6e38b8ac109d1a2ec51f4d43b9b9a54aea7ea922b3af11d5c9ed3b7da7791410

Sharing

Copy URL Twitter E-mail

General

Target

6e38b8ac109d1a2ec51f4d43b9b9a54aea7ea922b3af11d5c9ed3b7da7791410
Size

1.6MB
MD5

927f7fe43058462e7e88fca444bfb54b
SHA1

d9cefd7709d8f80904808d08fd3213844c9bea33
SHA256

6e38b8ac109d1a2ec51f4d43b9b9a54aea7ea922b3af11d5c9ed3b7da7791410
SHA512

a8172f8172725c331610dba9b9786e80177e4e704eb7af31189c5ad0ff3752819a1fe7f71dc0ad6b006a6635dcee608c546ff63564f0508546bac3aa7634412e
SSDEEP

49152:PZowN1+zhT+ncsw4DBfp/t45U+al9MCUwrkzkd+lU3vyV4MckrHZx67ljC2ex:howazF+cXrHgl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e38b8ac109d1a2ec51f4d43b9b9a54aea7ea922b3af11d5c9ed3b7da7791410

Files

6e38b8ac109d1a2ec51f4d43b9b9a54aea7ea922b3af11d5c9ed3b7da7791410
.exe windows x86

30d4f8dbdef6b9567e903066594132ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringA
GetStartupInfoA
GetModuleFileNameA
ReadFile
ExitThread
SetConsoleTextAttribute
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
SetConsoleCursorPosition
GetStdHandle
GetConsoleScreenBufferInfo
FindFirstFileW
FindClose
InterlockedIncrement
InterlockedDecrement
ReleaseSemaphore
CreateSemaphoreW
TerminateProcess
SetFileAttributesW
RemoveDirectoryW
GetFileSize
CreateDirectoryW
GetDiskFreeSpaceExA
ReleaseMutex
SetDllDirectoryW
CreateMutexW
DeleteCriticalSection
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
LocalFree
VirtualProtect
GetCurrentThread
VirtualQuery
GetThreadTimes
GetComputerNameW
GetSystemInfo
GlobalMemoryStatus
OpenProcess
GetVersionExW
FileTimeToSystemTime
GetWindowsDirectoryW
GetSystemDirectoryW
GetACP
GetOEMCP
GetUserDefaultLangID
GetUserDefaultLCID
GetSystemDefaultLCID
GetEnvironmentStringsW
lstrlenW
FreeEnvironmentStringsW
WriteFile
GetCommandLineW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CreateFileW
GetLocalTime
FreeLibrary
ExpandEnvironmentStringsW
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetTempPathW
SetUnhandledExceptionFilter
GetLastError
OutputDebugStringA
GetModuleFileNameW
GetFileAttributesW
DeleteFileW
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount
TerminateThread
OutputDebugStringW
WaitForSingleObject
ResetEvent
Sleep
lstrlenA
EnterCriticalSection
SetEvent
LeaveCriticalSection
CreateEventW
InitializeCriticalSection
WideCharToMultiByte
HeapAlloc
CreateThread
GetProcessHeap
HeapFree
WaitForMultipleObjects
CloseHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
LoadResource
LockResource
SizeofResource
FindResourceW
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
LCMapStringA
GetSystemDefaultLangID
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
LCMapStringW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
GetCPInfo
QueryPerformanceCounter
VirtualFree
HeapCreate
SetHandleCount
VirtualAlloc
HeapSize
ExitProcess
GetFileType
MultiByteToWideChar
GetPrivateProfileStringW
SetStdHandle
HeapReAlloc
GetDriveTypeA
GetDateFormatA
GetTimeFormatA
DeleteFileA
IsDebuggerPresent
UnhandledExceptionFilter
RaiseException
GetSystemTimeAsFileTime
RtlUnwind
GetStartupInfoW
SetErrorMode
GetFileTime
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateEventA
CreateIoCompletionPort
SetLastError
GetModuleHandleA
MulDiv
GetVersionExA
lstrcmpW
LoadLibraryA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
FormatMessageW
GlobalFree
FindNextFileW
FileTimeToLocalFileTime
lstrcmpA
GlobalReAlloc
GetThreadLocale
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GlobalFlags
LocalAlloc
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileSizeEx

