309f4ba06fb8ed709d15e191cc6aadcfc7f68b37577fc2dd7953f7e77820451e

Sharing

Copy URL Twitter E-mail

General

Target

309f4ba06fb8ed709d15e191cc6aadcfc7f68b37577fc2dd7953f7e77820451e
Size

547KB
MD5

69c1d5f9f67cb1ef70ac1c007c2d4107
SHA1

bcb69079514e0cd9e179ece90c4eeba29336f918
SHA256

309f4ba06fb8ed709d15e191cc6aadcfc7f68b37577fc2dd7953f7e77820451e
SHA512

2f31bd25c035539215839c0b529f733a86f415acff25c3e97eb3a62f820a96e6299ac2cd1a572b660c0c7adf601e6d41e991b496840847c4e7b9fb738f0e9dca
SSDEEP

12288:oJMoSDEk1JEhUbIGvuWj69ztyxYuokAEruspj8V:qME8ihUbIGvuYx2kA3uQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
309f4ba06fb8ed709d15e191cc6aadcfc7f68b37577fc2dd7953f7e77820451e

Files

309f4ba06fb8ed709d15e191cc6aadcfc7f68b37577fc2dd7953f7e77820451e
.exe windows x86

41dee647deb361d81c6b29ebd76d82d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCP
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
VirtualQuery
VirtualProtect
GetSystemInfo
SetFilePointerEx
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
LocalFree
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
FlushFileBuffers
WriteConsoleW
CreateFileW
WideCharToMultiByte
DecodePointer
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetFileAttributesW
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
MulDiv
OutputDebugStringW
FindResourceExW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetCurrentThreadId
HeapDestroy
FindResourceW
LoadResource
LockResource
SizeofResource
SetLastError
InitializeCriticalSectionAndSpinCount
GetConsoleMode
DeleteCriticalSection
GetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
RtlUnwind

user32

SetWindowPos
GetClientRect
GetDesktopWindow
UnregisterClassW
SetWindowLongW
SendMessageW
CreateWindowExW
DestroyWindow
DialogBoxParamW
CreateDialogParamW
SetTimer
GetCursorPos
KillTimer
GetWindowRect
InvalidateRect
GetUpdateRect
BeginPaint
EndPaint
SetRect
MoveWindow
ShowWindow
RegisterClassExW
LoadCursorW
ReleaseCapture
SetCapture
GetClassInfoExW
EndDialog
GetMessageW
LoadMenuW
IsZoomed
GetSysColorBrush
PostQuitMessage
MessageBoxW
IsChild
GetFocus
IsWindow
GetClassNameW
CharNextW
RedrawWindow
CreateAcceleratorTableW
FillRect
InvalidateRgn
DestroyAcceleratorTable
ClientToScreen
GetSystemMetrics
ScreenToClient
EnableWindow
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetDlgItem
GetParent
LoadBitmapW
DestroyIcon
SetFocus
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
ReleaseDC
GetDC
DrawIconEx
LoadIconW
GetActiveWindow
RegisterWindowMessageW
DrawTextW
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetParent
GetClassLongW
SetClassLongW
IsWindowVisible
DrawEdge
GetCapture
TrackMouseEvent
DispatchMessageW
TranslateMessage
PeekMessageW
UpdateWindow
GetSysColor

gdi32

SetPixelV
CreateSolidBrush
GetObjectW
EnumFontFamiliesW
CreatePen
SetTextColor
SetBkColor
GetDeviceCaps
SetPixel
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
SetBkMode
SelectObject
DeleteObject
LineTo
CreateFontW
Rectangle
GetStockObject
MoveToEx

comdlg32

ChooseColorW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

ole32

CreateStreamOnHGlobal
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CoTaskMemRealloc
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize

oleaut32

OleTranslateColor
DispCallFunc
VarUI4FromStr
SysAllocStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
SysAllocString
SysFreeString

gdiplus

GdiplusShutdown
GdiplusStartup
GdipFillRectangleI
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateLineBrushI
GdipCloneBrush
GdipDeleteBrush
GdipAlloc
GdipFree

Sections

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41dee647deb361d81c6b29ebd76d82d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

gdiplus

Sections

.text Size: 349KB - Virtual size: 348KB

.rdata Size: 93KB - Virtual size: 93KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 70KB - Virtual size: 70KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 349KB - Virtual size: 348KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 70KB - Virtual size: 70KB

.reloc
Size: 21KB - Virtual size: 21KB