efc7c806f8b5bfae5428994929592825896f4f520b2071ce5b48d6ab81cdb76a

Sharing

Copy URL Twitter E-mail

General

Target

efc7c806f8b5bfae5428994929592825896f4f520b2071ce5b48d6ab81cdb76a
Size

803KB
MD5

10a004e5d63c7f4412c6c163383c61ac
SHA1

187eb53b060d451220e58019036bcf7feb5563b8
SHA256

efc7c806f8b5bfae5428994929592825896f4f520b2071ce5b48d6ab81cdb76a
SHA512

32602eaa1d7c8698f030fa25bb0430439fd307953b0ea6ad547b6901208706f45da1548d61db0fedc5f7e741cc285ad2fbc6300e2714fc212243ad875a1727c3
SSDEEP

12288:pJKiiKUrrL6fhiuBLxmtw/iBKoh2JLYx3vuQWt1HuC7SQe6JB:j/i7mfhaBKoh2JLyvu11NB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efc7c806f8b5bfae5428994929592825896f4f520b2071ce5b48d6ab81cdb76a

Files

efc7c806f8b5bfae5428994929592825896f4f520b2071ce5b48d6ab81cdb76a
.exe windows x86

d73a53195586954f8fb76faf1d54b693

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
lstrlenA
GetTickCount
GetTempPathA
FreeConsole
SetFilePointer
ReadFile
SystemTimeToFileTime
DeleteFileA
lstrcpyA
LocalFileTimeToFileTime
CreateDirectoryA
GetFileAttributesA
GetCurrentDirectoryA
SetFileTime
WriteFile
CreateFileA
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
InterlockedExchange
lstrcatA
CloseHandle
FindClose
GetLastError
GetSystemInfo
CreateFileW
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
VirtualAlloc
GetCurrentDirectoryW
GetFullPathNameA
SetStdHandle
FlushFileBuffers
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
QueryPerformanceCounter
GetStartupInfoW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
LoadLibraryW
GetTimeZoneInformation
HeapCreate
GetModuleFileNameW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
CreateThread
GetCurrentThreadId
ExitThread
LCMapStringW
GetCPInfo
HeapSetInformation
GetCommandLineA
VirtualQuery
ExitProcess
GetModuleHandleW
GetSystemTimeAsFileTime
RtlUnwind
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
WaitForMultipleObjects
VirtualProtect
WriteConsoleW
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
EncodePointer
DecodePointer
GetProcAddress
FreeLibrary
SetLastError
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
WaitForSingleObject
FormatMessageA
PeekNamedPipe

user32

wsprintfA

gdi32

DeleteObject
GetObjectA
SetPixel
SetDIBColorTable
SelectObject
DeleteDC
CreateCompatibleDC
CreateDIBSection

shell32

ShellExecuteA

shlwapi

PathFindExtensionW
PathFindExtensionA

gdiplus

GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdipGetImageEncodersSize

wldap32

ord46
ord41
ord27
ord301
ord33
ord79
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord35

ws2_32

WSAGetLastError
__WSAFDIsSet
select
WSAStartup
WSACleanup
recv
send
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl
WSASetLastError
getaddrinfo

crypt32

CertFreeCertificateContext

advapi32

CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptImportKey

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d73a53195586954f8fb76faf1d54b693

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

shlwapi

gdiplus

wldap32

ws2_32

crypt32

advapi32

Sections

.text Size: 406KB - Virtual size: 406KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 299KB - Virtual size: 299KB

.text
Size: 406KB - Virtual size: 406KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 299KB - Virtual size: 299KB