228c73e08efbfb017488a3f3ca4a717c60f1bebdd04764f0fb9710d5765b7c88

Sharing

Copy URL Twitter E-mail

General

Target

228c73e08efbfb017488a3f3ca4a717c60f1bebdd04764f0fb9710d5765b7c88
Size

3.3MB
MD5

695e66170df5ac1c21e4d941ec6b85d8
SHA1

21970efb757602cdb7e8f8323c342855d11b5ab2
SHA256

228c73e08efbfb017488a3f3ca4a717c60f1bebdd04764f0fb9710d5765b7c88
SHA512

63e262cb2d78655c305dd7bab74be2a996fee95614f893174ffd3fdcac2c42aeac6ba3c9cc09863959f657e37a887dfdeed22772e975db0d4c50b6f940035a9c
SSDEEP

49152:8PKDlqjUZUq7ueLUTKz80z8vBfA9DKu7ViKPnehhpHLCvurtQ0N:vVmwnjJJ3nCWGx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
228c73e08efbfb017488a3f3ca4a717c60f1bebdd04764f0fb9710d5765b7c88

Files

228c73e08efbfb017488a3f3ca4a717c60f1bebdd04764f0fb9710d5765b7c88
.exe windows x86

b826bea79db0611dc505a9748719b8a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
FindResourceExW
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
MoveFileExW
CopyFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeResource
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetVersionExW
GetTickCount
OpenProcess
CreateProcessW
ResumeThread
CreateRemoteThread
CreateThread
TerminateProcess
ExitProcess
GetCurrentProcess
Sleep
CreateFileMappingW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
CloseHandle
DecodePointer
GetTempPathW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
MultiByteToWideChar
GetCurrentDirectoryA
SetEndOfFile
GetStringTypeW
SetStdHandle
HeapQueryInformation
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
IsBadStringPtrW
GetACP
IsBadStringPtrA
LoadLibraryW
SetCurrentDirectoryW
OutputDebugStringW
ReadFile
GetFileSize
CreateFileW
MulDiv
SetFilePointer
GetFileType
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
SetFileTime
WriteFile
InterlockedIncrement
InterlockedDecrement
GetLocalTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
VirtualQuery
FreeLibrary
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
EncodePointer
GetStdHandle
GetModuleHandleExW
WriteConsoleW
GetCommandLineA
GetCommandLineW
HeapValidate
GetSystemInfo
SetConsoleCtrlHandler
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW

user32

SetWindowPos
GetKeyState
GetCursorPos
CreateWindowExW
SendMessageW
MapWindowPoints
InvalidateRect
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
SetFocus
DispatchMessageW
TranslateMessage
GetMessageW
GetFocus
SetTimer
KillTimer
SetCapture
ReleaseCapture
PostMessageW
PtInRect
GetParent
DefWindowProcW
EnableWindow
GetMonitorInfoW
LoadCursorW
LoadImageW
GetSystemMetrics
GetDC
RegisterClassExW
GetClassInfoExW
CallWindowProcW
GetPropW
SetPropW
AdjustWindowRectEx
GetMenu
CharNextW
IsZoomed
FillRect
InvalidateRgn
CreateAcceleratorTableW
MoveWindow
IntersectRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
DrawTextW
CharPrevW
SetRect
SetWindowTextW
DestroyWindow
SetCursor
wvsprintfW
UnionRect
InflateRect
OffsetRect
RegisterClassW
wsprintfW
PostQuitMessage
UnregisterClassW
ReleaseDC
MonitorFromWindow
IsWindow
GetWindow
GetDesktopWindow
GetWindowTextLengthW
GetWindowTextW
wsprintfA
GetWindowThreadProcessId
FindWindowA
SetWindowLongW
GetWindowLongW
ScreenToClient
MessageBoxW
GetWindowRect
GetClientRect
SetWindowRgn
AppendMenuW
GetSystemMenu
EndDialog
DialogBoxParamW
IsIconic
ShowWindow

gdi32

DeleteDC
Rectangle
BitBlt
SaveDC
SelectObject
CreateCompatibleBitmap
RestoreDC
SetWindowOrgEx
GetStockObject
GetObjectW
CreatePen
DeleteObject
CreateRoundRectRgn
CreateCompatibleDC
GetTextMetricsW
GetDeviceCaps
SelectClipRgn
GetObjectType
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
CombineRgn
CreateDIBSection
StretchBlt
SetStretchBltMode
ExtTextOutW
SetBkColor
CreateSolidBrush
LineTo
MoveToEx
CreatePenIndirect
RoundRect
SetTextColor
SetBkMode
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
GdiFlush
GetObjectA
CreateFontIndirectW

advapi32

MD5Update
AdjustTokenPrivileges
LookupPrivilegeValueW
MD5Init
OpenProcessToken
MD5Final

shell32

ShellExecuteW

ole32

CLSIDFromProgID
OleLockRunning
CLSIDFromString
CoInitialize
CoUninitialize
CoCreateInstance

comctl32

ord17
_TrackMouseEvent

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
HttpQueryInfoW

shlwapi

wvnsprintfW

psapi

GetModuleBaseNameW
EnumProcessModules

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

gdiplus

GdipCreateFromHDC
GdipDrawString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDeleteGraphics
GdipSetTextRenderingHint
GdiplusStartup
GdiplusShutdown
GdipCreateLineBrushI
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b826bea79db0611dc505a9748719b8a4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

wininet

shlwapi

psapi

oleaut32

gdiplus

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 330KB - Virtual size: 329KB

.data Size: 28KB - Virtual size: 58KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 58KB - Virtual size: 58KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 330KB - Virtual size: 329KB

.data
Size: 28KB - Virtual size: 58KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 58KB - Virtual size: 58KB