823d2fce490b1ca61f32c57f70f3beb4aa6e0e2106e627f55a5a12d59bd258a8

Sharing

Copy URL Twitter E-mail

General

Target

823d2fce490b1ca61f32c57f70f3beb4aa6e0e2106e627f55a5a12d59bd258a8
Size

171KB
MD5

5b6276667eb298315ee89190a1a8f3fc
SHA1

ed28ea8763eed01e756c218bd55507504ac9e8e2
SHA256

823d2fce490b1ca61f32c57f70f3beb4aa6e0e2106e627f55a5a12d59bd258a8
SHA512

e1c75b51e95b7607c885919719be076dd319204734e38dd53a06fc66ae600c7e1458fea41b084e9adf1759a63d724f2f4eb4171a26fba5d957b558acb38a56b7
SSDEEP

3072:GPW+FxHSN4drhTdX65+OiLIKtvzxWMXCfKuanKl59fYODWJ0i:GPWsHI69T9g+OiE+vlLXl/09Hg9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
823d2fce490b1ca61f32c57f70f3beb4aa6e0e2106e627f55a5a12d59bd258a8

Files

823d2fce490b1ca61f32c57f70f3beb4aa6e0e2106e627f55a5a12d59bd258a8
.exe windows:5 windows x64

962d1ab8a0ee3ed5c286c9ab57e96ce9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RemoveDirectoryA
Process32Next
GetModuleFileNameA
CreateToolhelp32Snapshot
CloseHandle
GetTempPathA
CreateThread
VirtualAlloc
CreateFileW
GetProcessHeap
SetEndOfFile
HeapReAlloc
GetStringTypeW
CreateDirectoryA
MultiByteToWideChar
Sleep
VirtualFree
WaitForSingleObject
Process32First
LCMapStringW
HeapSize
FlushFileBuffers
WriteConsoleW
SetStdHandle
CreateFileA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetLastError
HeapFree
HeapAlloc
DeleteFileA
DecodePointer
EncodePointer
GetProcAddress
GetModuleHandleW
ExitProcess
GetCommandLineA
FreeLibrary
LoadLibraryW
RaiseException
RtlPcToFileHeader
HeapSetInformation
GetVersion
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
ReadFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW

user32

IsWindowVisible
GetClassNameA
GetParent
EnumChildWindows
EnumWindows
SendMessageA
wsprintfA

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

urlmon

URLDownloadToFileA

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

962d1ab8a0ee3ed5c286c9ab57e96ce9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wininet

urlmon

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 1.5MB

.pdata Size: 4KB - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 43KB - Virtual size: 43KB

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 1.5MB

.pdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 43KB - Virtual size: 43KB