0a1706e8081f64f645f31e87d7b3fe1db774e38ea1fa3858ebb093439449765c

Sharing

Copy URL Twitter E-mail

General

Target

0a1706e8081f64f645f31e87d7b3fe1db774e38ea1fa3858ebb093439449765c
Size

3.2MB
MD5

f79f9838705af2552add306702451b3c
SHA1

87df632368818c30cc60db8059e446e54df3e399
SHA256

0a1706e8081f64f645f31e87d7b3fe1db774e38ea1fa3858ebb093439449765c
SHA512

c90f7dc030234d7679419ee83c98cd499dfdf8c3abebcbe05562759e839e74bdcb942f3398de819b19d65a4460feacd0bbd9d6733e49ef4015fa558e531fca57
SSDEEP

98304:VnbxVlVorqDhVzsJfm3wB0RCxAyAUHHk7zS6Hmr5b:VbxiuMJfm3wB0RCUIkHSsmt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a1706e8081f64f645f31e87d7b3fe1db774e38ea1fa3858ebb093439449765c

Files

0a1706e8081f64f645f31e87d7b3fe1db774e38ea1fa3858ebb093439449765c
.exe windows x64

f640564ff7af85ee8869527d7bc3db60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ResumeThread
TerminateThread
VirtualQuery
SetLastError
ReadFile
GetFileSize
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
WideCharToMultiByte
VerifyVersionInfoW
VerSetConditionMask
GetVolumeInformationA
GetPrivateProfileStringA
GetCurrentProcessId
TerminateProcess
WritePrivateProfileStringA
WriteFile
CreateFileA
GetModuleFileNameA
DeleteFileA
GetLastError
CloseHandle
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetModuleHandleA
WinExec
SizeofResource
LoadResource
FindResourceW
Sleep
MultiByteToWideChar
WriteConsoleW
SetEndOfFile
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FlushFileBuffers
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetFileAttributesExW
GetFileType
HeapFree
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
GetProcAddress
LoadLibraryA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
SetFilePointer
GetEnvironmentVariableW
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalSize
GlobalLock
MulDiv
GetTickCount
GetCurrentDirectoryW
DeleteFileW
CreateFileW
FindClose
CreateDirectoryW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SystemTimeToFileTime
QueryPerformanceFrequency
LocalFileTimeToFileTime
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetModuleHandleW
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
RaiseException
GetCurrentThreadId
ResetEvent
SetEvent
CreateEventW
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
GetModuleFileNameW
RtlUnwind

user32

ShowWindow
IsWindow
GetWindowThreadProcessId
GetParent
MapWindowPoints
GetDesktopWindow
FindWindowW
FindWindowA
UnionRect
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
CharNextW
GetAsyncKeyState
GetSysColor
ClientToScreen
SetCursor
PtInRect
UpdateLayeredWindow
IntersectRect
IsRectEmpty
GetUpdateRect
EndPaint
BeginPaint
ReleaseCapture
SetCapture
EnumWindows
GetClassNameA
GetCursorPos
GetKeyState
InvalidateRect
GetDC
GetPropW
SetPropW
CallWindowProcW
GetWindowLongPtrW
SendMessageW
GetSystemMetrics
SetFocus
EnableWindow
GetWindow
SetWindowLongPtrW
GetClassInfoExW
RegisterClassW
LoadCursorW
ReleaseDC
SetWindowPos
SetWindowTextW
SetForegroundWindow
IsWindowVisible
MoveWindow
MessageBoxW
SetWindowLongW
SetWindowRgn
GetWindowRect
OffsetRect
GetClientRect
ScreenToClient
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
IsZoomed
IsIconic
GetWindowLongW
PostQuitMessage
MessageBoxA
DefWindowProcW
PostMessageW
GetFocus
DestroyWindow
CreateWindowExW
UnregisterClassW
WaitMessage
RegisterClassExW
DispatchMessageW
SetTimer
PeekMessageW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetQueueStatus
TranslateMessage
KillTimer
GetWindowTextA

advapi32

OpenServiceA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
StartServiceA
RegOpenKeyExA
RegDeleteTreeA
RegDeleteKeyA
RegCreateKeyExA
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegSetValueExA

