7a95277adfb0ccb9c96a79dd0c18649b72f6e028e3502b3cb2510c186ff3e56c

Sharing

Copy URL Twitter E-mail

General

Target

7a95277adfb0ccb9c96a79dd0c18649b72f6e028e3502b3cb2510c186ff3e56c
Size

4.0MB
MD5

eb8113ccafd5756a914a45b59bb6cccd
SHA1

c8c06376bd3bea8a29f6dd339bb147ec532f7df3
SHA256

7a95277adfb0ccb9c96a79dd0c18649b72f6e028e3502b3cb2510c186ff3e56c
SHA512

c2b75e5e3985fb1ea21a0e7160c589766aab8a9e827991d1816ead2611e8003f229dfb3255d0931d212db9c843755ad564d7358b3819516a70d87c0f6e73af68
SSDEEP

49152:z2D0ao5Xk3putqGcvjI9wxLuBtHGCrBLsSfXpTrEFchnhvIb3oaocQB:Qek3JCYFGvIbHQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a95277adfb0ccb9c96a79dd0c18649b72f6e028e3502b3cb2510c186ff3e56c

Files

7a95277adfb0ccb9c96a79dd0c18649b72f6e028e3502b3cb2510c186ff3e56c
.exe windows x64

b6e209cba3ee61b1f8dacb5d68592ea3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

efcatres

r

user32

LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnhookWindowsHookEx
SetWindowsHookExW
PostQuitMessage
IsClipboardFormatAvailable
MoveWindow
GetScrollInfo
CreateMenu
SetMenu
CreatePopupMenu
GetForegroundWindow
ReleaseCapture
SetCapture
GetWindowLongW
SetWindowLongW
IsMenu
GetCursorPos
CharToOemA
CharNextA
OemToCharBuffA
CharLowerW
CharUpperW
CharToOemBuffW
CharPrevA
CharPrevExA
GetWindowLongPtrW
RegisterClassExW
UnregisterClassW
GetClassInfoExW
CreateWindowExW
SetWindowTextW
SetWindowTextA
GetWindowTextW
GetWindowTextLengthW
SetWindowLongPtrW
GetClassLongPtrW
SetClassLongPtrW
PostMessageW
InvalidateRect
DrawTextW
IsWindow
IsWindowVisible
SetFocus
MessageBeep
MessageBoxW
MessageBoxA
DialogBoxParamW
CheckMenuItem
TrackPopupMenuEx
GetSystemMetrics
GetMenuItemInfoW
CallWindowProcW
GetMenuItemCount
SetMenuItemInfoW
CharLowerA
CharUpperA
GetParent
CharUpperBuffA
WindowFromPoint
GetSysColorBrush
GetSysColor
LoadBitmapW
GetMessageTime
GetWindowPlacement
SetWindowPlacement
SetClipboardData
FindWindowW
CharLowerBuffA
ShowWindow
EnableWindow
IsWindowEnabled
LoadImageW
DrawStateW
GetWindow
GetTopWindow
DrawFocusRect
DrawFrameControl
FrameRect
ExitWindowsEx
BringWindowToTop
SetForegroundWindow
SetActiveWindow
IsIconic
GetActiveWindow
ScreenToClient
KillTimer
FillRect
DrawIconEx
SystemParametersInfoW
GetFocus
DestroyMenu
GetDC
ReleaseDC
OpenClipboard
GetClipboardData
CloseClipboard
GetSubMenu
DeleteMenu
InsertMenuItemW
SetTimer
GetDlgItem
DrawIcon
DestroyIcon
EmptyClipboard
WinHelpW
SetWindowPos
GetWindowThreadProcessId
CallNextHookEx
GetDesktopWindow
CreateAcceleratorTableW
DestroyAcceleratorTable
VkKeyScanW
GetDlgItemInt
SetDlgItemInt
BeginPaint
EndPaint
CharUpperBuffW
GetMenu
EnableMenuItem
LoadCursorW
SetCursor
OemToCharBuffW
GetWindowRect
OemToCharA
EndDialog
SendMessageW
PeekMessageW
DestroyWindow
GetClientRect
CheckMenuRadioItem
DefWindowProcW
UpdateWindow
CharLowerBuffW

gdi32

BitBlt
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
GetTextMetricsW
MoveToEx
LineTo
GetStockObject
CreatePen
SetBkColor
GetObjectW
CreateFontIndirectW
CreateSolidBrush
SelectObject
PatBlt
CreateBitmap
CreatePatternBrush
DeleteObject
SetBkMode
GetDeviceCaps
SetTextColor

