1999592dedb7ec2544bb27e3f8102ae29ccad7932af2e8be8483d4306041687b

Sharing

Copy URL Twitter E-mail

General

Target

1999592dedb7ec2544bb27e3f8102ae29ccad7932af2e8be8483d4306041687b
Size

269KB
MD5

cdd8083aa27a51427e2231b7e8eb9b9a
SHA1

7d00e1b926a03fb075b6ef7385c425e0f5d0d459
SHA256

1999592dedb7ec2544bb27e3f8102ae29ccad7932af2e8be8483d4306041687b
SHA512

6f8037c64b04bbccaa349bf89d70d8d2f0997ebba39d08bb6ad8e4b6c31c3ebda12a12e39a796fdc4db65cb6bdc7278db53e4931e9e87b8702d7e1bb56256de4
SSDEEP

6144:a/wWO96DK3GcRonJJsG/+YhLTBQ/7cft+0:a/wWObLoJJrLTqDcI0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1999592dedb7ec2544bb27e3f8102ae29ccad7932af2e8be8483d4306041687b

Files

1999592dedb7ec2544bb27e3f8102ae29ccad7932af2e8be8483d4306041687b
.exe windows x86

c86df65fe56942dec4f97fcf9d4c25c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
FindFirstFileA
GetLogicalDriveStringsA
RemoveDirectoryA
FindClose
LocalAlloc
MoveFileA
FindNextFileA
GetDiskFreeSpaceExA
LocalFree
DeleteFileA
lstrcpyA
InitializeCriticalSection
CancelIo
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetSystemInfo
GetVersionExA
LocalSize
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
PeekNamedPipe
TerminateProcess
GetSystemDirectoryA
DisconnectNamedPipe
CreatePipe
GetCurrentProcess
Process32First
OpenProcess
Process32Next
CreateToolhelp32Snapshot
CreateFileW
ReadConsoleW
SetStdHandle
lstrcatA
HeapReAlloc
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
QueryPerformanceCounter
GetModuleFileNameA
GetCurrentThreadId
LoadLibraryExW
OutputDebugStringW
GetProcessHeap
HeapSize
ExitProcess
IsDebuggerPresent
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
ReadFile
CreateProcessA
LocalReAlloc
GetFileAttributesA
GetVolumeInformationA
GetDriveTypeA
lstrlenA
SetFilePointer
GetFileSize
CreateFileA
CreateMutexA
K32EnumProcesses
SetConsoleCtrlHandler
GetTickCount
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionEx
VirtualAlloc
VirtualFree
WaitForSingleObject
CreateThread
ResumeThread
CloseHandle
CreateEventA
Sleep
TerminateThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCPInfo
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetEvent
GetCurrentProcessId

user32

SetClipboardData
OpenClipboard
BlockInput
EmptyClipboard
GetClipboardData
SetCursorPos
MapVirtualKeyA
WindowFromPoint
EnumDisplaySettingsA
GetMessageA
TranslateMessage
DispatchMessageA
GetDC
GetCursorInfo
ReleaseDC
DestroyCursor
IsWindowVisible
mouse_event
GetSystemMetrics
wsprintfA
CharNextA
PostMessageA
ShowWindow
GetWindowTextA
GetCursorPos
EnumWindows
MoveWindow
SetDlgItemTextA
DialogBoxParamA
SystemParametersInfoA
EndDialog
SendMessageA
SetFocus
GetClientRect
SetCapture
LoadIconA
CloseClipboard
keybd_event
LoadCursorA
GetDesktopWindow
CreateWindowExA
SetTimer
KillTimer

gdi32

DeleteDC
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
BitBlt

advapi32

QueryServiceConfigA
RegQueryInfoKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
ControlService
UnlockServiceDatabase
OpenSCManagerA
ChangeServiceConfigA
StartServiceA
LockServiceDatabase
EnumServicesStatusA
CloseServiceHandle
OpenServiceA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA

shell32

SHGetFileInfoA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString

winmm

waveOutWrite
waveInStart
waveInStop
waveOutPrepareHeader
waveOutGetNumDevs
waveOutOpen
waveInUnprepareHeader
waveOutUnprepareHeader
timeEndPeriod
waveInAddBuffer
waveInOpen
waveInPrepareHeader
waveOutReset
timeBeginPeriod
PlaySoundA
waveInGetNumDevs
waveOutClose
waveInClose
waveInReset

ws2_32

inet_addr
gethostbyname
closesocket
socket
gethostname
getsockname
WSAIoctl
connect
inet_ntoa
WSAStartup
send
select
WSAGetLastError
htons
setsockopt
WSACleanup
recv

avicap32

capGetDriverDescriptionA

msvfw32

ICClose
ICOpen
ICSeqCompressFrameEnd
ICSeqCompressFrame
ICSeqCompressFrameStart
ICCompressorFree
ICSendMessage

psapi

GetModuleFileNameExA
EnumProcessModules

Sections

.text
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c86df65fe56942dec4f97fcf9d4c25c7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

ws2_32

avicap32

msvfw32

psapi

Sections

.text Size: 169KB - Virtual size: 168KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 7KB - Virtual size: 20KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 169KB - Virtual size: 168KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 7KB - Virtual size: 20KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 10KB - Virtual size: 9KB