01559299[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

01559299.exe
Size

816KB
MD5

7dfbfba1e4e64a946cb096bfc937fbad
SHA1

9180d2ce387314cd4a794d148ea6b14084c61e1b
SHA256

312f082ea8f64609d30ff62b11f564107bf7a4ec9e95944dfd3da57c6cdb4e94
SHA512

f47b05b9c294688811dd72d17f815cce6c90f96d78f6835804d5182e2f4bfbd2d6738de854b8a79dea6345f9372ba76a36920e51e6cb556ef4b38b620e887eb4
SSDEEP

12288:De/2dxVZ+ivtwdeOkD5YNfEp5UOc1+A4cMfZIYMlBlfwFyfr7BM9G/9V:6/iBFSkyNfI51cQFhMlvIofZRn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01559299.exe

Files

01559299.exe
.exe windows x86

71239d4ab8bd734745714b0037234d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleA
lstrlenW
GetCommandLineW
SizeofResource
HeapDestroy
SetUnhandledExceptionFilter
RtlUnwind
HeapFree
InitializeCriticalSection
CreateThread
CreateEventW
TlsGetValue
RaiseException
FindResourceW
FindResourceExW
LoadLibraryExW
UnhandledExceptionFilter
FreeLibrary
GetSystemInfo
FlushFileBuffers
GetLocaleInfoA
GetStartupInfoA
TerminateProcess
GetConsoleMode
InterlockedIncrement
TlsAlloc
LoadLibraryW
SetLastError
SetEvent
VirtualAlloc
LoadResource
LockResource
GetExitCodeThread
Sleep
SetStdHandle
GetCurrentProcess
GetLastError
OpenProcess
GetCurrentProcessId
FlushInstructionCache
ExpandEnvironmentStringsA
IsDebuggerPresent
DeleteCriticalSection
lstrcpynW
GlobalAlloc
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapSize
OpenEventW
TerminateThread
GetOEMCP
CreateProcessW
GetFileType
GetFileAttributesW
GlobalFree
MultiByteToWideChar
QueryPerformanceCounter
CreateFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
OpenMutexW
HeapReAlloc
lstrcmpA
VirtualProtectEx
AddAtomA
GetVersionExA
GetVersion
GetStartupInfoW
HeapAlloc
GlobalLock
GetProcessHeap
GetStdHandle
CloseHandle
GetModuleHandleW
LCMapStringA
ExitThread
InterlockedDecrement
LeaveCriticalSection
lstrcmpiW
GetModuleHandleA
WaitForSingleObject
GetCurrentThreadId
GetModuleFileNameW
IsValidCodePage
CreateMutexW
GetConsoleOutputCP
SetFilePointer
EnterCriticalSection
WriteFile
WriteConsoleW
GetTickCount
GetFullPathNameW
GetCPInfo
VirtualFree
InterlockedExchange
MulDiv
LCMapStringW
CreateIoCompletionPort
IsProcessorFeaturePresent
lstrcmpW
ResetEvent
GetStringTypeW
GetQueuedCompletionStatus
GetModuleFileNameA
InterlockedCompareExchange
GetSystemTimeAsFileTime
TlsFree
PostQueuedCompletionStatus
LoadLibraryA
HeapCreate
TlsSetValue
GetStringTypeA
WideCharToMultiByte
GetProcAddress
ExitProcess
GetACP
GlobalUnlock

