c33d249f4b81457a623725aa57671d9c290dd40485a2704e8c81317e9166c8cc

Sharing

Copy URL Twitter E-mail

General

Target

c33d249f4b81457a623725aa57671d9c290dd40485a2704e8c81317e9166c8cc
Size

753KB
MD5

e74600e29244e06432167d5fb8da3f78
SHA1

ddf78c7383e1bd688bd2cbb08c8195afe7e87532
SHA256

c33d249f4b81457a623725aa57671d9c290dd40485a2704e8c81317e9166c8cc
SHA512

daebd7d970cd0b9da8c4fa10474c1863fd44cfb12dbbe0db387b202ef42890f8def37bbbd17c4326da115d8fdfd7fdc6439950863ab9a5f7eca4391cc45faa31
SSDEEP

12288:uwo36Qx3+wAbOLvkt033uBUHA1+Us/FacCe/zksoZgGbVVxBxneZDREqna:3+6QB+wtMwBCvbVVxBx2RVna

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c33d249f4b81457a623725aa57671d9c290dd40485a2704e8c81317e9166c8cc

Files

c33d249f4b81457a623725aa57671d9c290dd40485a2704e8c81317e9166c8cc
.exe windows:6 windows x86

5b9ddb642db5964074ff2af211987ddd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsDirectoryW

kernel32

WriteFile
CreateFileW
CreateFileA
FlushFileBuffers
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
LocalFree
CreateEventW
SetEvent
ResetEvent
GetFileSize
OpenEventW
FormatMessageA
GetModuleHandleExW
SetEndOfFile
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
CallNamedPipeW
ReadFile
OutputDebugStringW
GetExitCodeProcess
lstrcmpiW
CreateProcessW
SetCurrentDirectoryW
Process32FirstW
GetCurrentThread
Process32NextW
GetLastError
CreateToolhelp32Snapshot
OpenProcess
DuplicateHandle
TerminateProcess
SetThreadAffinityMask
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
FreeLibrary
GetSystemDirectoryW
GetModuleFileNameW
GetTickCount
WideCharToMultiByte
GetSystemInfo
GetNativeSystemInfo
MultiByteToWideChar
GetModuleHandleA
OutputDebugStringA
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
EnumSystemLocalesW
ExitThread
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
HeapAlloc
HeapFree
GetStdHandle
GetCurrentProcess
GetProcAddress
LoadLibraryW
Sleep
WriteConsoleW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
ExitProcess

user32

DispatchMessageW
MessageBoxA
GetMessageW
TranslateMessage

advapi32

SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExA
RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExW
RegQueryInfoKeyA
InitializeSecurityDescriptor

shell32

SHCreateDirectoryExW

ole32

CoCreateInstance
CLSIDFromProgID
CoInitializeEx
StringFromCLSID
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize

oleaut32

LoadTypeLibEx
SysAllocString
VariantInit
SafeArrayPutElement
SafeArrayCreateVector
SysFreeString
LoadTypeLi
SysAllocStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayAccessData
VariantClear
SysStringLen
UnRegisterTypeLi

winusb

WinUsb_QueryInterfaceSettings
WinUsb_WritePipe
WinUsb_QueryPipe
WinUsb_Free
WinUsb_Initialize

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

hid

HidD_GetAttributes
HidD_GetHidGuid

Sections

.text
Size: 588KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b9ddb642db5964074ff2af211987ddd

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

winusb

setupapi

hid

Sections

.text Size: 588KB - Virtual size: 588KB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 11KB - Virtual size: 79KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 588KB - Virtual size: 588KB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 11KB - Virtual size: 79KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 29KB