f964fefcf9c774f7336a1536364900424346871629435d19565fe2c668b708cf

Sharing

Copy URL

Twitter E-mail

General

Target

f964fefcf9c774f7336a1536364900424346871629435d19565fe2c668b708cf
Size

360KB
MD5

bfc9837078dd751530ad53904707fbc7
SHA1

070612245f22697b4179b27c7d8cee194361d0ed
SHA256

f964fefcf9c774f7336a1536364900424346871629435d19565fe2c668b708cf
SHA512

5af2b58b84ad01e33b3419dad9641c216d60d552ef35d33144867e70f5957d6c91af827d18e6f7b54b16209c20518eb2225b368a577607e64a159417b510a70c
SSDEEP

6144:tSORucy3PFnO9syfuqdvLm/GrRp372zjrNCB4ZAOgk9:f45yGqdToGrRhk9FJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f964fefcf9c774f7336a1536364900424346871629435d19565fe2c668b708cf

Files

f964fefcf9c774f7336a1536364900424346871629435d19565fe2c668b708cf
.exe windows x86

741d3ad147b8bf225439285acff599c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
MultiByteToWideChar
LoadLibraryW
FreeLibrary
WideCharToMultiByte
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
MoveFileExW
GetTempFileNameW
DeleteFileW
WriteFile
GetTempPathW
CreateFileW
ReadFile
GetFileSize
FlushFileBuffers
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
GetLocalTime
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
HeapReAlloc
LockResource
GetModuleHandleW
HeapSize
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetCurrentProcess
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetLastError
GetProcessHeap
GetFileType
GetACP
GetStdHandle
HeapFree
SizeofResource
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
DeviceIoControl
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
RtlUnwind
CreateThread
ExitThread

advapi32

RegEnumValueW
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExA

shell32

ord165
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoCreateGuid

shlwapi

StrCmpIW
SHGetValueA
SHSetValueA
StrToInt64ExW
PathCombineW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
StrStrIW
PathFindFileNameW
SHSetValueW
PathIsPrefixW

winhttp

WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpSetOption
WinHttpSetCredentials
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReadData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupIterateCabinetW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

741d3ad147b8bf225439285acff599c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

shlwapi

winhttp

version

setupapi

iphlpapi

wininet

urlmon

crypt32

wintrust

Sections

.text Size: 257KB - Virtual size: 256KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 257KB - Virtual size: 256KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB