781e644e3e272cd3ca5855d48bea218fb2871144aa1db65d8a5a455080691fa9

Sharing

Copy URL

Twitter E-mail

General

Target

781e644e3e272cd3ca5855d48bea218fb2871144aa1db65d8a5a455080691fa9
Size

2.7MB
MD5

4e334e69ee3067a44d212399f85588d7
SHA1

cba790e890e7e3f2ec703152c0593b74a6a00774
SHA256

781e644e3e272cd3ca5855d48bea218fb2871144aa1db65d8a5a455080691fa9
SHA512

5ba0876f1aa95366ce11272d7578afe8dc95ae9b4928e67fd637f2506b61cbc9d3871dce3dfe7b43f763ce5d560018c9da2b500b636ef56fc3ad0cc01ff2a5bd
SSDEEP

49152:SA96oYUX4WCT1tKYMCDLoxb7UkSD8hQiaPkreCucxqOe39:SA96RUWjhMMLoN7BSYhNSb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
781e644e3e272cd3ca5855d48bea218fb2871144aa1db65d8a5a455080691fa9

Files

781e644e3e272cd3ca5855d48bea218fb2871144aa1db65d8a5a455080691fa9
.exe windows x86

36f8528ed8141d06ac53fdb710f45a9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
GetDiskFreeSpaceExW
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
GetSystemInfo
GetSystemDirectoryW
GetNativeSystemInfo
PostQueuedCompletionStatus
GetExitCodeThread
CreateIoCompletionPort
InterlockedExchange
GetQueuedCompletionStatus
GetThreadLocale
SetThreadLocale
GetFileAttributesExW
lstrcmpA
FileTimeToSystemTime
FormatMessageA
SleepEx
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
QueryPerformanceCounter
LoadLibraryA
GlobalMemoryStatus
FlushConsoleInputBuffer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetACP
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
ExitProcess
SetFilePointerEx
GetDriveTypeW
GetModuleHandleExW
ExitThread
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
TryEnterCriticalSection
WaitForSingleObjectEx
DuplicateHandle
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
lstrlenA
MoveFileExW
SetFileAttributesW
SystemTimeToFileTime
GetSystemTime
GetComputerNameW
GlobalFree
SetFilePointer
LocalFree
DeviceIoControl
GetPrivateProfileStringW
GetStartupInfoW
CreatePipe
CreateProcessW
RemoveDirectoryW
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetShortPathNameW
GetCurrentThread
SetThreadPriority
GetCurrentProcess
SetPriorityClass
GetEnvironmentVariableW
GetTempPathW
lstrlenW
TerminateThread
WaitForSingleObject
InitializeCriticalSection
GetVersionExW
FreeResource
GetVersion
GlobalAlloc
MulDiv
GetCurrentProcessId
OpenProcess
GetModuleHandleA
VerifyVersionInfoW
VerSetConditionMask
GetTickCount
LoadLibraryExW
lstrcmpiW
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
SetLastError
RaiseException
GetCurrentThreadId
FindClose
FindNextFileW
FindFirstFileW
OutputDebugStringW
CopyFileW
CreateDirectoryW
DeleteFileW
Sleep
CreateThread
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
ReadFile
GetFileSize
FlushFileBuffers
WriteFile
GetModuleHandleW
GetProcAddress
CreateFileW
GetLastError
CloseHandle
SetEnvironmentVariableA
WriteConsoleW
SetConsoleMode

user32

RegisterClassExW
GetClassInfoExW
LoadCursorW
UnregisterClassW
SendMessageW
DestroyWindow
DefWindowProcW
GetWindowLongW
CallWindowProcW
KillTimer
PostMessageW
SetTimer
PostQuitMessage
LoadIconW
SetFocus
MapWindowPoints
GetClientRect
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
ShowWindow
GetDlgItem
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
MessageBoxW
SetWindowTextW
CreateWindowExW
SetRectEmpty
EqualRect
SetCursor
ClientToScreen
GetCursorPos
PtInRect
ScreenToClient
GetDoubleClickTime
IntersectRect
GetDC
ReleaseDC
SystemParametersInfoW
BeginPaint
EndPaint
IsIconic
InvalidateRect
TrackMouseEvent
SetCapture
ReleaseCapture
SetForegroundWindow
FindWindowExW
IsWindow
RegisterClipboardFormatW
GetSysColor
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW
IsClipboardFormatAvailable
SetWindowRgn
MoveWindow
EnableWindow
GetForegroundWindow
GetWindowTextW
IsWindowVisible
IsZoomed
MonitorFromRect
OffsetRect
SetLayeredWindowAttributes
LoadImageW
IsRectEmpty
GetIconInfo
SetCaretPos
DrawIconEx
FillRect
DrawTextW
UpdateLayeredWindow
GetWindowTextLengthW
GetFocus
UpdateWindow
GetKeyState
SetActiveWindow
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
GetCaretBlinkTime
CreateCaret
CopyRect
SetWindowLongW
SetWindowPos

gdi32

ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
SetTextCharacterExtra
GetCurrentObject
GetTextColor
CreateFontIndirectW
Rectangle
CreatePen
SetBkColor
SetTextColor
SetBkMode
CreateSolidBrush
SetBitmapBits
RestoreDC
StretchBlt
SetStretchBltMode
SetPixel
GetObjectW
CreateDIBSection
CreateRectRgn
CombineRgn
CreateRoundRectRgn
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC
GetDeviceCaps
GetStockObject
GetViewportOrgEx
GetBitmapBits

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeleteService
CloseServiceHandle
ControlService
QueryServiceStatus
OpenServiceW
OpenSCManagerW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountNameW
GetUserNameW
RegEnumKeyW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetMalloc
ord165
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderLocation

ole32

CoInitializeSecurity
OleRun
RegisterDragDrop
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysAllocString
VarUI4FromStr
GetErrorInfo
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysStringLen
VariantInit
VarBstrCmp
VariantCopy
VariantClear

shlwapi

PathRemoveBackslashW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
StrCmpIW
PathIsDirectoryW
PathCombineW
PathFindFileNameW
SHDeleteValueW
SHSetValueW
SHDeleteKeyW
SHGetValueW
PathSearchAndQualifyW
PathIsRootW

comctl32

ord17
InitCommonControlsEx

msimg32

AlphaBlend

wininet

HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetCrackUrlW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

gdiplus

GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipDrawString
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDeleteFont
GdiplusStartup
GdipDeleteGraphics
GdipDeleteFontFamily

riched20

ord4

psapi

GetModuleFileNameExW

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

ws2_32

getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
htons
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
getsockopt
select
getservbyname
gethostbyname
htonl
shutdown
ntohs
gethostname

wldap32

ord133
ord147
ord79
ord46
ord14
ord142
ord167
ord127
ord27
ord26
ord118
ord41
ord301
ord216
ord208
ord145

netapi32

Netbios

iphlpapi

GetAdaptersInfo
GetIpAddrTable

secur32

GetUserNameExW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36f8528ed8141d06ac53fdb710f45a9b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

wininet

gdiplus

riched20

psapi

crypt32

ws2_32

wldap32

netapi32

iphlpapi

secur32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 508KB - Virtual size: 507KB

.data Size: 57KB - Virtual size: 166KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 222KB - Virtual size: 222KB

.reloc Size: 101KB - Virtual size: 100KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 508KB - Virtual size: 507KB

.data
Size: 57KB - Virtual size: 166KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 222KB - Virtual size: 222KB

.reloc
Size: 101KB - Virtual size: 100KB