user32

GetPropW
SetPropW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
RegisterWindowMessageW
CheckMenuItem
GetMenuState
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetDlgItemInt
SetDlgItemInt
SetDlgItemTextW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
GetWindowThreadProcessId
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
ValidateRect
GetMessageW
CharUpperW
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
DestroyMenu
GetSysColorBrush
UnregisterClassW
CharNextW
IsRectEmpty
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
GetScrollPos
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
CreatePopupMenu
GetMessagePos
EnableMenuItem
IsIconic
DrawIcon
GetDlgItem
GetLastActivePopup
ModifyMenuW
GetSubMenu
GetMenuStringW
AppendMenuW
LoadMenuW
SetMenu
LoadIconW
EqualRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetClassNameW
GetWindowLongW
SetWindowLongW
ScreenToClient
PtInRect
IsZoomed
DrawFrameControl
KillTimer
OffsetRect
RedrawWindow
UpdateWindow
GetSystemMetrics
ReleaseDC
IsWindowVisible
MsgWaitForMultipleObjects
TranslateMessage
SetTimer
BringWindowToTop
SetWindowPos
PeekMessageW
DispatchMessageW
wsprintfW
GetWindow
ClientToScreen
LoadBitmapW
GetCursorPos
WindowFromPoint
GetSysColor
FillRect
ReleaseCapture
SetCapture
PostMessageW
LoadCursorW
SetCursor
GetCapture
GetWindowRect
GetParent
SetForegroundWindow
GetMenuItemID
GetMenuItemCount
ShowWindow
SendMessageW
IsWindow
SetRect
MoveWindow
MessageBoxW
InvalidateRect
GetClientRect
SetActiveWindow
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetScrollInfo
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
IntersectRect
SystemParametersInfoA
GetWindowPlacement
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMessageTime
MapWindowPoints
TrackPopupMenu
GetKeyState
GetSystemMenu
GetScrollRange
EnableWindow
GetDesktopWindow
GetDC

gdi32

GetViewportOrgEx
SetViewportOrgEx
GetDeviceCaps
CreateSolidBrush
DeleteDC
SelectObject
GetStockObject
DeleteObject
ExtTextOutW
CreateFontIndirectW
GetObjectW
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetTextColor
SetMapMode
GetClipBox
SetTextAlign
GetViewportExtEx
GetWindowExtEx
Rectangle
PtVisible
RectVisible
TextOutW
Escape
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
SetBkMode
SetBkColor
RestoreDC
SaveDC

advapi32

RegSetValueExW
RegQueryValueExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyW
RegCreateKeyExW
GetUserNameW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoCreateGuid
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemFree

oleaut32

SysStringLen
SysFreeString
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantChangeType
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
SysAllocString
SysAllocStringLen
VariantClear

iphlpapi

GetAdaptersInfo

ws2_32

WSASendTo
WSASend
htonl
gethostbyaddr
__WSAFDIsSet
getsockopt
ioctlsocket
WSACleanup
WSAStartup
recvfrom
WSARecvFrom
select
connect
send
recv
socket
setsockopt
closesocket
bind
htons
sendto
WSAGetLastError
ntohl
ntohs
inet_addr
WSARecv
gethostname
shutdown
gethostbyname
inet_ntoa

comctl32

InitCommonControlsEx

shlwapi

StrToInt64ExW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

dbghelp

MakeSureDirectoryPathExists

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

comdlg32

GetFileTitleW

odbc32

ord5
ord150
ord145
ord117
ord44
ord68
ord43
ord59
ord13
ord18
ord46
ord12
ord119
ord141
ord110
ord61
ord3
ord16
ord2
ord1
ord15
ord9
ord14
ord20
ord108
ord48
ord49
ord111
ord51

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30d4f8dbdef6b9567e903066594132ca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

ws2_32

comctl32

shlwapi

oledlg

version

dbghelp

winspool.drv

comdlg32

odbc32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 275KB - Virtual size: 275KB

.data Size: 16KB - Virtual size: 58KB

.rsrc Size: 43KB - Virtual size: 42KB

.reloc Size: 83KB - Virtual size: 82KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 275KB - Virtual size: 275KB

.data
Size: 16KB - Virtual size: 58KB

.rsrc
Size: 43KB - Virtual size: 42KB

.reloc
Size: 83KB - Virtual size: 82KB