efcc88f4ae51ebf4b1c9f182d0e8fece91170e7541b988672efd5384b413aedc

Sharing

Copy URL Twitter E-mail

General

Target

efcc88f4ae51ebf4b1c9f182d0e8fece91170e7541b988672efd5384b413aedc
Size

1.4MB
MD5

0507f4af7eeaf2c5720cfb9cbb0454d7
SHA1

3664c07f262d56382c66f6d05cc1faee119565c4
SHA256

efcc88f4ae51ebf4b1c9f182d0e8fece91170e7541b988672efd5384b413aedc
SHA512

54b7260085454c925ab02658a219877452468471f8d703323de2f280ef834f89ddc960899ae4ac77cb1d6530ad50adeb4d103847a85aa250c32b23255ece723d
SSDEEP

12288:6SuC4yPlrmnHg0Eu3xYyYVM0aGIoRg35lBCgRxImiDf68PcsTUme9qnuRnuDFsS:vubydKnlGVMeg39iDy8PFTM9+uRS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efcc88f4ae51ebf4b1c9f182d0e8fece91170e7541b988672efd5384b413aedc

Files

efcc88f4ae51ebf4b1c9f182d0e8fece91170e7541b988672efd5384b413aedc
.exe windows:5 windows x86

731989aab12f56f73c972592e7f3630e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
GetSystemPowerStatus
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
SetFilePointer
ReadFile
GetFileSizeEx
GetCurrentThread
VirtualAlloc
VirtualQuery
ResumeThread
GetThreadContext
SuspendThread
OpenThread
SetThreadPriority
GetThreadPriority
VirtualProtect
InterlockedIncrement
InterlockedDecrement
GetTempFileNameW
GetTempPathW
GetPrivateProfileStringW
GetWindowsDirectoryW
lstrcmpiW
ReleaseSemaphore
OpenSemaphoreW
GetLocalTime
SetEvent
CreateEventW
WaitForMultipleObjects
WriteFile
lstrcmpiA
ResetEvent
OpenEventW
ExitProcess
CreateFileA
ExpandEnvironmentStringsW
GetACP
FormatMessageW
QueryPerformanceCounter
lstrcmpA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
GetConsoleOutputCP
GetTickCount
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
InitializeCriticalSectionAndSpinCount
HeapCreate
IsValidCodePage
GetOEMCP
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStdHandle
GetFileType
WriteConsoleW
CreateThread
ExitThread
GetDateFormatA
GetTimeFormatA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
OpenMutexW
GetModuleFileNameA
SetFileAttributesW
DeviceIoControl
GetProcessHeap
HeapAlloc
HeapFree
DeleteFileW
GetCurrentThreadId
GetLastError
CreateMutexW
QueryDosDeviceW
GetLongPathNameW
SetLastError
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSection
GetDiskFreeSpaceExW
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
WaitForSingleObject
GetExitCodeProcess
OpenProcess
WritePrivateProfileStringW
GetCommandLineW
GetPrivateProfileIntW
InterlockedExchange
InterlockedCompareExchange
Sleep
lstrlenW
FreeResource
GetSystemWindowsDirectoryW
GetModuleHandleA
GetSystemInfo
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
LoadLibraryW
GetCurrentProcess
FlushInstructionCache
GetVersionExW
LocalFree
lstrlenA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
GetSystemDirectoryW
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
WriteConsoleA

user32

GetWindowThreadProcessId
DrawTextW
ScrollWindow
PostQuitMessage
DialogBoxParamW
CreateDialogParamW
SetCursor
UnregisterClassA
LoadCursorW
SetTimer
ExitWindowsEx
GetShellWindow
WaitForInputIdle
RegisterClassW
GetClassInfoW
SendMessageTimeoutW
BringWindowToTop
IsIconic
wsprintfW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CharNextW
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
LockSetForegroundWindow
GetLastInputInfo
LoadImageW
GetSystemMetrics
EndDialog
DestroyIcon
GetMonitorInfoW
MonitorFromWindow
CheckDlgButton
IsDlgButtonChecked
InflateRect
GetWindowPlacement
IsWindowEnabled
SetDlgItemTextW
KillTimer
IsWindow
IsDialogMessageW
RegisterClassExW
GetClassInfoExW
DefWindowProcW
DrawFocusRect
SendMessageW
DrawIconEx
SystemParametersInfoW
CopyRect
SetWindowLongW
CreateWindowExW
DestroyWindow
GetWindowLongW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
LoadMenuW
DeleteMenu
EnableMenuItem
ModifyMenuW
DestroyMenu
MoveWindow
GetClientRect
ScreenToClient
UpdateLayeredWindow
SetWindowRgn
MonitorFromPoint
TrackPopupMenu
GetSubMenu
FindWindowExW
PostMessageW
RegisterWindowMessageW
FindWindowW
GetDlgItem
FillRect
GetActiveWindow
MessageBoxW
ReleaseDC
GetDC
EndPaint
BeginPaint
GetWindow
GetWindowRect
MapWindowPoints
SetWindowPos
GetCursorPos
CallWindowProcW
UnionRect
OffsetRect
SetRectEmpty
SetRect
PtInRect
GetParent
SetFocus
EnableWindow
RedrawWindow
IsWindowVisible
ShowWindow
InvalidateRect
UpdateWindow

gdi32

SetBkMode
CreatePen
EnumFontFamiliesW
CreateFontW
CreateDIBSection
StretchBlt
SetStretchBltMode
FillRgn
BitBlt
SelectObject
SetTextColor
ExtTextOutW
SetBkColor
CreateSolidBrush
CreateRoundRectRgn
CombineRgn
DeleteObject
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
DeleteDC
CreateRectRgn
SelectClipRgn
LineTo
RectVisible
MoveToEx

advapi32

GetTokenInformation
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
DuplicateTokenEx
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegEnumKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathW
Shell_NotifyIconW
ord165
ShellExecuteW
SHGetSpecialFolderPathA
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
SysStringLen

shlwapi

PathUnquoteSpacesW
PathAppendW
PathFileExistsW
StrCmpIW
PathAddBackslashW
SHGetValueW
PathFileExistsA
PathRemoveFileSpecW
PathCombineW
StrStrIW
PathRemoveExtensionW
PathQuoteSpacesW
PathStripPathW
StrCmpW
SHSetValueW
PathIsDirectoryW
AssocQueryStringW
PathIsRelativeW
SHGetValueA
StrStrIA
PathFindExtensionW
SHSetValueA
PathCombineA
PathAppendA

gdiplus

GdipCloneImage
GdiplusStartup
GdipDisposeImage
GdipFree
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipAlloc
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics

psapi

GetModuleBaseNameW
GetProcessImageFileNameW

Sections

.text
Size: 700KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 331KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

731989aab12f56f73c972592e7f3630e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

psapi

Sections

.text Size: 700KB - Virtual size: 700KB

.rdata Size: 150KB - Virtual size: 150KB

.data Size: 184KB - Virtual size: 202KB

.rsrc Size: 331KB - Virtual size: 332KB

.reloc Size: 46KB - Virtual size: 45KB

.text
Size: 700KB - Virtual size: 700KB

.rdata
Size: 150KB - Virtual size: 150KB

.data
Size: 184KB - Virtual size: 202KB

.rsrc
Size: 331KB - Virtual size: 332KB

.reloc
Size: 46KB - Virtual size: 45KB