836ac07be5fdecb792c0630ec62a40d5cf555dbe3ee1f4c193b7f5a50b55080c

Sharing

Copy URL Twitter E-mail

General

Target

836ac07be5fdecb792c0630ec62a40d5cf555dbe3ee1f4c193b7f5a50b55080c
Size

279KB
MD5

058423938a8aebc350fd8951524774a9
SHA1

3ffaee3bb029fb5d246cc2393d4ac58e979a3147
SHA256

836ac07be5fdecb792c0630ec62a40d5cf555dbe3ee1f4c193b7f5a50b55080c
SHA512

9d22e32d22fa8edd2c21c7608ea6537331d74a71bbb65f783e6fce6cf3b196ad8069ee274aeb371ee4f0e704e19662972803bef93130fcf60235167799b0cf89
SSDEEP

3072:V2l3Cw7SeLW1mLU4vrq6cj6TBfg7+N/r8nRz4hgb:6lvW1yhG6cj6TBI7j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
836ac07be5fdecb792c0630ec62a40d5cf555dbe3ee1f4c193b7f5a50b55080c

Files

836ac07be5fdecb792c0630ec62a40d5cf555dbe3ee1f4c193b7f5a50b55080c
.exe windows x86

d6ce4e2f728e207c5c085ea08fa16dea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
LocalAlloc
MoveFileA
FindNextFileA
GetDiskFreeSpaceExA
LocalFree
DeleteFileA
lstrcpyA
InitializeCriticalSection
CancelIo
DeleteCriticalSection
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetSystemInfo
GetVersionExA
LocalSize
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
PeekNamedPipe
TerminateProcess
GetSystemDirectoryA
DisconnectNamedPipe
CreatePipe
GetCurrentProcess
Process32First
OpenProcess
Process32Next
CreateToolhelp32Snapshot
CreateFileW
ReadConsoleW
SetStdHandle
RemoveDirectoryA
EnumSystemLocalesEx
IsValidLocaleName
LCMapStringEx
GetUserDefaultLocaleName
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LocalReAlloc
GetModuleHandleW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
InitOnceExecuteOnce
GetCurrentThreadId
SetLastError
LoadLibraryW
LoadLibraryExW
OutputDebugStringW
GetProcessHeap
HeapSize
ExitProcess
GetLogicalDriveStringsA
FindFirstFileA
CreateDirectoryA
lstrcatA
ReadFile
HeapReAlloc
CreateProcessA
GetFileAttributesA
GetVolumeInformationA
GetDriveTypeA
WriteFile
lstrlenA
SetFilePointer
GetFileSize
CreateFileA
CreateMutexA
SetConsoleCtrlHandler
GetLastError
GetTickCount
InterlockedExchange
VirtualAlloc
VirtualFree
CreateThread
ResumeThread
CloseHandle
CreateEventA
WaitForSingleObject
Sleep
TerminateThread
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
InitializeCriticalSectionAndSpinCount
RtlUnwind
RaiseException
GetCommandLineA
GetSystemTimeAsFileTime
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetStringTypeW
MultiByteToWideChar
GetLocaleInfoEx
WideCharToMultiByte
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
InterlockedDecrement
InterlockedIncrement
SetEvent
FlushFileBuffers

user32

SetClipboardData
OpenClipboard
BlockInput
EmptyClipboard
GetClipboardData
SetCursorPos
MapVirtualKeyA
WindowFromPoint
SetCapture
CloseClipboard
keybd_event
LoadCursorA
mouse_event
GetSystemMetrics
wsprintfA
GetCursorPos
GetDesktopWindow
DestroyCursor
CharNextA
GetCursorInfo
GetDC
EnumDisplaySettingsA
IsWindowVisible
PostMessageA
ShowWindow
GetWindowTextA
EnumWindows
MoveWindow
SetDlgItemTextA
DialogBoxParamA
SystemParametersInfoA
EndDialog
SendMessageA
SetFocus
LoadIconA
KillTimer
DispatchMessageA
TranslateMessage
GetClientRect
CreateWindowExA
ReleaseDC
GetMessageA
SetTimer

gdi32

DeleteDC
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
BitBlt

advapi32

LookupPrivilegeValueA
RegQueryValueA
AdjustTokenPrivileges
OpenProcessToken
ControlService
UnlockServiceDatabase
QueryServiceConfigA
OpenSCManagerA
ChangeServiceConfigA
StartServiceA
LockServiceDatabase
EnumServicesStatusA
CloseServiceHandle
OpenServiceA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFileInfoA

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString

winmm

waveOutClose
PlaySoundA
waveInGetNumDevs
waveInStart
waveInStop
waveOutPrepareHeader
waveOutGetNumDevs
waveOutOpen
waveInUnprepareHeader
waveOutUnprepareHeader
timeEndPeriod
waveInReset
waveInAddBuffer
waveInOpen
waveInPrepareHeader
waveOutReset
timeBeginPeriod
waveOutWrite
waveInClose

ws2_32

closesocket
socket
gethostbyname
recv
WSACleanup
setsockopt
htons
WSAGetLastError
select
inet_addr
send
gethostname
getsockname
WSAIoctl
connect
inet_ntoa
WSAStartup

avicap32

capGetDriverDescriptionA

msvfw32

ICCompressorFree
ICSeqCompressFrameStart
ICClose
ICOpen
ICSeqCompressFrameEnd
ICSeqCompressFrame
ICSendMessage

psapi

GetModuleFileNameExA
EnumProcessModules

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6ce4e2f728e207c5c085ea08fa16dea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

ws2_32

avicap32

msvfw32

psapi

Sections

.text Size: 162KB - Virtual size: 161KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 7KB - Virtual size: 19KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 7KB - Virtual size: 19KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 36KB - Virtual size: 35KB