7fb8a506dca2cdf87ef1e34995daabb33dcaee43855406be559ddb86f1e991c1

Sharing

Copy URL Twitter E-mail

General

Target

7fb8a506dca2cdf87ef1e34995daabb33dcaee43855406be559ddb86f1e991c1
Size

3.4MB
MD5

e0634d6405ff1dab8a0d15fd9ec70ed7
SHA1

3befcd5af8a6acc603cb6c2bbaf90a10eeab337b
SHA256

7fb8a506dca2cdf87ef1e34995daabb33dcaee43855406be559ddb86f1e991c1
SHA512

5a01b18b53d68bb5da76c6b6b1e9205e3d8e71fe39476b8239e9e6a47d6278c9cbd068ae7e4cc24e74aa6035aaa8c3c03407e2e826afe56b6df70558a0a6ecd0
SSDEEP

98304:YRWaztiPvhK+pty55CGBnzCft5ztjwTN0dcat:l6Ot5zCIcat

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7fb8a506dca2cdf87ef1e34995daabb33dcaee43855406be559ddb86f1e991c1

Files

7fb8a506dca2cdf87ef1e34995daabb33dcaee43855406be559ddb86f1e991c1
.exe windows:5 windows x86

44a3c03ff1642f80eadb2039e293540c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventA
ResetEvent
GetShortPathNameA
SetEvent
VirtualLock
VirtualProtect
GetExitCodeThread
MoveFileA
VirtualUnlock
ExitProcess
SetCurrentDirectoryA
GetCurrentDirectoryA
DuplicateHandle
CreateProcessA
CreatePipe
LocalFileTimeToFileTime
GetCommandLineW
GetModuleFileNameW
VirtualQuery
FlushViewOfFile
lstrlenW
lstrlenA
OpenFileMappingA
GetEnvironmentVariableA
GenerateConsoleCtrlEvent
Module32First
GetCurrentProcessId
CreateToolhelp32Snapshot
GetVersionExA
CopyFileA
CreateDirectoryA
UnlockFileEx
UnlockFile
Process32First
LockFile
SetEnvironmentVariableA
GetTimeZoneInformation
GetFullPathNameA
CompareStringW
GetDateFormatA
GetTimeFormatA
GetNumberOfConsoleInputEvents
OpenProcess
SetLastError
TerminateProcess
PeekConsoleInputA
SetConsoleMode
CloseHandle
ReadConsoleInputA
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalAlloc
GetFileAttributesA
SetFileAttributesA
DeleteFileA
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
GetDriveTypeW
GetLastError
Process32Next
Sleep
GetPrivateProfileIntW
LoadLibraryA
FlushConsoleInputBuffer
GetSystemTime
SystemTimeToFileTime
FindFirstFileA
FindNextFileA
GlobalMemoryStatus
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoA
SleepEx
GetVersion
GetProcessHeap
WriteConsoleW
SetStdHandle
CreateFileA
FlushFileBuffers
GetPrivateProfileStringA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
LockFileEx
IsValidLocale
OutputDebugStringA
GetSystemInfo
WaitForSingleObject
ReleaseMutex
SetProcessWorkingSetSize
GetCurrentProcess
GetTickCount
CreateMutexA
QueryPerformanceCounter
QueryPerformanceFrequency
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
SetThreadAffinityMask
GetCurrentThread
CreateWaitableTimerA
SetWaitableTimer
GetCurrentThreadId
GetLocalTime
FreeLibrary
LoadLibraryW
SwitchToThread
DeleteFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileW
GetExitCodeProcess
CreateProcessW
GetProcessId
TerminateThread
CreateThread
InterlockedIncrement
MoveFileExW
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
SetEndOfFile
SetFilePointerEx
FindClose
RemoveDirectoryW
DeviceIoControl
GetFullPathNameW
GetFileAttributesW
CreateDirectoryExW
CopyFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
GetFileTime
SetFileTime
SetFileAttributesW
GetDiskFreeSpaceExW
FindFirstFileW
FindNextFileW
CreateDirectoryW
GetTempPathW
AreFileApisANSI
LocalFree
FormatMessageA
GetSystemTimeAsFileTime
RtlUnwind
HeapFree
RaiseException
GetCommandLineA
HeapSetInformation
HeapAlloc
ExitThread
LCMapStringW
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
HeapSize
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
ReadFile
SetConsoleCtrlHandler
FatalAppExitA
GetConsoleCP
GetConsoleMode
SetFilePointer
HeapReAlloc
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
OpenMutexA

shell32

SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
CommandLineToArgvW
SHFileOperationW
SHCreateDirectoryExW
SHGetDesktopFolder

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

iphlpapi

GetAdaptersInfo

ws2_32

WSAIoctl
recvfrom
shutdown
socket
htons
inet_addr
sendto
listen
ioctlsocket
select
gethostbyname
htonl
inet_ntoa
WSACleanup
WSAStartup
getaddrinfo
freeaddrinfo
connect
getpeername
WSASetLastError
bind
setsockopt
getsockname
getsockopt
gethostname
__WSAFDIsSet
accept
recv
WSAGetLastError
closesocket
send
ntohs
ntohl

advapi32

AllocateAndInitializeSid
RegisterEventSourceA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeregisterEventSource
FreeSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
ReportEventA

user32

UnhookWindowsHookEx
PeekMessageW
DispatchMessageW
ReleaseDC
TranslateMessage
MsgWaitForMultipleObjects
PostThreadMessageA
RegisterWindowMessageW
GetMessageA
PeekMessageA
CallNextHookEx
SetWindowsHookExA
GetUserObjectInformationW
GetProcessWindowStation
IsWindow
FindWindowA
MessageBoxA
GetDC

wldap32

ord143
ord60
ord211
ord301
ord26
ord30
ord33
ord200
ord32
ord35
ord22
ord46
ord41
ord50
ord27
ord79

normaliz

IdnToUnicode
IdnToAscii

gdi32

GetDeviceCaps
GetDIBits
GetObjectA
CreateCompatibleBitmap
DeleteObject

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

CreateErrorInfo
SysFreeString
SysAllocString
SysStringLen
SetErrorInfo
VariantInit
VariantChangeType
GetErrorInfo
VariantClear

winmm

timeGetDevCaps
timeSetEvent
timeKillEvent
timeBeginPeriod

comdlg32

GetOpenFileNameW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 562KB - Virtual size: 561KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 131KB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 251KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

44a3c03ff1642f80eadb2039e293540c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

version

iphlpapi

ws2_32

advapi32

user32

wldap32

normaliz

gdi32

ole32

oleaut32

winmm

comdlg32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 562KB - Virtual size: 561KB

.data Size: 131KB - Virtual size: 6.0MB

.rsrc Size: 251KB - Virtual size: 252KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 562KB - Virtual size: 561KB

.data
Size: 131KB - Virtual size: 6.0MB

.rsrc
Size: 251KB - Virtual size: 252KB