63f8715261112588f37fcb5b50e86d51537609041881ceb0aafb56fe92bcd0e8

Sharing

Copy URL Twitter E-mail

General

Target

63f8715261112588f37fcb5b50e86d51537609041881ceb0aafb56fe92bcd0e8
Size

1.8MB
MD5

8bc6aac6141af8c5f56659f7042f35cf
SHA1

65a117944afacdb77ce9b3ba6579ea52fdc3a796
SHA256

63f8715261112588f37fcb5b50e86d51537609041881ceb0aafb56fe92bcd0e8
SHA512

1f793f8e574d17c2c4bc440877970a140a9c4289080976114b0af2176e3e0c713651df375cecd6d95a4ef1763353ea39846fe1dc9acfc64a4bef1097c4b3175a
SSDEEP

24576:Nj3HWRw6Gr+DPHnM9ViAn3xWT8ZKmxrNFrsKubpwL3jfgmIFXIjMw:Nj32RwIPMXv3kJmxrNdsHbpwH2XUN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63f8715261112588f37fcb5b50e86d51537609041881ceb0aafb56fe92bcd0e8

Files

63f8715261112588f37fcb5b50e86d51537609041881ceb0aafb56fe92bcd0e8
.exe windows:6 windows x86

6709ffb77993ed7a1d896f512244e9cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
CreateEventW
SetEvent
ResetEvent
GetSystemTimeAsFileTime
lstrcmpiW
LoadLibraryExW
SetEndOfFile
FlushFileBuffers
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetFileType
WriteFile
GetStdHandle
GetCommandLineA
GetModuleHandleExW
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
CreateProcessW
GetCurrentProcessId
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemInfo
CloseHandle
GlobalFlags
MultiByteToWideChar
GetFileAttributesW
WaitForSingleObject
FindClose
TerminateProcess
GetCurrentProcess
FindNextFileW
GetCommandLineW
ReadFile
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetTickCount
ExitProcess
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
SetLastError
LeaveCriticalSection
GetCurrentThreadId
IsDebuggerPresent
GetModuleFileNameW
HeapFree
WritePrivateProfileStringW
GetPrivateProfileStringW
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
SetFilePointerEx
WriteConsoleW

user32

TranslateAcceleratorW
CharNextW
DestroyIcon
PostMessageW
IsWindowVisible
RegisterClassExW
ShowWindow
GetSysColor
DeleteMenu
GetDlgItem
FillRect
EndPaint
GetNextDlgTabItem
PostQuitMessage
IsIconic
UnregisterClassW
PeekMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
MessageBoxW
GetWindowLongW
SetWindowPos
SetWindowLongW
InvalidateRect
GetActiveWindow
GetClassNameW
IntersectRect
IsRectEmpty
SetMenu
IsWindowEnabled
IsChild
GetDlgCtrlID
IsDialogMessageW
DrawIcon
SetWindowRgn
GetFocus
GetWindow
GetSystemMenu
GetLastActivePopup
PtInRect
SetParent
ClientToScreen
RedrawWindow
OffsetRect
MessageBeep
ScreenToClient
DrawTextW
SetRect
IsZoomed
GetTopWindow
BeginPaint
SetFocus
GetClassInfoExW
GetPropW
RemovePropW
IsWindow
SetPropW
wsprintfW
GetWindowThreadProcessId
DefWindowProcW
CallWindowProcW
WinHelpW
SendMessageW
GetMessageW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
EnableWindow
LoadCursorW
GetCursorPos
SetCursorPos
GetKeyState
SetActiveWindow
SetCursor
AdjustWindowRectEx
ReleaseDC
GetClientRect
GetWindowDC
GetSystemMetrics
GetDC
GetWindowRect
LoadImageW
GetParent
GetDesktopWindow
LoadIconW
RegisterClassW
GetClassInfoW
LoadStringW
CreateWindowExW
EnumWindows
MoveWindow
GetMonitorInfoW
WaitForInputIdle
MonitorFromWindow

gdi32

ExcludeClipRect
GetTextMetricsW
SetBkMode
CombineRgn
CreateRectRgn
GetClipBox
CreateRoundRectRgn
SetTextColor
CreateEllipticRgn
SetBkColor
CreateSolidBrush
SelectObject
CreateDIBSection
SetDIBColorTable
DeleteObject
SetStretchBltMode
GetObjectW
DeleteDC
GetDeviceCaps
GetStockObject
GdiAlphaBlend
CreateFontIndirectW
CreateCompatibleDC

comdlg32

GetSaveFileNameW
ChooseFontW
GetOpenFileNameW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW

shell32

ShellExecuteW
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VarUI4FromStr

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_GetIcon
InitCommonControlsEx

bcrypt

BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptGetProperty

libcurl

curl_easy_init
curl_easy_setopt
curl_global_cleanup
curl_global_init
curl_easy_getinfo
curl_easy_perform
curl_slist_free_all
curl_easy_pause
curl_slist_append
curl_easy_cleanup

wininet

InternetGetConnectedState

ws2_32

WSAStartup
WSACleanup
ioctlsocket
htons
recv
connect
socket
inet_addr
WSAAsyncSelect
gethostbyname
closesocket

gdiplus

GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePalette
GdipSetCompositingMode
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 876KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 915KB - Virtual size: 916KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6709ffb77993ed7a1d896f512244e9cc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

bcrypt

libcurl

wininet

ws2_32

gdiplus

msvcrt

iphlpapi

psapi

Sections

.text Size: 876KB - Virtual size: 876KB

.sedata Size: 915KB - Virtual size: 916KB

.idata Size: 7KB - Virtual size: 8KB

.rsrc Size: 36KB - Virtual size: 36KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 876KB - Virtual size: 876KB

.sedata
Size: 915KB - Virtual size: 916KB

.idata
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 36KB - Virtual size: 36KB

.sedata
Size: 4KB - Virtual size: 4KB