ec041e77397f34cdace5e72d202789dbdad2b21fc9e034a18a0f150f80aa4d92

Sharing

Copy URL

Twitter E-mail

General

Target

ec041e77397f34cdace5e72d202789dbdad2b21fc9e034a18a0f150f80aa4d92
Size

978KB
MD5

3e1aeb84f4855efa8feee735b0fdffb8
SHA1

4c9ed21f85333781d6b3279d52453365b864364d
SHA256

ec041e77397f34cdace5e72d202789dbdad2b21fc9e034a18a0f150f80aa4d92
SHA512

6975a223233cc424221dfe52e1ed9c17d236457174f9aac12764d51f3dd9a646af3905fea5950c8bbc40333dcf011299d01bef083cf50dfcec6440d3df7e9e79
SSDEEP

12288:m+u8TgCgW7Oi2+Ae4FF9zR3B55ItPOgzhWpNu2QwVLjdDjN6Ph6LMkbUttQRtCtd:m+uG0W7d2+d4P3BEzhWpPxL5D0zscOC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec041e77397f34cdace5e72d202789dbdad2b21fc9e034a18a0f150f80aa4d92

Files

ec041e77397f34cdace5e72d202789dbdad2b21fc9e034a18a0f150f80aa4d92
.exe windows x86

b085c3c9d32c1e735af8c563697daf5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipAlloc
GdipFree
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipLoadImageFromFile
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDisposeImage
GdipCloneImage

urlmon

URLDownloadToCacheFileW

kernel32

HeapDestroy
HeapSize
HeapReAlloc
TerminateProcess
SetLastError
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
RaiseException
LoadResource
SizeofResource
LockResource
GetCurrentThreadId
GetPrivateProfileStringW
Sleep
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
CloseHandle
GetProcAddress
GetModuleHandleW
OpenMutexW
lstrcmpiW
FreeLibrary
LoadLibraryExW
DecodePointer
GetTickCount
CreateFileW
GetFileSize
ReadFile
LoadLibraryW
lstrlenW
GlobalFree
lstrcpynW
lstrcpyW
CreateDirectoryW
WritePrivateProfileStringW
GetEnvironmentVariableW
LocalAlloc
GetVersionExW
GetLogicalDriveStringsW
CreateEventW
GetDiskFreeSpaceExW
GetNativeSystemInfo
GetSystemInfo
LocalFree
CreateProcessW
GetDriveTypeW
GetCurrentThread
CreateProcessA
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
WriteFile
RemoveDirectoryW
SetFilePointer
FindClose
GetFileAttributesW
DeleteFileW
SetFileTime
SystemTimeToFileTime
CopyFileW
LocalFileTimeToFileTime
GetCurrentDirectoryW
VirtualQuery
SetThreadContext
GetThreadContext
SuspendThread
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetConsoleCP
FlushFileBuffers
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetACP
GetStdHandle
ResumeThread
ExitThread
GetModuleHandleExW
ExitProcess
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetCurrentProcessId
GetStartupInfoW
SetUnhandledExceptionFilter
lstrcmpW
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
HeapFree
GetProcessHeap
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
UnhandledExceptionFilter
ResetEvent
SetEvent
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WaitForSingleObjectEx
DuplicateHandle
QueryPerformanceCounter
GetStringTypeW
EncodePointer
IsProcessorFeaturePresent
QueueUserWorkItem
TryEnterCriticalSection

user32

PostQuitMessage
LoadImageW
SendMessageW
SetWindowLongW
CallWindowProcW
GetWindowLongW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRgn
IsWindowVisible
ReleaseCapture
SetCapture
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
CreateWindowExW
RedrawWindow
SetWindowPos
CharNextW
GetSysColor
GetClassNameW
GetDlgItem
GetWindow
SetFocus
GetFocus
IsChild
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
MapWindowPoints
KillTimer
SetTimer
ShowWindow
GetClientRect
MoveWindow
InvalidateRect
UnregisterClassW
RegisterClassExW
GetClassInfoExW
DestroyWindow
FindWindowW
PostMessageW
IsWindow
FillRect
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetAncestor
SetClassLongW
SetCursor
SetRect
PtInRect
DrawTextW
wsprintfW
DefWindowProcW
LoadCursorW

gdi32

CreateFontW
SetBkMode
SetTextColor
ExtTextOutW
SetBkColor
GetTextExtentPoint32W
SetViewportOrgEx
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps

advapi32

OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
IsTokenRestricted
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW

ole32

OleLockRunning
CoGetClassObject
CoInitializeEx
CoCreateInstance
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromProgID
OleUninitialize
StringFromGUID2
CreateStreamOnHGlobal
CoCreateGuid
CoUninitialize
CoInitialize
CoTaskMemRealloc
OleInitialize
CLSIDFromString

oleaut32

SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy
VariantInit
VariantClear
SysFreeString
SafeArrayCreateVector
SysAllocString
SysStringLen
DispCallFunc
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx

winmm

waveOutWrite

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

DeleteUrlCacheEntryW

dsound

ord11

Sections

.text
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 27KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b085c3c9d32c1e735af8c563697daf5f

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

winmm

version

wininet

dsound

Sections

.text Size: 519KB - Virtual size: 519KB

.rdata Size: 186KB - Virtual size: 186KB

.data Size: 27KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 121KB - Virtual size: 120KB

.reloc Size: 105KB - Virtual size: 108KB

.text
Size: 519KB - Virtual size: 519KB

.rdata
Size: 186KB - Virtual size: 186KB

.data
Size: 27KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 121KB - Virtual size: 120KB

.reloc
Size: 105KB - Virtual size: 108KB