c850429e3185c0476ec9076a06706c8be5b38d0c5027854aecaea9d050868f69

Sharing

Copy URL

Twitter E-mail

General

Target

c850429e3185c0476ec9076a06706c8be5b38d0c5027854aecaea9d050868f69
Size

407KB
MD5

5f0e83078336bf109f46ec371045e16d
SHA1

9e91acc0f625d7ef1ac01431d2ea56c3a279d5f7
SHA256

c850429e3185c0476ec9076a06706c8be5b38d0c5027854aecaea9d050868f69
SHA512

dda51c48c998178458c25766ee96468f7651fb5dd7b9c9b113ba09446eaadab21636fe035bbbb357f9757cc8c7629f17751889481573667c10e7d8df6285d8ec
SSDEEP

12288:y8lkXw9VWMvHHHHHHDmZyUBHZH0HVHHHHz+:JlkAaeHHHHHHDmZyUBHZH0HVHHHH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c850429e3185c0476ec9076a06706c8be5b38d0c5027854aecaea9d050868f69

Files

c850429e3185c0476ec9076a06706c8be5b38d0c5027854aecaea9d050868f69
.exe windows:5 windows x64

e4f4bc851869f1c1bdb40f001aa9205f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

BringWindowToTop
CreateDialogParamW
DestroyIcon
DialogBoxParamW
DrawTextW
EndDialog
EndPaint
EnumDisplaySettingsExW
EnumDisplayDevicesW
GetClientRect
GetDlgItem
GetSystemMetrics
GetWindowLongPtrW
LoadImageW
LoadStringW
MessageBoxW
SendDlgItemMessageW
SendMessageW
SetDlgItemTextW
UpdateWindow
TranslateMessage
SetTimer
SetScrollRange
SetScrollPos
SetCursor
ScrollWindowEx
ScreenToClient
ReleaseDC
RegisterClassW
PostQuitMessage
LoadIconW
LoadCursorW
IsRectEmpty
InvalidateRgn
IntersectRect
GetWindowDC
GetMessageW
GetKeyState
DispatchMessageW
DestroyCursor
DefWindowProcW
CreateWindowExW
CreateCursor
AdjustWindowRectEx
FillRect
GetDlgItemTextW
ShowWindow
SetWindowPos
SetWindowLongPtrW
BeginPaint

gdi32

SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
CreateSolidBrush
CreateRectRgn
CreatePen
CreateDIBSection
BitBlt
StretchBlt
SetTextColor
SetBkMode
SelectObject
GetObjectW
GetDeviceCaps
DPtoLP
DeleteObject
CreateICW
CreateFontIndirectW
CreateCompatibleDC
DeleteDC

comctl32

InitCommonControlsEx

ws2_32

connect
getsockname
getsockopt
htons
inet_addr
recv
send
closesocket
socket
gethostbyname
WSAGetLastError
select
WSAStartup
WSACleanup
WSAAsyncSelect
setsockopt

crypt32

CryptMemFree
CertFreeCertificateContext
CertCreateCertificateContext
CertVerifySubjectCertificateContext
CryptImportPublicKeyInfoEx
CryptMemAlloc

secur32

DecryptMessage
EncryptMessage
QueryContextAttributesW
QueryCredentialsAttributesA
InitializeSecurityContextA
FreeCredentialsHandle
FreeContextBuffer
AcquireCredentialsHandleW
DeleteSecurityContext

advapi32

CryptExportKey
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptSetHashParam
CryptGetHashParam
CryptHashData
CryptImportKey
CryptReleaseContext

shell32

SHGetFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

comdlg32

GetOpenFileNameW
GetSaveFileNameW

msvcrt

memmove
strcpy
_snwprintf
_wtoi
wcscat
time
mktime
localtime
gmtime
sprintf
_snprintf
strcat
rand
realloc
vsprintf
strtok
swprintf
wcstok
wcslen
wcscpy
wcscmp
strncpy
exit
memcpy
malloc
free
wcsncmp
atoi
__setusermatherr
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
_fpreset
_initterm
__winitenv
_wcmdln
signal
memcmp
_iob
fprintf
memset
__lconv_init
strlen

kernel32

EnterCriticalSection
DeleteCriticalSection
LoadLibraryW
GetModuleFileNameA
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
GetStartupInfoW
GetProcAddress
lstrlenW
LocalFree
GetFileSize
CreateFileW
CloseHandle
GetProcessHeap
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
WriteFile
GetLastError
TlsGetValue
ReadFile
Sleep
FormatMessageW
GetComputerNameA
InitializeCriticalSection
GetModuleHandleW

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4f4bc851869f1c1bdb40f001aa9205f

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

comctl32

ws2_32

crypt32

secur32

advapi32

shell32

ole32

comdlg32

msvcrt

kernel32

Sections

.text Size: 174KB - Virtual size: 173KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1KB - Virtual size: 1.1MB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 211KB - Virtual size: 211KB

.reloc Size: 512B - Virtual size: 60B

.text
Size: 174KB - Virtual size: 173KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1KB - Virtual size: 1.1MB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 211KB - Virtual size: 211KB

.reloc
Size: 512B - Virtual size: 60B