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
SetFileSecurityW
GetFileSecurityW
SystemFunction036
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegCreateKeyExW
InitiateSystemShutdownW
RegCloseKey
RegSetValueExA

shell32

SHBrowseForFolderW
SHGetDesktopFolder
ord727
SHGetFileInfoW
CommandLineToArgvW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
DragQueryFileW
DragFinish
SHFileOperationW
ShellExecuteExW
SHGetDataFromIDListW

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoSetProxyBlanket

comdlg32

ChooseColorW
GetSaveFileNameW
ChooseFontW
GetOpenFileNameW

comctl32

ImageList_SetBkColor
InitCommonControlsEx
ord17
ImageList_Destroy
ImageList_GetIconSize
ImageList_AddMasked
ImageList_Draw
CreateToolbarEx
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_Create
ImageList_GetIcon
ImageList_Remove

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

mciSendCommandW

wsock32

ioctlsocket
htons
connect
gethostbyname
WSAIsBlocking
WSAStartup
WSACleanup
WSACancelBlockingCall
select
WSASetLastError
closesocket
recv
socket
send

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
CM_Request_Device_EjectW
CM_Query_And_Remove_SubTreeW
CM_Get_Parent
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

kernel32

GetCommandLineW
WaitForMultipleObjects
GetTempPathW
GlobalFree
UnmapViewOfFile
VirtualProtect
GetTimeFormatW
MulDiv
GlobalAlloc
LocalFree
FormatMessageW
OpenProcess
GetSystemDefaultLangID
MapViewOfFile
CreateFileMappingW
GetLogicalDrives
SearchPathW
GetWindowsDirectoryW
GetLogicalDriveStringsW
FindFirstChangeNotificationW
FindCloseChangeNotification
GetFileInformationByHandle
IsProcessorFeaturePresent
CreateSemaphoreA
CreateEventA
SetThreadAffinityMask
lstrlenA
SetEnvironmentVariableW
SetCurrentDirectoryA
ExitThread
GetExitCodeProcess
CreateProcessA
GetDriveTypeA
FindFirstFileExW
ResumeThread
FileTimeToDosDateTime
GlobalMemoryStatus
GetSystemInfo
CompareFileTime
GetModuleHandleA
VirtualFree
VirtualAlloc
GetFileAttributesA
CreateDirectoryA
GetCurrentDirectoryA
SetFileAttributesA
DeleteFileA
GetFileSize
DosDateTimeToFileTime
AreFileApisANSI
ExpandEnvironmentStringsW
GetLongPathNameW
GetShortPathNameW
CreateHardLinkW
SetEvent
FileTimeToLocalFileTime
GetFullPathNameW
FindFirstFileW
FindNextFileW
SetFileAttributesW
GetFileAttributesW
GetFileTime
SetLastError
GetDriveTypeW
SetFilePointer
GetUserDefaultLangID
SystemTimeToFileTime
WideCharToMultiByte
Sleep
CompareStringA
FreeLibrary
GetModuleFileNameW
GetLocalTime
CompareStringW
CreateMutexW
CreateDirectoryW
DeleteFileW
DeviceIoControl
SetErrorMode
GetCurrentProcessId
FileTimeToSystemTime
GetSystemTime
GetVersionExW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateFileW
GetVolumeInformationW
GetDateFormatW
CopyFileW
SetFileTime
GetTickCount
GetModuleHandleW
SetCurrentDirectoryW
RemoveDirectoryW
MoveFileW
MoveFileExW
GetCurrentThreadId
ReleaseMutex
WaitForSingleObject
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
RtlVirtualUnwind
HeapSetInformation
HeapCreate
MultiByteToWideChar
ReadFile
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
DeleteCriticalSection
CloseHandle
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetLocaleInfoW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeA
GetStringTypeW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CreateFileA
SetEnvironmentVariableA
ExpandEnvironmentStringsA
LocalFileTimeToFileTime
LoadLibraryW
FindClose
SetThreadPriority
IsDBCSLeadByte
InitializeCriticalSection
GetProcessAffinityMask
GetCurrentDirectoryW
FoldStringW
SetThreadExecutionState
GetSystemDirectoryW
CreateThread
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent

oleaut32

SysFreeString
VariantClear
SysStringLen
SysAllocStringLen
VariantCopy
SysAllocString

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 469KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6e209cba3ee61b1f8dacb5d68592ea3

Headers

DLL Characteristics

File Characteristics

Imports

efcatres

user32

gdi32

advapi32

shell32

ole32

comdlg32

comctl32

version

winmm

wsock32

setupapi

kernel32

oleaut32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 469KB - Virtual size: 468KB

.data Size: 53KB - Virtual size: 132KB

.pdata Size: 125KB - Virtual size: 125KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 469KB - Virtual size: 468KB

.data
Size: 53KB - Virtual size: 132KB

.pdata
Size: 125KB - Virtual size: 125KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB