85382c90f55b8af85c85a701d3354d9407593d1faeaaa58fd74c701b128d1c5b

Sharing

Copy URL Twitter E-mail

General

Target

85382c90f55b8af85c85a701d3354d9407593d1faeaaa58fd74c701b128d1c5b
Size

253KB
MD5

5399e92a677a2b45935e081461f6023e
SHA1

e3d79ac351752749c5cd8dcb674571ff4ffb896a
SHA256

85382c90f55b8af85c85a701d3354d9407593d1faeaaa58fd74c701b128d1c5b
SHA512

19cad2d50846110cc2a17b1fd9644cf45d9d9f60f9316e97b57d086ec50c50ca5dcc6edc01df080cdfe75e4efe8e27acf2f39c1cf4a513dfc50c9987fe3dff34
SSDEEP

6144:VyESGZZIrdASwuq/BU6MqcfUCLU00mid5c4SKHbmH8AI:VkdtwuwBU64xg00Jd5W2dH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85382c90f55b8af85c85a701d3354d9407593d1faeaaa58fd74c701b128d1c5b

Files

85382c90f55b8af85c85a701d3354d9407593d1faeaaa58fd74c701b128d1c5b
.exe windows:5 windows x86

e0a4796d5b63e5819a289fae9f140f41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
LoadResource
FindResourceW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetModuleHandleW
InterlockedIncrement
CompareStringW
lstrcmpW
GlobalFlags
lstrcmpA
lstrlenA
GlobalAddAtomW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetVersionExA
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
CompareStringA
SizeofResource
GetModuleHandleA
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitProcess
RaiseException
RtlUnwind
HeapReAlloc
HeapSize
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetProcessHeap
SetEnvironmentVariableA
SetLastError
lstrlenW
GetSystemTime
DeleteCriticalSection
MultiByteToWideChar
FileTimeToSystemTime
InterlockedDecrement
ReleaseSemaphore
WaitForSingleObject
CreateThread
LocalFree
GetCurrentProcessId
DeleteFileW
FileTimeToLocalFileTime
CloseHandle
GetCurrentThreadId
FindNextFileW
CreateSemaphoreW
GetLocalTime
FindClose
EnterCriticalSection
GetProcAddress
GetLastError
GetPrivateProfileIntW
CreateFileW
GetModuleFileNameW
LeaveCriticalSection
GetVersionExW
FormatMessageW
Sleep
LoadLibraryW
WideCharToMultiByte
InitializeCriticalSection
GetPrivateProfileStringW
OutputDebugStringW
GetCurrentProcess
SystemTimeToFileTime
SetUnhandledExceptionFilter
FreeLibrary
FindFirstFileW

advapi32

SetServiceStatus
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoInitialize
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantChangeType
SysAllocStringLen
VariantInit
SafeArrayGetUBound
SafeArrayDestroyData
SysFreeString
SafeArrayGetElement
VariantClear
SafeArrayGetLBound
SysAllocString

shlwapi

PathRemoveFileSpecW

crypt32

CryptUnprotectData

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

activeds

ord13
ord9

iphlpapi

GetAdaptersInfo

dbghelp

MiniDumpWriteDump

ws2_32

recvfrom
inet_ntoa
bind
gethostname
gethostbyname
WSAStartup
ntohl
inet_addr
htonl
closesocket
WSACleanup
WSAGetLastError
htons
ntohs
shutdown
setsockopt
sendto
WSASocketW

oleacc

LresultFromObject
CreateStdAccessibleObject

user32

WinHelpW
LoadIconW
RegisterWindowMessageW
PostQuitMessage
DestroyMenu
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetForegroundWindow
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetFocus
ClientToScreen
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetMenuState
GetMenuItemID
GetCapture
GetClassLongW
GetMenuItemCount
GetSubMenu
SetPropW
GetPropW
RemovePropW
IsWindow
GetClientRect
GetDlgItem
GetTopWindow
GetWindow

gdi32

GetStockObject
DeleteObject
CreateBitmap
GetClipBox
SetTextColor
ExtTextOutW
SaveDC
RestoreDC
SetMapMode
DeleteDC
SetBkColor
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
SetViewportOrgEx
RectVisible
TextOutW
Escape
SelectObject
GetDeviceCaps
OffsetViewportOrgEx

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0a4796d5b63e5819a289fae9f140f41

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

version

activeds

iphlpapi

dbghelp

ws2_32

oleacc

user32

gdi32

winspool.drv

Sections

.text Size: 195KB - Virtual size: 194KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 10KB - Virtual size: 87KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 195KB - Virtual size: 194KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 10KB - Virtual size: 87KB

.rsrc
Size: 1KB - Virtual size: 1KB