7245bdcc34c5270e6f486b740fb29646[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

7245bdcc34c5270e6f486b740fb29646.exe
Size

4.3MB
MD5

7245bdcc34c5270e6f486b740fb29646
SHA1

557232473774b22478635a5f119eb59fee49391d
SHA256

8fb8793e4913dfc78de2e6b7329239564e30398cb6016d8ee1322fc16c8d8b00
SHA512

ee03d51693c9ea89a5af12ced576d3c70729f648fe41dae6d7c60d0230f340e330b91131bcb4e3d19453b96cd92df86ad3aa3fc3432082f20357186c4748c4df
SSDEEP

98304:ETES4udRm02akxZByptVRXSJb5ZQjr56X8wSx9C9RJgKBXyKOP2cKZcKYFLOAkGu:ctbkZBKXwQjr5ft4/c2cKZ8FLOyomFHW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7245bdcc34c5270e6f486b740fb29646.exe

Files

7245bdcc34c5270e6f486b740fb29646.exe
.exe windows x86

6068bbc2baecca13d75bdbe3a684dac4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
GetProcessHeap
SetEnvironmentVariableA
LCMapStringW
GetStringTypeW
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapDestroy
HeapCreate
IsValidCodePage
IsValidLocale
GetDriveTypeW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
EnumSystemLocalesA
WriteConsoleW
GetTimeZoneInformation
GetStdHandle
GetLocaleInfoW
SetConsoleCtrlHandler
FatalAppExitA
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
HeapReAlloc
GetSystemTimeAsFileTime
CreateThread
ExitThread
VirtualQuery
VirtualAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapFree
EncodePointer
DecodePointer
ExitProcess
RaiseException
RtlUnwind
LocalLock
LocalUnlock
FindResourceExW
SetErrorMode
GetNumberFormatA
GetWindowsDirectoryA
VirtualProtect
GetFileSizeEx
SetFileAttributesA
GetFileAttributesExA
FileTimeToLocalFileTime
GetShortPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
MoveFileA
lstrcmpiA
GetStringTypeExA
GetTempPathA
GetProfileIntA
SearchPathA
GetACP
GetAtomNameA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
TlsGetValue
LocalAlloc
GlobalFlags
FileTimeToSystemTime
GetThreadLocale
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
ReplaceFileA
GetUserDefaultLCID
GetTickCount
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetFileSize
GlobalReAlloc
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
FormatMessageA
LocalFree
lstrlenW
MulDiv
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FindResourceA
FreeResource
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
FreeLibrary
CompareStringA
LoadLibraryW
lstrcmpW
GlobalLock
GlobalUnlock
GetCurrentProcessId
GlobalGetAtomNameA
GlobalAddAtomA
MultiByteToWideChar
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
WriteFile
SetFileTime
GetCurrentDirectoryA
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
lstrlenA
SystemTimeToFileTime
ReadFile
SetFilePointer
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
InterlockedIncrement
OpenProcess
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
GetModuleFileNameA
lstrcpyA
lstrcatA
WritePrivateProfileStringA
WideCharToMultiByte
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GlobalMemoryStatusEx
GetSystemInfo
DeleteFileA
CreateFileA
CreateFileMappingA
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CloseHandle
FindFirstFileA
FindClose
Sleep
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
GetProcAddress
GetModuleHandleA
CompareStringW
LoadLibraryA

user32

MapVirtualKeyA
GetKeyNameTextA
ReleaseDC
GetDC
LockWindowUpdate
GetUpdateRect
UnionRect
SetRect
GetSysColorBrush
SetClassLongA
CharUpperA
GetAsyncKeyState
NotifyWinEvent
MessageBeep
LoadCursorA
LoadCursorW
WindowFromPoint
SetCapture
KillTimer
SetTimer
GetSystemMenu
DeleteMenu
RegisterClipboardFormatA
SetMenuDefaultItem
DrawIconEx
IsMenu
GetMenuDefaultItem
GetCursorPos
AppendMenuA
ScrollWindowEx
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
SetWindowsHookExA
CallNextHookEx
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetClassNameA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
GetMenuBarInfo
WinHelpA
SetWindowPos
LoadImageA
DestroyIcon
SetFocus
GetActiveWindow
IsWindowEnabled
EqualRect
GetDlgItem
SetWindowLongA
GetDlgCtrlID
GetKeyState
LoadIconW
RemoveMenu
InsertMenuA
GetMenuStringA
SetCursor
PeekMessageA
PostThreadMessageA
WaitMessage
SetRectEmpty
InflateRect
GetSubMenu
ReleaseCapture
LoadAcceleratorsA
SetActiveWindow
InsertMenuItemA
GetMenuItemID
GetMenuItemCount
CreatePopupMenu
GetClassInfoA
IntersectRect
GetMenu
GetLastActivePopup
BringWindowToTop
SetMenu
GetDesktopWindow
ShowWindow
GetWindowLongA
ValidateRect
TranslateMessage
GetMessageA
FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
GetMenuItemInfoA
SystemParametersInfoA
DrawStateA
TranslateAcceleratorA
IsWindow
DestroyWindow
GetSystemMetrics
GetClassLongA
SetForegroundWindow
SetParent
GetTopWindow
GetCapture
IsWindowVisible
SetWindowRgn
DrawEdge
DrawFrameControl
DrawFocusRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
OpenClipboard
CopyImage
LoadMenuW
GetWindowRect
GetClientRect
ScreenToClient
UpdateWindow
InvalidateRect
GetParent
SendMessageA
EnableWindow
IsChild
GetFocus
GetSysColor
LoadBitmapW
FindWindowExA
FindWindowA
GetWindowThreadProcessId
ClientToScreen
RedrawWindow
IsIconic
wsprintfA
GetWindow
CopyRect
IsRectEmpty
OffsetRect
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetIconInfo
PostMessageA
IsZoomed
CharUpperBuffA
FrameRect
ShowOwnedPopups
InvertRect
HideCaret
InSendMessage
SetCursorPos
RealChildWindowFromPoint
CopyAcceleratorTableA
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
IsClipboardFormatAvailable
CopyIcon
SubtractRect
UnregisterClassA
GetDoubleClickTime
SendNotifyMessageA
EnumChildWindows
GetDialogBaseUnits
DestroyCursor
DrawIcon
MapDialogRect
GetNextDlgGroupItem
GetDCEx
IsCharLowerA
MapVirtualKeyExA
CreateMenu
GetWindowRgn
WindowFromDC
GetTabbedTextExtentW
GetTabbedTextExtentA
PostQuitMessage
SetLayeredWindowAttributes
EnumDisplayMonitors
DestroyAcceleratorTable
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData

