ea28784a447fac331db27e0037e6b06b32233644b159bef6d012bff699acd1e9

Sharing

Copy URL

Twitter E-mail

General

Target

ea28784a447fac331db27e0037e6b06b32233644b159bef6d012bff699acd1e9
Size

4.2MB
MD5

6494eb840ea95a518f78ab024eb68427
SHA1

8d88293f577078dfe2ae28e25e9fe85d26cf8c56
SHA256

ea28784a447fac331db27e0037e6b06b32233644b159bef6d012bff699acd1e9
SHA512

c372cd2f7e3d743ed6a393d29b2aeeace1efb56bf30598a99233759eebedc6395ba9d033c7b0c6123243f0d76669347dcff00b1ca8a6068604a5f0b6e0fb3f06
SSDEEP

49152:FDUTbCqtAIfFTsYrUS5KpEWwFrfsRWiX9RvokOUoMGocYXfdqNS:FDUXltFfpsYqlwtAX99okOnlYXfB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea28784a447fac331db27e0037e6b06b32233644b159bef6d012bff699acd1e9

Files

ea28784a447fac331db27e0037e6b06b32233644b159bef6d012bff699acd1e9
.exe windows x86

196bc68e8c4b1d2cc2eb36ce1d719c3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
DeleteFileW
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
GetModuleHandleW
CompareStringW
lstrlenW
FlushInstructionCache
SetLastError
lstrcmpiW
GetCurrentThreadId
FindResourceW
LoadResource
SizeofResource
LockResource
GetPrivateProfileStringW
GetModuleFileNameW
WritePrivateProfileStringW
CreateProcessW
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
CreateDirectoryW
CopyFileW
GetLongPathNameW
ResumeThread
GetACP
SetFileTime
UnlockFile
FindClose
GetTempFileNameW
MoveFileExW
MoveFileW
GetWindowsDirectoryW
SetFileAttributesW
SetEvent
ResetEvent
CreateEventW
InterlockedExchangeAdd
GetComputerNameW
InterlockedDecrement
DeviceIoControl
InterlockedCompareExchange
WaitForSingleObject
HeapFree
lstrlenA
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetOEMCP
IsValidCodePage
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
LoadLibraryExW
ExitThread
QueryPerformanceCounter
CreateThread
GetCommandLineW
GetModuleHandleExW
ExitProcess
IsDebuggerPresent
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetStringTypeW
EncodePointer
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
GetProcAddress
LoadLibraryW
GetCurrentProcess
FreeLibrary
GetCurrentProcessId
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
TerminateProcess
OpenProcess
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException
FindFirstFileW
InitializeCriticalSectionAndSpinCount

user32

FindWindowExW
GetWindowThreadProcessId
GetMessageW
IsChild
SendDlgItemMessageW
SetForegroundWindow
TranslateMessage
PeekMessageW
LoadBitmapW
CloseDesktop
EnumDesktopWindows
CreateDesktopW
GetDesktopWindow
LoadImageW
GetWindow
GetMonitorInfoW
SetWindowTextW
MapWindowPoints
SendMessageW
MessageBoxW
SetWindowPos
EndDialog
SetWindowLongW
GetDlgItem
CreateDialogParamW
GetSystemMetrics
IsWindowVisible
DispatchMessageW
GetSystemMenu
DeleteMenu
PostQuitMessage
GetFocus
DrawFocusRect
EndPaint
MonitorFromWindow
GetWindowTextW
GetWindowLongW
LoadIconW
GetClientRect
GetParent
KillTimer
UnregisterClassW
GetWindowRect
SetTimer
IsWindow
PostMessageW
MoveWindow
DestroyWindow
SetCursor
GetWindowTextLengthW
ScreenToClient
CharNextW
FillRect
SetCapture
DrawTextW
DialogBoxParamW
LoadCursorW
IsWindowEnabled
SetFocus
SetRectEmpty
BeginPaint
PtInRect
GetCapture
OffsetRect
SystemParametersInfoW
GetClassNameW
ReleaseDC
GetCursorPos
GetActiveWindow
CreateWindowExW
ReleaseCapture
UpdateWindow
CallWindowProcW
DefWindowProcW
ClientToScreen
InvalidateRect
GetSysColor
ShowWindow
EnableWindow
GetDlgCtrlID
GetDC

gdi32

CreateDIBSection
GetDeviceCaps
GetDIBits
CreateDCW
ExtTextOutW
GetObjectW
DeleteObject
CreateFontIndirectW
SelectObject
DeleteDC
RealizePalette
GetStockObject
SetBkMode
SetTextColor
CreateFontW
CreateCompatibleDC
StretchBlt
SetTextAlign
SelectPalette
CreateSolidBrush

advapi32

RegQueryValueExW
RegDeleteValueW
RegCloseKey
GetUserNameW
RegEnumKeyW
RegQueryInfoKeyW
RegOpenKeyExW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
SHChangeNotify

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
OleUninitialize
OleInitialize

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent

wininet

HttpEndRequestW
InternetWriteFile
InternetReadFile
InternetCrackUrlW
HttpSendRequestExW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetOpenW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024KB - Virtual size: 195.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

196bc68e8c4b1d2cc2eb36ce1d719c3d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

wininet

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 132KB - Virtual size: 132KB

.data Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 1024KB - Virtual size: 195.7MB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 132KB - Virtual size: 132KB

.data
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 1024KB - Virtual size: 195.7MB

.reloc
Size: 33KB - Virtual size: 33KB