1a32053ab29f018956fdfc379fcfcc7857a7527ff127c3843b226a21baa7dec9

Sharing

Copy URL Twitter E-mail

General

Target

1a32053ab29f018956fdfc379fcfcc7857a7527ff127c3843b226a21baa7dec9
Size

2.1MB
MD5

0b2d3be7e28467e914569fd35a7d14bf
SHA1

d51221139e52a70823ac871f26abfd0d9cfe6e5e
SHA256

1a32053ab29f018956fdfc379fcfcc7857a7527ff127c3843b226a21baa7dec9
SHA512

8b0ffe5a6449c385538d162ae63e7c663444184712696c45b6e74f6f6d9345b1f0c66e2aa36f726abce56837e6e5e83a0132a26d2ebd79538b262deedbfcf36d
SSDEEP

49152:MYq2zvOwhlNyCPI5VrnOgIq4XcS5ENH5X3ngbrnL5yzpVM:dq2zvOwnxI5sgH5X3ng8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a32053ab29f018956fdfc379fcfcc7857a7527ff127c3843b226a21baa7dec9

Files

1a32053ab29f018956fdfc379fcfcc7857a7527ff127c3843b226a21baa7dec9
.exe windows:4 windows x86

c5b11fcd704d5df52f81b989bf505a6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

shutdown
sendto
__WSAFDIsSet
select
recv
recvfrom
WSAGetLastError
bind
listen
WSACleanup
setsockopt
getpeername
accept
gethostname
gethostbyname
ntohl
getservbyname
ntohs
htonl
socket
htons
ioctlsocket
connect
closesocket
send
WSAStartup

iphlpapi

GetAdaptersInfo

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalLock
GetModuleFileNameA
SetEvent
SetThreadPriority
SuspendThread
CreateEventA
GlobalUnlock
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LocalFree
FormatMessageA
MulDiv
GetFileTime
lstrcpynA
EnterCriticalSection
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
GetVolumeInformationA
GetThreadLocale
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
MultiByteToWideChar
GetDriveTypeA
ExitThread
CreateThread
HeapAlloc
GetCommandLineA
HeapFree
GetProcessHeap
RaiseException
GetACP
SetStdHandle
GetFileType
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
VirtualFree
IsBadWritePtr
HeapDestroy
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetTimeZoneInformation
InterlockedExchange
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoA
GetExitCodeProcess
CompareStringA
CompareStringW
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetFullPathNameA
lstrcatA
lstrcpyA
SystemTimeToTzSpecificLocalTime
GetLocalTime
SystemTimeToFileTime
GetVersion
SleepEx
TerminateThread
ResumeThread
ReleaseMutex
GetProfileStringA
GetLastError
CreateMutexA
Sleep
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateDirectoryA
GlobalFree
GlobalAlloc
SetLastError
GetTickCount
FreeLibrary
LoadLibraryA
GetPrivateProfileSectionA
GetFileSize
lstrlenA
FindNextFileA
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcAddress
GetCurrentProcess
GetSystemInfo
GetVersionExA
CreatePipe
GetStartupInfoA
CreateProcessA
ReadFile
OpenProcess
DeleteFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetModuleHandleA
FindResourceA
LoadResource
SizeofResource
LockResource
FindFirstFileA
FindClose
GetCurrentDirectoryA
SetCurrentDirectoryA
WaitForSingleObject
CopyFileA
CreateFileA
SetFilePointer
WriteFile
CloseHandle
SetEnvironmentVariableA

user32

SendDlgItemMessageA
SetWindowTextA
MoveWindow
ShowWindow
LoadStringA
DestroyMenu
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDesktopWindow
CharUpperA
LoadCursorA
PtInRect
GetSysColorBrush
CharNextA
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
MapWindowPoints
GetMessageTime
GetMessagePos
GetForegroundWindow
SetWindowLongA
OffsetRect
IntersectRect
GetWindowPlacement
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
PostQuitMessage
SetActiveWindow
SystemParametersInfoA
GetClassNameA
GetWindowRect
GetCursorPos
SetForegroundWindow
TrackPopupMenu
GetMenuItemID
LoadMenuA
GetSubMenu
SetMenuDefaultItem
RegisterWindowMessageA
IsWindow
GetParent
IsDialogMessageA
EnableWindow
wsprintfA
InvalidateRect
UpdateWindow
PeekMessageA
TranslateMessage
DispatchMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
KillTimer
GetSystemMenu
AppendMenuA
EnableMenuItem
SendMessageA
PostMessageA
SetTimer
LoadIconA
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
MessageBoxA
RemovePropA
IsWindowUnicode
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
SetCursor

gdi32

GetStockObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
SelectObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

Shell_NotifyIconA

comctl32

ord17

oledlg

ord8

ole32

CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize

olepro32

ord253

oleaut32

VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantTimeToSystemTime
SysStringLen
VariantClear
SysAllocStringLen
SysFreeString

wininet

InternetSetStatusCallback
InternetCloseHandle
InternetOpenA
FtpDeleteFileA
FtpRenameFileA
InternetGetLastResponseInfoA
InternetFindNextFileA
FtpFindFirstFileA
FtpPutFileA
FtpCreateDirectoryA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
InternetConnectA

psapi

EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA
EnumProcesses

Sections

.text
Size: 476KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5b11fcd704d5df52f81b989bf505a6d

Headers

File Characteristics

Imports

wsock32

iphlpapi

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

psapi

Sections

.text Size: 476KB - Virtual size: 474KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 28KB - Virtual size: 255KB

.sxdata Size: 4KB - Virtual size: 400B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 476KB - Virtual size: 474KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 28KB - Virtual size: 255KB

.sxdata
Size: 4KB - Virtual size: 400B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB