f6b4df

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

wtsapi32

rasapi32

iphlpapi

psapi

Sections

.text Size: 376KB - Virtual size: 372KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 16KB - Virtual size: 24KB

.rsrc Size: 132KB - Virtual size: 132KB

.text
Size: 376KB - Virtual size: 372KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 16KB - Virtual size: 24KB

.rsrc
Size: 132KB - Virtual size: 132KB