c98f2abb95e7a367f50482e84b6e0d86bb869e1d87c57f484dc9069617036666

Sharing

Copy URL Twitter E-mail

General

Target

c98f2abb95e7a367f50482e84b6e0d86bb869e1d87c57f484dc9069617036666
Size

3.2MB
MD5

ec3237b0cd6a217d403b75f48d237627
SHA1

e1198898aa404c1b2e2a62ddec2cb306d1d7f581
SHA256

c98f2abb95e7a367f50482e84b6e0d86bb869e1d87c57f484dc9069617036666
SHA512

b777962d8e8200953f9c90bfc30f4cc9d48cb01b99f214f2d495c8977f3ba907ded239d89b4dca2b12d16ff467f905b69ae8626929155af0c66bba92b1b99b5f
SSDEEP

98304:fKjFnM2TdO8BexqyhO1z+y4IGbxiGpYyd53V:fMxM+7yM1UQGGydJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c98f2abb95e7a367f50482e84b6e0d86bb869e1d87c57f484dc9069617036666

Files

c98f2abb95e7a367f50482e84b6e0d86bb869e1d87c57f484dc9069617036666
.exe windows x86

570a7030bc5105e160ef32c9f3d2a8bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
SetErrorMode
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetCommandLineW
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetTimeZoneInformation
ExitThread
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapQueryInformation
GetStdHandle
GetFileType
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateSemaphoreW
IsValidCodePage
GetCPInfo
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
TlsAlloc
ReadConsoleW
OutputDebugStringW
LCMapStringW
SetEnvironmentVariableA
WriteConsoleW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
VirtualProtect
VirtualFree
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
GlobalFindAtomW
GetSystemDirectoryW
EncodePointer
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
FreeResource
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GetVersionExW
GetCurrentThread
SetThreadPriority
CreateEventW
SetEvent
GetFileAttributesExW
FileTimeToLocalFileTime
GetCurrentProcessId
LoadLibraryExW
GetCurrentProcess
DuplicateHandle
GetVolumeInformationW
FlushFileBuffers
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleW
OutputDebugStringA
MultiByteToWideChar
FreeLibrary
SetLastError
GetVersionExA
LoadLibraryA
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
LoadLibraryW
LocalFileTimeToFileTime
SetFileTime
GetFileTime
SetEndOfFile
ReadFile
WriteFile
GetFileSize
QueryPerformanceCounter
InitializeCriticalSection
CreateThread
GetOEMCP
GetACP
GetComputerNameW
FormatMessageA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
CompareFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetSystemTime
MoveFileExW
MoveFileW
CopyFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
CreateFileW
GetFullPathNameW
CreateDirectoryW
GetCurrentDirectoryW
GetCurrentDirectoryA
GetModuleHandleA
FindClose
SetFilePointer
GetProcAddress
DeleteCriticalSection
DecodePointer
EnterCriticalSection
HeapSize
GetLastError
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
Sleep
GetModuleFileNameW
CloseHandle
CreateProcessW
FindResourceW
LoadResource
LockResource
SetFilePointerEx
SizeofResource

user32

MonitorFromWindow
WinHelpW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetWindowTextW
RemovePropW
GetPropW
SetPropW
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
SetWindowPos
CreateWindowExW
GetClassInfoExW
PostMessageW
GetMonitorInfoW
EnableWindow
LoadIconW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
SetCursor
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
CopyRect
ReleaseDC
GetDC
GetDesktopWindow
SetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
PostQuitMessage
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
SetWindowTextW
IsDialogMessageW
DrawTextW
PeekMessageW
DispatchMessageW
ShowWindow
UnregisterClassW
SendMessageW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendDlgItemMessageA
GetParent
GetSubMenu
GetMenuItemID
GetMenuItemCount
CharUpperW
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetWindowThreadProcessId
GetLastActivePopup
UnhookWindowsHookEx
GetMessageW
TranslateMessage
DrawTextExW
GrayStringW
TabbedTextOutW
BeginPaint
EndPaint
ClientToScreen
LoadCursorW
RealChildWindowFromPoint
SetTimer
KillTimer
InvalidateRect
DestroyMenu
RegisterWindowMessageW
GetSysColorBrush

gdi32

SetMapMode
SelectObject
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteObject
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
DeleteDC

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

CryptGetUserKey
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
CryptHashData
CryptImportKey
CryptExportKey
CryptDeriveKey
CryptEnumProvidersA
CryptGetProvParam
RegOpenKeyW
CryptDestroyKey
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptSetHashParam
CryptAcquireContextW
RegSetValueExW
RegQueryValueExA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
GetUserNameA
RegCloseKey
RegEnumValueA
RegOpenKeyExA

shell32

ShellExecuteW
ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

ole32

CoTaskMemFree
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocString
SysFreeString

ws2_32

inet_addr
inet_ntoa
ntohs
recv
select
send
setsockopt
shutdown
socket
gethostbyname
WSAStartup
WSAGetLastError
getsockname
htons
__WSAFDIsSet
bind
closesocket
connect
ioctlsocket
getsockopt

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 775KB - Virtual size: 775KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 250KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

��i�u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

570a7030bc5105e160ef32c9f3d2a8bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

oleacc

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 775KB - Virtual size: 775KB

.data Size: 250KB - Virtual size: 290KB

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 96KB - Virtual size: 95KB

��i�u� Size: 16KB - Virtual size: 20KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 775KB - Virtual size: 775KB

.data
Size: 250KB - Virtual size: 290KB

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 96KB - Virtual size: 95KB

��i�u�
Size: 16KB - Virtual size: 20KB