e0597b073eef37c78d6fbac18cce32426431c4975f79a327ae2c41972dccc957

Sharing

Copy URL Twitter E-mail

General

Target

e0597b073eef37c78d6fbac18cce32426431c4975f79a327ae2c41972dccc957
Size

9.7MB
MD5

6941ab08ea84dc9b832a26ca0b5bdae4
SHA1

c92a14b84e4cdfdd1a2a3c7936a96fb11657f729
SHA256

e0597b073eef37c78d6fbac18cce32426431c4975f79a327ae2c41972dccc957
SHA512

55cb8e706123f820449eaecc0e7edbf8b010bd8fd75ffaf5522424fbd182ac9f7e9ec4548ed1b0994a2fea3ea0ee9e42d4cb5680041ee1d6d6c1acbab507be56
SSDEEP

196608:GT9aZBatiToqNLMYaAiWrUUPFzsarpYaTsCB2lBHgTjHdqOFNf:HjOkNVMl6FzsWpY4N2i02t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0597b073eef37c78d6fbac18cce32426431c4975f79a327ae2c41972dccc957

Files

e0597b073eef37c78d6fbac18cce32426431c4975f79a327ae2c41972dccc957
.exe windows:6 windows x86

107d76bbf9c17cf9582aa17a3d63f0a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateGuid
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
IIDFromString
StringFromGUID2
CoTaskMemAlloc
OleRun
OleSetContainedObject
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

shell32

FindExecutableA
SHGetFolderPathA
SHGetFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
CommandLineToArgvW
SHGetFolderPathW

wininet

HttpQueryInfoA
InternetErrorDlg
InternetCrackUrlA
HttpOpenRequestA
InternetOpenA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetReadFile

user32

EnumWindows
PostMessageA
MessageBoxW
IsWindowUnicode
GetMessageA
DispatchMessageA
SetWindowLongA
GetWindowLongA
DefWindowProcA
CreateWindowExA
TranslateMessage
PostQuitMessage
RegisterClassExA
GetAncestor
CharNextA
wsprintfA
ReleaseDC
GetParent
PeekMessageA
MsgWaitForMultipleObjectsEx
DispatchMessageW
GetMessageW
LoadStringA
MessageBoxA
AdjustWindowRectEx
GetClassInfoExW
EnableMenuItem
GetDesktopWindow
GetClientRect
SetWindowLongW
SendMessageA
ShowWindow
RegisterClassExW
SetWindowTextW
CreateWindowExW
GetWindowThreadProcessId
GetFocus
IsChild
SetFocus
SetRect
GetWindowLongW
DefWindowProcW
GetSystemMenu
SetWindowPos
GetWindowRect
LoadCursorA
DestroyWindow
GetDC

comctl32

InitCommonControlsEx

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetModuleFileNameW
LCMapStringW
GetStdHandle
EncodePointer
GetModuleHandleW
CreateDirectoryW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
WriteConsoleW
GetConsoleCP
GetConsoleMode
CreateThread
ExitThread
VirtualQuery
CompareStringW
GetFileType
GetLocaleInfoW
FreeLibraryAndExitThread
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
SetStdHandle
IsValidLocale
EnumSystemLocalesW
HeapAlloc
HeapSize
DeleteFileW
GetSystemTimeAsFileTime
HeapReAlloc
HeapFree
GetModuleFileNameA
SizeofResource
GetCommandLineW
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
FindResourceA
lstrcmpA
GetModuleHandleA
GetCommandLineA
MultiByteToWideChar
GetLastError
SetDllDirectoryA
RaiseException
IsDBCSLeadByte
LoadResource
DecodePointer
DeleteCriticalSection
FreeLibrary
WideCharToMultiByte
lstrcmpiA
Process32First
WriteFile
lstrlenA
lstrcatA
CreateToolhelp32Snapshot
GetTempPathA
CreateFileA
GetSystemDirectoryA
LockResource
DeleteFileA
Process32Next
lstrcpyA
CloseHandle
FindResourceW
lstrcpynA
CreateDirectoryA
LocalFree
ReadFile
MulDiv
LocalAlloc
GetCurrentThreadId
FormatMessageA
Sleep
GetUserDefaultLCID
SetEvent
CreateEventA
FileTimeToSystemTime
SetEndOfFile
SetFilePointerEx
FindFirstFileA
TerminateProcess
FindClose
WaitForSingleObject
GetLocaleInfoA
OpenProcess
GetWindowsDirectoryA
ExitProcess
SetLastError
GetDriveTypeA
FindNextFileA
GetFileAttributesA
MoveFileExA
SetFileAttributesA
RemoveDirectoryA
GetTickCount
OpenMutexA
LoadLibraryExW
GetCurrentProcess
GetModuleHandleExW
GetNativeSystemInfo
GetSystemWow64DirectoryA
FormatMessageW
GetLocalTime
GetCurrentProcessId
GetSystemDefaultUILanguage
GetThreadLocale
QueryPerformanceFrequency
QueryPerformanceCounter
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
GetExitCodeThread
OpenThread
SetHandleInformation
CreatePipe
PeekNamedPipe
CreateProcessA
GetExitCodeProcess
GetModuleHandleExA
LoadLibraryW
CreateMutexA
ReleaseMutex
CreateFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
IsDebuggerPresent
OutputDebugStringW
GetFileSizeEx
FlushFileBuffers
ReadConsoleW
GetCurrentDirectoryW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetProcAddress
GetUserDefaultUILanguage

advapi32

CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
CryptAcquireContextA
CryptCreateHash
ConvertSidToStringSidA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
OpenProcessToken
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorA

oleaut32

VarUI4FromStr
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
SysAllocString
VariantInit
SysStringByteLen
GetErrorInfo
VariantCopy

shlwapi

ord12
SHDeleteKeyA
PathIsDirectoryEmptyA
PathAppendA

gdi32

GetDeviceCaps

iphlpapi

GetAdaptersAddresses

crypt32

CryptProtectData
CryptStringToBinaryA
CryptBinaryToStringA
CryptUnprotectData

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA

msi

ord158
ord204
ord44
ord141
ord115
ord159
ord189
ord137
ord117
ord168
ord31
ord160
ord91
ord87
ord67
ord8

Sections

.text
Size: 586KB - Virtual size: 585KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71.6MB - Virtual size: 71.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

107d76bbf9c17cf9582aa17a3d63f0a2

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

wininet

user32

comctl32

kernel32

advapi32

oleaut32

shlwapi

gdi32

iphlpapi

crypt32

version

msi

Sections

.text Size: 586KB - Virtual size: 585KB

.rdata Size: 220KB - Virtual size: 220KB

.data Size: 13KB - Virtual size: 19KB

.rsrc Size: 71.6MB - Virtual size: 71.6MB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 586KB - Virtual size: 585KB

.rdata
Size: 220KB - Virtual size: 220KB

.data
Size: 13KB - Virtual size: 19KB

.rsrc
Size: 71.6MB - Virtual size: 71.6MB

.reloc
Size: 42KB - Virtual size: 41KB