b8cc0b064427c4d0c128a5f6e6209eb2814862d527718e71c6188eb61b90b637

Sharing

Copy URL

Twitter E-mail

General

Target

b8cc0b064427c4d0c128a5f6e6209eb2814862d527718e71c6188eb61b90b637
Size

2.6MB
MD5

6ab6c727c8a4c40afcd774b886c86049
SHA1

2508281378c2878f44abf7ffa5c43a32110dba65
SHA256

b8cc0b064427c4d0c128a5f6e6209eb2814862d527718e71c6188eb61b90b637
SHA512

02edf97e351aedde871674dcf5d30056908329e075ea66ccc7ffa2210e6384d9b2302fc2be50eb72053c3a194ce8e0e6d7ffb53b454205e10b7824afdc981bef
SSDEEP

49152:E8pry+2CN/u2c4HXOxaWyC7Kpg/7uJm5mP46lkUyxemCZtPHXWX3TxMOxXH:xpG+jNQaW7uJm4XlkfpUNXWXm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8cc0b064427c4d0c128a5f6e6209eb2814862d527718e71c6188eb61b90b637

Files

b8cc0b064427c4d0c128a5f6e6209eb2814862d527718e71c6188eb61b90b637
.exe windows x86

490fe87c9a9bfbacc8aec4d95cb59ed1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
GetSystemTimeAsFileTime
WriteConsoleW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetThreadId
CreateSemaphoreA
CreateEventA
GetModuleHandleA
WaitForSingleObjectEx
ReleaseSemaphore
SetEvent
LocalFree
FormatMessageA
CreateFileA
SetEndOfFile
SetLastError
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingA
GetEnvironmentVariableW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileTime
GetFullPathNameW
SetFilePointerEx
DeviceIoControl
MoveFileExW
SetWaitableTimer
CreateWaitableTimerW
OpenEventA
WaitForMultipleObjectsEx
ResetEvent
Thread32First
Thread32Next
AreFileApisANSI
GetFileSizeEx
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetWindowsDirectoryW
GetSystemInfo
DeleteFileW
GetTimeZoneInformation
SetFileAttributesW
GetSystemDirectoryW
GetVersionExW
GetFileAttributesW
FreeLibrary
FindClose
RemoveDirectoryW
FindNextFileW
WritePrivateProfileStringW
FindFirstFileW
GetFileInformationByHandle
GetProcAddress
LoadLibraryW
GetLogicalDriveStringsW
lstrlenW
QueryDosDeviceW
TerminateThread
SetUnhandledExceptionFilter
GetCurrentProcessId
GetModuleFileNameW
GetSystemDefaultUILanguage
GlobalUnlock
GetModuleHandleW
GlobalLock
GlobalFree
GlobalAlloc
FreeResource
GetTickCount
OpenMutexW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
ReleaseMutex
CreateMutexW
TerminateProcess
GetPrivateProfileStringW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileSize
CreateThread
ReadConsoleA
SetConsoleMode
LoadLibraryA
ConvertFiberToThread
DeleteFiber
WaitForSingleObject
GetTempPathW
DosDateTimeToFileTime
GetFileType
SystemTimeToFileTime
GetCurrentDirectoryW
CloseHandle
DuplicateHandle
CreateFileW
SetFilePointer
WriteFile
GetCurrentProcess
ReadFile
CreateDirectoryW
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
WideCharToMultiByte
GetLocalTime
Sleep
MultiByteToWideChar
GetCurrentThreadId
GetShortPathNameW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwind
MulDiv
GetACP
ExitProcess
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
CreateEventW
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
FileTimeToSystemTime
EncodePointer
HeapSize
InitializeCriticalSectionEx
HeapFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetExitCodeThread
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock

user32

GetWindowThreadProcessId
PostMessageW
SendMessageW
GetDC
LoadStringW
GetUserObjectInformationW
GetProcessWindowStation
CreateAcceleratorTableW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetCaretPos
GetSysColor
IsWindow
SwitchToThisWindow
EnableWindow
SetCaretPos
HideCaret
ShowCaret
CreateCaret
CharPrevW
MoveWindow
GetWindowRect
FillRect
DrawTextW
ReleaseDC
TranslateMessage
SetFocus
PostThreadMessageA
DispatchMessageW
ShowWindow
GetSystemMetrics
GetWindow
GetMessageW
GetCursorPos
IsIconic
PtInRect
KillTimer
UpdateLayeredWindow
IsZoomed
GetClientRect
SetWindowLongW
SetCursor
LoadCursorW
ClientToScreen
SetTimer
CreateWindowExW
SetWindowRgn
EqualRect
GetWindowLongW
DestroyWindow
SetPropW
SetWindowPos
BringWindowToTop
FindWindowW
UnregisterClassW
PostQuitMessage
IntersectRect
SetRect
wsprintfW
DefWindowProcW
MessageBoxW
GetPropW
RegisterClassExW
LoadAcceleratorsW
GetKeyState
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
InvalidateRect
MapWindowPoints
ScreenToClient
GetFocus
SetCapture
ReleaseCapture
GetParent
GetMonitorInfoW
MonitorFromWindow
SetLayeredWindowAttributes
LoadImageW
RegisterClassW
GetClassInfoExW
CallWindowProcW
OffsetRect
InflateRect
wvsprintfW
CharNextW
TranslateAcceleratorW

gdi32

SetWindowOrgEx
GetTextMetricsW
CreateRoundRectRgn
RestoreDC
GetClipBox
ExtSelectClipRgn
StretchBlt
SetStretchBltMode
SetBkColor
ExtTextOutW
CreatePenIndirect
MoveToEx
LineTo
SetBkMode
GetObjectA
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GetDeviceCaps
SaveDC
CreateFontIndirectW
RoundRect
CreateSolidBrush
DeleteObject
GetObjectW
Rectangle
CreatePen
DeleteDC
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
CreateDIBSection
SetDIBColorTable
CreateRectRgnIndirect
BitBlt
CombineRgn
SelectClipRgn

advapi32

DeregisterEventSource
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
DuplicateTokenEx
RegQueryValueExW
GetTokenInformation
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegisterEventSourceW
CryptSignHashW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptEnumProvidersW
CryptExportKey

shell32

SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree

gdiplus

GdiplusStartup
GdipCloneImage
GdipGetImagePaletteSize
GdiplusShutdown
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipAlloc
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipCreateFromHDC
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawString
GdipSetTextRenderingHint
GdipCreateLineBrushI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePalette

shlwapi

PathRemoveFileSpecW
PathFileExistsW

dbghelp

MiniDumpWriteDump

msimg32

AlphaBlend

userenv

GetAllUsersProfileDirectoryW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

_TrackMouseEvent
ord17

ws2_32

closesocket
WSASetLastError
send
recv
WSAGetLastError
WSACleanup

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmNotifyIME

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertOpenStore

bcrypt

BCryptGenRandom

Exports

Exports

__ASSERT

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 523KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

490fe87c9a9bfbacc8aec4d95cb59ed1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

shlwapi

dbghelp

msimg32

userenv

version

comctl32

ws2_32

oleaut32

imm32

crypt32

bcrypt

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 523KB - Virtual size: 522KB

.data Size: 17KB - Virtual size: 36KB

.rsrc Size: 215KB - Virtual size: 215KB

.reloc Size: 83KB - Virtual size: 83KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 523KB - Virtual size: 522KB

.data
Size: 17KB - Virtual size: 36KB

.rsrc
Size: 215KB - Virtual size: 215KB

.reloc
Size: 83KB - Virtual size: 83KB