eca5c929fa995e583fb1e02592873c009db27ba03f967f6e59619ee4312961a7

Sharing

Copy URL Twitter E-mail

General

Target

eca5c929fa995e583fb1e02592873c009db27ba03f967f6e59619ee4312961a7
Size

10.0MB
MD5

955c4f879c841e2c7ad96032723ebd85
SHA1

3e8a5c3e52621136c659748402536ad0f87ae878
SHA256

eca5c929fa995e583fb1e02592873c009db27ba03f967f6e59619ee4312961a7
SHA512

67703989a72281129683c585e8066b7cfc2fa5a276df7ad124a04339ce9863fea3eea79b1829a2446aa023d459366155311be4c9fc3e7ec10ffbaa0e62c6d0c1
SSDEEP

196608:tR/oTNrUyFh+4hKsiuQ8FE+vP1AinheYP3kjHIAAogrcq9:TlyFhdJiuQeE61hnheYE5Atrcq9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eca5c929fa995e583fb1e02592873c009db27ba03f967f6e59619ee4312961a7

Files

eca5c929fa995e583fb1e02592873c009db27ba03f967f6e59619ee4312961a7
.exe windows x86

4d6f4f4a2adad9f06cb50e35bc6edda4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegCloseKey

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

shell32

SHBrowseForFolderW
SHGetFolderPathW
SHGetPathFromIDListW

oleaut32

SysAllocString
SysFreeString

shlwapi

PathQuoteSpacesW
ord176

gdi32

SetBkColor
GetObjectW
SetTextColor
SetBkMode
SelectObject
SaveDC
RestoreDC
ExcludeClipRect
CreateSolidBrush
CreateCompatibleDC
BitBlt

kernel32

SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery
SetStdHandle
VerSetConditionMask
GetCommandLineW
DeleteFileW
DecodePointer
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
GetCurrentThreadId
GetSystemDirectoryW
IsWow64Process
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetSearchPathMode
VerifyVersionInfoW
GetUserDefaultUILanguage
CloseHandle
CreateProcessW
CreateFileW
GetTempFileNameW
WriteFile
GetTempPathW
WaitForSingleObject
GetExitCodeProcess
FindResourceExW
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
EnumResourceLanguagesW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
EncodePointer
HeapAlloc
HeapFree
GetProcessHeap
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
OutputDebugStringW
RtlUnwind
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
GetCurrentThread
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
HeapSize
HeapReAlloc
OutputDebugStringA
WaitForSingleObjectEx
CreateThread
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA

user32

SystemParametersInfoW
InflateRect
GetSysColorBrush
GetSysColor
CallWindowProcW
UnregisterClassW
DialogBoxParamW
MessageBoxW
SetWindowLongW
SetProcessDefaultLayout
SendMessageW
IsWindow
IsWindowVisible
EndDialog
SetDlgItemTextW
CheckDlgButton
GetDlgCtrlID
GetSystemMetrics
GetDC
ReleaseDC
BeginPaint
EndPaint
SetWindowTextW
GetClientRect
GetWindowRect
ScreenToClient
GetWindowLongW
GetWindow
LoadImageW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
DestroyWindow
ShowWindow
SetWindowPos
UpdateWindow
MapWindowPoints
GetParent
LoadCursorW
MonitorFromWindow
GetMonitorInfoW
LoadStringW
wsprintfW
DefWindowProcW

Sections

.text
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59.1MB - Virtual size: 59.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d6f4f4a2adad9f06cb50e35bc6edda4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

kernel32

user32

Sections

.text Size: 341KB - Virtual size: 341KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 4KB - Virtual size: 8KB

.gfids Size: 1024B - Virtual size: 564B

.rsrc Size: 59.1MB - Virtual size: 59.1MB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 341KB - Virtual size: 341KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 4KB - Virtual size: 8KB

.gfids
Size: 1024B - Virtual size: 564B

.rsrc
Size: 59.1MB - Virtual size: 59.1MB

.reloc
Size: 12KB - Virtual size: 11KB