328c1eafa03273c811c8f6016186bba8691fcb0b9e46e5f953b705055c4d7227

Sharing

Copy URL Twitter E-mail

General

Target

328c1eafa03273c811c8f6016186bba8691fcb0b9e46e5f953b705055c4d7227
Size

4.9MB
MD5

6093ce6815b8a99e2daba4ea274771e4
SHA1

77b2ed4488644582a4a682e276500b6ac901584a
SHA256

328c1eafa03273c811c8f6016186bba8691fcb0b9e46e5f953b705055c4d7227
SHA512

26a1cf6dfac87a918b1d85c4eb0c98217cf47d5c7318a93b506e5db8136a47389da816829faffe450ed2941777aca7871489e82787cbf7ce02fd5aedc416d676
SSDEEP

98304:dIKQ3yUDkvgjxi6Ccm3S7aXsjzWeyKUjzq55+l1/pZ1C+ha:dIKqDkvyxi6JQS7aXs/We8zqea

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
328c1eafa03273c811c8f6016186bba8691fcb0b9e46e5f953b705055c4d7227

Files

328c1eafa03273c811c8f6016186bba8691fcb0b9e46e5f953b705055c4d7227
.exe windows x86

5b83760a03b6e002d0ec6be62abcfb90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

SetEndOfFile
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
InitializeCriticalSection
WideCharToMultiByte
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
ReadFile
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
CompareStringW
FlushInstructionCache
lstrcmpiW
GetCurrentThreadId
WinExec
GetACP
FindFirstFileW
GetLongPathNameW
SetFileTime
GetFileTime
ResumeThread
TerminateThread
OpenThread
GetExitCodeThread
SuspendThread
QueryDosDeviceW
GetTempFileNameW
MoveFileExW
CreateDirectoryW
CopyFileW
GetCurrentDirectoryW
MoveFileW
RemoveDirectoryW
GetWindowsDirectoryW
SetFileAttributesW
GetLocalTime
FindNextFileW
SetEvent
ResetEvent
CreateEventW
InterlockedExchangeAdd
GetLogicalDriveStringsW
GetVolumeInformationW
GetExitCodeProcess
GlobalMemoryStatusEx
GetVersion
InterlockedDecrement
UnmapViewOfFile
GetComputerNameW
DeviceIoControl
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
RtlUnwind
LoadLibraryExW
ExitThread
CreateThread
GetCommandLineW
GetModuleHandleExW
ExitProcess
GetCPInfo
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
EncodePointer
CreateFileW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
InterlockedExchange
GetEnvironmentVariableW
MapViewOfFile
SetFilePointer
GetFileSize
CreateFileA
HeapReAlloc
FormatMessageW
GetProcAddress
GetVersionExW
GetModuleHandleW
GetCurrentProcess
FileTimeToSystemTime
GetFileSizeEx
LocalFree
Sleep
GetTickCount
LockResource
GetFileAttributesW
SizeofResource
LoadResource
FindResourceW
GetCurrentProcessId
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
WaitForMultipleObjects
Process32FirstW
TerminateProcess
OpenProcess
SetLastError
GetFullPathNameA
GetFullPathNameW
LoadLibraryW
FreeLibrary
ReleaseMutex
SetUnhandledExceptionFilter
CreateMutexW
ExpandEnvironmentStringsW
lstrlenW
DeleteFileW
WaitForSingleObject
CreateProcessW
GlobalFree
GlobalUnlock
GlobalAlloc
WriteFile
GlobalLock
WritePrivateProfileStringW
GetModuleFileNameW
GetCurrentThread
GetPrivateProfileStringW
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
FindClose
ReadConsoleW

user32

LoadImageW
LoadBitmapW
DispatchMessageW
IsWindowVisible
CreateDialogParamW
PeekMessageW
TranslateMessage
SetForegroundWindow
IsChild
GetMessageW
GetSystemMetrics
PostQuitMessage
GetFocus
DrawFocusRect
EndPaint
DestroyWindow
SetCursor
GetWindowTextLengthW
ScreenToClient
CharNextW
FillRect
SetCapture
DrawTextW
DialogBoxParamW
LoadCursorW
SetFocus
SetRectEmpty
BeginPaint
PtInRect
GetCapture
OffsetRect
GetClassNameW
GetCursorPos
GetActiveWindow
CreateWindowExW
ReleaseCapture
UpdateWindow
CallWindowProcW
DefWindowProcW
ClientToScreen
InvalidateRect
ShowWindow
EnableWindow
GetDlgCtrlID
MoveWindow
SetTimer
GetWindowRect
KillTimer
GetParent
GetClientRect
LoadIconW
GetWindowLongW
MonitorFromWindow
SetWindowLongW
EndDialog
SetWindowPos
SendMessageW
MapWindowPoints
SetWindowTextW
GetMonitorInfoW
GetWindow
CreateDesktopW
EnumDesktopWindows
IsWindowEnabled
CloseDesktop
GetWindowTextW
GetDlgItem
SendDlgItemMessageW
FindWindowExW
MessageBoxW
GetWindowThreadProcessId
GetDC
ReleaseDC
GetDesktopWindow
SystemParametersInfoW
PostMessageW
IsWindow
UnregisterClassW
GetSysColor

gdi32

CreateDIBSection
GetDeviceCaps
GetDIBits
CreateDCW
SetBkMode
DeleteObject
SelectObject
DeleteDC
ExtTextOutW
RealizePalette
CreateFontW
SelectPalette
GetObjectW
SetTextAlign
GetStockObject
SetTextColor
CreateSolidBrush
CreateFontIndirectW
CreateCompatibleDC
StretchBlt

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
OpenThreadToken
LookupAccountSidW
GetUserNameW
CheckTokenMembership

shell32

SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetFolderPathW
SHFileOperationW
ShellExecuteExW
SHGetPathFromIDListW
ShellExecuteW
SHChangeNotify

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

comctl32

_TrackMouseEvent
InitCommonControlsEx
ImageList_Create

wininet

InternetCloseHandle
HttpEndRequestW
HttpOpenRequestW
HttpQueryInfoW
InternetOpenW
InternetConnectW
InternetReadFile
InternetCrackUrlW
HttpSendRequestExW
HttpSendRequestW
InternetSetOptionW
InternetWriteFile

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024KB - Virtual size: 384.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b83760a03b6e002d0ec6be62abcfb90

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

wininet

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 255KB - Virtual size: 254KB

.data Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 1024KB - Virtual size: 384.8MB

.reloc Size: 64KB - Virtual size: 64KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 255KB - Virtual size: 254KB

.data
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 1024KB - Virtual size: 384.8MB

.reloc
Size: 64KB - Virtual size: 64KB