0920fd3f27d157d8c1b63e338b35e5b50b8c498ab4a25cf68a533cfc69f4311a

Sharing

Copy URL

Twitter E-mail

General

Target

0920fd3f27d157d8c1b63e338b35e5b50b8c498ab4a25cf68a533cfc69f4311a
Size

887KB
MD5

4433092cc2d426502a9cfd8eb0b23ad1
SHA1

0b197abea4558a155b8c0549f3f5c472e49ee216
SHA256

0920fd3f27d157d8c1b63e338b35e5b50b8c498ab4a25cf68a533cfc69f4311a
SHA512

4e9bd22cc0cd6515a1c714aa2d9a6def1f9356f8e161bbd3637dc353f3b1dbf390f746f0a85d9cce956112b75af8e2629c801870c87e4c0d84db76f5a042cb5d
SSDEEP

12288:ksET8fFuUgwJHnUMR+ynlyhXCGu/mxGq8qbqDuNBnpAn9CC1f6:HEJsnUMhyhXXu/mxGebqD0BnpAn9t16

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0920fd3f27d157d8c1b63e338b35e5b50b8c498ab4a25cf68a533cfc69f4311a

Files

0920fd3f27d157d8c1b63e338b35e5b50b8c498ab4a25cf68a533cfc69f4311a
.exe windows:5 windows x86

db485c8f1b6b6f8d643fc502c832dc60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapAlloc
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
GetFullPathNameW
HeapReAlloc
HeapSize
HeapCreate
HeapDestroy
VirtualFree
GetACP
IsValidCodePage
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetCurrentDirectoryA
GetTickCount
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetDriveTypeA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GlobalFindAtomA
SetConsoleMode
ReadConsoleInputA
GlobalMemoryStatus
FlushConsoleInputBuffer
GetVersion
InterlockedCompareExchange
GetProcessHeap
lstrcmpW
GetVersionExA
GlobalDeleteAtom
GetLocaleInfoA
InterlockedExchange
GetFileAttributesA
GlobalFlags
GlobalAddAtomA
SetEndOfFile
FlushFileBuffers
SetFilePointer
lstrcmpA
GlobalGetAtomNameA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetModuleHandleW
CompareStringA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
DeleteFileW
GetCurrentProcess
GetCurrentProcessId
CreateDirectoryW
SetUnhandledExceptionFilter
FindClose
FindNextFileW
FindFirstFileW
lstrcpyW
SetLastError
CreateFileW
FindResourceW
GetModuleFileNameW
SetCurrentDirectoryA
WaitForSingleObject
ReleaseMutex
GetLocalTime
GetPrivateProfileStringA
ExitProcess
IsDBCSLeadByte
lstrcmpiA
LoadLibraryExA
InitializeCriticalSection
lstrlenW
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WritePrivateProfileStringA
LocalAlloc
LocalFree
WideCharToMultiByte
GetLastError
CreateMutexA
Sleep
WriteFile
CreateFileA
GetFileSize
CloseHandle
ReadFile
FreeLibrary
LoadLibraryA
GetProcAddress
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
lstrlenA
MultiByteToWideChar
RaiseException
GetModuleFileNameA
QueryPerformanceCounter

user32

GetMessagePos
MapWindowPoints
SetMenu
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
CallWindowProcA
GetMenu
SystemParametersInfoA
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
SetForegroundWindow
IsIconic
PostMessageA
SetWindowPos
SetWindowLongA
IsWindow
GetDlgItem
GetMessageTime
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
GetFocus
GetDesktopWindow
DefWindowProcA
DestroyWindow
CharNextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
GetWindowTextA
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetTopWindow
GetForegroundWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
wsprintfW
GetSubMenu
GetMenuItemCount
GetMenuItemID
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetMenuState
GetSysColorBrush
GetCapture
WinHelpA
LoadIconA
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DestroyMenu
GrayStringA
DrawTextExA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetDeviceCaps

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegisterEventSourceA
DeregisterEventSource
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorA
CreateWellKnownSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
ReportEventA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantInit
SystemTimeToVariantTime
VarUdateFromDate
VariantTimeToSystemTime
VarUI4FromStr
VariantChangeType

netcheckalarm

?ReadGlobalMemConfig@@YAHPBDIPAX@Z
?IsCurrentAppAlreadyRun@@YAHXZ

comctl32

InitCommonControlsEx

protectme

AddMe2Protect

oleacc

LresultFromObject
CreateStdAccessibleObject

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 663KB - Virtual size: 662KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db485c8f1b6b6f8d643fc502c832dc60

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

oleaut32

netcheckalarm

comctl32

protectme

oleacc

dbghelp

Sections

.text Size: 663KB - Virtual size: 662KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 15KB - Virtual size: 37KB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 663KB - Virtual size: 662KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 15KB - Virtual size: 37KB

.rsrc
Size: 31KB - Virtual size: 30KB