c7eef8bc847180ae53da7d844a802a69a970b9f4b00101d6b68bb95a2a8727b0

Sharing

Copy URL Twitter E-mail

General

Target

c7eef8bc847180ae53da7d844a802a69a970b9f4b00101d6b68bb95a2a8727b0
Size

559KB
MD5

3d5c7baf369c552976c773bdb5f45d4f
SHA1

95cca3bb0033e5dac5b7ec7a805bfd01a8490796
SHA256

c7eef8bc847180ae53da7d844a802a69a970b9f4b00101d6b68bb95a2a8727b0
SHA512

09887517fa32025b64fd562eaa313c32652dbe7b7ac481a1b057e99b96ef2b92ad422a409502130e2a645310acb47795b68fee6650d04e77cb0a45654148842d
SSDEEP

12288:D2h+w8nmtY03G7e5Wtwm6VsUa0Tp8z+5uC7AJ:D+8nSPG7ggApd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7eef8bc847180ae53da7d844a802a69a970b9f4b00101d6b68bb95a2a8727b0

Files

c7eef8bc847180ae53da7d844a802a69a970b9f4b00101d6b68bb95a2a8727b0
.exe windows:5 windows x86

99e911ab941a53156ee2ced10d90e522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileInformationByHandle
GetDriveTypeA
WriteFile
SetFileTime
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
lstrcpyA
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
SetFilePointer
FindFirstFileA
FindClose
CreateFileA
GlobalAlloc
lstrcmpA
GlobalLock
CloseHandle
CompareStringA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
GlobalUnlock
WaitForSingleObject
GlobalAddAtomA
GetCurrentProcessId
FreeResource
GlobalFree
GetVersionExA
lstrcmpW
MultiByteToWideChar
GlobalFindAtomA
GlobalGetAtomNameA
MulDiv
LocalFree
GetFullPathNameA
FileTimeToSystemTime
WritePrivateProfileStringA
GlobalFlags
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
GetCPInfo
GetOEMCP
GetModuleHandleW
FileTimeToLocalFileTime
Sleep
ExitProcess
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
ExitThread
CreateThread
HeapReAlloc
VirtualAlloc
HeapSize
GetConsoleCP
GetConsoleMode
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
FormatMessageA
lstrlenA
LocalAlloc
FreeLibrary
LoadResource
LockResource
SizeofResource
FindResourceA
WideCharToMultiByte
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
SetLastError
InterlockedDecrement
FreeConsole
GetModuleFileNameA
GetTempPathA
GetTickCount
lstrcatA
InterlockedExchange
DeleteFileA

user32

IsDialogMessageA
SetWindowTextA
ShowWindow
LoadCursorA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
BeginPaint
EndPaint
DestroyMenu
GetSysColorBrush
SendDlgItemMessageA
RegisterClipboardFormatA
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
WinHelpA
GetCapture
GetClassLongA
wsprintfA
EnableWindow
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExA
DestroyWindow
GetClassInfoA
RegisterClassA
GetClassInfoExA
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
LoadBitmapA
GetDC
GetWindowRect
GetClientRect
SendMessageA
MessageBoxA
RegisterWindowMessageA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
SetActiveWindow
UpdateWindow
LoadIconA
GetSysColor
CreateDialogIndirectParamA
GetDesktopWindow
ReleaseDC
IsWindowVisible
GetFocus
SetWindowLongA
GetWindowLongA
CopyRect
GetMenuItemCount
GetMenuItemID
ModifyMenuA
GetSubMenu
GetParent
PostMessageA

gdi32

SetMapMode
DeleteObject
RestoreDC
SaveDC
GetStockObject
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

shell32

ShellExecuteA

oleaut32

VariantInit
VariantChangeType
VariantClear

shlwapi

PathFindExtensionA

wldap32

ord211
ord143
ord60
ord50
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord26
ord30
ord200
ord22

ws2_32

htonl
ioctlsocket
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
ntohl
gethostname

crypt32

CertFreeCertificateContext

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptImportKey

Sections

.text
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99e911ab941a53156ee2ced10d90e522

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

oleaut32

shlwapi

wldap32

ws2_32

crypt32

oleacc

winspool.drv

advapi32

Sections

.text Size: 426KB - Virtual size: 426KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 9KB - Virtual size: 25KB

.rsrc Size: 36KB - Virtual size: 40KB

.text
Size: 426KB - Virtual size: 426KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 9KB - Virtual size: 25KB

.rsrc
Size: 36KB - Virtual size: 40KB