60ba52aab9387d0b02e235a597796b67f43b7a428bd9e5caedd7ebd1ce5d33ce

Sharing

Copy URL Twitter E-mail

General

Target

60ba52aab9387d0b02e235a597796b67f43b7a428bd9e5caedd7ebd1ce5d33ce
Size

1.1MB
MD5

66d63bae58ef4013f18a863bbb14d8da
SHA1

b8987ae5afb704fc0ece718370e04b650216a8c5
SHA256

60ba52aab9387d0b02e235a597796b67f43b7a428bd9e5caedd7ebd1ce5d33ce
SHA512

e5a40841e180f3b1ddf96592f996a0367e222f145bf69f1621ed429c85270e2760f39b173fca48130c740c771e99039991168ccc936aec8c4e770bb099e9c60b
SSDEEP

12288:rvkCjwP8sImoa5Em24BfGiowSvA8e7W6n1qocWPjNnJQeWTKz9iedFOYyCFa:rvkCtsVFfGiV8i7vbtJTW2z/bByCF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60ba52aab9387d0b02e235a597796b67f43b7a428bd9e5caedd7ebd1ce5d33ce

Files

60ba52aab9387d0b02e235a597796b67f43b7a428bd9e5caedd7ebd1ce5d33ce
.exe windows:4 windows x86

87d90c87a135c03e5ff8ec5f5d03ad00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetVersion
GetModuleHandleA
Process32FirstW
InterlockedIncrement
UnmapViewOfFile
OpenFileMappingW
GetTickCount
GetStdHandle
MapViewOfFile
LoadLibraryA
InterlockedDecrement
OpenProcess
GlobalMemoryStatus
DeleteFileW
FlushConsoleInputBuffer
GetStartupInfoW
lstrcmpiW
OpenEventW
Process32NextW
FormatMessageW
CreateNamedPipeW
SystemTimeToFileTime
ConnectNamedPipe
WaitForMultipleObjects
FlushFileBuffers
DisconnectNamedPipe
CreateThread
SetProcessShutdownParameters
CreateMutexW
GetCommandLineW
ReleaseMutex
DeleteCriticalSection
CreateProcessW
GetExitCodeProcess
GetTempPathW
WaitNamedPipeW
SetNamedPipeHandleState
WriteFile
ReadFile
GetOverlappedResult
Sleep
ExitThread
GetTimeFormatW
WaitForSingleObject
LocalAlloc
LocalFree
SleepEx
CreateDirectoryW
GetCurrentDirectoryW
GetVersionExW
TerminateProcess
CreateToolhelp32Snapshot
GetUserDefaultUILanguage
GetUserDefaultLangID
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
EnumResourceLanguagesW
GetLastError
CreateFileW
lstrlenA
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameW
SetCurrentDirectoryW
SetEvent
ResetEvent
lstrlenW
WideCharToMultiByte
CloseHandle
CreateEventW
FileTimeToSystemTime
GetLocalTime
QueryPerformanceCounter

user32

EnableMenuItem
GetMenuItemCount
GetDlgItemInt
SetClassLongW
GetWindowTextW
RedrawWindow
GetMenuState
InsertMenuW
DestroyMenu
LoadMenuW
GetSubMenu
GetCursorPos
SetForegroundWindow
TrackPopupMenu
SendMessageW
EndDialog
SetDlgItemTextW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
PostMessageW
LoadIconW
GetDesktopWindow
GetDlgItemTextA
RemoveMenu
SetWindowPos
MoveWindow
GetClientRect
DefWindowProcW
CheckMenuItem
MessageBoxW
TranslateMessage
GetMessageW
UpdateWindow
CreateWindowExW
RegisterClassExW
RegisterWindowMessageW
LoadCursorW
FindWindowW
PostQuitMessage
DestroyWindow
ScreenToClient
GetWindowRect
CreateDialogParamW
ClientToScreen
IsDlgButtonChecked
CheckDlgButton
SetActiveWindow
GetParent
GetWindowLongW
CreateAcceleratorTableW
DestroyAcceleratorTable
IsDialogMessageW
TranslateAcceleratorW
SetWindowLongW
GetMenuItemInfoW
SetFocus
GetDlgItem
GetDlgItemTextW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
DialogBoxParamW
IsWindowVisible
SetTimer
SendDlgItemMessageW
wsprintfW
LoadStringW
SetWindowTextW
ShowWindow
KillTimer
EnableWindow

