8a1e03420e654da1aabf375f99dc511bad9ddc20a42c48b63c3d619ff8a40f0a

Sharing

Copy URL

Twitter E-mail

General

Target

8a1e03420e654da1aabf375f99dc511bad9ddc20a42c48b63c3d619ff8a40f0a
Size

11.5MB
MD5

f476b26246a7c1903c278797bea0d83b
SHA1

3af87629fbb614a292637a031549cdb70f1a7b94
SHA256

8a1e03420e654da1aabf375f99dc511bad9ddc20a42c48b63c3d619ff8a40f0a
SHA512

2f1a17a105d41ed25f9f13eaff239990ef25e39903f3ca54b9350c1d78d7ce7e0e9a584d3ea78388abd608da0c1f9c41d0a652a17e76c0e1eba2033f454c6442
SSDEEP

196608:vYC9WqUgamfxmzkf9mcrJrJsv6tWKFdu9CHv+H:wIWRTIDxJsv6tWKFdu9C2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a1e03420e654da1aabf375f99dc511bad9ddc20a42c48b63c3d619ff8a40f0a

Files

8a1e03420e654da1aabf375f99dc511bad9ddc20a42c48b63c3d619ff8a40f0a
.exe windows:5 windows x86

875ebc053000e525e3ab9bee99c2590c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
GetLongPathNameW
RemoveDirectoryW
GetTempPathW
DeviceIoControl
LoadLibraryW
CopyFileW
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ResetEvent
MultiByteToWideChar
WideCharToMultiByte
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetUserDefaultUILanguage
GetSystemDirectoryW
FindFirstFileExW
FindNextFileW
FreeLibrary
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
OpenProcess
LoadLibraryA
ExitProcess
DisconnectNamedPipe
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
SetHandleInformation
lstrcmpW
GetVolumeInformationW
GetDriveTypeW
IsValidLanguageGroup
IsValidLocale
ExpandEnvironmentStringsW
CreateProcessW
GetUserDefaultLangID
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
GetConsoleWindow
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseMutex
CreateMutexW
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
HeapReAlloc
GetLogicalDrives
ExitThread
LoadLibraryExW
WriteFile
SetFileAttributesW
GetConsoleMode
ReadConsoleW
GetConsoleCP
UnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
HeapSize
GetProcessHeap
GetStdHandle
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetEnvironmentVariableA
WriteConsoleW
GetThreadTimes
InitializeSListHead
LCMapStringW
EnumSystemLocalesW
GetStringTypeW
GetFileType
FlushFileBuffers
CreateFileW
OutputDebugStringW
FormatMessageW
GetModuleHandleW
WaitForMultipleObjects
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
CreateThread
CreateEventW
GetCurrentProcess
WaitForSingleObject
SetEvent
GetLastError
DuplicateHandle
GetLocalTime
GetSystemTime
LocalFree
GetCurrentProcessId
GetCommandLineW
GetUserDefaultLCID
CompareStringW
GetTickCount
QueryPerformanceFrequency
SetFilePointerEx
SetEndOfFile
SetStdHandle
ReadFile
QueryPerformanceCounter
GetModuleFileNameW
GetStartupInfoW
AreFileApisANSI
WaitForSingleObjectEx
ReadFileEx
PeekNamedPipe
CancelIo
SleepEx
WriteFileEx
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVolumeInformationA
CreateProcessA
GetModuleHandleA
lstrlenA
lstrcmpiA
CloseHandle
Sleep
ResumeThread
SuspendThread
SetThreadContext
GetThreadContext
WriteProcessMemory
VirtualProtectEx
FlushInstructionCache
GetProcAddress
SetUnhandledExceptionFilter
TerminateProcess
InitializeCriticalSection

user32

TrackPopupMenuEx
SetMenuItemInfoW
NotifyWinEvent
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetMenu
GetCursorInfo
DestroyCaret
TrackMouseEvent
GetMessageExtraInfo
GetWindowTextW
EnumWindows
RealGetWindowClassW
MapVirtualKeyW
HideCaret
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
SetCaretPos
GetIconInfo
FindWindowA
DrawIconEx
CreateCaret
GetKeyboardLayout
TranslateMessage
DispatchMessageW
PeekMessageW
GetAsyncKeyState
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetClipboardFormatNameW
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
GetKeyboardLayoutList
GetAncestor
DestroyCursor
SetParent
GetParent
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
PostMessageW
DefWindowProcW
RegisterClassW
UnregisterClassW
CreateWindowExW
DestroyWindow
GetDC
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
GetWindowLongW
SetWindowLongW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
MessageBoxW
SystemParametersInfoW
ReleaseDC
GetSystemMenu
EnableMenuItem
RegisterWindowMessageW
SendMessageW
GetSystemMetrics
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
ShowWindow
IsChild
AttachThreadInput
GetDesktopWindow
GetCaretBlinkTime
MessageBeep
GetDoubleClickTime
SetWindowRgn
GetSysColor
DestroyIcon
GetWindowThreadProcessId

ws2_32

WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
WSAAccept
setsockopt
select
getsockname
getpeername
__WSAFDIsSet
WSASendTo
gethostbyname
ntohl
getsockopt
htonl
WSAAsyncSelect
WSACleanup
gethostname
bind
closesocket
htons
gethostbyaddr
inet_addr
listen
WSAGetLastError
WSASocketW
WSAStartup

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

netapi32

Netbios

shell32

SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
Shell_NotifyIconW
CommandLineToArgvW

ole32

CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
DoDragDrop
ReleaseStgMedium
CoGetMalloc
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoUninitialize
OleIsCurrentClipboard

advapi32

OpenProcessToken
CopySid
FreeSid
GetLengthSid
GetTokenInformation
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegFlushKey
RegSetValueExW
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner

gdi32

CreateBitmap
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
EnumFontFamiliesExW
CreateFontIndirectW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetObjectW
GetTextFaceW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits

oleaut32

SysStringLen
VariantInit
VariantChangeType
SystemTimeToVariantTime
SysFreeString
SysAllocString
SysAllocStringLen

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmGetVirtualKey

winmm

PlaySoundW

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

875ebc053000e525e3ab9bee99c2590c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

iphlpapi

netapi32

shell32

ole32

advapi32

gdi32

oleaut32

imm32

winmm

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 4.4MB - Virtual size: 4.4MB

.data Size: 55KB - Virtual size: 109KB

.qtmetad Size: 512B - Virtual size: 272B

_RDATA Size: 512B - Virtual size: 292B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 223KB - Virtual size: 222KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 4.4MB - Virtual size: 4.4MB

.data
Size: 55KB - Virtual size: 109KB

.qtmetad
Size: 512B - Virtual size: 272B

_RDATA
Size: 512B - Virtual size: 292B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 223KB - Virtual size: 222KB