7ca1f22f7df793bb4e2bdbad7d897b1d5f02e2ea7c165e12b6532a1551a0dc20

Sharing

Copy URL

Twitter E-mail

General

Target

7ca1f22f7df793bb4e2bdbad7d897b1d5f02e2ea7c165e12b6532a1551a0dc20
Size

7.8MB
MD5

0997ba786f53afeb8ede82924dc44f2b
SHA1

3195b8477b8869b1634a80bee63ce7f109f81de7
SHA256

7ca1f22f7df793bb4e2bdbad7d897b1d5f02e2ea7c165e12b6532a1551a0dc20
SHA512

dda9296371f78a5796023225e689891b30bce090b95d9822300928596706127032493ca662bba587805eea14f59cbcd5ab9f49bfaa4aafbd4f87fb5a84fa6a58
SSDEEP

196608:3uylIcHRS2ZmYCTNB62bTXJEGq6OdD5485qn8EXKRI:3u9cHRYYCTH5bTX+GTedxbzRI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ca1f22f7df793bb4e2bdbad7d897b1d5f02e2ea7c165e12b6532a1551a0dc20

Files

7ca1f22f7df793bb4e2bdbad7d897b1d5f02e2ea7c165e12b6532a1551a0dc20
.exe windows:6 windows x86

556b68a2344cbd94ac27520149d27f12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
GetTimeZoneInformation
GetProcessHeap
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
GetFullPathNameW
SetLastError
LoadLibraryW
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FindResourceA
LockResource
GetModuleHandleA
OpenProcess
TerminateProcess
GetFullPathNameA
CreateFileA
WriteFile
MoveFileA
SetFileAttributesA
DeleteFileA
WideCharToMultiByte
GetModuleFileNameA
GetComputerNameExA
GetCurrentProcess
MultiByteToWideChar
GetComputerNameA
FindResourceW
lstrcpyW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetStdHandle
GetCurrentThreadId
CreateThread
Sleep
CreateEventW
OpenMutexW
CreateMutexW
WaitForSingleObject
ReleaseMutex
SetEvent
IsValidLocale
SetEndOfFile
HeapSize
GetConsoleCP
GetACP
ExitProcess
SetConsoleCtrlHandler
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetFileAttributesExW
HeapReAlloc
HeapFree
HeapAlloc
VirtualQuery
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
ResetEvent
WriteConsoleW
DeleteFileW
SystemTimeToFileTime
GetSystemTime
FindNextFileW
SetEnvironmentVariableA
FindFirstFileW
FindClose
ConvertThreadToFiber
ConvertFiberToThread
LoadLibraryA
CreateFiber
DeleteFiber
SwitchToFiber
GetCurrentProcessId
GetModuleHandleExW
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
CompareFileTime
WaitForSingleObjectEx
MoveFileExA
QueryPerformanceCounter
VerifyVersionInfoW
GetSystemDirectoryW
QueryPerformanceFrequency
VerSetConditionMask
SleepEx
FormatMessageA
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
FormatMessageW
IsDebuggerPresent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
GetLastError
RaiseException
CloseHandle
DecodePointer
CreateFileW
GetCommandLineW
GetVersionExW
GetCurrentProcess
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
GetProcAddress
LocalAlloc
LoadLibraryA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
VirtualQuery
LocalFree
CreateFileA
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

GetProcessWindowStation
GetUserObjectInformationW
ExitWindowsEx
MessageBoxW
LoadStringW
CharNextW
CharUpperW
PostThreadMessageW
CharUpperBuffW
MessageBoxW

advapi32

CreateProcessAsUserW
RegisterEventSourceW
ReportEventW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
StartServiceW
RegDeleteKeyA
RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegCreateKeyExA
RegFlushKey
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
DeregisterEventSource
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoReleaseServerProcess
CoAddRefServerProcess
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

UnRegisterTypeLi
SysFreeString
SysStringLen
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
SysAllocString

shlwapi

PathRemoveFileSpecA
PathFileExistsW
PathFileExistsA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

bcrypt

BCryptGenRandom

ws2_32

accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
WSACleanup
freeaddrinfo
recvfrom
sendto
gethostname
getnameinfo
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
getaddrinfo
shutdown

wldap32

ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145
ord301

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertOpenStore

wtsapi32

WTSSendMessageW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

556b68a2344cbd94ac27520149d27f12

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

userenv

bcrypt

ws2_32

wldap32

crypt32

wtsapi32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 504KB - Virtual size: 504KB

.data Size: 40KB - Virtual size: 40KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.vmp0 Size: 2.2MB - Virtual size: 2.2MB

.vmp1 Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 11KB - Virtual size: 11KB

.l1 Size: 16KB - Virtual size: 16KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 504KB - Virtual size: 504KB

.data
Size: 40KB - Virtual size: 40KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 2.2MB - Virtual size: 2.2MB

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 11KB - Virtual size: 11KB

.l1
Size: 16KB - Virtual size: 16KB