a386ffefff331822bab0912a5f613e06c095a75019d8dc2c212fc4afcea5cc9e

Sharing

Copy URL Twitter E-mail

General

Target

a386ffefff331822bab0912a5f613e06c095a75019d8dc2c212fc4afcea5cc9e
Size

544KB
MD5

3867520b06884d0d07a3167c3acd7580
SHA1

a870b3236a8cde2372dac7eef4a81e4726393912
SHA256

a386ffefff331822bab0912a5f613e06c095a75019d8dc2c212fc4afcea5cc9e
SHA512

b58ee1955b70cde004de62ffca6a88e7a3493ddd6c333587308b6623faa85d31f9c7d5c64ec2f0cacdf6243a29b1a08c5a7b203bc8c05981cf9cdea4ce777459
SSDEEP

12288:YyOMhJIl53zjcg8O0ahgK/45A/Obt7AkXkwKzEnRJlKEgC+:9BWHjcg8O0ahR/45AWNXkwiEnRvgC+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a386ffefff331822bab0912a5f613e06c095a75019d8dc2c212fc4afcea5cc9e

Files

a386ffefff331822bab0912a5f613e06c095a75019d8dc2c212fc4afcea5cc9e
.exe windows:4 windows x86

167cb5a05b56b3b6d6d4af3aa137e0da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertNameToStrW
CertGetNameStringW
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CertCloseStore
CertCreateCertificateContext
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertOpenStore

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathFindFileNameW
PathFileExistsW

msvcrt

?terminate@@YAXXZ
_onexit
__dllonexit
__set_app_type
__p__fmode
??1type_info@@UAE@XZ
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
strncpy
_controlfp
__p__commode
memset
??3@YAXPAX@Z
__CxxFrameHandler
strlen
_wcsnicmp
wcsstr
wcscmp
_wcsicmp
??2@YAPAXI@Z
wcslen
_purecall
sprintf
sscanf
wcsrchr
rand
srand
memcpy
strcmp
labs
isspace
strstr
memmove
free
malloc
_ftol
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_beginthread
calloc
strchr
isxdigit
toupper
_vsnprintf
_vsnwprintf
fclose
fread
fwrite
time
realloc
_fsopen
fopen
_wfsopen
_wfopen
atoi
ftell
fseek
wcschr
memcmp
_except_handler3
_exit
_XcptFilter
exit
_wcmdln

mfc42u

ord540
ord2858
ord2371
ord755
ord470
ord5949
ord4155
ord858
ord2810
ord809
ord556
ord2114
ord3087
ord2859
ord537
ord2746
ord6871
ord2854
ord3084
ord2634
ord1088
ord6195
ord6051
ord1768
ord5286
ord3393
ord3728
ord686
ord810
ord384
ord567
ord1808
ord2294
ord6004
ord3995
ord3282
ord3285
ord4294
ord2857
ord4279
ord2088
ord1761
ord4219
ord3909
ord940
ord925
ord3397
ord3605
ord656
ord4270
ord535
ord4118
ord5047
ord5142
ord3749
ord613
ord5785
ord289
ord2855
ord2070
ord5871
ord4470
ord3658
ord3568
ord3621
ord2406
ord1634
ord3566
ord5977
ord640
ord5781
ord1633
ord323
ord6451
ord5446
ord6390
ord5436
ord6379
ord5869
ord3867
ord3870
ord1787
ord2567
ord3569
ord3614
ord4390
ord609
ord2235
ord2397
ord6168
ord3871
ord3088
ord6330
ord4199
ord5706
ord942
ord2574
ord4396
ord3365
ord3635
ord693
ord3993
ord3991
ord3297
ord2362
ord283
ord1172
ord4215
ord2576
ord3649
ord2430
ord1637
ord6374
ord6193
ord1165
ord1143
ord4229
ord641
ord324
ord3592
ord4419
ord4621
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord2078
ord6211
ord5714
ord5939
ord1105
ord538
ord861
ord800
ord2717
ord1131
ord2613
ord815
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord1569
ord6868

