6396832fb919273713a78329c4024aa47a0dd88c47308cc8de8fa252b181f13c

Sharing

Copy URL Twitter E-mail

General

Target

6396832fb919273713a78329c4024aa47a0dd88c47308cc8de8fa252b181f13c
Size

377KB
MD5

a4858b90b3e7cecca45fdfcf37d49242
SHA1

9791f2b72b64a762abd53b86c689ee30eb3f73d7
SHA256

6396832fb919273713a78329c4024aa47a0dd88c47308cc8de8fa252b181f13c
SHA512

140ebb9b3214a9d152b0a261cd8fc2f4f19679e4fdd884c7dcab7e54afdc9482fbb08c0250e5098a088de5113a052a2b4a03f437c56c6c9c11242d966ac44b8e
SSDEEP

6144:AXXVQzz2VMUIL87ptQt4yDCxGrmgWKOBb6LUM6fcxuO0c3LZINb1:AXCo7ptU4yDCxGrmwOBm4MmcYq3OB1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6396832fb919273713a78329c4024aa47a0dd88c47308cc8de8fa252b181f13c

Files

6396832fb919273713a78329c4024aa47a0dd88c47308cc8de8fa252b181f13c
.exe windows:5 windows x86

dd146b0b4c3fb34902539330d2b64382

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
lstrcpyW
FindResourceW
LoadResource
LoadLibraryExW
GetModuleHandleW
WideCharToMultiByte
SizeofResource
IsBadWritePtr
MultiByteToWideChar
lstrcmpiW
SetCurrentDirectoryW
GetTickCount
CreateFileA
FreeResource
OutputDebugStringW
ReadFile
GetFileSizeEx
LockResource
SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
DeleteCriticalSection
SetLastError
IsValidCodePage
GetOEMCP
GetACP
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapCreate
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetStartupInfoW
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileAttributesA
Sleep
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetLocaleInfoA
EnterCriticalSection
GetCurrentDirectoryW
GetLastError
RaiseException
FlushInstructionCache
GlobalUnlock
lstrlenW
lstrcmpW
MulDiv
LeaveCriticalSection
GlobalAlloc
InitializeCriticalSection
GlobalLock
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetProcAddress
CreateFileW
GetModuleFileNameW
LoadLibraryW
FreeLibrary
GetUserDefaultLCID
GetModuleHandleA

user32

GetPropW
CallWindowProcW
SetWindowTextW
GetWindow
IsWindowVisible
MapWindowPoints
SendMessageW
UnregisterClassA
DispatchMessageW
TranslateMessage
ReleaseCapture
GetSystemMetrics
DefWindowProcW
CreateWindowExW
MoveWindow
GetMessageW
IsWindow
SetLayeredWindowAttributes
GetCursorPos
SetWindowPos
SetCursor
SetTimer
PostQuitMessage
LoadImageW
UnregisterClassW
PostMessageW
DrawTextW
KillTimer
IsZoomed
TrackMouseEvent
ShowWindow
UnhookWindowsHookEx
UpdateWindow
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
UpdateLayeredWindow
DestroyAcceleratorTable
RemovePropW
ScreenToClient
GetWindowRect
CharNextW
RegisterWindowMessageW
IsIconic
FillRect
IsChild
SetCapture
GetFocus
GetParent
InvalidateRgn
LoadCursorW
GetClientRect
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
SetPropW
GetDC
RegisterClassExW
InvalidateRect
GetWindowLongW
GetWindowTextW
SystemParametersInfoW
GetClassNameW
ReleaseDC
GetDlgItem
SetWindowLongW
RedrawWindow
GetDesktopWindow
GetSysColor

gdi32

GetObjectType
GetTextExtentPointW
SetTextColor
SetBkMode
CreateDIBSection
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
SelectClipRgn
CreateCompatibleDC
CombineRgn
CreateCompatibleBitmap
GetObjectW
CreateRectRgn
GetStockObject
CreateSolidBrush
BitBlt
CreateFontW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
SHCreateDirectoryExW

ole32

CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoCreateInstance

oleaut32

VarUI4FromStr
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
VariantClear
SysStringLen
SysAllocString
SysFreeString

shlwapi

StrNCatW
StrToIntExW
PathFileExistsW
StrStrIW
StrCpyNW
wnsprintfW
PathAppendW
StrCmpIW

winmm

timeGetTime

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd146b0b4c3fb34902539330d2b64382

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

winmm

Sections

.text Size: 250KB - Virtual size: 250KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 10KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 512B

.rsrc Size: 50KB - Virtual size: 50KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 250KB - Virtual size: 250KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 10KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 512B

.rsrc
Size: 50KB - Virtual size: 50KB

.reloc
Size: 19KB - Virtual size: 19KB