advapi32

SetSecurityInfo
OpenServiceW
QueryServiceStatus
OpenSCManagerW
CloseServiceHandle
CryptDecrypt
CryptAcquireContextW
CryptGetUserKey
CryptDestroyKey
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
CryptSignHashW
CryptSetHashParam
CryptGetHashParam
RegOpenCurrentUser
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
CryptSetProvParam
GetSecurityDescriptorSacl
DeregisterEventSource
ReportEventA
RegisterEventSourceA

shell32

CommandLineToArgvW
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
OleRun
CoInitialize

oleaut32

SysStringLen
GetErrorInfo
VariantChangeType
SysAllocString
SysFreeString
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen

iphlpapi

GetAdapterIndex
GetAdaptersAddresses
GetIpAddrTable
GetIpForwardTable
GetIpForwardTable2
GetAdaptersInfo

shlwapi

PathRemoveFileSpecW
StrCpyW
StrCmpW
PathFileExistsW

msvcp60

?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB

crypt32

CertOpenSystemStoreW
CertEnumCertificatesInStore
CertCloseStore
CertGetNameStringW
CertGetCertificateContextProperty
CertOpenStore
CertGetNameStringA
CertFreeCertificateContext
CertEnumCertificateContextProperties
CryptProtectData
CryptUnprotectData
CryptAcquireCertificatePrivateKey

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_onexit
__dllonexit
signal
_getch
fputs
fprintf
gmtime
fgets
_setmode
_errno
getenv
isxdigit
sscanf
isupper
strtoul
tolower
isspace
isdigit
_strnicmp
_vsnprintf
__setusermatherr
raise
_exit
qsort
realloc
strchr
memmove
localtime
_itow
strstr
_snprintf
strncmp
mbstowcs
_wsplitpath
_waccess
_wremove
_wfopen
fseek
ftell
sprintf
fopen
wcsncmp
_ftol
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_iob
_controlfp
_CxxThrowException
wcsstr
malloc
atoi
strcpy
strlen
strncpy
wcsncpy
fread
fwrite
_wcsicmp
fflush
_wtoi
memcpy
??2@YAPAXI@Z
_except_handler3
_local_unwind2
_wcsnicmp
memset
__CxxFrameHandler
wcscmp
wcslen
wcscat
wcscpy
wcsrchr
free
_wrename
swprintf
rand
srand
time
_wstat
fclose
perror
fputws
calloc
_snwprintf
_vsnwprintf
isprint
strcmp
??1type_info@@UAE@XZ
wcstombs
wcschr

ws2_32

ntohl
WSAAddressToStringW
WSAStartup
inet_ntoa
WSACleanup
gethostbyname
inet_addr

comctl32

InitCommonControlsEx

Sections

.text
Size: 569KB - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87d90c87a135c03e5ff8ec5f5d03ad00

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

shlwapi

msvcp60

crypt32

msvcrt

ws2_32

comctl32

Sections

.text Size: 569KB - Virtual size: 569KB

.rdata Size: 176KB - Virtual size: 176KB

.data Size: 33KB - Virtual size: 54KB

.rsrc Size: 310KB - Virtual size: 310KB

.text
Size: 569KB - Virtual size: 569KB

.rdata
Size: 176KB - Virtual size: 176KB

.data
Size: 33KB - Virtual size: 54KB

.rsrc
Size: 310KB - Virtual size: 310KB