kernel32

GetCurrentThread
GetStartupInfoW
GetTempPathW
GetTempFileNameW
LoadLibraryA
FreeLibrary
GetVersion
GetSystemDirectoryW
ExpandEnvironmentStringsW
lstrcatW
DeleteFileW
GlobalMemoryStatus
InitializeCriticalSectionAndSpinCount
InterlockedExchange
TerminateThread
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
WriteFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
InterlockedCompareExchange
InterlockedExchangeAdd
GetHandleInformation
QueryPerformanceCounter
GetTickCount
GetTempPathA
GetSystemDefaultLangID
HeapAlloc
ReleaseMutex
OpenMutexA
CreateMutexA
ResetEvent
OpenEventA
CreateEventA
GetProcessHeap
HeapFree
OpenThread
GetExitCodeThread
DuplicateHandle
CreateFileW
LoadLibraryW
GetSystemTimeAsFileTime
OutputDebugStringW
WideCharToMultiByte
TlsFree
TlsAlloc
GetLastError
TlsGetValue
LocalFree
LocalAlloc
TlsSetValue
GetModuleHandleW
VirtualQuery
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
Sleep
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
GetVersionExW
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResumeThread
WaitForSingleObject
GetModuleFileNameW
SetEvent
GetCurrentProcessId
ProcessIdToSessionId
GetCurrentProcess
CreateProcessW
CloseHandle
SetLastError

user32

IsWindowVisible
GetAsyncKeyState
GetParent
GetIconInfo
KillTimer
PtInRect
DrawStateW
InvalidateRect
DestroyIcon
GetPriorityClipboardFormat
OpenClipboard
EmptyClipboard
CloseClipboard
ChangeClipboardChain
SetClipboardViewer
SetWindowsHookExW
UnhookWindowsHookEx
GetActiveWindow
SendInput
CallNextHookEx
GetWindowDC
ReleaseDC
VkKeyScanW
keybd_event
GetWindowRgn
CopyRect
EqualRect
EnableMenuItem
MoveWindow
IsWindow
GetSysColor
LoadImageW
GetCursorPos
ScreenToClient
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetWindowPos
SetForegroundWindow
RegisterWindowMessageW
PostMessageW
LoadBitmapW
LoadCursorW
SetCursor
GetDC
GetWindowRect
GetFocus
SetWindowTextW
SetDlgItemTextW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SetTimer
GetSystemMenu
AppendMenuW
UpdateWindow
ToAscii
GetKeyboardState
EndDialog
GetWindow
SetWindowRgn
DrawIconEx
CreateIconFromResourceEx
CreateIconFromResource
wsprintfA
EnableWindow
RegisterWindowMessageA
LoadMenuW
GetSubMenu
LoadIconW
SendMessageW
GetMenuItemID
ModifyMenuW
TrackPopupMenu
GetKeyState
wsprintfW

gdi32

GetObjectA
DeleteObject
OffsetRgn
CombineRgn
CreateRoundRectRgn
SaveDC
SetStretchBltMode
SetBrushOrgEx
StretchBlt
RestoreDC
GetTextExtentPoint32W
SelectObject
DeleteDC
CreateDIBSection
CreateCompatibleBitmap
CreateFontW
CreateBitmap
CreateCompatibleDC
BitBlt
GetDIBits
CreateSolidBrush
CreateRectRgn
FillRgn
FrameRgn
GetStockObject
GetObjectW
CreateFontIndirectW
CreatePolygonRgn

advapi32

SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityInfo
GetSecurityDescriptorSacl
CreateWellKnownSid
CryptDestroyKey
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyW
CryptGetUserKey
PrivilegeCheck
LookupPrivilegeValueW
CryptGetKeyParam
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
OpenThreadToken
FreeSid

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW

comctl32

ImageList_ReplaceIcon

ole32

CoInitialize
CoUninitialize
OleRun
CoCreateInstance

oleaut32

GetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantClear

imm32

ImmGetContext
ImmAssociateContext
ImmReleaseContext

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

winmm

timeKillEvent

msimg32

AlphaBlend

Sections

.text
Size: 356KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

167cb5a05b56b3b6d6d4af3aa137e0da

Headers

File Characteristics

Imports

crypt32

version

shlwapi

msvcrt

mfc42u

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

imm32

rpcrt4

winmm

msimg32

Sections

.text Size: 356KB - Virtual size: 353KB

.rdata Size: 108KB - Virtual size: 106KB

.data Size: 12KB - Virtual size: 31KB

.tls Size: 4KB - Virtual size: 36B

.rsrc Size: 60KB - Virtual size: 56KB

.text
Size: 356KB - Virtual size: 353KB

.rdata
Size: 108KB - Virtual size: 106KB

.data
Size: 12KB - Virtual size: 31KB

.tls
Size: 4KB - Virtual size: 36B

.rsrc
Size: 60KB - Virtual size: 56KB