43f8cfc5aa98c80b21b3b6469ff4285de06465cc4622da2d49e29dca71883da6

Sharing

Copy URL

Twitter E-mail

General

Target

43f8cfc5aa98c80b21b3b6469ff4285de06465cc4622da2d49e29dca71883da6
Size

12.7MB
MD5

8260bfeeaf08dba8fd6df090142d0b14
SHA1

4a43e2510477ded3b4b760993756c4da62eb9df3
SHA256

43f8cfc5aa98c80b21b3b6469ff4285de06465cc4622da2d49e29dca71883da6
SHA512

f7aff0c717118979f369fb8b8b55abf54e1635ab387b130ed53853d85d832965d33ab155e31a34539d6fc6a5763ecbe83fbf52345358ad363b8bcaa328a10aca
SSDEEP

196608:zWDps9+CexJYVfRBQrCxCRXZV4Qjd0GITVEkkFUEzTTd1u+KW2rHz9gPeVPWVj49:zkP7xcffQrZKO0dEkk+EXT6+grH5rPo8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43f8cfc5aa98c80b21b3b6469ff4285de06465cc4622da2d49e29dca71883da6

Files

43f8cfc5aa98c80b21b3b6469ff4285de06465cc4622da2d49e29dca71883da6
.exe windows:5 windows x86

2f619a91e356a102f8ae483a843b392e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToSystemTime
FileTimeToDosDateTime
GetFileSize
GetLocalTime
GetSystemTime
GetFileInformationByHandle
CreateFileMappingW
MapViewOfFile
SetFileTime
DosDateTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
ReadFile
DuplicateHandle
GetFileType
SetFilePointer
WriteFile
MoveFileExW
OpenProcess
TerminateProcess
GetLastError
CreateEventW
WaitForMultipleObjects
ResetEvent
SetEvent
WaitForSingleObject
GetCurrentProcessId
DeviceIoControl
CreateFileW
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
GetDiskFreeSpaceExW
SetLastError
WideCharToMultiByte
FindFirstFileA
FindNextFileA
FindFirstFileW
FindNextFileW
FindClose
lstrlenA
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InterlockedCompareExchange
Sleep
GetShortPathNameW
CreateProcessW
SetPriorityClass
ResumeThread
GetVersionExW
GetSystemDirectoryW
LoadLibraryW
LoadLibraryExW
FreeResource
FreeLibrary
GetSystemWindowsDirectoryW
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedExchange
EnterCriticalSection
GetModuleHandleW
GetProcAddress
GetCurrentProcess
CloseHandle
GetCommandLineW
CreateDirectoryW
GetModuleFileNameW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
LCMapStringA
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
LCMapStringW
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
FatalAppExitA
VirtualFree
SizeofResource
HeapCreate
GetModuleFileNameA
GetStdHandle
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
UnmapViewOfFile
SetCurrentDirectoryW
GetTickCount
MulDiv
OutputDebugStringW
ExitProcess
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateFileA
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
CreateMutexW
TlsGetValue
TlsSetValue
HeapUnlock
OpenThread
HeapLock
HeapWalk
GetCurrentThreadId
ReleaseMutex
TlsAlloc
TlsFree
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCommandLineA
GetStartupInfoA
DeleteFileA

user32

SetWindowPos
ScreenToClient
MessageBoxW
ShowWindow
RegisterClassW
SetWindowLongW
PostMessageW
DestroyWindow
GetParent
GetWindowRect
wsprintfW
OffsetRect
InflateRect
UnionRect
DefWindowProcW
SystemParametersInfoW
LoadImageW
GetSystemMetrics
RemovePropW
CallWindowProcW
GetPropW
SetPropW
AdjustWindowRectEx
GetMenu
SetCursor
LoadCursorW
wvsprintfW
GetWindowLongW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetKeyState
GetDC
InvalidateRect
SetTimer
KillTimer
SetCapture
ReleaseCapture
PtInRect
ReleaseDC
GetFocus
GetCapture
MapWindowPoints
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetCursorPos
CharNextW
IntersectRect
FillRect
DrawTextW
CharPrevW
SetRect
GetWindowTextW
GetWindowTextLengthW
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
GetMonitorInfoW
MonitorFromWindow
InvalidateRgn
CreateAcceleratorTableW
MoveWindow
GetWindowRgn
IsWindowVisible
IsZoomed
IsIconic
FindWindowW
LoadStringW
SetWindowTextW
SendMessageW
GetWindow
EnableWindow
IsWindow
GetMessageW
SetFocus
TranslateMessage
DispatchMessageW
PostQuitMessage
GetClientRect

gdi32

RoundRect
GetTextExtentPoint32W
SetBkMode
GetCharABCWidthsW
SetTextColor
TextOutW
GdiFlush
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
CreateRectRgn
PtInRegion
DeleteObject
GetTextMetricsW
CreateFontIndirectW
GetObjectW
GetStockObject
CreatePen
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
CreateCompatibleBitmap
GetDeviceCaps
SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
CombineRgn
CreateRoundRectRgn
StretchBlt
SetStretchBltMode
ExtTextOutW
SetBkColor
CreateSolidBrush
LineTo
MoveToEx

advapi32

QueryServiceStatusEx
RegSetValueExW
RegOpenKeyExW
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegCloseKey
ControlService
RegOpenKeyW
RegDeleteValueW
RegEnumKeyExA
RegQueryInfoKeyA

shell32

ord21
SHParseDisplayName
SHGetFileInfoW
SHGetDesktopFolder
SHBindToParent
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetPathFromIDListW
ord165
SHBrowseForFolderW
SHGetFolderLocation
ord680
ord23

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx
OleInitialize
OleUninitialize
CoUninitialize
OleLockRunning
CLSIDFromProgID
CLSIDFromString

oleaut32

SysFreeString

shlwapi

StrRetToStrW
SHDeleteKeyW
PathFileExistsW
PathAppendW
PathCombineW
StrCmpIW
StrStrIW
PathFileExistsA
SHGetValueA
PathCombineA
PathAppendA
PathRemoveFileSpecW
SHGetValueW
PathIsDirectoryW
StrCmpNIW
PathRemoveBackslashW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

comctl32

ord17
_TrackMouseEvent

Sections

.text
Size: 677KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.8MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f619a91e356a102f8ae483a843b392e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

version

wintrust

crypt32

comctl32

Sections

.text Size: 677KB - Virtual size: 676KB

.rdata Size: 158KB - Virtual size: 158KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 11.8MB - Virtual size: 11.8MB

.reloc Size: 59KB - Virtual size: 59KB

.text
Size: 677KB - Virtual size: 676KB

.rdata
Size: 158KB - Virtual size: 158KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 11.8MB - Virtual size: 11.8MB

.reloc
Size: 59KB - Virtual size: 59KB