user32

SendMessageW
InvalidateRgn
RegisterWindowMessageW
EnumChildWindows
GetWindowLongW
PostQuitMessage
CreateWindowExW
SetMenuItemInfoW
MonitorFromPoint
SetForegroundWindow
CreateDialogParamW
GetDlgCtrlID
ClientToScreen
CharNextW
GetDesktopWindow
SetWindowPlacement
SetCapture
GetWindowPlacement
IsDialogMessageW
CopyRect
GetMenuItemInfoW
GetWindowThreadProcessId
CheckDlgButton
GetWindowRect
AttachThreadInput
IsMenu
GetDlgItem
IsWindow
GetFocus
LoadCursorW
GetDC
GetClassNameW
GetClientRect
ReleaseDC
GetSysColor
SetFocus
TrackPopupMenu
DefWindowProcW
CreateAcceleratorTableW
GetWindow
BringWindowToTop
GetClassInfoExW
RedrawWindow
LoadImageW
GetSubMenu
DispatchMessageW
GetParent
DestroyMenu
MapWindowPoints
DrawIconEx
SetWindowTextW
MoveWindow
GetSystemMetrics
SetWindowLongW
MonitorFromWindow
GetWindowTextLengthW
EndDialog
GetCursorPos
DestroyAcceleratorTable
InflateRect
DestroyIcon
ReleaseCapture
PtInRect
TranslateAcceleratorW
TranslateMessage
GetWindowTextW
OffsetRect
SetWindowPos
EndPaint
RegisterClassExW
BeginPaint
IsChild
InvalidateRect
UnregisterClassA
IsIconic
GetForegroundWindow
DrawTextW
GetMessagePos
LoadMenuW
LoadBitmapW
PostMessageW
DrawFocusRect
GetMonitorInfoW
MessageBoxW
ModifyMenuW
EnableWindow
ShowWindow
CallWindowProcW
GetMessageW
GetMenuItemCount
DialogBoxParamW
FillRect
PeekMessageW
IsWindowVisible
DestroyWindow
LoadAcceleratorsW
ScreenToClient
IsWindowEnabled

gdi32

GetDeviceCaps
CreateCompatibleDC
SelectObject
DeleteObject
GetTextMetricsW
TextOutW
Rectangle
CreateFontW
SetTextColor
StretchBlt
RestoreDC
CreateCompatibleBitmap
CreatePen
EnumFontFamiliesExW
BitBlt
GetTextExtentPoint32W
DeleteDC
CreateFontIndirectW
SetBkMode
CreateSolidBrush
GetObjectW
GetStockObject
SetBkColor
CreatePatternBrush
SaveDC

comdlg32

ChooseColorW

advapi32

RegCreateKeyW
RegCloseKey
RegQueryValueExA
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyW
RegCreateKeyExW
RegOpenKeyExA

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetFolderLocation
SHFileOperationW
SHGetPathFromIDListW

ole32

OleUninitialize
CoTaskMemRealloc
CreateStreamOnHGlobal
CoUninitialize
CLSIDFromProgID
OleInitialize
CoTaskMemFree
OleLockRunning
CoInitialize
CoGetClassObject
CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString

oleaut32

SysFreeString
LoadTypeLi
SysStringLen
VariantClear
LoadRegTypeLi
OleCreateFontIndirect
VariantInit
SysAllocString
SysAllocStringLen
VarUI4FromStr

comctl32

ImageList_Remove
ImageList_Draw
ImageList_LoadImageW
ImageList_AddMasked
InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveBackslashW
StrStrIW
PathAddBackslashW
PathRemoveFileSpecW
StrCpyNW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

gdiplus

GdipDrawLineI
GdipDeleteStringFormat
GdipCreateLineBrushFromRect
GdipCreateStringFormat
GdipCreateBitmapFromStreamICM
GdipFree
GdipDrawString
GdipCreateBitmapFromStream
GdipGetImageGraphicsContext
GdipDeleteBrush
GdipDisposeImage
GdipDeleteFont
GdipCreateFont
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipCreateSolidFill
GdiplusStartup
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateHBITMAPFromBitmap
GdipSetPenDashStyle
GdipDeleteGraphics
GdipCloneBrush
GdipGetGenericFontFamilySansSerif
GdiplusShutdown
GdipCloneImage
GdipDeletePen
GdipAlloc
GdipCreatePen1
GdipFillRectangle
GdipSetTextRenderingHint
GdipGetImageHeight
GdipGetImageWidth

msvcrt

_CIsin

Sections

.text
Size: 529KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 210KB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71239d4ab8bd734745714b0037234d0b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

version

gdiplus

msvcrt

Sections

.text Size: 529KB - Virtual size: 528KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 210KB - Virtual size: 5.4MB

.data2 Size: 3KB - Virtual size: 2KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 529KB - Virtual size: 528KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 210KB - Virtual size: 5.4MB

.data2
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 18KB - Virtual size: 17KB