winmm

timeSetEvent
timeGetTime
timeKillEvent

comctl32

_TrackMouseEvent
ord17

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

shlwapi

PathFileExistsW
PathIsRelativeW

gdiplus

GdipCreatePen1
GdipDeletePen
GdipDrawArc
GdipCreateLineBrushFromRect
GdipDeleteBrush
GdipCloneBrush
GdipSetLineBlend
GdipCreatePen2
GdipTranslateMatrix
GdipRotateMatrix
GdipSetWorldTransform
GdipDrawImageRect
GdipImageRotateFlip
GdipLoadImageFromFile
GdipClonePen
GdipSetPenWidth
GdipGetPenWidth
GdipSetPenColor
GdipSetPenStartCap
GdipSetPenEndCap
GdipSetPenDashCap197819
GdipGetPenStartCap
GdipGetPenEndCap
GdipGetPenDashCap197819
GdipSetPenLineJoin
GdipGetPenLineJoin
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipCreateSolidFill
GdipCreateBitmapFromHBITMAP
GdipCreateTexture
GdipCreatePath
GdipClonePath
GdipResetPath
GdipSetPathFillMode
GdipGetPathFillMode
GdipStartPathFigure
GdipClosePathFigure
GdipDisposeImage
GdipCreateBitmapFromStream
GdipAddPathBezierI
GdipAddPathCurveI
GdipAddPathRectangleI
GdipAddPathEllipseI
GdipAddPathArcI
GdipAddPathPieI
GdipAddPathPolygonI
GdipGetPathWorldBoundsI
GdipIsVisiblePathPointI
GdipIsOutlineVisiblePathPointI
GdipTransformPath
GdipDeletePath
GdipFillRectangle
GdipDrawLineI
GdipDrawBezierI
GdipDrawRectangleI
GdipDrawPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawString
GdipDrawEllipseI
GdipFillEllipseI
GdipFillPath
GdipMeasureString
GdipScaleMatrix
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipSetSmoothingMode
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateMatrix
GdipAddPathLine2I
GdipDeleteMatrix
GdipAddPathLineI
GdipDeleteGraphics
GdipGetImageWidth

msimg32

AlphaBlend

ws2_32

recv
send
select
connect
getsockopt
inet_addr
htons
socket
closesocket
WSAStartup
ioctlsocket

wininet

DeleteUrlCacheEntryA

urlmon

URLDownloadToFileA

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

gdi32

DeleteObject
ExtSelectClipRgn
CreateRectRgnIndirect
CreateDIBSection
GetDeviceCaps
GetObjectA
BitBlt
SelectObject
SetStretchBltMode
CreateFontIndirectW
StretchBlt
GetObjectW
GetStockObject
CreateRoundRectRgn
CreateCompatibleDC
DeleteDC
SaveDC
RestoreDC
GetWindowOrgEx
SetWindowOrgEx

shell32

ShellExecuteW

ole32

CreateStreamOnHGlobal
CoCreateInstance

Sections

.text
Size: 599KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 486KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 795KB - Virtual size: 795KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 1.3MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f640564ff7af85ee8869527d7bc3db60

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winmm

comctl32

imm32

shlwapi

gdiplus

msimg32

ws2_32

wininet

urlmon

ntdll

gdi32

shell32

ole32

Sections

.text Size: 599KB - Virtual size: 599KB

.rdata Size: 486KB - Virtual size: 486KB

.data Size: 17KB - Virtual size: 32KB

.pdata Size: 29KB - Virtual size: 29KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 795KB - Virtual size: 795KB

.reloc Size: 10KB - Virtual size: 9KB

.vlizer Size: 1.3MB - Virtual size: 5.0MB

.text
Size: 599KB - Virtual size: 599KB

.rdata
Size: 486KB - Virtual size: 486KB

.data
Size: 17KB - Virtual size: 32KB

.pdata
Size: 29KB - Virtual size: 29KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 795KB - Virtual size: 795KB

.reloc
Size: 10KB - Virtual size: 9KB

.vlizer
Size: 1.3MB - Virtual size: 5.0MB