3915f0f51f5b96cc200c9db28948d9a9f8f4afd0ee72a6d1a9fc0665db1b4359

Sharing

Copy URL

Twitter E-mail

General

Target

3915f0f51f5b96cc200c9db28948d9a9f8f4afd0ee72a6d1a9fc0665db1b4359
Size

1.2MB
MD5

8df92070a36cb355119c7ba2b6c100ba
SHA1

a2347d72de449514b3349c606abdb751ce226852
SHA256

3915f0f51f5b96cc200c9db28948d9a9f8f4afd0ee72a6d1a9fc0665db1b4359
SHA512

a61d5bab31a420d54bd8539941908a20879800a68c94c0a24d8711749cdee626dc1f4e27d7177cc79219f697ee11f459ecf8f0342e116f211e2454e92b0708a3
SSDEEP

12288:2WPZp+dA+XUT5kQrHbvjGlaFQ2pCAhOHb44vaqU7Wgo6KrBd4vHy6xBmjW6BK4Uu:2WxUdA+ET59HZC2MWOE4va1jo9r8xwxB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3915f0f51f5b96cc200c9db28948d9a9f8f4afd0ee72a6d1a9fc0665db1b4359

Files

3915f0f51f5b96cc200c9db28948d9a9f8f4afd0ee72a6d1a9fc0665db1b4359
.exe windows x86

087180b3a822181a78e5ab44f6a60988

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
lstrcatA
lstrlenA
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FormatMessageA
FileTimeToLocalFileTime
OutputDebugStringW
GetProcessTimes
GetCurrentProcessId
TerminateProcess
CreateRemoteThread
OpenThread
SuspendThread
ResumeThread
CreateProcessA
GetProcessId
GetThreadContext
SetThreadContext
OpenProcess
VirtualAlloc
VirtualFree
VirtualProtect
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
MapViewOfFile
UnmapViewOfFile
GetModuleHandleA
GetProcAddress
lstrcmpiA
lstrcpyA
CreateFileMappingA
OpenFileMappingA
LoadLibraryA
FileTimeToSystemTime
CreateToolhelp32Snapshot
Process32First
Process32Next
Thread32First
Thread32Next
Module32First
Module32Next
K32EnumProcesses
K32EnumProcessModules
K32GetModuleFileNameExA
VerSetConditionMask
DeviceIoControl
InitializeCriticalSectionAndSpinCount
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
SetWaitableTimer
Sleep
CreateThread
GetVersionExA
GetNativeSystemInfo
FreeLibrary
GetModuleHandleW
LoadLibraryExA
GlobalReAlloc
LocalAlloc
WaitForMultipleObjects
WinExec
MulDiv
CreateWaitableTimerA
FindResourceA
GetPrivateProfileStringA
VerifyVersionInfoA
IsDBCSLeadByte
GetTickCount
lstrcmpA
MapViewOfFileEx
SetEnvironmentVariableA
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryW
WaitForMultipleObjectsEx
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetTimeZoneInformation
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThread
GetModuleFileNameW
WriteFile
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetStartupInfoW
CreateEventW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
RtlCaptureStackBackTrace
CreateTimerQueue
TryEnterCriticalSection
GetCommandLineA
LoadLibraryExW
ExitThread
VirtualQuery
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
CreateFileA
LockResource
LoadResource
GetModuleFileNameA
FindResourceExW
FlushInstructionCache
GetCurrentThreadId
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
CloseHandle
DecodePointer
OutputDebugStringA
ReadFile
GetFileSize
GetSystemInfo
RtlUnwind
GetStringTypeW
EncodePointer
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
ReadConsoleW

user32

PostMessageA
CallWindowProcA
UnregisterClassA
RegisterClassExA
SendMessageA
CreateWindowExA
GetClientRect
MessageBoxA
SetWindowLongA
EnumChildWindows
GetClassNameA
LoadCursorA
wsprintfW
IsWindow
CharLowerBuffA
EnumWindows
GetWindowThreadProcessId
wsprintfA
CreateDesktopA
GetClassInfoExA
SetWindowPos
EndDialog
GetWindowRect
MapWindowPoints
GetWindowLongA
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoA
RegisterWindowMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
DefWindowProcA
IsChild
DestroyWindow
ShowWindow
MoveWindow
CreateDialogParamA
IsDialogMessageA
SetCursorPos
MessageBeep
EnableWindow
KillTimer
SetTimer
MsgWaitForMultipleObjects
SetDlgItemTextA
DialogBoxParamA
PostQuitMessage
FindWindowA
GetDesktopWindow
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
GetSystemMetrics
DestroyAcceleratorTable
CreateAcceleratorTableA
ReleaseCapture
SetCapture
GetFocus
GetActiveWindow
SetFocus
CharNextA
GetDlgItem

gdi32

GetStockObject
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
GetObjectA

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

ole32

CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize

oleaut32

DispCallFunc
OleCreateFontIndirect
LoadRegTypeLi
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
VarBstrCmp
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VarBstrFromDate
VarUI4FromStr
LoadTypeLi

shlwapi

StrStrIA
PathRemoveFileSpecA
PathFindFileNameA
StrToIntA
StrToInt64ExA
PathRemoveExtensionA
wvnsprintfA
StrCpyNW

gdiplus

GdipDrawLineI
GdiplusShutdown

wininet

InternetOpenA
InternetCloseHandle
InternetCrackUrlA
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionA
HttpSendRequestA
InternetConnectA
HttpQueryInfoA
HttpOpenRequestA
InternetGetLastResponseInfoA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

psapi

GetModuleFileNameExA
EnumProcessModules

imagehlp

ImageUnload
ImageLoad

winmm

waveOutSetVolume
mixerOpen
mixerClose
mixerGetLineControlsA
mixerSetControlDetails
mixerGetLineInfoA

shell32

ShellExecuteExA

Sections

.text
Size: 968KB - Virtual size: 968KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

087180b3a822181a78e5ab44f6a60988

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

gdiplus

wininet

version

psapi

imagehlp

winmm

shell32

Sections

.text Size: 968KB - Virtual size: 968KB

.rdata Size: 214KB - Virtual size: 214KB

.data Size: 23KB - Virtual size: 39KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 56KB - Virtual size: 56KB

.text
Size: 968KB - Virtual size: 968KB

.rdata
Size: 214KB - Virtual size: 214KB

.data
Size: 23KB - Virtual size: 39KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 56KB - Virtual size: 56KB