96c94c1cbbe8c94524d5ee52c0aef220f05d378ea99524f11ab2f82dc0321a4c

Sharing

Copy URL Twitter E-mail

General

Target

96c94c1cbbe8c94524d5ee52c0aef220f05d378ea99524f11ab2f82dc0321a4c
Size

1.0MB
MD5

da8907ab50c67500216490e5b188bc07
SHA1

a490ee44d60a4f947beca84906528cd8e1f2243e
SHA256

96c94c1cbbe8c94524d5ee52c0aef220f05d378ea99524f11ab2f82dc0321a4c
SHA512

7ba7d9e281d7127a62c4aab9d7aa4faf92098786b1803929b94ffe0dc73dd5e12f635e18cf7c4722e2879ca637c4d9a7af548824803db74501b32f24396ac51a
SSDEEP

24576:u8ImPTszQUiOrhvRxWtAxSpFp1gEPI2TESV:F+hxS11/1TEi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96c94c1cbbe8c94524d5ee52c0aef220f05d378ea99524f11ab2f82dc0321a4c

Files

96c94c1cbbe8c94524d5ee52c0aef220f05d378ea99524f11ab2f82dc0321a4c
.exe windows x86

7e61547cabc49db739d3b2c5c52fbb4d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

hid

HidD_GetProductString
HidD_GetSerialNumberString
HidD_GetManufacturerString
HidD_GetHidGuid
HidD_GetNumInputBuffers
HidD_SetNumInputBuffers
HidD_GetPreparsedData
HidP_GetCaps
HidP_GetSpecificValueCaps
HidD_GetAttributes
HidD_FreePreparsedData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

mciSendCommandW

kernel32

FindResourceExW
SizeofResource
LockResource
LoadResource
FindResourceW
InterlockedIncrement
InterlockedDecrement
lstrlenW
CloseHandle
GetProcAddress
LoadLibraryW
OpenProcess
GetTickCount
FreeConsole
VerLanguageNameW
GetLastError
EnumResourceLanguagesW
GetUserDefaultLangID
CreateMutexW
ReleaseMutex
WideCharToMultiByte
WaitForSingleObject
GetModuleFileNameW
GetLocalTime
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringA
WriteFile
SetEndOfFile
SetFilePointer
CopyFileW
GetFileSize
CreateFileW
GetModuleHandleW
DeleteFileW
GetTempPathW
GetFileAttributesW
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
RaiseException
InitializeCriticalSection
DeleteCriticalSection
OpenMutexW
GetCommandLineW
GetDriveTypeW
SetErrorMode
lstrcpynW
GetStartupInfoW
ExitProcess
CreateEventW
SetEvent
OpenEventW
ResumeThread
MultiByteToWideChar
GetCurrentProcess
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
lstrlenA
DeviceIoControl
GetPrivateProfileStringW
InterlockedExchangeAdd
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
GetSystemDirectoryW
GetProcessAffinityMask
Sleep
CreateThread
FreeLibrary
FreeResource
GlobalFree
GlobalAlloc
FlushFileBuffers
GetWindowsDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
ResetEvent
SleepEx
ReadFileEx
GetLogicalDriveStringsW
ReadFile
GetStringTypeW
GetStringTypeA
CreateFileA
IsBadCodePtr
GetTimeZoneInformation
DebugBreak
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
TerminateProcess
TlsAlloc
QueryPerformanceCounter
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetOEMCP
GetCPInfo
LocalAlloc
LoadLibraryA
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
ExitThread
GetModuleHandleA
GetSystemTimeAsFileTime
GetModuleFileNameA

user32

SetWindowLongW
GetWindowLongW
PeekMessageW
RegisterWindowMessageW
SendNotifyMessageW
IsWindow
CreateDialogIndirectParamW
ShowWindow
FindWindowExW
RegisterClassW
RegisterDeviceNotificationW
UnregisterDeviceNotification
BroadcastSystemMessageW
FindWindowW
CreateWindowExW
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
PostQuitMessage
KillTimer
SendMessageW
SetTimer
GetMessageW
DispatchMessageW
TranslateMessage
UnregisterClassW
MessageBoxW
GetClassNameW
GetWindowTextW
PostMessageW
GetWindowThreadProcessId
UnhookWinEvent
SetWinEventHook

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

StringFromCLSID
GetRunningObjectTable
CreateClassMoniker
CoInitializeEx
CoTaskMemFree

shlwapi

PathRemoveFileSpecW
UrlEscapeW
PathFindExtensionW
PathIsRootW

Sections

.text
Size: 680KB - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ktivcof
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rfceuix
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yhymzrv
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7e61547cabc49db739d3b2c5c52fbb4d

Headers

File Characteristics

Imports

hid

version

winmm

kernel32

user32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 680KB - Virtual size: 677KB

.rdata Size: 176KB - Virtual size: 173KB

.data Size: 28KB - Virtual size: 64KB

.rsrc Size: 96KB - Virtual size: 96KB

ktivcof Size: 32KB - Virtual size: 32KB

rfceuix Size: 32KB - Virtual size: 32KB

yhymzrv Size: - Virtual size: 4KB

.text
Size: 680KB - Virtual size: 677KB

.rdata
Size: 176KB - Virtual size: 173KB

.data
Size: 28KB - Virtual size: 64KB

.rsrc
Size: 96KB - Virtual size: 96KB

ktivcof
Size: 32KB - Virtual size: 32KB

rfceuix
Size: 32KB - Virtual size: 32KB

yhymzrv
Size: - Virtual size: 4KB