a820b87d2072def7ccc7dd969624a9ce02d36d27f89b5b791a10ce5decc27c4e

Sharing

Copy URL

Twitter E-mail

General

Target

a820b87d2072def7ccc7dd969624a9ce02d36d27f89b5b791a10ce5decc27c4e
Size

1.1MB
MD5

9686e50262cbfdd1186fe39a0ffa1f4d
SHA1

e6e7451ebb287fd9b7f2a50facc957d7b4ec15fe
SHA256

a820b87d2072def7ccc7dd969624a9ce02d36d27f89b5b791a10ce5decc27c4e
SHA512

75d2992ab78458cd7cb8c98d27c167c81705f80a657ce0374eda8b523979f6bde8f75657aa71e1c351b1e67636593ec7fd2892ac83cb7055fa98ce5c20ea13da
SSDEEP

24576:dOnjDmNlqb6hqX247a4E24wFL6F4cHP+iFiXGofQ4lWJA:dOnjDmNlqbWoXj4wFL6Wc3y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a820b87d2072def7ccc7dd969624a9ce02d36d27f89b5b791a10ce5decc27c4e

Files

a820b87d2072def7ccc7dd969624a9ce02d36d27f89b5b791a10ce5decc27c4e
.exe windows:6 windows x64

b197d6f78c510d50f0e7c621499e5d85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
GetComputerNameW
LoadResource
FindResourceW
LoadLibraryExW
MultiByteToWideChar
LocalFree
WaitForSingleObject
MapViewOfFile
CreateFileMappingW
FreeLibrary
LoadLibraryW
CloseHandle
UnmapViewOfFile
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
GetLocalTime
CreateFileW
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlPcToFileHeader
RtlUnwindEx
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
SetThreadLocale
SetThreadUILanguage
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetThreadLocale
GetProcessHeap
lstrlenA
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetExitCodeThread
GetCommandLineW
HeapSetInformation
SetErrorMode
SizeofResource
IsValidLocale
GetModuleFileNameW
GetCurrentProcess
GetFileSizeEx
lstrcmpiW
VerifyVersionInfoW
GetModuleHandleW
VerSetConditionMask
GetProcAddress
CompareStringW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetLastError
lstrlenW
DeleteCriticalSection
DecodePointer
InitializeCriticalSectionEx
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetFileSize
CreateFileMappingA
RaiseException
GetLastError
GetFileType

user32

DestroyWindow
GetWindowRect
DrawTextW
GetClientRect
LoadStringW
FillRect
GetDC
DrawFrameControl
PtInRect
GetClassInfoExW
LoadCursorW
GetSysColor
DrawFocusRect
GetDlgCtrlID
RegisterClassExW
CreateWindowExW
ScreenToClient
GetWindowTextW
UnregisterClassW
BeginPaint
GetCursorPos
ReleaseDC
ReleaseCapture
UpdateWindow
SystemParametersInfoW
SetRectEmpty
SetCursor
SetCapture
GetClassNameW
CharNextW
SetFocus
IsWindowEnabled
GetCapture
IsWindowVisible
SetWindowLongPtrW
ShowWindow
CopyRect
MoveWindow
OffsetRect
IsWindow
GetWindowLongPtrW
SetWindowPos
GetFocus
SendMessageW
GetDialogBaseUnits
SetWindowLongW
GetParent
InvalidateRect
EndPaint
CallWindowProcW
DestroyIcon
GetActiveWindow
PostQuitMessage
LoadIconW
LoadBitmapW
IsDialogMessageW
MessageBoxW
GetDlgItem
SetActiveWindow
EnableWindow
SetWindowTextW
PostMessageW
CreateDialogParamW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetWindowLongW
GetWindowTextLengthW
DefWindowProcW

gdi32

SetBkColor
Rectangle
GetObjectW
CreateFontIndirectW
PatBlt
SetTextColor
SelectObject
GetStockObject
GetTextMetricsW
DeleteDC
SetBkMode
LineTo
CreatePen
MoveToEx
DeleteObject
CreateSolidBrush

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
GetUserNameW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW

shell32

SHBrowseForFolderW
CommandLineToArgvW
SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathIsDirectoryW

comctl32

ord17
_TrackMouseEvent

userenv

GetUserProfileDirectoryW

ntdll

RtlGetVersion
RtlDowncaseUnicodeChar
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b197d6f78c510d50f0e7c621499e5d85

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

userenv

ntdll

Sections

.text Size: 473KB - Virtual size: 472KB

.rdata Size: 145KB - Virtual size: 145KB

.data Size: 27KB - Virtual size: 40KB

.pdata Size: 18KB - Virtual size: 17KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 436KB - Virtual size: 436KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 473KB - Virtual size: 472KB

.rdata
Size: 145KB - Virtual size: 145KB

.data
Size: 27KB - Virtual size: 40KB

.pdata
Size: 18KB - Virtual size: 17KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 436KB - Virtual size: 436KB

.reloc
Size: 5KB - Virtual size: 5KB