915d283bc999d25cc25a1ddc2b7a242d9cc405f634f878ddbf944e22baac6fd8

Sharing

Copy URL

Twitter E-mail

General

Target

915d283bc999d25cc25a1ddc2b7a242d9cc405f634f878ddbf944e22baac6fd8
Size

13.1MB
MD5

749d304e6e4204e4ce77a51122099031
SHA1

f274e37081d4406011bc95ba2caf8d126d5a99b6
SHA256

915d283bc999d25cc25a1ddc2b7a242d9cc405f634f878ddbf944e22baac6fd8
SHA512

d64d6b3ffae19a2ff931a2df37b8970af9a84f42355b68a6d5caf25646149a587e7a54bbac1a2932d795b37d2a5a5e020805c9e136fe653a53d37e79ae4fa072
SSDEEP

196608:Ei6KpMr6nRl4f+/EmrPpPG/buTgWA8sCY41g3kFoCHg38D8KAjr4kjHz9TzICJxL:EJYnVEEachvg3k8MzPklPIQh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
915d283bc999d25cc25a1ddc2b7a242d9cc405f634f878ddbf944e22baac6fd8

Files

915d283bc999d25cc25a1ddc2b7a242d9cc405f634f878ddbf944e22baac6fd8
.exe windows:5 windows x86

304c73734147f8015af6f38091fdeaae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingW
UnmapViewOfFile
FileTimeToSystemTime
FileTimeToDosDateTime
GetFileSize
GetLocalTime
GetSystemTime
GetFileInformationByHandle
SetFileTime
DosDateTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
ReadFile
DuplicateHandle
GetFileType
SetFilePointer
WriteFile
GetWindowsDirectoryW
DeleteFileW
MoveFileExW
OpenProcess
TerminateProcess
GetLastError
CreateEventW
WaitForMultipleObjects
ResetEvent
SetEvent
WaitForSingleObject
GetCurrentProcessId
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
DeviceIoControl
CreateFileW
CreateDirectoryW
GetDriveTypeW
GetDiskFreeSpaceExW
SetLastError
WideCharToMultiByte
FindResourceExW
FindFirstFileA
FindNextFileA
FindFirstFileW
FindNextFileW
FindClose
lstrlenA
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InterlockedCompareExchange
Sleep
GetModuleFileNameW
GetShortPathNameW
CreateProcessW
SetPriorityClass
ResumeThread
GetVersionExW
GetSystemDirectoryW
LoadLibraryW
LoadLibraryExW
FindResourceW
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedExchange
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SizeofResource
LoadResource
LockResource
FreeResource
FreeLibrary
GetSystemWindowsDirectoryW
lstrlenW
DeleteCriticalSection
SetConsoleCtrlHandler
LCMapStringA
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
LCMapStringW
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
FatalAppExitA
GetCommandLineW
VirtualFree
HeapCreate
GetModuleFileNameA
GetStdHandle
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
GetProcAddress
GetCurrentProcess
CloseHandle
MapViewOfFile
SetCurrentDirectoryW
GetTickCount
MulDiv
ExitProcess
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
CreateFileA
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
CreateMutexW
TlsGetValue
OutputDebugStringW
TlsSetValue
HeapUnlock
OpenThread
HeapLock
HeapWalk
GetCurrentThreadId
ReleaseMutex
TlsAlloc
TlsFree
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCommandLineA
GetStartupInfoA
DeleteFileA

user32

ShowWindow
MessageBoxW
GetClientRect
PostMessageW
DestroyWindow
GetParent
GetWindowRect
MoveWindow
GetWindowRgn
IsWindowVisible
OffsetRect
InflateRect
UnionRect
DefWindowProcW
SystemParametersInfoW
LoadImageW
GetSystemMetrics
RemovePropW
CallWindowProcW
GetPropW
SetPropW
AdjustWindowRectEx
GetMenu
SetCursor
LoadCursorW
RegisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetKeyState
GetDC
InvalidateRect
SetTimer
KillTimer
SetCapture
ReleaseCapture
PtInRect
ReleaseDC
GetFocus
GetCapture
MapWindowPoints
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetCursorPos
CharNextW
IntersectRect
FillRect
DrawTextW
CharPrevW
SetRect
GetWindowTextW
GetWindowTextLengthW
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
GetMonitorInfoW
MonitorFromWindow
InvalidateRgn
CreateAcceleratorTableW
IsZoomed
IsIconic
FindWindowW
LoadStringW
SetWindowTextW
SendMessageW
GetWindow
EnableWindow
IsWindow
GetMessageW
SetFocus
TranslateMessage
DispatchMessageW
PostQuitMessage
GetWindowLongW
SetWindowLongW
SetWindowPos
ScreenToClient

gdi32

RoundRect
GetTextExtentPoint32W
LineTo
CreateSolidBrush
SetTextColor
SetBkMode
TextOutW
GetCharABCWidthsW
MoveToEx
GdiFlush
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
CreateRectRgn
PtInRegion
DeleteObject
GetTextMetricsW
CreateFontIndirectW
GetObjectW
GetStockObject
CreatePen
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
CreateCompatibleBitmap
GetDeviceCaps
SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
CombineRgn
CreateRoundRectRgn
StretchBlt
SetStretchBltMode
ExtTextOutW
SetBkColor

advapi32

OpenServiceW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueW
RegEnumKeyExW
CloseServiceHandle
OpenSCManagerW
GetTokenInformation
QueryServiceStatusEx
ControlService
RegOpenKeyW

shell32

SHGetFileInfoW
SHGetDesktopFolder
ord21
ord23
SHBindToParent
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetPathFromIDListW
ord165
SHBrowseForFolderW
SHGetFolderLocation
ord680
SHParseDisplayName

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx
OleInitialize
OleUninitialize
CoUninitialize
OleLockRunning
CLSIDFromProgID
CLSIDFromString

oleaut32

SysFreeString

shlwapi

PathAppendW
PathCombineW
StrCmpIW
StrStrIW
SHDeleteKeyW
StrRetToStrW
PathRemoveBackslashW
PathFileExistsA
SHGetValueA
PathCombineA
PathAppendA
PathRemoveFileSpecW
SHGetValueW
PathIsDirectoryW
PathFileExistsW
StrCmpNIW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

comctl32

ord17
_TrackMouseEvent

Sections

.text
Size: 679KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12.2MB - Virtual size: 12.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

304c73734147f8015af6f38091fdeaae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

version

wintrust

crypt32

comctl32

Sections

.text Size: 679KB - Virtual size: 679KB

.rdata Size: 159KB - Virtual size: 158KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 12.2MB - Virtual size: 12.2MB

.reloc Size: 60KB - Virtual size: 60KB

.text
Size: 679KB - Virtual size: 679KB

.rdata
Size: 159KB - Virtual size: 158KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 12.2MB - Virtual size: 12.2MB

.reloc
Size: 60KB - Virtual size: 60KB