12da8be48e3f20f77bcbd84062cab7e9e0c84063d9103b5eaa0223dcf7c877ae

Sharing

Copy URL

Twitter E-mail

General

Target

12da8be48e3f20f77bcbd84062cab7e9e0c84063d9103b5eaa0223dcf7c877ae
Size

13.7MB
MD5

62f5d0da27a74d57e060b31d82eba38a
SHA1

d24d52afc4ac932d4911914f7245ee874268f727
SHA256

12da8be48e3f20f77bcbd84062cab7e9e0c84063d9103b5eaa0223dcf7c877ae
SHA512

60370b7719829e4853e07247d631a09a14c2cf9218abed2b4f692818609ad21a925620a234b7b8efc23302fa081f77d82ac10f216717a276353df05de6e5c623
SSDEEP

196608:Brgcmx9ZfEVdrAQ/iqKEVMXhdPkjr8JP9aP6F5jPjUCCisyLphMZvgo1/PLl6TFN:nVdMw7MRd8yPYP63W5cphK4odETH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12da8be48e3f20f77bcbd84062cab7e9e0c84063d9103b5eaa0223dcf7c877ae

Files

12da8be48e3f20f77bcbd84062cab7e9e0c84063d9103b5eaa0223dcf7c877ae
.exe windows:5 windows x86

37ff3df368460f73d737cfae970c32ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
CreateDirectoryA
GetFileAttributesA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateFileA
InterlockedDecrement
GetCurrentProcessId
GetWindowsDirectoryA
CopyFileA
SetFileTime
GetFileTime
CreateThread
GetCurrentDirectoryA
LoadResource
LoadLibraryA
VirtualAlloc
VirtualFree
HeapCreate
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SizeofResource
FreeResource
LockResource
FindNextFileA
FindClose
FindFirstFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetProcessHeap
HeapAlloc
HeapFree
GetTickCount
Sleep
GetCurrentProcess
GetLastError
GetNativeSystemInfo
GetSystemTime
MultiByteToWideChar
TerminateProcess
WaitForSingleObject
FreeEnvironmentStringsW
LocalAlloc
LocalFree
WideCharToMultiByte
CloseHandle
FlushFileBuffers
GetConsoleMode
SetEnvironmentVariableA
CompareStringW
GetConsoleCP
CompareStringA
WriteFile
GetTimeZoneInformation
LCMapStringW
LCMapStringA
ExitProcess
HeapSize
GetCurrentThreadId
SetLastError
TlsFree
GetModuleHandleA
GetProcAddress
SetFilePointer
ReadFile
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
GetModuleFileNameA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
HeapReAlloc
GetCommandLineA
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery

user32

CloseClipboard
MessageBoxA
MessageBoxW
EmptyClipboard
SetClipboardData
OpenClipboard

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
CreateServiceA
OpenSCManagerA
ChangeServiceConfig2A
QueryServiceConfigA
RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegCloseKey
EnumServicesStatusExA
DeleteService
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
EnumDependentServicesA
ControlService
QueryServiceStatus
StartServiceA
OpenServiceA

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantChangeType
SysFreeString
SysAllocString
VariantInit
VariantClear

crypt32

CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertCloseStore
CryptMsgClose
CertFreeCertificateContext

ws2_32

WSAStartup
WSACleanup
socket
closesocket
gethostbyname
htons
sendto
select
__WSAFDIsSet
recv
ntohl

psapi

GetModuleFileNameExA
EnumProcessModules

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx2
Size: 11.8MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

37ff3df368460f73d737cfae970c32ad

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

crypt32

ws2_32

psapi

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 52KB - Virtual size: 52KB

.upx0 Size: 1.4MB - Virtual size: 1.4MB

.upx1 Size: 4KB - Virtual size: 4KB

.upx2 Size: 11.8MB - Virtual size: 11.8MB

.rsrc Size: 157KB - Virtual size: 157KB

.l1 Size: 11KB - Virtual size: 11KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 52KB - Virtual size: 52KB

.upx0
Size: 1.4MB - Virtual size: 1.4MB

.upx1
Size: 4KB - Virtual size: 4KB

.upx2
Size: 11.8MB - Virtual size: 11.8MB

.rsrc
Size: 157KB - Virtual size: 157KB

.l1
Size: 11KB - Virtual size: 11KB