1f533edae6220214599b370e266aec4c37d234253fbd098f70c9252b107c7945

Sharing

Copy URL

Twitter E-mail

General

Target

1f533edae6220214599b370e266aec4c37d234253fbd098f70c9252b107c7945
Size

407KB
MD5

dbdd347f2b55a318e1c1eea5fbb39d4f
SHA1

46d9567a9833caf387b9e95cc95d4e38566b218c
SHA256

1f533edae6220214599b370e266aec4c37d234253fbd098f70c9252b107c7945
SHA512

10985a0598f0122fd1b45a82e71e1126733e2ececfda6779d0fc4fb8b12cc23e161ac264cdf7d5fb8b456240cc647eaf9f640536f6ff74752c09f4a7b65dc28f
SSDEEP

12288:A8lkXw9VyMvHHHHHHDmZyUBHZH0HVHHHHz+:TlkA2eHHHHHHDmZyUBHZH0HVHHHH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f533edae6220214599b370e266aec4c37d234253fbd098f70c9252b107c7945

Files

1f533edae6220214599b370e266aec4c37d234253fbd098f70c9252b107c7945
.exe windows:5 windows x64

e4f4bc851869f1c1bdb40f001aa9205f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

BringWindowToTop
CreateDialogParamW
DestroyIcon
DialogBoxParamW
DrawTextW
EndDialog
EndPaint
EnumDisplaySettingsExW
EnumDisplayDevicesW
GetClientRect
GetDlgItem
GetSystemMetrics
GetWindowLongPtrW
LoadImageW
LoadStringW
MessageBoxW
SendDlgItemMessageW
SendMessageW
SetDlgItemTextW
UpdateWindow
TranslateMessage
SetTimer
SetScrollRange
SetScrollPos
SetCursor
ScrollWindowEx
ScreenToClient
ReleaseDC
RegisterClassW
PostQuitMessage
LoadIconW
LoadCursorW
IsRectEmpty
InvalidateRgn
IntersectRect
GetWindowDC
GetMessageW
GetKeyState
DispatchMessageW
DestroyCursor
DefWindowProcW
CreateWindowExW
CreateCursor
AdjustWindowRectEx
FillRect
GetDlgItemTextW
ShowWindow
SetWindowPos
SetWindowLongPtrW
BeginPaint

gdi32

SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
CreateSolidBrush
CreateRectRgn
CreatePen
CreateDIBSection
BitBlt
StretchBlt
SetTextColor
SetBkMode
SelectObject
GetObjectW
GetDeviceCaps
DPtoLP
DeleteObject
CreateICW
CreateFontIndirectW
CreateCompatibleDC
DeleteDC

comctl32

InitCommonControlsEx

ws2_32

connect
getsockname
getsockopt
htons
inet_addr
recv
send
closesocket
socket
gethostbyname
WSAGetLastError
select
WSAStartup
WSACleanup
WSAAsyncSelect
setsockopt

crypt32

CryptMemFree
CertFreeCertificateContext
CertCreateCertificateContext
CertVerifySubjectCertificateContext
CryptImportPublicKeyInfoEx
CryptMemAlloc

secur32

DecryptMessage
EncryptMessage
QueryContextAttributesW
QueryCredentialsAttributesA
InitializeSecurityContextA
FreeCredentialsHandle
FreeContextBuffer
AcquireCredentialsHandleW
DeleteSecurityContext

advapi32

CryptExportKey
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptSetHashParam
CryptGetHashParam
CryptHashData
CryptImportKey
CryptReleaseContext

shell32

SHGetFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

comdlg32

GetOpenFileNameW
GetSaveFileNameW

msvcrt

memmove
strcpy
_snwprintf
_wtoi
wcscat
time
mktime
localtime
gmtime
sprintf
_snprintf
strcat
rand
realloc
vsprintf
strtok
swprintf
wcstok
wcslen
wcscpy
wcscmp
strncpy
exit
memcpy
malloc
free
wcsncmp
atoi
__setusermatherr
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
_fpreset
_initterm
__winitenv
_wcmdln
signal
memcmp
_iob
fprintf
memset
__lconv_init
strlen

kernel32

EnterCriticalSection
DeleteCriticalSection
LoadLibraryW
GetModuleFileNameA
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
GetStartupInfoW
GetProcAddress
lstrlenW
LocalFree
GetFileSize
CreateFileW
CloseHandle
GetProcessHeap
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
WriteFile
GetLastError
TlsGetValue
ReadFile
Sleep
FormatMessageW
GetComputerNameA
InitializeCriticalSection
GetModuleHandleW

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4f4bc851869f1c1bdb40f001aa9205f

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

comctl32

ws2_32

crypt32

secur32

advapi32

shell32

ole32

comdlg32

msvcrt

kernel32

Sections

.text Size: 174KB - Virtual size: 173KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1KB - Virtual size: 1.1MB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 211KB - Virtual size: 211KB

.reloc Size: 512B - Virtual size: 60B

.text
Size: 174KB - Virtual size: 173KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1KB - Virtual size: 1.1MB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 211KB - Virtual size: 211KB

.reloc
Size: 512B - Virtual size: 60B