44bdb43319541065893a358e967685f2c7e6be4c2092b96f2f25a4190ea4f8a3

Sharing

Copy URL

Twitter E-mail

General

Target

44bdb43319541065893a358e967685f2c7e6be4c2092b96f2f25a4190ea4f8a3
Size

547KB
MD5

9ae8fe6b913c1a33326a83c8d0ea73ef
SHA1

5cbb0c91553f5e48d6fc6dbb6fbde9ab48078d76
SHA256

44bdb43319541065893a358e967685f2c7e6be4c2092b96f2f25a4190ea4f8a3
SHA512

d13b6687dd72694a5702b5fb7360eb4042b57d63ba613f5fe48b980c882ae78d8a0a0d96e6e44e4c453f22fdfcad6c1ceaf18ba1ab881a42411384aca5d7f534
SSDEEP

12288:xk3IgJ2J+gBu3vFGeV3VP2CrNYaVOoo+DuLraFJ87:RgaivBV3VPTOeDuiF6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44bdb43319541065893a358e967685f2c7e6be4c2092b96f2f25a4190ea4f8a3

Files

44bdb43319541065893a358e967685f2c7e6be4c2092b96f2f25a4190ea4f8a3
.exe windows:5 windows x86

41dee647deb361d81c6b29ebd76d82d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCP
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
VirtualQuery
VirtualProtect
GetSystemInfo
SetFilePointerEx
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
LocalFree
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
FlushFileBuffers
WriteConsoleW
CreateFileW
WideCharToMultiByte
DecodePointer
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetFileAttributesW
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
MulDiv
OutputDebugStringW
FindResourceExW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetCurrentThreadId
HeapDestroy
FindResourceW
LoadResource
LockResource
SizeofResource
SetLastError
InitializeCriticalSectionAndSpinCount
GetConsoleMode
DeleteCriticalSection
GetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
RtlUnwind

user32

SetWindowPos
GetClientRect
GetDesktopWindow
UnregisterClassW
SetWindowLongW
SendMessageW
CreateWindowExW
DestroyWindow
DialogBoxParamW
CreateDialogParamW
SetTimer
GetCursorPos
KillTimer
GetWindowRect
InvalidateRect
GetUpdateRect
BeginPaint
EndPaint
SetRect
MoveWindow
ShowWindow
RegisterClassExW
LoadCursorW
ReleaseCapture
SetCapture
GetClassInfoExW
EndDialog
GetMessageW
LoadMenuW
IsZoomed
GetSysColorBrush
PostQuitMessage
MessageBoxW
IsChild
GetFocus
IsWindow
GetClassNameW
CharNextW
RedrawWindow
CreateAcceleratorTableW
FillRect
InvalidateRgn
DestroyAcceleratorTable
ClientToScreen
GetSystemMetrics
ScreenToClient
EnableWindow
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetDlgItem
GetParent
LoadBitmapW
DestroyIcon
SetFocus
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
ReleaseDC
GetDC
DrawIconEx
LoadIconW
GetActiveWindow
RegisterWindowMessageW
DrawTextW
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetParent
GetClassLongW
SetClassLongW
IsWindowVisible
DrawEdge
GetCapture
TrackMouseEvent
DispatchMessageW
TranslateMessage
PeekMessageW
UpdateWindow
GetSysColor

gdi32

SetPixelV
CreateSolidBrush
GetObjectW
EnumFontFamiliesW
CreatePen
SetTextColor
SetBkColor
GetDeviceCaps
SetPixel
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
SetBkMode
SelectObject
DeleteObject
LineTo
CreateFontW
Rectangle
GetStockObject
MoveToEx

comdlg32

ChooseColorW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

ole32

CreateStreamOnHGlobal
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CoTaskMemRealloc
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize

oleaut32

OleTranslateColor
DispCallFunc
VarUI4FromStr
SysAllocStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
SysAllocString
SysFreeString

gdiplus

GdiplusShutdown
GdiplusStartup
GdipFillRectangleI
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateLineBrushI
GdipCloneBrush
GdipDeleteBrush
GdipAlloc
GdipFree

Sections

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41dee647deb361d81c6b29ebd76d82d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

gdiplus

Sections

.text Size: 349KB - Virtual size: 348KB

.rdata Size: 93KB - Virtual size: 93KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 70KB - Virtual size: 70KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 349KB - Virtual size: 348KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 70KB - Virtual size: 70KB

.reloc
Size: 21KB - Virtual size: 21KB