87eaf82aa18d2a75c82a244a96579563d10ec10bf1e73cfae98f01450ab56d52

Sharing

Copy URL Twitter E-mail

General

Target

87eaf82aa18d2a75c82a244a96579563d10ec10bf1e73cfae98f01450ab56d52
Size

300KB
MD5

e53ff8564aed80fffef3c14e34a98f84
SHA1

fc0b68fa46d078154f089f83bbd10846efa18fa6
SHA256

87eaf82aa18d2a75c82a244a96579563d10ec10bf1e73cfae98f01450ab56d52
SHA512

36f27afb21b072865e23635b5232e3a2fbb2137d2e878814f3c3f72d70ab45130c74159d88c5ccc3b36529a104a0477d2564def258509b1c6901c79c3b79eaac
SSDEEP

3072:9hx745/XJvswOhWKvKP+mat6NQKbqS33U/g3DYLDQeEZ5pM9eAP3c9sQjKopC15w:TxmpWHKP+Vt6tHU/g3DYOuD3UxU5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87eaf82aa18d2a75c82a244a96579563d10ec10bf1e73cfae98f01450ab56d52

Files

87eaf82aa18d2a75c82a244a96579563d10ec10bf1e73cfae98f01450ab56d52
.exe windows x86

9b7369f3c6ced4b8df39c32a430c43db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationA
GetFullPathNameA
GetTempFileNameA
GetDiskFreeSpaceA
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
MulDiv
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
GetCurrentDirectoryA
RtlUnwind
HeapFree
HeapAlloc
CreateDirectoryA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetFileType
GetTimeZoneInformation
GetLocalTime
ExitProcess
GetStartupInfoA
GetCommandLineA
UnlockFile
RaiseException
CreateThread
ExitThread
GetACP
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
MoveFileA
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
EnterCriticalSection
FindNextFileA
SetLastError
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
VirtualFree
SetEndOfFile
InterlockedExchange
WaitForSingleObject
GlobalAlloc
lstrcmpA
GetCurrentThread
GetVersion
lstrcatA
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FindFirstFileA
FindClose
lstrcpynA
GetFileTime
GetFileSize
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
FormatMessageA
LocalFree
lstrlenA
WideCharToMultiByte
TerminateThread
lstrcpyA
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
ReadProcessMemory
TerminateProcess
CreateMutexA
CreateFileMappingA
MapViewOfFile
GetWindowsDirectoryA
GetModuleFileNameA
CopyFileA
WinExec
CreateFileA
CloseHandle
GetFileAttributesA
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
GetCurrentThreadId
Sleep
GetSystemTime
SetLocalTime
SetStdHandle
GetLastError

user32

LoadIconA
IsDialogMessageA
SetWindowTextA
ShowWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
ReleaseCapture
SetCursor
DestroyMenu
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
InvalidateRect
BringWindowToTop
PostQuitMessage
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
ShowOwnedPopups
CharUpperA
LoadStringA
GetClassNameA
PtInRect
ClientToScreen
ReleaseDC
GetDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetSysColorBrush
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessagePos
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
UnhookWindowsHookEx
VkKeyScanA
GetMessageExtraInfo
mouse_event
SetCursorPos
IsWindowVisible
keybd_event
SendMessageA
MessageBoxA
GetDesktopWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
EnableWindow
SetForegroundWindow
SetActiveWindow
GetMessageTime
UnregisterClassA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateBitmap
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
RestoreDC
SaveDC
DeleteDC
GetStockObject
GetDeviceCaps
SelectObject
SetBkColor
SetTextColor
GetClipBox
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

DragFinish
DragQueryFileA

comctl32

ord17

ws2_32

connect
recv
send
WSACleanup
WSAGetLastError
WSAStartup
inet_ntoa
setsockopt
htons
inet_addr
socket
sendto
recvfrom
closesocket
gethostbyname
gethostname
bind

wininet

InternetGetLastResponseInfoA
FtpGetFileA
FtpPutFileA
FtpSetCurrentDirectoryA
InternetOpenA
InternetCloseHandle
InternetSetStatusCallback
InternetConnectA
FtpCreateDirectoryA

imagehlp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo
GetRTTAndHopCount

Sections

.text
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b7369f3c6ced4b8df39c32a430c43db

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ws2_32

wininet

imagehlp

iphlpapi

Sections

.text Size: 224KB - Virtual size: 221KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 12KB - Virtual size: 35KB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: 224KB - Virtual size: 221KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 12KB - Virtual size: 35KB

.rsrc
Size: 16KB - Virtual size: 13KB