0166e2baa8144971b97405c7a08be3dd52799eb9f299f10bb748a00856ab7b95

Sharing

Copy URL

Twitter E-mail

General

Target

0166e2baa8144971b97405c7a08be3dd52799eb9f299f10bb748a00856ab7b95
Size

719KB
MD5

953a1ebeb32eddb2f84830930896c619
SHA1

03c62136ec4b5ec228e6bc333b0195c8b93edc93
SHA256

0166e2baa8144971b97405c7a08be3dd52799eb9f299f10bb748a00856ab7b95
SHA512

42e895515784d299598c86ed6afb63763b646585a92cb455436cba8453bc656c4bb02ac7a4702b86b0ef8add97daafc5f18337e2224ad6bbddf14aea9436a2cb
SSDEEP

12288:sA9z43nBelbO9Wtteo8bgmtmrH7J6thuC78VWw0acjrtIARcY3rHuJnm:sA+elbOMtteo0KvJ6tFtIiuJnm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0166e2baa8144971b97405c7a08be3dd52799eb9f299f10bb748a00856ab7b95

Files

0166e2baa8144971b97405c7a08be3dd52799eb9f299f10bb748a00856ab7b95
.exe windows:5 windows x86

9a6247357fd1707b445892cb3ff7e883

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileInformationByHandle
GetDriveTypeA
WriteFile
SetFileTime
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
lstrcpyA
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
SetFilePointer
FindFirstFileA
FindClose
FreeLibrary
GlobalAlloc
lstrcmpA
GlobalLock
InterlockedExchange
CreateFileA
GetLocaleInfoA
GetModuleFileNameA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
GlobalUnlock
WaitForSingleObject
GlobalAddAtomA
GetCurrentProcessId
FreeResource
GlobalFree
GetVersionExA
lstrcmpW
MultiByteToWideChar
GlobalFindAtomA
GlobalGetAtomNameA
MulDiv
LocalFree
GetFullPathNameA
FileTimeToSystemTime
WritePrivateProfileStringA
GlobalFlags
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
GetCPInfo
GetOEMCP
GetModuleHandleW
FileTimeToLocalFileTime
ExitProcess
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
ExitThread
CreateThread
HeapReAlloc
VirtualAlloc
HeapSize
GetConsoleCP
GetConsoleMode
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
CloseHandle
FormatMessageA
lstrlenA
LocalAlloc
LoadResource
LockResource
SizeofResource
FindResourceA
WideCharToMultiByte
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
SetLastError
InterlockedDecrement
GetPrivateProfileStringA
FreeConsole
GetTempPathA
GetTickCount
Sleep
lstrcatA
CompareStringA
DeleteFileA

user32

IsDialogMessageA
SetWindowTextA
ShowWindow
LoadCursorA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
BeginPaint
EndPaint
DestroyMenu
GetSysColorBrush
PostThreadMessageA
WinHelpA
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
RegisterClipboardFormatA
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetCapture
GetClassLongA
GetClassNameA
wsprintfA
EnableWindow
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExA
GetClassInfoExA
DestroyWindow
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
LoadBitmapA
GetDC
GetWindowRect
GetClientRect
SendMessageA
RegisterWindowMessageA
IsWindowEnabled
SendDlgItemMessageA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
SetActiveWindow
UpdateWindow
LoadIconA
GetSysColor
CreateDialogIndirectParamA
IsWindowVisible
GetFocus
PostMessageA
GetParent
GetDesktopWindow
ReleaseDC
CopyRect
GetMenuItemCount
GetMenuItemID
ModifyMenuA
GetSubMenu

gdi32

SetMapMode
DeleteObject
RestoreDC
SaveDC
GetStockObject
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

shell32

ShellExecuteA

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize

oleaut32

VariantInit
VariantChangeType
VariantClear

shlwapi

PathFindExtensionA

oledlg

ord8

wldap32

ord30
ord26
ord50
ord60
ord143
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord211
ord22
ord200

ws2_32

getaddrinfo
freeaddrinfo
connect
sendto
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl
socket
WSACleanup

crypt32

CertFreeCertificateContext

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptImportKey

Sections

.text
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a6247357fd1707b445892cb3ff7e883

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

oledlg

wldap32

ws2_32

crypt32

oleacc

winspool.drv

advapi32

Sections

.text Size: 429KB - Virtual size: 428KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 9KB - Virtual size: 25KB

.rsrc Size: 191KB - Virtual size: 192KB

.text
Size: 429KB - Virtual size: 428KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 9KB - Virtual size: 25KB

.rsrc
Size: 191KB - Virtual size: 192KB