9763005351ae609bc4d0d664529cacef5c98b37e71f547f38c39b64b597e55ef

Sharing

Copy URL Twitter E-mail

General

Target

9763005351ae609bc4d0d664529cacef5c98b37e71f547f38c39b64b597e55ef
Size

307KB
MD5

882cff791ef1406ada3446b4ab957e7b
SHA1

902dca78137c5a773bb611d8f29b9f6f94758f35
SHA256

9763005351ae609bc4d0d664529cacef5c98b37e71f547f38c39b64b597e55ef
SHA512

cbcf6972e71e1fddcd88d43c80af84b70b2c6cdca5093958177c29b302e8a443af85931b4b6c3b75c9dde30f952c52146182754301f066cf7204fbc6c85b1f18
SSDEEP

6144:ofzvH7DdWnb7KH4vJdE0G8BGCoxPW+U2LSpMolh2AO8ko7e0Z:ofnq2H4vJd/2xPWuLIMolcS60Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9763005351ae609bc4d0d664529cacef5c98b37e71f547f38c39b64b597e55ef

Files

9763005351ae609bc4d0d664529cacef5c98b37e71f547f38c39b64b597e55ef
.exe windows:6 windows x86

5bac86da3aa73cb134c0c598360bcd6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
DeleteFileW
GetLongPathNameW
GetCurrentProcess
TerminateProcess
K32GetModuleFileNameExW
WaitForSingleObject
OpenProcess
LoadLibraryW
K32EnumProcesses
GetProcAddress
GetCurrentProcessId
FreeLibrary
GetExitCodeProcess
LoadResource
WideCharToMultiByte
WritePrivateProfileStringW
RemoveDirectoryW
GetTempPathW
GetFileAttributesW
SetFileAttributesW
GetWindowsDirectoryW
MoveFileExW
CopyFileW
MoveFileW
FindResourceExW
RaiseException
CloseHandle
HeapReAlloc
LockResource
GetLastError
Sleep
HeapSize
InitializeCriticalSectionEx
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetModuleFileNameW
SizeofResource
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
IsDebuggerPresent
OutputDebugStringW
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
MultiByteToWideChar
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
lstrcpynW
lstrlenW
GetSystemWindowsDirectoryW
GetVersionExW
FreeResource
LoadLibraryExW
CreateFileW
DeviceIoControl
lstrcmpA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
lstrcmpiA
GetSystemDirectoryW
CreateFileA
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
GetACP
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
ReadConsoleW
SetFilePointerEx
FindClose

advapi32

RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegEnumKeyExA

shell32

ShellExecuteExW
ord165
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoCreateGuid

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen

shlwapi

PathCombineW
StrCmpNIW
StrTrimA
StrStrIA
StrStrIW
PathFileExistsW
PathAppendW
StrCmpIW
SHSetValueA
SHGetValueA
PathRemoveFileSpecW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bac86da3aa73cb134c0c598360bcd6d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

iphlpapi

urlmon

version

Sections

.text Size: 217KB - Virtual size: 217KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 5KB - Virtual size: 26KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 217KB - Virtual size: 217KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 5KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB