24328219d7a36c0c39fe5d32df9768f6ea1bdbd344a3a98ab373518891845eec

Sharing

Copy URL Twitter E-mail

General

Target

24328219d7a36c0c39fe5d32df9768f6ea1bdbd344a3a98ab373518891845eec
Size

1002KB
MD5

61cabae37808a63ebaef89898fc797e5
SHA1

00dd3e171c3c6297bc59dcaee4b68dc8bc71e7c6
SHA256

24328219d7a36c0c39fe5d32df9768f6ea1bdbd344a3a98ab373518891845eec
SHA512

59cd60a02b3c67171462135c7c015ed54afe4cf55781bba89c7da50b4fa3eb7bf93d54eaa0db1112231b3edd1a4fcabdd5caa8983edb222af86d4ec211af0ec3
SSDEEP

24576:tPVCgVt6XZNK3anqr0Dvuj6mGyMpZDJ0eQiUMB1p7:t9vP6XZNKqnamvG69ZDJyiUMBv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24328219d7a36c0c39fe5d32df9768f6ea1bdbd344a3a98ab373518891845eec

Files

24328219d7a36c0c39fe5d32df9768f6ea1bdbd344a3a98ab373518891845eec
.exe windows x86

eabc3e43c331781ddbb477cbb1c4723a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
GetUserDefaultLangID
GetComputerNameA
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
DeviceIoControl
CreateFileA
LoadLibraryA
OpenMutexW
OpenEventW
OpenSemaphoreW
GetCurrentProcessId
ExpandEnvironmentStringsW
GetTempPathW
CreateProcessW
GetSystemTime
SetUnhandledExceptionFilter
CreateEventW
CreateThread
SetEvent
ResetEvent
SetFileAttributesW
MoveFileW
GetLogicalDriveStringsW
QueryDosDeviceW
lstrcpyW
lstrcatW
OutputDebugStringW
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
GetVolumeInformationW
ExpandEnvironmentStringsA
FormatMessageA
GetSystemDirectoryA
SleepEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
lstrlenA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
ExitThread
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GlobalAlloc
GlobalLock
MoveFileExW
GetSystemInfo
InterlockedCompareExchange
GetLocalTime
ProcessIdToSessionId
LocalFree
LocalAlloc
OpenProcess
GetSystemDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetWindowsDirectoryW
GetTickCount
GetFileAttributesW
SetEndOfFile
WriteFile
CreateDirectoryW
SetFilePointer
FlushInstructionCache
GetVersionExW
TerminateThread
Sleep
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
WideCharToMultiByte
GetPrivateProfileIntW
DeleteFileW
GetFileSize
InterlockedExchange
FreeResource
SetLastError
WaitForSingleObject
GetStringTypeA
GetPrivateProfileStringW
GetProcAddress
ReadFile
LoadLibraryW
GlobalUnlock
CreateFileW
GlobalFree
CreateFileMappingW
DeleteCriticalSection
GetCurrentThreadId
GetLastError
lstrcmpiW
FreeLibrary
GetModuleFileNameW
EnterCriticalSection
InitializeCriticalSection
LoadLibraryExW
FindResourceW
GetModuleHandleW
LoadResource
SizeofResource
MapViewOfFileEx
RaiseException
lstrlenW
FindResourceExW
LeaveCriticalSection
LockResource
InterlockedDecrement
MultiByteToWideChar
InterlockedIncrement
UnmapViewOfFile
CloseHandle
GetStringTypeW
VirtualQuery

user32

GetWindowRect
InvalidateRect
GetWindowLongW
GetClientRect
MapWindowPoints
GetDlgItem
LoadCursorW
SetWindowLongW
GetActiveWindow
GetDesktopWindow
IsWindowEnabled
SendMessageW
EnableWindow
CreateWindowExW
GetWindowThreadProcessId
GetForegroundWindow
ShowWindow
SystemParametersInfoW
SetWindowPos
RegisterWindowMessageW
AttachThreadInput
GetClassInfoExW
SetForegroundWindow
GetDC
ReleaseDC
CopyRect
SetActiveWindow
PostMessageW
RegisterClassExW
MoveWindow
LoadImageW
InflateRect
LoadBitmapW
GetParent
EnumDisplayDevicesA
FindWindowW
SetCursor
DrawTextW
LoadIconW
GetFocus
SetRect
IsChild
DestroyIcon
IsWindowVisible
IsDialogMessageW
SetFocus
KillTimer
IsRectEmpty
EqualRect
GetNextDlgTabItem
IntersectRect
OffsetRect
BeginPaint
PostThreadMessageW
EndPaint
PeekMessageW
GetMessageW
TranslateMessage
SetRectEmpty
DispatchMessageW
ScreenToClient
MonitorFromWindow
GetMonitorInfoW
DrawIconEx
GetDlgCtrlID
PtInRect
ClientToScreen
UpdateLayeredWindow
SetCapture
DrawFrameControl
ReleaseCapture
CallWindowProcW
GetCursorPos
UnregisterClassA
GetWindow
GetSystemMetrics
EnumDisplayDevicesW
EnumDisplaySettingsW
IsWindow
CharNextW
DefWindowProcW
DestroyWindow

