1782d5a039dc3af5a563ba1131ccc6d8fec47264fef749c863fd3893a8c0da04

Sharing

Copy URL Twitter E-mail

General

Target

1782d5a039dc3af5a563ba1131ccc6d8fec47264fef749c863fd3893a8c0da04
Size

1.5MB
MD5

b1b1ff8848c4b867e90455d2a94a3a05
SHA1

ef844cd0942862f7df54da1f3e85185ac1cd5f3e
SHA256

1782d5a039dc3af5a563ba1131ccc6d8fec47264fef749c863fd3893a8c0da04
SHA512

52686e32811c4e5cdbf013987f13c7f14a0b58cee03ab5618fffd64f477b3284655af6d7003898576184923fa0aea2205fb007bf7f6d1e6e460bf4da63fab933
SSDEEP

49152:QeKZBrb3phSbnsLOQ5xZB91TTsiUW77c/KE:QeKZBrb5hBTMW72

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1782d5a039dc3af5a563ba1131ccc6d8fec47264fef749c863fd3893a8c0da04

Files

1782d5a039dc3af5a563ba1131ccc6d8fec47264fef749c863fd3893a8c0da04
.exe windows:6 windows x86

9fe2c1fa663c0f820d96baf889688f29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
VerQueryValueW
VerQueryValueA

kernel32

CreateMutexA
OutputDebugStringA
FreeLibrary
MultiByteToWideChar
GetSystemDirectoryA
Sleep
ReadFile
GetFileSize
CreateFileA
GlobalMemoryStatusEx
IsBadWritePtr
GetCurrentProcess
lstrlenW
WriteFile
TerminateProcess
GetModuleFileNameW
SetFilePointer
CreateFileW
GetCurrentThreadId
FormatMessageW
lstrcatW
LoadLibraryW
GetLocalTime
GetCurrentProcessId
CreateProcessW
GetModuleHandleW
lstrcpyW
GetTickCount
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
QueryDosDeviceW
FindFirstFileW
SetLastError
FindNextFileW
RemoveDirectoryW
GetTempPathW
FindClose
GetFileAttributesW
GetSystemDirectoryW
SetFileAttributesW
GetLogicalDriveStringsW
Process32NextW
Process32FirstW
MoveFileExW
GetTempFileNameW
GetCommandLineW
GlobalAlloc
GlobalFree
OpenMutexW
CreateDirectoryW
SetFileTime
GetProcessId
WaitForSingleObject
GetFileAttributesExW
FileTimeToSystemTime
DeleteFileW
SystemTimeToFileTime
CopyFileW
GetFileTime
GetExitCodeProcess
DuplicateHandle
ExitThread
CreateEventW
CreateThread
LocalFree
InitializeCriticalSectionAndSpinCount
GetVersionExW
LoadLibraryExW
GetWindowsDirectoryW
EnterCriticalSection
LeaveCriticalSection
Process32Next
HeapFree
lstrlenA
LocalAlloc
OutputDebugStringW
HeapAlloc
GetProcessHeap
DebugBreak
CreateMutexW
ReleaseMutex
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeCriticalSection
SetEvent
OpenFileMappingW
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingW
MapViewOfFile
OpenMutexA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlCaptureStackBackTrace
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
SetProcessAffinityMask
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
WaitForMultipleObjectsEx
RtlUnwind
GetCommandLineA
ResumeThread
GetModuleHandleExW
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
ExitProcess
GetStdHandle
GetACP
HeapSize
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
SetStdHandle
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteConsoleW
GetTimeZoneInformation
GetDriveTypeW
IsValidCodePage
GetOEMCP
SetConsoleCtrlHandler
FindFirstFileExA
FindFirstFileExW
FindNextFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEndOfFile
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
CopyFileA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
ReadProcessMemory
OpenProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
TryEnterCriticalSection
RaiseException
CloseHandle
DecodePointer
GetFileAttributesA
CreateDirectoryA
TerminateThread
FlushFileBuffers
SignalObjectAndWait

user32

GetWindowRect
SendMessageTimeoutW
GetDC
IsWindowVisible
SetWindowPos
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
ShowWindow
GetMonitorInfoW
wsprintfW
GetForegroundWindow
EnumWindows
GetClassNameW
GetDesktopWindow
SystemParametersInfoW
GetParent
SetForegroundWindow
IsIconic
ReleaseDC
wvsprintfW
DispatchMessageW
PeekMessageW
UnregisterClassA
MsgWaitForMultipleObjectsEx
TranslateMessage
LoadStringW
CharNextW
FindWindowExW
WindowFromPoint
UnregisterClassW
GetFocus
SetRectEmpty
MessageBoxW
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
MonitorFromPoint

advapi32

RegEnumKeyW
GetNamedSecurityInfoW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
EqualSid
GetAce
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
GetTokenInformation
RegOpenKeyExW
OpenProcessToken
RegEnumKeyExW
RegDeleteKeyW
LookupAccountSidW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegFlushKey
AddAce
RegQueryInfoKeyW
SetSecurityDescriptorSacl
LookupAccountNameW
AddAccessAllowedAce
GetLengthSid
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
GetFileSecurityW
GetSecurityDescriptorDacl
SetFileSecurityW
GetAclInformation
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

imm32

ImmDisableIME

psapi

GetProcessMemoryInfo
GetModuleInformation
GetModuleFileNameExW

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpEndRequestA
HttpAddRequestHeadersA
InternetSetOptionA
HttpOpenRequestA

gdi32

DeleteDC
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
StretchBlt
GetDeviceCaps
DeleteObject

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9fe2c1fa663c0f820d96baf889688f29

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

imm32

psapi

wininet

gdi32

shell32

ole32

oleaut32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 216KB - Virtual size: 216KB

.data Size: 20KB - Virtual size: 157KB

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 216KB - Virtual size: 216KB

.data
Size: 20KB - Virtual size: 157KB

.rsrc
Size: 84KB - Virtual size: 84KB