cf0895025582529aaaf456114512a724aa4e850c9b71a4747a515dadd3b3c581

Sharing

Copy URL Twitter E-mail

General

Target

cf0895025582529aaaf456114512a724aa4e850c9b71a4747a515dadd3b3c581
Size

1.4MB
MD5

8b6a9ddf696fb4e682347d3ee0083dd5
SHA1

08b4001da504659d0dc318771aa3477af1ed4f0a
SHA256

cf0895025582529aaaf456114512a724aa4e850c9b71a4747a515dadd3b3c581
SHA512

d9789077e70eba91d0a5dfb0b93f2cd23c67bf3fc39d7385564ac38fa9b984f47d9e081859ce2c16fe3978c4166004162fc4315f33957fd2a8bd1c33c2695bae
SSDEEP

24576:tmQnvvhLmEK/oZ6G1PWEf0MLqEMfKwRA:ZvvhLmEK/o6G1DKR/RA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf0895025582529aaaf456114512a724aa4e850c9b71a4747a515dadd3b3c581

Files

cf0895025582529aaaf456114512a724aa4e850c9b71a4747a515dadd3b3c581
.exe windows:6 windows x86

4d45339b91ab69c6814f40c80b509254

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
VerSetConditionMask
WritePrivateProfileStringW
VerifyVersionInfoW
CreateMutexW
LoadLibraryExW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ReadConsoleW
ReadFile
SetEndOfFile
SetFilePointerEx
GetStringTypeW
SetStdHandle
HeapQueryInformation
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
CloseHandle
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
FindResourceExW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetConsoleCtrlHandler
WriteConsoleW
GetFileSizeEx
DeleteFileW
CreateFileW
MultiByteToWideChar
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetEnvironmentStringsW
FreeLibrary
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
OutputDebugStringA
GetFileType
GetCurrentThread
GetACP
WriteFile
GetStdHandle
GetSystemInfo
HeapValidate
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
InterlockedFlushSList
RtlUnwind
VirtualQuery
GetCurrentProcessId
QueryPerformanceCounter
WideCharToMultiByte
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
RaiseException
EnumSystemLocalesW
DecodePointer
ResetEvent
SetEvent
GlobalFree
GlobalUnlock
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalLock

user32

MoveWindow
SetCursor
PtInRect
EqualRect
UnionRect
OffsetRect
SendMessageW
UnregisterClassW
DrawFocusRect
CopyRect
LoadCursorW
CharNextW
GetClassInfoExW
RegisterClassExW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetAsyncKeyState
UpdateLayeredWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
PostMessageW

gdi32

GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
SaveDC
RestoreDC
GetObjectType
DeleteObject
DeleteDC
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
RectVisible
SetViewportOrgEx
OffsetViewportOrgEx

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
GetUserNameW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoInitializeSecurity
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
SysAllocString
VariantClear
VariantInit
SysFreeString

shlwapi

PathRemoveFileSpecW
PathCombineW
PathFileExistsW
PathAppendW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdiplusStartup
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipCreateBitmapFromFileICM

secur32

GetUserNameExW

Sections

.textbss
Size: - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d45339b91ab69c6814f40c80b509254

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

secur32

Sections

.textbss Size: - Virtual size: 504KB

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 231KB - Virtual size: 231KB

.data Size: 6KB - Virtual size: 23KB

.idata Size: 9KB - Virtual size: 8KB

.msvcjmc Size: 1KB - Virtual size: 1KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 42KB - Virtual size: 41KB

.textbss
Size: - Virtual size: 504KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 231KB - Virtual size: 231KB

.data
Size: 6KB - Virtual size: 23KB

.idata
Size: 9KB - Virtual size: 8KB

.msvcjmc
Size: 1KB - Virtual size: 1KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 42KB - Virtual size: 41KB