8ed1361bf69a48422473431b544154fd21751fa0a7e83d4c0675579b63225c37

Sharing

Copy URL

Twitter E-mail

General

Target

8ed1361bf69a48422473431b544154fd21751fa0a7e83d4c0675579b63225c37
Size

3.1MB
MD5

ffc2c12b7f404b72673b71d5fd1c92f8
SHA1

5c91125f773e1640139d6ad3a95a8f1ca5fa2d55
SHA256

8ed1361bf69a48422473431b544154fd21751fa0a7e83d4c0675579b63225c37
SHA512

31d2e2303f31413001f78b4537f0b37199a6feea06f00c0c6f4638eaf98b539531e2f742ff41b0801bf5a5dc5ce3e63a0089ef9802942f423452817a6993bed1
SSDEEP

49152:0IBlH9TVST2T5mh49S+I0WqJ9jgLDzao32F:0IBldTkT2T5mh49S+3/9jgLDzaomF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ed1361bf69a48422473431b544154fd21751fa0a7e83d4c0675579b63225c37

Files

8ed1361bf69a48422473431b544154fd21751fa0a7e83d4c0675579b63225c37
.exe windows x86

09472b09772b86bc15f3fb09ae324be2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
toupper
tolower
strncmp
strlen
strchr
memset
memmove
memcpy
memcmp
malloc
isxdigit
isupper
isspace
ispunct
isprint
islower
isgraph
isdigit
iscntrl
_except_handler3

mpr

WNetGetConnectionA

comctl32

ord17
ImageList_Write
ImageList_SetIconSize
ImageList_SetDragCursorImage
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Replace
ImageList_Remove
ImageList_Read
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_GetDragImage
ImageList_GetBkColor
ImageList_EndDrag
ImageList_DrawEx
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragMove

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

setupapi

SetupCommitFileQueueW
SetupDiGetActualSectionToInstallW
SetupFindFirstLineW
SetupGetStringFieldW
SetupInitDefaultQueueCallbackEx
SetupInstallFilesFromInfSectionW
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupOpenAppendInfFileW
SetupPromptReboot
SetupTermDefaultQueueCallback
SetupDefaultQueueCallbackW

wininet

InternetReadFile
FtpOpenFileA
InternetCloseHandle
InternetConnectA
InternetOpenA

kernel32

GetDriveTypeA
GetExitCodeProcess
GetExitCodeThread
GetDiskFreeSpaceA
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetLocalTime
GetLogicalDrives
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetStdHandle
GetStringTypeExA
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetTempFileNameA
GetTempPathA
GetThreadLocale
GetTimeZoneInformation
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
MoveFileA
MoveFileExA
MulDiv
MultiByteToWideChar
RaiseException
ReadFile
RemoveDirectoryA
ResetEvent
ResumeThread
SetCurrentDirectoryA
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetThreadLocale
SetThreadPriority
SetVolumeLabelA
SizeofResource
SleepEx
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileStringA
IsValidCodePage
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentDirectoryA
GetCPInfo
GetCommandLineA
GetACP
FreeResource
FreeLibrary
FormatMessageA
FlushFileBuffers
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExitThread
EnumCalendarInfoA
DosDateTimeToFileTime
DeviceIoControl
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateMutexA
CreateFileA
CreateEventA
CreateDirectoryA
GetTickCount
LeaveCriticalSection
GetStartupInfoA
EnterCriticalSection
InitializeCriticalSection
ExitProcess
GetFileAttributesA

user32

PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
ValidateRect
WaitMessage
WindowFromDC
WindowFromPoint
WinHelpA
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetLastActivePopup
LoadCursorA
GetKeyNameTextA
GetKeyboardType
GetKeyboardState
PeekMessageA
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetCursorPos
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreateWindowExA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffA
CharToOemA
CharNextA
CharLowerBuffA
CharLowerA
CallWindowProcA
CallNextHookEx
BeginPaint
BeginDeferWindowPos
GetSystemMetrics
DestroyIcon
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsRectEmpty
IsIconic
IsDialogMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadImageA
GetKeyboardLayoutList
LoadIconA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMenu
GetSysColor
GetSubMenu
GetKeyState
GetScrollRange
FillRect

gdi32

GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDIBits
GetDIBColorTable
GetDeviceCaps
GetDCOrgEx
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExtTextOutA
ExcludeClipRect
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBSection
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
UnrealizeObject
StretchBlt
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetViewportOrgEx
GetWindowOrgEx
GetWinMetaFileBits
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
Polygon
Polyline
RealizePalette
Rectangle
RectVisible
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
SetWinMetaFileBits
GetSystemPaletteEntries

comdlg32

GetOpenFileNameA

advapi32

ControlService
GetUserNameA
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegFlushKey
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegReplaceKeyA
RegSaveKeyA
RegSetValueExA
StartServiceA

ole32

CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
SafeArrayRedim
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayCreate
VarNot
VarNeg
SysFreeString
SysReAllocStringLen
VarBoolFromStr
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarCyFromStr
VarDateFromStr
VarI4FromStr
VariantChangeTypeEx
VariantClear
VariantCopyInd
VariantInit
VarR8FromStr
SafeArrayUnaccessData

Sections

.text
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 545B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 732KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rcq126
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

09472b09772b86bc15f3fb09ae324be2

Headers

File Characteristics

Imports

msvcrt

mpr

comctl32

version

setupapi

wininet

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Sections

.text Size: 432KB - Virtual size: 431KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 12.1MB

.data1 Size: 4KB - Virtual size: 545B

.rsrc Size: 732KB - Virtual size: 730KB

.rcq126 Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 432KB - Virtual size: 431KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 12.1MB

.data1
Size: 4KB - Virtual size: 545B

.rsrc
Size: 732KB - Virtual size: 730KB

.rcq126
Size: 2.0MB - Virtual size: 2.0MB