gdi32

MoveToEx
GetTextColor
LineTo
RoundRect
RectInRegion
GetClipRgn
SetBkMode
GetCurrentObject
CreateFontIndirectW
OffsetRgn
CreateRectRgnIndirect
ExtSelectClipRgn
CombineRgn
GetViewportOrgEx
TextOutW
CreateRoundRectRgn
SetViewportOrgEx
ExtTextOutW
Rectangle
RestoreDC
CreateDIBSection
CreateCompatibleDC
DeleteDC
SelectClipRgn
CreateRectRgn
SetStretchBltMode
GetDeviceCaps
StretchBlt
GetObjectW
DeleteObject
GetStockObject
CreateCompatibleBitmap
SaveDC
SelectObject
CreateBitmap
SetBkColor
CreatePen
BitBlt
SetTextColor
GetTextExtentPoint32W

advapi32

RegOpenKeyExA
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExA
RegEnumKeyExA
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHGetFolderPathW
SHGetMalloc
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CreateStreamOnHGlobal
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoCreateGuid
CoTaskMemAlloc
CoInitializeEx

oleaut32

SafeArrayUnlock
SafeArrayLock
SysStringLen
VariantClear
VariantInit
VarUI4FromStr
SysFreeString
SysAllocString

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
StrToIntA
StrToIntW
PathAddBackslashW
PathFindFileNameW
PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipDrawLinesI
GdipGetFontCollectionFamilyCount
GdipDrawString
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipDrawPath
GdipTranslateWorldTransform
GdipClosePathFigure
GdipAddPathRectangleI
GdipRotateWorldTransform
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipAddPathArcI
GdipResetWorldTransform
GdipDeleteStringFormat
GdipDeletePath
GdipCreatePath
GdipSetStringFormatAlign
GdipDrawRectangleI
GdipCreateFont
GdipCreateSolidFill
GdipSetCompositingQuality
GdipMeasureString
GdipSetPixelOffsetMode
GdipCreateFontFromLogfontW
GdipGetFamily
GdipDrawLine
GdipSetStringFormatLineAlign
GdipSetSmoothingMode
GdipFillRectangle
GdipSetPenDashStyle
GdipSetStringFormatFlags
GdipSetPenMode
GdipFillRectangleI
GdipSetStringFormatTrimming
GdipAddPathStringI
GdipSetPenStartCap
GdipGetFontSize
GdipSetPenEndCap
GdipDeleteBrush
GdipDeletePen
GdipDrawImageI
GdipCreatePen1
GdipNewPrivateFontCollection
GdipAddPathPieI
GdipDeletePrivateFontCollection
GdipDeleteFont
GdipPrivateAddFontFile
GdipSetClipPath
GdipCloneBrush
GdipFree
GdipDeleteFontFamily
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImagePointsRectI
GdipSetInterpolationMode
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipCloneImage
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipLoadImageFromFile
GdipDisposeImage
GdipDrawImageRectI
GdipCloneBitmapArea
GdiplusShutdown
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDrawImageRectRectI
GdipCreateBitmapFromStream
GdipSetImageAttributesColorMatrix
GdiplusStartup
GdipLoadImageFromStream
GdipAlloc
GdipImageRotateFlip
GdipCreateHBITMAPFromBitmap
GdipFillPath

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

rasapi32

RasEnumConnectionsW

iphlpapi

IcmpSendEcho
IcmpCreateFile
IcmpCloseHandle
GetAdaptersInfo

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

Sections

.text
Size: 672KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eabc3e43c331781ddbb477cbb1c4723a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

wtsapi32

rasapi32

iphlpapi

psapi

Sections

.text Size: 672KB - Virtual size: 668KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 20KB - Virtual size: 32KB

.rsrc Size: 160KB - Virtual size: 160KB

.text
Size: 672KB - Virtual size: 668KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 160KB - Virtual size: 160KB