ee72166f8655335ace92c3337280c51fc3031926a8bfaf1e7169361e4d644f2b

Sharing

Copy URL Twitter E-mail

General

Target

ee72166f8655335ace92c3337280c51fc3031926a8bfaf1e7169361e4d644f2b
Size

361KB
MD5

2998cb152ff585ecdcfa0bdcadb4c452
SHA1

6ecf3139cf833d8a754bacbb19ba3434916bf9a2
SHA256

ee72166f8655335ace92c3337280c51fc3031926a8bfaf1e7169361e4d644f2b
SHA512

f95acfa24d25ae1e7816c499ed0f592e4302251994a9f622a1e16644e0490fa28e7590a40bf95ba0fa8be8749b1ed9e927369557d119bff4c533fef98bf48808
SSDEEP

6144:BqowPS+32LHKHHHHHHDmZyUBHZHn0HqiHHHH0sWeT6hJ:gowqlqHHHHHHDmZyUBHZH0HVHHHHz+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee72166f8655335ace92c3337280c51fc3031926a8bfaf1e7169361e4d644f2b

Files

ee72166f8655335ace92c3337280c51fc3031926a8bfaf1e7169361e4d644f2b
.exe windows:5 windows x86

b1ab04c95f36aa7c32bf884ee1feccd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BringWindowToTop
CreateDialogParamW
DestroyIcon
DialogBoxParamW
DrawTextW
EndDialog
EndPaint
EnumDisplaySettingsExW
EnumDisplayDevicesW
GetClientRect
GetDlgItem
GetSystemMetrics
GetWindowLongW
LoadImageW
LoadStringW
MessageBoxW
SendDlgItemMessageW
SendMessageW
SetDlgItemTextW
UpdateWindow
TranslateMessage
SetTimer
SetScrollRange
SetScrollPos
SetCursor
ScrollWindowEx
ScreenToClient
ReleaseDC
RegisterClassW
PostQuitMessage
LoadIconW
LoadCursorW
IsRectEmpty
InvalidateRgn
IntersectRect
GetWindowDC
GetMessageW
GetKeyState
DispatchMessageW
DestroyCursor
DefWindowProcW
CreateWindowExW
CreateCursor
AdjustWindowRectEx
FillRect
GetDlgItemTextW
ShowWindow
SetWindowPos
SetWindowLongW
BeginPaint

gdi32

SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
CreateSolidBrush
CreateRectRgn
CreatePen
CreateDIBSection
BitBlt
StretchBlt
SetTextColor
SetBkMode
SelectObject
GetObjectW
GetDeviceCaps
DPtoLP
DeleteObject
CreateICW
CreateFontIndirectW
CreateCompatibleDC
DeleteDC

comctl32

InitCommonControlsEx

ws2_32

connect
getsockname
getsockopt
htons
inet_addr
recv
send
closesocket
socket
gethostbyname
WSAGetLastError
select
WSAStartup
WSACleanup
WSAAsyncSelect
setsockopt

crypt32

CryptMemFree
CertFreeCertificateContext
CertCreateCertificateContext
CertVerifySubjectCertificateContext
CryptImportPublicKeyInfoEx
CryptMemAlloc

secur32

DecryptMessage
EncryptMessage
QueryContextAttributesW
QueryCredentialsAttributesA
InitializeSecurityContextA
FreeCredentialsHandle
FreeContextBuffer
AcquireCredentialsHandleW
DeleteSecurityContext

advapi32

CryptExportKey
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptSetHashParam
CryptGetHashParam
CryptHashData
CryptImportKey
CryptReleaseContext

shell32

SHGetFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

comdlg32

GetOpenFileNameW
GetSaveFileNameW

msvcrt

memmove
strcpy
_snwprintf
_wtoi
wcscat
time
mktime
localtime
gmtime
sprintf
_snprintf
strcat
rand
realloc
vsprintf
strtok
swprintf
wcstok
wcslen
wcscpy
wcscmp
strncpy
exit
memcpy
malloc
free
wcsncmp
atoi
__setusermatherr
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
_fpreset
_initterm
__winitenv
_wcmdln
signal
memcmp
_iob
fprintf
memset
__lconv_init
strlen

kernel32

EnterCriticalSection
DeleteCriticalSection
LoadLibraryW
GetModuleFileNameA
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
GetStartupInfoW
GetProcAddress
lstrlenW
LocalFree
GetFileSize
CreateFileW
CloseHandle
GetProcessHeap
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
WriteFile
GetLastError
TlsGetValue
ReadFile
Sleep
FormatMessageW
GetComputerNameA
InitializeCriticalSection
GetModuleHandleW

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1ab04c95f36aa7c32bf884ee1feccd4

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

comctl32

ws2_32

crypt32

secur32

advapi32

shell32

ole32

comdlg32

msvcrt

kernel32

Sections

.text Size: 131KB - Virtual size: 131KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 1.0MB

.rsrc Size: 211KB - Virtual size: 211KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 131KB - Virtual size: 131KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 1.0MB

.rsrc
Size: 211KB - Virtual size: 211KB

.reloc
Size: 4KB - Virtual size: 4KB