8cac12a8578bcd863e898ab4ce1191db95126d1d03c9fb0aae6d77bfbac64720

Sharing

Copy URL Twitter E-mail

General

Target

8cac12a8578bcd863e898ab4ce1191db95126d1d03c9fb0aae6d77bfbac64720
Size

333KB
MD5

c837adac50e10a11c55488c4e059e8fe
SHA1

551a72daff52e977479c921781ae49c18f66aaf2
SHA256

8cac12a8578bcd863e898ab4ce1191db95126d1d03c9fb0aae6d77bfbac64720
SHA512

c0998caefc75b17abab06777eed0367f0da92bed7861a75b3de11cdb1a7efa873b78b362c0d17954b09c613b5a1e7e343b585da9fa224a9d87ef9fcc57786919
SSDEEP

6144:NdadiQLmFLj0jryBU4iMWWC6HCRZdIsWb5ZooWpy8cDA7NT:7adiQLmt0jryBU4iMWWSxoWQ8x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cac12a8578bcd863e898ab4ce1191db95126d1d03c9fb0aae6d77bfbac64720

Files

8cac12a8578bcd863e898ab4ce1191db95126d1d03c9fb0aae6d77bfbac64720
.exe windows x64

d4eb578036e6aa2a3dde564924a6d5d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
memcpy
strncpy
sprintf
strcat
strlen
wcslen
wcsncmp
wcscmp
floor
ceil
fabs
malloc
free
fseek
ftell
fread
fclose
pow
??3@YAXPEAX@Z
_wcsicmp
tolower
wcscpy
bsearch
fprintf
printf
exit
_strdup
_stricmp
strncmp
vsprintf
_snprintf
acos
sqrt
log
asin
atan
atan2
cos
cosh
exp
_finite
_isnan
log10
fmod
sin
sinh
tan
tanh
memcmp
toupper
_strnicmp
strncat
memmove
qsort
getenv
strchr
sscanf
_getcwd
fopen
fgets
strcmp
fwrite
fflush
_time64
_ctime64
feof
_fileno
_isatty
_open_osfhandle
_fdopen
setvbuf
system
memchr
fwprintf
_vsnwprintf
_snwprintf
wcsncpy
_wcsnicmp
setlocale
swscanf
wcsstr
_wcsdup
_localtime64
_mktime64

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
GetCurrentThreadId
Sleep
HeapFree
TlsGetValue
HeapAlloc
TlsSetValue
TlsAlloc
UnregisterWait
CloseHandle
EnterCriticalSection
LeaveCriticalSection
TlsFree
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
FreeLibrary
LoadLibraryW
GetProcAddress
MulDiv
HeapReAlloc
GetCurrentProcessId
SetLastError
CreateFileW
WriteFile
DeleteFileW
GetLastError
MultiByteToWideChar
HeapSize
WideCharToMultiByte
CreateFileA
GetFileSize
ReadFile
FindFirstFileA
GetFileAttributesA
FindNextFileA
FindClose
ResumeThread
GetTickCount
SuspendThread
OpenMutexA
SetEnvironmentVariableA
WaitForSingleObject
TerminateThread
GetCommandLineA
CreateThread
IsBadReadPtr
GetEnvironmentStrings
FreeEnvironmentStringsA
AllocConsole
SetConsoleTitleA
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
RtlLookupFunctionEntry
RtlVirtualUnwind
AddVectoredExceptionHandler
SetConsoleCtrlHandler
OpenProcess
PeekNamedPipe
FreeConsole
GetConsoleMode
SetConsoleMode
GetLocalTime

wsock32

closesocket
WSACleanup
WSAStartup
inet_addr
gethostbyname
socket
htons
bind
listen
accept
setsockopt
send
WSAGetLastError
connect
recv

ole32

RevokeDragDrop

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

user32

GetWindowLongPtrW
GetPropW
GetWindowTextA
GetParent
IsWindow
DestroyWindow
GetWindowRect
SendMessageW
GetWindowTextLengthW
GetWindowTextW
GetDC
ReleaseDC
CreateWindowExW
GetWindow
SetWindowLongPtrW
InvalidateRect
SetWindowTextW
GetSysColor
GetSysColorBrush
SetRect
DrawTextW
GetWindowLongW
GetSystemMetrics
CallWindowProcW
RemovePropW
DefWindowProcW
SetPropW
ScreenToClient
ClientToScreen
MapWindowPoints
FillRect
MoveWindow
RedrawWindow
SetActiveWindow
DestroyIcon
LoadIconW
LoadCursorW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
RegisterClassW
AdjustWindowRectEx
ShowWindow
CreateAcceleratorTableW
UnregisterClassW
GetClientRect
GetMenu
IsWindowEnabled
IsWindowVisible
SetFocus
GetFocus
GetKeyState
GetClassNameW
GetWindowThreadProcessId
IsChild
EnumChildWindows
DefFrameProcW
DestroyAcceleratorTable
PostMessageW
SetWindowPos
DrawIconEx
RegisterWindowMessageW
GetIconInfo
PostThreadMessageA
CharLowerW
CharUpperW

gdi32

DeleteObject
CreateFontW
GetStockObject
SelectObject
GetTextExtentPoint32W
SetTextColor
SetBkColor
CreateCompatibleBitmap
GetObjectType
CreateDCW
CreateCompatibleDC
DeleteDC
GetObjectW
SetStretchBltMode
StretchBlt
CreateSolidBrush
GetDeviceCaps
CreateBitmap
SetPixel
CreateDIBSection
GetDIBits
BitBlt

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

comctl32

InitCommonControlsEx
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

Sections

.code
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4eb578036e6aa2a3dde564924a6d5d1

Headers

File Characteristics

Imports

msvcrt

kernel32

wsock32

ole32

gdiplus

user32

gdi32

advapi32

comctl32

Sections

.code Size: 2KB - Virtual size: 1KB

.text Size: 221KB - Virtual size: 220KB

.rdata Size: 66KB - Virtual size: 65KB

.pdata Size: 11KB - Virtual size: 10KB

.data Size: 16KB - Virtual size: 130KB

.rsrc Size: 16KB - Virtual size: 15KB

.code
Size: 2KB - Virtual size: 1KB

.text
Size: 221KB - Virtual size: 220KB

.rdata
Size: 66KB - Virtual size: 65KB

.pdata
Size: 11KB - Virtual size: 10KB

.data
Size: 16KB - Virtual size: 130KB

.rsrc
Size: 16KB - Virtual size: 15KB