047610622e2639c8124b84b5bc7900fd099aa0aed639390afc042642c9d9e0bf

Sharing

Copy URL Twitter E-mail

General

Target

047610622e2639c8124b84b5bc7900fd099aa0aed639390afc042642c9d9e0bf
Size

996KB
MD5

9b941597f2bb83eb07576fe04134d750
SHA1

8ff2bfe9453ed1a719a147ce9c227b8f911f13d1
SHA256

047610622e2639c8124b84b5bc7900fd099aa0aed639390afc042642c9d9e0bf
SHA512

bb95c27529258f7187f8dba13b62e699d906ad215740a44342619e39299cc37d62f77d078710b9f118a74d19ceecfbf6cecca52b6bb29bd635820eea78a9f893
SSDEEP

24576:bJCBUWauldKTn+jiJo+ArUfiSxB4lWAGG:bJbn+ji2+ZAP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
047610622e2639c8124b84b5bc7900fd099aa0aed639390afc042642c9d9e0bf

Files

047610622e2639c8124b84b5bc7900fd099aa0aed639390afc042642c9d9e0bf
.exe windows:5 windows x86

e18918ad037b9579665b3acb4d00db60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
GetNativeSystemInfo
GetComputerNameW
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
lstrlenW
InterlockedDecrement
InterlockedIncrement
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
EnumSystemLocalesW
SetThreadLocale
IsValidLocale
GetFileType
GetACP
WriteFile
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FindResourceW
RtlUnwind
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
SetThreadUILanguage
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetThreadLocale
GetProcessHeap
lstrlenA
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetExitCodeThread
GetCommandLineW
SetErrorMode
SizeofResource
HeapSetInformation
GetModuleFileNameW
GetUserDefaultLCID
LoadResource
LocalFree
WaitForSingleObject
MapViewOfFile
CreateFileMappingW
FreeLibrary
LoadLibraryW
CloseHandle
UnmapViewOfFile
CreateFileW
GetCurrentProcess
GetFileSizeEx
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetVersionExW
CompareStringW
WideCharToMultiByte
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetFileSize
CreateFileMappingA
LoadLibraryExW
MultiByteToWideChar

user32

IsWindowVisible
DestroyWindow
GetWindowRect
DrawTextW
GetClientRect
LoadStringW
FillRect
GetDC
DrawFrameControl
PtInRect
GetClassInfoExW
LoadCursorW
GetSysColor
DrawFocusRect
GetDlgCtrlID
RegisterClassExW
SendMessageW
GetWindowTextW
ShowWindow
BeginPaint
GetCursorPos
ReleaseDC
ReleaseCapture
UpdateWindow
SystemParametersInfoW
SetRectEmpty
SetCursor
SetCapture
GetClassNameW
CharNextW
SetFocus
IsWindowEnabled
GetCapture
ScreenToClient
CreateWindowExW
CopyRect
MoveWindow
OffsetRect
IsWindow
SetWindowPos
GetFocus
CallWindowProcW
UnregisterClassW
GetDialogBaseUnits
SetWindowLongW
GetParent
InvalidateRect
EndPaint
DefWindowProcW
DestroyIcon
GetActiveWindow
PostQuitMessage
LoadIconW
LoadBitmapW
IsDialogMessageW
GetDlgItem
SetActiveWindow
EnableWindow
SetWindowTextW
PostMessageW
CreateDialogParamW
MessageBoxW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetWindowLongW
GetWindowTextLengthW

gdi32

SetBkColor
Rectangle
GetObjectW
CreateFontIndirectW
PatBlt
SetTextColor
SelectObject
GetStockObject
GetTextMetricsW
DeleteDC
SetBkMode
LineTo
CreatePen
MoveToEx
DeleteObject
CreateSolidBrush

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
GetUserNameW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
GetTokenInformation
RegCloseKey
RegQueryValueExW

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
ShellExecuteW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathIsDirectoryW

comctl32

_TrackMouseEvent
ord17

userenv

GetUserProfileDirectoryW

ntdll

RtlGetVersion
NtQuerySystemInformation
RtlNtStatusToDosError
RtlDowncaseUnicodeChar

Sections

.text
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e18918ad037b9579665b3acb4d00db60

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

userenv

ntdll

Sections

.text Size: 379KB - Virtual size: 379KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 21KB - Virtual size: 31KB

.rsrc Size: 436KB - Virtual size: 436KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 379KB - Virtual size: 379KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 21KB - Virtual size: 31KB

.rsrc
Size: 436KB - Virtual size: 436KB

.reloc
Size: 16KB - Virtual size: 16KB