gdi32

SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateEllipticRgn
CreatePolygonRgn
CombineRgn
GetBkColor
Polyline
Ellipse
Polygon
SetBkMode
GetDIBits
RealizePalette
StretchBlt
SetPixel
SetRectRgn
GetMapMode
DPtoLP
SetTextJustification
EnumFontFamiliesA
GetTextCharsetInfo
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
Rectangle
RoundRect
GetCharWidthA
CreateFontA
StretchDIBits
OffsetRgn
GetRgnBox
GetViewportOrgEx
LPtoDP
ExtFloodFill
CreatePalette
GetPaletteEntries
SetPaletteEntries
GetWindowOrgEx
GetNearestPaletteIndex
GetSystemPaletteEntries
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetTextExtentPoint32W
EnumFontFamiliesExA
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
SetPixelV
SetTextAlign
MoveToEx
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetDeviceCaps
PatBlt
BitBlt
CreateRoundRectRgn
CreatePen
GetTextMetricsA
GetTextColor
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
CreateCompatibleBitmap
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
CreateDIBitmap
SetPolyFillMode
CreateDIBSection
GetCurrentObject
SelectObject
DeleteDC
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
CreateFontIndirectA
SetDIBColorTable
GetTextExtentPoint32A

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

GetJobA
OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CryptDestroyHash
CryptEncrypt
CryptDestroyKey
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegEnumValueA
RegOpenKeyExW
RegEnumKeyExA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueA
RegCloseKey
CryptImportKey

shell32

ShellExecuteA
DragFinish
DragQueryFileA
SHAppBarMessage
SHGetFileInfoA
ShellExecuteExA
ExtractIconA
SHAddToRecentDocs
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder

comctl32

ImageList_Create
ImageList_DrawEx
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_GetIcon
ImageList_ReplaceIcon
InitCommonControlsEx

shlwapi

PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA
PathStripPathA

ole32

CoGetMalloc
IsAccelerator
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleRun
CLSIDFromProgID
OleRegEnumVerbs
OleTranslateAccelerator
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateGenericComposite
CreateItemMoniker
OleGetIconOfClass
OleCreateLinkToFile
CoDisconnectObject
OleGetClipboard
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleLockRunning
OleSetMenuDescriptor
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CoInitializeEx
StgCreateDocfileOnILockBytes
OleSave
WriteClassStm
OleSaveToStream
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreate
OleLoad
GetHGlobalFromILockBytes
OleSetContainedObject
OleRegGetMiscStatus
StgIsStorageFile
StgOpenStorage
CreateFileMoniker
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfile
CLSIDFromString
StringFromGUID2
PropVariantCopy
OleInitialize
CreateDataAdviseHolder
CoFreeUnusedLibraries
OleUninitialize
CoCreateGuid
CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateOleAdviseHolder
GetRunningObjectTable
OleCreateFromFile
OleSetClipboard

oleaut32

LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
GetErrorInfo
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SetErrorInfo
SafeArrayPutElement
CreateErrorInfo

oledlg

ord8

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageGraphicsContext

wldap32

ord211
ord143
ord60
ord50
ord22
ord30
ord200
ord32
ord35
ord33
ord301
ord27
ord41
ord46
ord26
ord79

ws2_32

ntohl
htonl
gethostname
ioctlsocket
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup

crypt32

CertFreeCertificateContext

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6068bbc2baecca13d75bdbe3a684dac4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

wldap32

ws2_32

crypt32

oleacc

imm32

winmm

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 532KB - Virtual size: 532KB

.data Size: 33KB - Virtual size: 63KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 188KB - Virtual size: 187KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 532KB - Virtual size: 532KB

.data
Size: 33KB - Virtual size: 63KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 188KB - Virtual size: 187KB