107d8f8a7ce38eac0fe484669d027fd8f94c8d14da36ea4a5f7864a1c75557d6

Sharing

Copy URL Twitter E-mail

General

Target

107d8f8a7ce38eac0fe484669d027fd8f94c8d14da36ea4a5f7864a1c75557d6
Size

1.2MB
MD5

98a7b695b5d6b954f55d0d154b80831c
SHA1

b70b6c3f081ce63c92c0362bb5d791e6710aa355
SHA256

107d8f8a7ce38eac0fe484669d027fd8f94c8d14da36ea4a5f7864a1c75557d6
SHA512

819ac31defdbff29a4d8b2e758ec2937609831ac77bb90c85ebbcc8e97bef02411061ddb329c260b720443dc8df17d211c479a83cba916c7203b35d42c53e811
SSDEEP

24576:T9PcRNIl0oEcrWM1K8s8OAm0083C37dm3Wt:T9+onKIO3+476Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
107d8f8a7ce38eac0fe484669d027fd8f94c8d14da36ea4a5f7864a1c75557d6

Files

107d8f8a7ce38eac0fe484669d027fd8f94c8d14da36ea4a5f7864a1c75557d6
.exe windows x86

bdfe928907fe791cfb3f9d58efa373b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrcatA
LocalFileTimeToFileTime
GetFileAttributesA
GetCurrentDirectoryA
WriteFile
SetFileTime
FindResourceExW
FindResourceW
SystemTimeToFileTime
ReadFile
CloseHandle
SetFilePointer
CreateFileA
WideCharToMultiByte
GetTickCount
CreateDirectoryA
GetTempPathA
LoadResource
LockResource
SizeofResource
FreeConsole
lstrlenA
MultiByteToWideChar
GetLastError
EnterCriticalSection
CreateFileW
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
LoadLibraryW
WriteConsoleW
GetCurrentDirectoryW
GetFullPathNameA
LeaveCriticalSection
FlushFileBuffers
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
QueryPerformanceCounter
GetStartupInfoW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameW
ExitProcess
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FindFirstFileExA
GetDriveTypeA
FindClose
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
CreateThread
GetCurrentThreadId
ExitThread
LCMapStringW
GetCPInfo
RtlUnwind
HeapSetInformation
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
DeleteFileA
VirtualProtect
GetSystemTimeAsFileTime
InterlockedExchange
SetStdHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RaiseException
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
EncodePointer
DecodePointer
GetProcAddress
FreeLibrary
SetLastError
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
WaitForSingleObject
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA

user32

wsprintfA

gdi32

GetObjectA
SetDIBColorTable
DeleteObject
CreateCompatibleDC
SetPixel
SelectObject
DeleteDC
CreateDIBSection

shell32

ShellExecuteA

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdiplusStartup
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromFile

wldap32

ord46
ord41
ord27
ord301
ord33
ord79
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord35

ws2_32

WSAGetLastError
__WSAFDIsSet
select
WSAStartup
WSACleanup
recv
send
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
ntohl
WSASetLastError
htonl

crypt32

CertFreeCertificateContext

advapi32

CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptImportKey

Sections

.text
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 692KB - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdfe928907fe791cfb3f9d58efa373b1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

shlwapi

gdiplus

wldap32

ws2_32

crypt32

advapi32

Sections

.text Size: 408KB - Virtual size: 408KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 692KB - Virtual size: 696KB

.text
Size: 408KB - Virtual size: 408KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 692KB - Virtual size: 696KB