99e3a1e62aea39b056c997112625efe9bb5ff03f5a631dc6e5db808d75e04738

Sharing

Copy URL Twitter E-mail

General

Target

99e3a1e62aea39b056c997112625efe9bb5ff03f5a631dc6e5db808d75e04738
Size

823KB
MD5

6e90422d6f2e957140384258b209d7e8
SHA1

4a9b7f440abf9874a674fdbbdf1c775ff909f09a
SHA256

99e3a1e62aea39b056c997112625efe9bb5ff03f5a631dc6e5db808d75e04738
SHA512

1253407b43f6f8fa5f9754d6ad1c5e3f800b289fa348bc336dd47bf1625f6f4db71db0a884027a659d8b8a7ace7ec48b6d61bd838ac2a9a3b46b89696523594b
SSDEEP

12288:E0st7tmU2h/LghiifuuNe3Mrf0W0KRvqv7T/:Ex2hj3MrfVPJq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99e3a1e62aea39b056c997112625efe9bb5ff03f5a631dc6e5db808d75e04738

Files

99e3a1e62aea39b056c997112625efe9bb5ff03f5a631dc6e5db808d75e04738
.exe windows x86

6ba5efcd438508437976b98ee73773a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DecodePointer
EncodePointer
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapQueryInformation
HeapSize
HeapReAlloc
GetStringTypeW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetCurrentThread
SetConsoleCtrlHandler
CreateThread
WaitForSingleObjectEx
CloseHandle
WriteConsoleW
OutputDebugStringW
OutputDebugStringA
GetFileType
GetSystemInfo
LocalFree
GetVersionExW
GetCurrentThreadId
CreateMutexW
ReleaseMutex
FreeEnvironmentStringsW
GetLastError
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameA
GetModuleHandleExW
GetStdHandle
WriteFile
ExitProcess
GetACP
HeapValidate
CreateFileW

user32

EnableWindow
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetMonitorInfoW
MonitorFromPoint
LoadIconW
LoadCursorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowW
GetParent
SetWindowLongW
GetWindowLongW
GetSysColorBrush
ScreenToClient
GetCursorPos
MessageBoxW
GetWindowRect
GetWindowTextW
SetForegroundWindow
GetForegroundWindow
GetKeyState
GetFocus
SetFocus
GetNextDlgTabItem
GetDlgItem
CreateDialogParamW
SetWindowPos
ShowWindow
DestroyWindow
UnregisterClassW
RegisterClassW
PostQuitMessage
DefWindowProcW
PostMessageW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW

advapi32

RegSetValueExW
RegSetKeySecurity
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.textbss
Size: - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 617KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ba5efcd438508437976b98ee73773a2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.textbss Size: - Virtual size: 285KB

.text Size: 617KB - Virtual size: 616KB

.rdata Size: 142KB - Virtual size: 141KB

.data Size: 3KB - Virtual size: 9KB

.idata Size: 5KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 31KB - Virtual size: 31KB

.reloc Size: 22KB - Virtual size: 22KB

.textbss
Size: - Virtual size: 285KB

.text
Size: 617KB - Virtual size: 616KB

.rdata
Size: 142KB - Virtual size: 141KB

.data
Size: 3KB - Virtual size: 9KB

.idata
Size: 5KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 22KB - Virtual size: 22KB