825e822ed14a6e598b0af66ac1282b6a82ec35d5c9f00a0a4a22d41b4bb0f6ed

Sharing

Copy URL Twitter E-mail

General

Target

825e822ed14a6e598b0af66ac1282b6a82ec35d5c9f00a0a4a22d41b4bb0f6ed
Size

634KB
MD5

af5cd1bfea7cc02558514e0b881b8c1f
SHA1

58efffcfb01143afea706256643615d764ecb575
SHA256

825e822ed14a6e598b0af66ac1282b6a82ec35d5c9f00a0a4a22d41b4bb0f6ed
SHA512

9a7312a21d0400bd3142f6d49b887513b803e014ebe7ee22ff091d5a1259aa953e91749d631405dd5edff07b5a99ec9e51739162e546a5ac4a10aab37d4b70a3
SSDEEP

12288:6i9L1OGRaPwPk3oP192URyxgiaqci8aFrIF1UufJcuC7t1E+F:6OsGR2gigFa21xGJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
825e822ed14a6e598b0af66ac1282b6a82ec35d5c9f00a0a4a22d41b4bb0f6ed

Files

825e822ed14a6e598b0af66ac1282b6a82ec35d5c9f00a0a4a22d41b4bb0f6ed
.exe windows:5 windows x86

aa39d80200b72e245ba2317444cbd500

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeConsole
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
SetFilePointer
ReadFile
SystemTimeToFileTime
GetTickCount
lstrcpyA
lstrcatA
LocalFileTimeToFileTime
GetFileAttributesA
CreateDirectoryA
WriteFile
SetFileTime
FindClose
GetTempPathA
lstrlenA
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
DeleteFileA
GetCurrentDirectoryA
CloseHandle
GetLastError
CreateFileA
CreateFileW
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
VirtualProtect
GetCurrentDirectoryW
GetFullPathNameA
SetStdHandle
FlushFileBuffers
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetStartupInfoW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameW
GetLocaleInfoW
LoadLibraryW
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
CreateThread
GetCurrentThreadId
ExitThread
LCMapStringW
GetCPInfo
RtlUnwind
HeapSetInformation
GetSystemInfo
GetCommandLineA
VirtualQuery
ExitProcess
GetModuleHandleW
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
WaitForMultipleObjects
VirtualAlloc
WriteConsoleW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RaiseException
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
EncodePointer
DecodePointer
GetProcAddress
FreeLibrary
SetLastError
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
WaitForSingleObject
FormatMessageA
PeekNamedPipe

user32

wsprintfA

gdi32

GetObjectA
SetDIBColorTable
DeleteObject
CreateCompatibleDC
SetPixel
SelectObject
DeleteDC
CreateDIBSection

shell32

ShellExecuteA

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdipCreateBitmapFromFileICM
GdiplusStartup
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromFile

wldap32

ord46
ord41
ord27
ord301
ord33
ord79
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord35

ws2_32

WSAGetLastError
__WSAFDIsSet
select
WSAStartup
WSACleanup
recv
send
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl
WSASetLastError
getaddrinfo

crypt32

CertFreeCertificateContext

advapi32

CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptImportKey

Sections

.text
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa39d80200b72e245ba2317444cbd500

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

shlwapi

gdiplus

wldap32

ws2_32

crypt32

advapi32

Sections

.text Size: 443KB - Virtual size: 442KB

.rdata Size: 89KB - Virtual size: 89KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 443KB - Virtual size: 442KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 92KB - Virtual size: 92KB