cb773f11476ee10f9fc18b6c08d5d2119de300692986064a55ffc61499ae3345

Sharing

Copy URL Twitter E-mail

General

Target

cb773f11476ee10f9fc18b6c08d5d2119de300692986064a55ffc61499ae3345
Size

3.2MB
MD5

6f889943d5e045d0b765864b6e80ccf4
SHA1

e224f165c824dec1390eb78aa7d75a261a71233d
SHA256

cb773f11476ee10f9fc18b6c08d5d2119de300692986064a55ffc61499ae3345
SHA512

859f8194e7f3ffc7be042a0f5a4e22e363182f861d03c1b3d6c311b27563df121780081177b3c7966fb19a0c1f516d762bb2282e087cbbd36d4ad86e1144ab0a
SSDEEP

49152:o08Fbjv+HzHDjq5q9WxFgQQBZpCGy8kSQVoyMp9hbJaEekKMBiOOLa0PbaJDpTSX:PsjvgHvaq9AFgRekKMkPauaJju

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb773f11476ee10f9fc18b6c08d5d2119de300692986064a55ffc61499ae3345

Files

cb773f11476ee10f9fc18b6c08d5d2119de300692986064a55ffc61499ae3345
.exe windows x86

9161849a9811129fd8e17fa20220070f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohs
WSAGetLastError
shutdown
WSAStartup
WSASetLastError
getnameinfo
getservbyname
inet_ntoa
gethostbyname
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
WSACleanup
htons
getsockopt
getsockname
getpeername
connect
bind
select
__WSAFDIsSet
socket
send
recv
closesocket

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

kernel32

GetEnvironmentVariableW
WaitForSingleObject
GetVersionExW
CreateEventW
LockResource
FindResourceExW
WideCharToMultiByte
GetTickCount
GetDriveTypeW
lstrcpynW
lstrcpyW
GetFullPathNameW
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileW
GetModuleFileNameA
QueryPerformanceCounter
GetCommandLineW
GlobalAddAtomW
LoadLibraryW
DebugBreak
GetSystemTime
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
SetConsoleMode
ReadConsoleA
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerSetConditionMask
FormatMessageA
ExpandEnvironmentStringsA
PeekNamedPipe
WaitForMultipleObjects
SleepEx
InitializeCriticalSection
GetFileSize
WriteConsoleW
SetStdHandle
CreateThread
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindClose
SetConsoleCtrlHandler
FlushFileBuffers
ReadConsoleW
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineA
RtlUnwind
GetCurrentProcessId
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
CloseHandle
CreateFileW
ReadFile
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
SizeofResource
MulDiv
lstrcmpW
GlobalUnlock
InterlockedIncrement
GlobalLock
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
GetModuleFileNameW
InterlockedDecrement
EnterCriticalSection
SetLastError
CreateProcessA
CreateProcessW
GetCurrentThread
MultiByteToWideChar
GetProcessHeap
SetEvent
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
FormatMessageW
GetStringTypeW
GetCurrentDirectoryW
SystemTimeToFileTime
FileTimeToSystemTime
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetCurrentProcess
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualProtect
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GetFileAttributesExW
WriteFile
LoadLibraryExA
VirtualQuery
SetEndOfFile

user32

GetDlgItem
GetClientRect
SetWindowLongW
SetCapture
GetClassNameW
LoadCursorW
CharNextW
SetFocus
CreateAcceleratorTableW
MoveWindow
GetSysColor
GetUserObjectInformationW
GetProcessWindowStation
IsChild
DestroyAcceleratorTable
ClientToScreen
RedrawWindow
InvalidateRgn
IsWindow
RegisterClassExW
SetWindowTextW
SendMessageW
ScreenToClient
CreateWindowExW
GetDesktopWindow
SetWindowPos
GetDC
DestroyWindow
GetFocus
GetWindow
CallWindowProcW
DefWindowProcW
UnregisterHotKey
SubtractRect
ReleaseDC
wsprintfW
CopyRect
GetClassInfoExW
GetParent
RegisterWindowMessageW
ReleaseCapture
FillRect
InvalidateRect
GetWindowTextLengthW
GetWindowLongW
SetForegroundWindow
FindWindowW
TranslateMessage
BringWindowToTop
PeekMessageW
DispatchMessageW
ShowWindow
SetActiveWindow
GetMessageW
PostMessageW
PostQuitMessage
MessageBoxW
MessageBoxA
SetMenu
RegisterHotKey
MapWindowPoints
BeginPaint
EndPaint
GetWindowTextW
UnregisterClassW
GetWindowRect
MonitorFromWindow
GetSystemMetrics
GetWindowPlacement
GetMonitorInfoW

gdi32

CreateSolidBrush
DeleteObject
DeleteDC
GetDeviceCaps
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
SetViewportOrgEx
GetObjectW

advapi32

CryptEnumProvidersW
CryptSignHashW
RegisterEventSourceW
ReportEventW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
CryptGetUserKey
DeregisterEventSource

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoTaskMemRealloc
OleLockRunning
CLSIDFromString
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoGetClassObject
CoInitializeEx
CoCreateInstance
PropVariantClear

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
VariantChangeType
SafeArrayCreate
VarUI4FromStr
LoadRegTypeLi
VariantInit
LoadTypeLi
SysFreeString
OleCreateFontIndirect
SysAllocString
DispCallFunc
SysStringLen
SysAllocStringLen
VariantClear

dsound

ord11

shlwapi

PathRemoveFileSpecW
PathAppendW
PathRemoveFileSpecA
PathFileExistsW

winmm

waveOutWrite

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

Netbios

wldap32

ord143
ord217
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord301
ord200
ord30
ord79
ord35

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 637KB - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 27KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9161849a9811129fd8e17fa20220070f

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dsound

shlwapi

winmm

version

netapi32

wldap32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 637KB - Virtual size: 637KB

.data Size: 27KB - Virtual size: 44KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.gfids Size: 1024B - Virtual size: 756B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 121KB - Virtual size: 120KB

.reloc Size: 164KB - Virtual size: 164KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 637KB - Virtual size: 637KB

.data
Size: 27KB - Virtual size: 44KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.gfids
Size: 1024B - Virtual size: 756B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 121KB - Virtual size: 120KB

.reloc
Size: 164KB - Virtual size: 164KB