49c8d1c1079d1980626bb148c838bee88d65af3a07e7761817d90677e76f54cb

Sharing

Copy URL Twitter E-mail

General

Target

49c8d1c1079d1980626bb148c838bee88d65af3a07e7761817d90677e76f54cb
Size

356KB
MD5

8a16e9f67f4b4fa810097f4576a17c23
SHA1

770b541c70c12f5daef2c0bf9d3af79f3a98649d
SHA256

49c8d1c1079d1980626bb148c838bee88d65af3a07e7761817d90677e76f54cb
SHA512

23e158dea7c907b09e3add47ba42cedb14423ae3ea9dae2bbf543a4aa40ece4d513c4572e61c1841e945abb95b1ea2e358f8e31e0fb1892d7daebd78e560d753
SSDEEP

6144:lSMzsuumnhDu20s+vMdvI9X5ZM/O8w/OF:lvzsS+UdvIDS/nF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49c8d1c1079d1980626bb148c838bee88d65af3a07e7761817d90677e76f54cb

Files

49c8d1c1079d1980626bb148c838bee88d65af3a07e7761817d90677e76f54cb
.exe windows:5 windows x86

76baee3bfeddbad7cdb684f735eb7880

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
GetCPInfo
GetOEMCP
RtlUnwind
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapAlloc
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
GetFullPathNameW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
Sleep
ExitProcess
HeapReAlloc
HeapSize
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
GetDriveTypeA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalDeleteAtom
GetLocaleInfoA
InterlockedExchange
GlobalFlags
GlobalAddAtomA
CreateFileA
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
lstrcmpA
GlobalGetAtomNameA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetModuleHandleW
CompareStringA
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
DeleteFileW
GetCurrentProcess
GetCurrentProcessId
CreateDirectoryW
SetUnhandledExceptionFilter
FindClose
FindNextFileW
FindFirstFileW
lstrcpyW
SetLastError
CreateFileW
FindResourceW
GetModuleFileNameW
IsDBCSLeadByte
LoadLibraryExA
InitializeCriticalSection
lstrlenW
GetModuleFileNameA
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
FreeLibrary
LoadLibraryA
GetProcAddress
MultiByteToWideChar
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
RaiseException
InterlockedCompareExchange
WideCharToMultiByte
lstrlenA
lstrcmpiA
GetLastError
GlobalFree

user32

GetMessagePos
MapWindowPoints
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
CallWindowProcA
GetMenu
SystemParametersInfoA
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
SetForegroundWindow
IsIconic
PostMessageA
SetWindowPos
SetWindowLongA
IsWindow
GetDlgItem
GetMessageTime
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
GetWindowTextA
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
DefWindowProcA
EnableWindow
MessageBoxA
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
wsprintfW
DestroyWindow
CharNextA
DestroyMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
SetMenu

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetDeviceCaps

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryInfoKeyA
GetUserNameA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantChangeType
VariantClear
SystemTimeToVariantTime
VarUdateFromDate
VariantTimeToSystemTime
VarUI4FromStr
VariantInit

netcheckalarm

?SendAlarmAndSetGlobalBlockFlag@@YAXW4_CONNECT_TYPE@@KFAAU_GLOBAL_CHECK_NET_MEM_CONFIG@@@Z
?SetConfigInternelIp@@YAXPADAAU_GLOBAL_CHECK_NET_MEM_CONFIG@@@Z
?CheckInternetByInternetIp@@YAHW4_CONNECT_TYPE@@KFAAU_GLOBAL_CHECK_NET_MEM_CONFIG@@PADH@Z
?WriteGlobalMemConfig@@YAHPBDIQAX@Z
?CheckInternetByDns@@YAHAAU_GLOBAL_CHECK_NET_MEM_CONFIG@@@Z
?ReadGlobalMemConfig@@YAHPBDIPAX@Z
?GetInternetIp@@YAHPBDFPADH@Z
?releaseWsSock@@YAXXZ
?initWsSock@@YAJXZ
?IsCurrentAppAlreadyRun@@YAHXZ

comctl32

InitCommonControlsEx

winhttp

WinHttpGetIEProxyConfigForCurrentUser

ws2_32

inet_addr

oleacc

CreateStdAccessibleObject
LresultFromObject

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76baee3bfeddbad7cdb684f735eb7880

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

oleaut32

netcheckalarm

comctl32

winhttp

ws2_32

oleacc

dbghelp

Sections

.text Size: 265KB - Virtual size: 264KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 265KB - Virtual size: 264KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 31KB - Virtual size: 30KB