afd3be630ca66aee1c7668b839ffc7b1710c89b62ad2b4588be3821b3c9f6238

Sharing

Copy URL

Twitter E-mail

General

Target

afd3be630ca66aee1c7668b839ffc7b1710c89b62ad2b4588be3821b3c9f6238
Size

8.2MB
MD5

33d174dbc0d5e2c6fce05b6391e8e3ea
SHA1

072d91bc068903f8c353768613a1d61efd2723d3
SHA256

afd3be630ca66aee1c7668b839ffc7b1710c89b62ad2b4588be3821b3c9f6238
SHA512

d935683dd7b9ab64b3671db4190b2e89045f101c46914bb64f5065b1e833a0c71c2aab8f593bdce5e202ac2780f4c18242ca1aff389a2875ca5ed1ca89555e2b
SSDEEP

196608:WtDh5mzoFmfm1oYeo44on+IfXxK9GYGOVgl/K6D:Wt3um1ofo44o+IfXyGYGVS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afd3be630ca66aee1c7668b839ffc7b1710c89b62ad2b4588be3821b3c9f6238

Files

afd3be630ca66aee1c7668b839ffc7b1710c89b62ad2b4588be3821b3c9f6238
.exe windows:5 windows x86

cd5ab005e5617ed48a02517512e0f796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
SetFilePointer
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateFileW
OpenProcess
GetCurrentProcessId
GetLastError
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateMutexW
GetModuleFileNameW
RaiseException
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
LockResource
GetProcAddress
GetCurrentProcess
SetEvent
SizeofResource
CreateEventW
GetModuleHandleW
HeapDestroy
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FreeLibrary
ReadFile
GetTickCount
LoadLibraryW
CreateProcessW
GetStartupInfoW
GetTempPathW
SetFileAttributesW
MoveFileExW
DeleteFileA
WideCharToMultiByte
DecodePointer
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
LocalFree
FindClose
RemoveDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
WriteFile
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
Sleep
WaitForSingleObjectEx
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WriteConsoleW
GetACP
GetStdHandle
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
CreateFileA
lstrcmpiA
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
ResetEvent
ResumeThread
SuspendThread
GetThreadContext
GetThreadPriority
SetThreadPriority
OpenThread
GetCurrentThread
GetWindowsDirectoryW
GetSystemDirectoryW
FlushFileBuffers
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReleaseMutex
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
FormatMessageW
GetStringTypeW
GetFileSizeEx
OpenFileMappingW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
GetVersionExW
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

GetCursorPos
SetForegroundWindow
TrackPopupMenu
AppendMenuW
CreatePopupMenu
RedrawWindow
LoadImageW
LoadIconW
FindWindowW
SetWindowTextW
GetSystemMetrics
MoveWindow
PostQuitMessage
SendMessageTimeoutW
CharNextW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetShellWindow
WaitForInputIdle
SystemParametersInfoW
SetWindowRgn
IsWindowVisible
UpdateLayeredWindow
ShowWindow
GetMonitorInfoW
IsDialogMessageW
GetWindow
GetParent
MapWindowPoints
ScreenToClient
GetWindowRect
EndDialog
MonitorFromWindow
BringWindowToTop
SetWindowPos
IsRectEmpty
SetCursor
CopyRect
PtInRect
OffsetRect
SetRect
IsWindow
ReleaseDC
GetDC
KillTimer
SetTimer
GetClientRect
GetWindowTextLengthW
GetWindowTextW
InvalidateRect
EndPaint
BeginPaint
DrawTextW
LoadCursorW
SetWindowLongW
GetWindowLongW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
GetWindowThreadProcessId
wsprintfW
DialogBoxParamW
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString

dbghelp

MakeSureDirectoryPathExists

wtsapi32

WTSSendMessageW

Exports

Exports

_Start@12

Sections

.text
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd5ab005e5617ed48a02517512e0f796

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

dbghelp

wtsapi32

Exports

Exports

Sections

.text Size: 656KB - Virtual size: 656KB

.rdata Size: 156KB - Virtual size: 156KB

.data Size: 184KB - Virtual size: 184KB

.upx0 Size: 2.6MB - Virtual size: 2.6MB

.upx1 Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 46KB - Virtual size: 46KB

.l1 Size: 13KB - Virtual size: 13KB

.text
Size: 656KB - Virtual size: 656KB

.rdata
Size: 156KB - Virtual size: 156KB

.data
Size: 184KB - Virtual size: 184KB

.upx0
Size: 2.6MB - Virtual size: 2.6MB

.upx1
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 46KB - Virtual size: 46KB

.l1
Size: 13KB - Virtual size: 13KB