cf5afb7d6c806c3ee2082a0eb62943934fbf151f46b025fc318f4153d0180be9

Sharing

Copy URL Twitter E-mail

General

Target

cf5afb7d6c806c3ee2082a0eb62943934fbf151f46b025fc318f4153d0180be9
Size

971KB
MD5

689842586ae50082e34c0fe21737dac3
SHA1

d417e7888bf2274b95578ef25b32aa232e0b8c09
SHA256

cf5afb7d6c806c3ee2082a0eb62943934fbf151f46b025fc318f4153d0180be9
SHA512

0e5b3f56621056fc56c554d98b9e4a49ebc7509e87e2d07a6a21f541ed8b3fa59350e41431affa8412a4cfe8ee3b01e4c798d155f4d483ac4b7fb93a9d91d423
SSDEEP

24576:mMw5ILN6SZd1Ezp/GnxxAXr5/tgRyjKzlyP/AEWi:mP5IgSi5G3wN/EygEPY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf5afb7d6c806c3ee2082a0eb62943934fbf151f46b025fc318f4153d0180be9

Files

cf5afb7d6c806c3ee2082a0eb62943934fbf151f46b025fc318f4153d0180be9
.exe windows:5 windows x86

a798c3c70c09eccf262c689a18eedfd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushConsoleInputBuffer
GetVersionExA
LoadLibraryA
GlobalMemoryStatus
QueryPerformanceCounter
GetTickCount
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
ExitProcess
SetConsoleCtrlHandler
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
MultiByteToWideChar
RtlUnwind
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
WriteFile
GetConsoleCP
FlushFileBuffers
SetHandleCount
GetStartupInfoA
SetFilePointer
HeapCreate
VirtualFree
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
IsValidCodePage
ReadFile
CreateFileA
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
CreateFileW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
GetFileAttributesW
OutputDebugStringA
SignalObjectAndWait
GetNativeSystemInfo
ResetEvent
DeviceIoControl
GetVersionExW
GetSystemDirectoryA
lstrlenW
lstrlenA
GetComputerNameW
GetFileSizeEx
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
SizeofResource
LoadResource
FreeResource
GetStdHandle
GetFileType
GetVersion
GetModuleHandleA
CreateThread
WaitForMultipleObjects
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateMutexW
LocalFree
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
CreateEventW
LocalAlloc
GetProcAddress
SetLastError
GetLastError
GetModuleFileNameW
LoadLibraryW
SetEvent
WaitForSingleObject
RaiseException
FreeLibrary

user32

LoadCursorW
TrackMouseEvent
SetFocus
GetAsyncKeyState
IsWindow
SetWindowPos
SetForegroundWindow
GetDC
ReleaseDC
GetSysColor
GetClientRect
SetTimer
UnregisterClassW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowLongW
ShowWindow
RegisterClassExW
wsprintfW
InvalidateRect
MessageBoxW
LoadStringW
SetCursor
DestroyWindow
GetWindowRect
CreateWindowExW
keybd_event
MapVirtualKeyW
CallNextHookEx
GetFocus
SetWindowsHookExW
PostMessageW
UnhookWindowsHookEx
GetKeyState
SendMessageW
DrawTextW
GetWindowLongW
InflateRect
FillRect
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
PtInRect
ScreenToClient
IsWindowEnabled
EndPaint
GetCursorPos
IsWindowVisible
EnableWindow
MessageBoxA
KillTimer
UpdateWindow
BeginPaint
DefWindowProcW
CallWindowProcW
PostQuitMessage
SetRect

gdi32

BitBlt
DeleteObject
DeleteDC
CreatePen
FillRgn
SelectObject
SetBkMode
LineTo
MoveToEx
SetTextColor
CreateFontIndirectW
GetObjectW
GetStockObject
Ellipse
CreateCompatibleBitmap
CreateRoundRectRgn
CreateCompatibleDC
CreateSolidBrush

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegisterTraceGuidsW
RegCloseKey
GetTraceEnableLevel
RegOpenKeyW
OpenProcessToken
GetTokenInformation
LookupAccountSidA
ConvertSidToStringSidA
RegOpenKeyExW
RegEnumKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
GetUserNameW
UnregisterTraceGuids
SetSecurityDescriptorDacl
GetTraceLoggerHandle
InitializeSecurityDescriptor
RegQueryValueExW
GetTraceEnableFlags
ControlTraceW
TraceEvent

shlwapi

PathFileExistsW
StrStrIW
PathStripToRootA

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreW
CertFreeCertificateContext
CertCreateCertificateContext
CertCloseStore

imm32

ImmAssociateContext

msimg32

AlphaBlend

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitialize
CreateStreamOnHGlobal

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

gdiplus

GdipGetImageWidth
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipGetImageHeight
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStream

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 702KB - Virtual size: 701KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a798c3c70c09eccf262c689a18eedfd7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

crypt32

imm32

msimg32

ole32

oleaut32

gdiplus

version

iphlpapi

Sections

.text Size: 702KB - Virtual size: 701KB

.rdata Size: 208KB - Virtual size: 207KB

.data Size: 13KB - Virtual size: 29KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 702KB - Virtual size: 701KB

.rdata
Size: 208KB - Virtual size: 207KB

.data
Size: 13KB - Virtual size: 29KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 44KB - Virtual size: 43KB