be9b7f34febcdcad57e62ff8a1006d65a753e9c899b32cefd246fcb6cc0efc6e

Sharing

Copy URL Twitter E-mail

General

Target

be9b7f34febcdcad57e62ff8a1006d65a753e9c899b32cefd246fcb6cc0efc6e
Size

701KB
MD5

5fdf50c96330e89e6a2abba8c30674b8
SHA1

d9d6d1050f003054b2494ac1306861c950bbaec6
SHA256

be9b7f34febcdcad57e62ff8a1006d65a753e9c899b32cefd246fcb6cc0efc6e
SHA512

c0f01ab6a39feaf826c8193d352364b2db9c248c3948898c60174a1b21ab9e9c5c306d1f2ef22b6b2e50ed12c53290582406daed948d4ba9181654aacd1787d0
SSDEEP

12288:DLCH7cnLlbzOiX9MJafAjfz8SGhs8N9RgpYRlyLifeN0REZHXtM:DL8gx5uAYP8bhsA9RgpYRULtN0aZH9M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be9b7f34febcdcad57e62ff8a1006d65a753e9c899b32cefd246fcb6cc0efc6e

Files

be9b7f34febcdcad57e62ff8a1006d65a753e9c899b32cefd246fcb6cc0efc6e
.exe windows:5 windows x86

dcc76c2c5b131b5d1716319b42fe32b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

wininet

InternetOpenW
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW
InternetReadFile

kernel32

GetPrivateProfileSectionNamesW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetVersion
CreateDirectoryW
LoadLibraryW
lstrcpynA
lstrlenA
HeapFree
GetProcessHeap
CreateProcessW
GetVersionExW
TerminateProcess
OpenProcess
GetTickCount
Sleep
DeleteFileW
CopyFileW
WriteFile
CreateFileA
DeviceIoControl
GetComputerNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
GlobalUnlock
GlobalLock
WideCharToMultiByte
GlobalAlloc
GetCurrentThreadId
CreateFileW
FindResourceExW
LockResource
GetFileAttributesW
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
VirtualQuery
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
CreateMutexW
GetCurrentProcess
RaiseException
FreeLibrary
GetPrivateProfileSectionW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
GetLastError
GetModuleFileNameW
lstrlenW
GetProcAddress
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
FindNextFileW
FindFirstFileW
WritePrivateProfileStringW
CloseHandle
CreateThread
GetPrivateProfileIntW
LCMapStringA
GetModuleHandleA
LoadLibraryA
DebugBreak
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoW
HeapReAlloc
GetSystemTimeAsFileTime
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MulDiv
GetFileSize
HeapSize
ExitProcess
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
SetLastError
GetPrivateProfileStringW
MultiByteToWideChar
GetLocalTime
FreeResource
ReadFile
TlsFree

user32

SendMessageW
CharNextW
GetDesktopWindow
IsWindow
MoveWindow
PostQuitMessage
GetWindowRect
SetWindowRgn
IsIconic
ScreenToClient
SetWindowPos
GetClientRect
SetWindowLongW
GetWindowLongW
PostMessageW
GetWindow
IntersectRect
ExitWindowsEx
SystemParametersInfoW
SetFocus
RemovePropW
SetClipboardData
EmptyClipboard
BringWindowToTop
MonitorFromWindow
GetMonitorInfoW
SendInput
GetCursorPos
IsZoomed
RegisterHotKey
LoadIconW
SetWindowsHookExW
SetPropW
MessageBoxW
CallNextHookEx
GetKeyState
EnumWindows
GetWindowThreadProcessId
OffsetRect
DefWindowProcW
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallWindowProcW
SetCursor
LoadCursorW
wvsprintfW
RegisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetDC
InvalidateRect
SetTimer
KillTimer
ReleaseDC
DestroyWindow
IsRectEmpty
GetFocus
MapWindowPoints
ReleaseCapture
SetCapture
GetDlgItem
EndPaint
BeginPaint
GetUpdateRect
FillRect
InvalidateRgn
CreateAcceleratorTableW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
SetWindowTextW
DrawTextW
SetRect
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetParent
PtInRect
SetForegroundWindow
GetPropW

gdi32

SetBkMode
TextOutW
GetTextExtentPoint32W
SetTextColor
MoveToEx
LineTo
CombineRgn
CreateRectRgnIndirect
DeleteObject
CreateRoundRectRgn
CreatePen
CreateFontIndirectW
GetObjectW
GetStockObject
GetTextMetricsW
SelectObject
DeleteDC
SetWindowOrgEx
Rectangle
BitBlt
RestoreDC
SaveDC
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
SelectClipRgn
ExtSelectClipRgn
GetClipBox
StretchBlt
CreateDIBSection
SetStretchBltMode
ExtTextOutW
SetBkColor
CreateSolidBrush

comdlg32

GetOpenFileNameW

advapi32

RegQueryValueExA
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
OpenProcessToken
RegOpenKeyW
LookupPrivilegeValueW
RegOpenKeyExA
RegQueryValueExW
AdjustTokenPrivileges
RegSetValueExW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
Shell_NotifyIconW
DragAcceptFiles
DragQueryFileW
DragFinish
SHGetSpecialFolderPathW
SHChangeNotify
SHBrowseForFolderW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
StgIsStorageFile
StgOpenStorage
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoTaskMemRealloc

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString
VarUI4FromStr
VariantCopy

ws2_32

WSAGetLastError
gethostbyname
send
WSAStartup
socket
htons
connect
recv
closesocket

comctl32

_TrackMouseEvent
ord17

Sections

.text
Size: 413KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcc76c2c5b131b5d1716319b42fe32b7

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ws2_32

comctl32

Sections

.text Size: 413KB - Virtual size: 413KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 180KB - Virtual size: 184KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 413KB - Virtual size: 413KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 180KB - Virtual size: 184KB

.reloc
Size: 29KB - Virtual size: 29KB