23236154533d2b643e37f0c18fb8e05901aca85d2300ac3038aeffe266aedf66

Sharing

Copy URL Twitter E-mail

General

Target

23236154533d2b643e37f0c18fb8e05901aca85d2300ac3038aeffe266aedf66
Size

384KB
MD5

be02cce3d407f4dffd3303418964443a
SHA1

01deac9eb7d6618d7c462665c25529978400544a
SHA256

23236154533d2b643e37f0c18fb8e05901aca85d2300ac3038aeffe266aedf66
SHA512

81128954284b1e6a27679e667f07ca92a627a6512d6ecb183834cdd69ba34e506f9138567e225741211d7aad76916e76bce536368bffd218c58b33e43fd9e757
SSDEEP

6144:tSORucy3PFnO9syfuqdvLm/GrRp372zjrNCB4ZAOgkh9xAE:f45yGqdToGrRhk9Ft9xAE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23236154533d2b643e37f0c18fb8e05901aca85d2300ac3038aeffe266aedf66

Files

23236154533d2b643e37f0c18fb8e05901aca85d2300ac3038aeffe266aedf66
.exe windows x86

741d3ad147b8bf225439285acff599c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
MultiByteToWideChar
LoadLibraryW
FreeLibrary
WideCharToMultiByte
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
MoveFileExW
GetTempFileNameW
DeleteFileW
WriteFile
GetTempPathW
CreateFileW
ReadFile
GetFileSize
FlushFileBuffers
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
GetLocalTime
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
HeapReAlloc
LockResource
GetModuleHandleW
HeapSize
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetCurrentProcess
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetLastError
GetProcessHeap
GetFileType
GetACP
GetStdHandle
HeapFree
SizeofResource
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
DeviceIoControl
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
RtlUnwind
CreateThread
ExitThread

advapi32

RegEnumValueW
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExA

shell32

ord165
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoCreateGuid

shlwapi

StrCmpIW
SHGetValueA
SHSetValueA
StrToInt64ExW
PathCombineW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
StrStrIW
PathFindFileNameW
SHSetValueW
PathIsPrefixW

winhttp

WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpSetOption
WinHttpSetCredentials
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReadData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupIterateCabinetW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

741d3ad147b8bf225439285acff599c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

shlwapi

winhttp

version

setupapi

iphlpapi

wininet

urlmon

crypt32

wintrust

Sections

.text Size: 257KB - Virtual size: 256KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 257KB - Virtual size: 256KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB