d199860406a0ea5eae96d5940bb74c91e8b2a7614acb3508db4801288d2c93d7

Sharing

Copy URL

Twitter E-mail

General

Target

d199860406a0ea5eae96d5940bb74c91e8b2a7614acb3508db4801288d2c93d7
Size

4.8MB
MD5

d64634938642c17c1c5892375b1d61c2
SHA1

238c1aa3d200865cc99a89c6fe2496766694874f
SHA256

d199860406a0ea5eae96d5940bb74c91e8b2a7614acb3508db4801288d2c93d7
SHA512

31042f2943b9c7f4865efc6f1a39b2485a26e31a4c1ff695db509bec7078c5c44140c1b049cde899952c3cf6306fda9c3393cc029757ecdecc4ba2f78658deea
SSDEEP

98304:2KWnkJP21P6wSN67R96dIuQf6dPtBsSypAcrK0S+4q1EK1tj2aZ:211CwSNy96O4bxypA+y+4qt/j2aZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d199860406a0ea5eae96d5940bb74c91e8b2a7614acb3508db4801288d2c93d7

Files

d199860406a0ea5eae96d5940bb74c91e8b2a7614acb3508db4801288d2c93d7
.exe windows:5 windows x86

74afb705b970a93a355504882605591a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
LocalFree
TerminateProcess
SetLastError
OpenProcess
GetExitCodeProcess
WaitForSingleObject
FormatMessageA
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLogicalDriveStringsW
QueryDosDeviceW
GetWindowsDirectoryW
CreateEventW
SetEvent
FindClose
FindFirstFileW
GetFullPathNameW
FindNextFileW
ExpandEnvironmentStringsW
LoadLibraryExW
lstrcmpA
lstrcmpW
FreeResource
ExitProcess
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
lstrcmpiW
VirtualProtect
MoveFileExW
SetEnvironmentVariableW
GetVersionExW
GetCommandLineW
FindResourceExW
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
SetFilePointer
SetEndOfFile
WriteConsoleW
SetStdHandle
HeapAlloc
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCurrentProcess
DeleteFileW
GetTempFileNameW
WriteFile
GetModuleHandleW
CloseHandle
GetProcAddress
CreateFileW
MultiByteToWideChar
OutputDebugStringW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryW
VerifyVersionInfoW
VerSetConditionMask
FreeLibrary
Sleep
GetTickCount
GetLastError
QueryPerformanceFrequency
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
TlsFree
CreatePipe
GetFileAttributesExW
GetTimeZoneInformation
GetStringTypeW
GetCPInfo
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
TlsSetValue
TlsGetValue
TlsAlloc
SetFileTime
CreateDirectoryW
InitializeSListHead
GetSystemTimeAsFileTime
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
CreateMutexW
GetACP
GetStdHandle
ReadFile
GetCurrentThreadId
GetCurrentProcessId
CreateProcessA
DuplicateHandle
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
LoadLibraryExA
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetTempPathW

user32

GetWindowThreadProcessId
EnumWindows
FindWindowW
PostMessageW
MessageBoxW
OpenClipboard
EmptyClipboard
CloseClipboard
LoadStringW
ExitWindowsEx
SwitchToThisWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW

advapi32

CopySid
OpenSCManagerW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetNamedSecurityInfoW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
AddAce
InitializeAcl
IsValidSid
GetLengthSid
LookupAccountNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceStatusEx
EnumDependentServicesW
ControlService
StartServiceW
OpenServiceW
CloseServiceHandle

shell32

ShellExecuteW
ShellExecuteExW
SHFileOperationW
DragQueryFileW
SHChangeNotify
SHGetSpecialFolderPathW
ord190
ord165
CommandLineToArgvW
SHCreateDirectoryExW

ole32

OleGetClipboard
CoUninitialize
PropVariantClear
CoInitialize
CoCreateInstance
ReleaseStgMedium
OleUninitialize
CoTaskMemFree
OleInitialize

oleaut32

VariantClear
VariantInit
VarBstrCmp
SysAllocStringLen
SysFreeString
SysAllocString

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
SHStrDupW
PathAddBackslashW
PathAppendW
StrToIntExW
PathIsDirectoryW
PathCombineW
PathFileExistsW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetProcessImageFileNameW

urlmon

URLDownloadToFileW

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 446.6MB - Virtual size: 446.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74afb705b970a93a355504882605591a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

psapi

urlmon

Sections

.text Size: 369KB - Virtual size: 368KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 4KB - Virtual size: 15KB

.gfids Size: 512B - Virtual size: 368B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 446.6MB - Virtual size: 446.6MB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 369KB - Virtual size: 368KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 4KB - Virtual size: 15KB

.gfids
Size: 512B - Virtual size: 368B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 446.6MB - Virtual size: 446.6MB

.reloc
Size: 14KB - Virtual size: 14KB