5166f79471e7cce565427b9ee7e6118aee5f3d593124d1b96914dde8cf3bb675

Sharing

Copy URL

Twitter E-mail

General

Target

5166f79471e7cce565427b9ee7e6118aee5f3d593124d1b96914dde8cf3bb675
Size

9.7MB
MD5

9c9c4aaf82400f5667b99fe216976e8f
SHA1

3f657b196eb61c5a88701f0f5c248c8c15fec539
SHA256

5166f79471e7cce565427b9ee7e6118aee5f3d593124d1b96914dde8cf3bb675
SHA512

9f6f43f90649ceafeafa7e3e86bbe74bd0c26337eaeb4b5676c2285e75a139fae8c5d6d30bdff671d62ad6b47e88e8c8f883c8b868df8952fbdf62e62f019396
SSDEEP

196608:Lj3ZjKacfFtdnLXiy2cohAeTuavnB4XYWwf5hhMA/NP0nE+eY0P:B2aKP5Xi/vTPvnB4mUE+4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5166f79471e7cce565427b9ee7e6118aee5f3d593124d1b96914dde8cf3bb675

Files

5166f79471e7cce565427b9ee7e6118aee5f3d593124d1b96914dde8cf3bb675
.exe windows:6 windows x86

63d18efb58721bc3f250c613923bad89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

IIDFromString
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CoCreateGuid
StringFromGUID2
CoCreateInstance
OleRun
OleSetContainedObject
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

shell32

FindExecutableA
SHGetFolderPathA
SHBrowseForFolderA
SHGetFolderLocation
SHGetPathFromIDListA
CommandLineToArgvW
SHGetFolderPathW

wininet

InternetCloseHandle
InternetCrackUrlA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetErrorDlg
HttpQueryInfoA

user32

EnumWindows
MessageBoxW
GetMessageW
PostMessageA
GetWindowThreadProcessId
SetRect
SetFocus
IsChild
GetAncestor
SetWindowLongA
GetWindowLongA
GetFocus
MessageBoxA
wsprintfA
SendMessageA
DefWindowProcW
DispatchMessageW
PeekMessageA
MsgWaitForMultipleObjectsEx
IsWindowUnicode
CharNextA
SetWindowLongW
RegisterClassExW
LoadStringA
GetClassInfoExW
CreateWindowExW
DestroyWindow
ShowWindow
SetWindowPos
GetSystemMenu
EnableMenuItem
CreateWindowExA
RegisterClassExA
PostQuitMessage
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
GetParent
GetDesktopWindow
GetDC
GetWindowLongW
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
ReleaseDC

comctl32

InitCommonControlsEx

kernel32

GetFileType
GetStdHandle
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetConsoleMode
GetSystemTimeAsFileTime
WriteConsoleW
GetStartupInfoW
IsProcessorFeaturePresent
CreateDirectoryW
UnhandledExceptionFilter
GetCPInfo
LCMapStringEx
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
CreateThread
ExitThread
FreeLibraryAndExitThread
DeleteFileW
GetModuleFileNameW
GetModuleHandleW
GetConsoleOutputCP
GetDriveTypeW
InitializeSListHead
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
SetStdHandle
HeapAlloc
HeapFree
HeapSize
HeapReAlloc
CompareStringW
SetUnhandledExceptionFilter
LCMapStringW
GetFileInformationByHandle
GetCommandLineA
GetCommandLineW
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExA
LoadResource
SizeofResource
lstrcmpA
lstrcmpiA
FindResourceA
GetLocaleInfoW
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByte
DeleteFileA
GetTempPathA
lstrcpyA
lstrcatA
lstrlenA
LocalFree
CreateDirectoryA
CreateFileA
WriteFile
CloseHandle
GetSystemDirectoryA
LockResource
FindResourceW
lstrcpynA
CreateToolhelp32Snapshot
Process32First
Process32Next
ReadFile
MulDiv
GetCurrentThreadId
LocalAlloc
FormatMessageA
Sleep
GetUserDefaultLCID
SetEvent
CreateEventA
FileTimeToSystemTime
GetCurrentProcessId
GetLocalTime
FormatMessageW
FindClose
FindFirstFileA
FindNextFileA
GetDriveTypeA
GetFileAttributesA
RemoveDirectoryA
SetFileAttributesA
SetLastError
GetTickCount
MoveFileExA
WaitForSingleObject
ExitProcess
TerminateProcess
OpenProcess
GetWindowsDirectoryA
GetLocaleInfoA
GetSystemDefaultUILanguage
GetThreadLocale
GetUserDefaultUILanguage
GetCurrentProcess
GetNativeSystemInfo
GetSystemWow64DirectoryA
GetModuleHandleExW
LoadLibraryExW
OpenMutexA
SetEndOfFile
SetFilePointerEx
IsValidLocale
QueryPerformanceFrequency
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
OpenThread
GetExitCodeThread
SetHandleInformation
CreatePipe
PeekNamedPipe
GetExitCodeProcess
CreateProcessA
GetModuleHandleExA
LoadLibraryW
ReleaseMutex
CreateMutexA
CreateFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
OutputDebugStringW
EnumSystemLocalesW
ReadConsoleW
FlushFileBuffers
GetFileSizeEx
GetCurrentDirectoryW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetDllDirectoryA
QueryPerformanceCounter

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExA
RegSetValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
CopySid
GetTokenInformation
ConvertSidToStringSidA

oleaut32

SysFreeString
VarUI4FromStr
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
VariantInit

shlwapi

ord12
SHDeleteKeyA
PathAppendA
PathIsDirectoryEmptyA

gdi32

GetDeviceCaps

iphlpapi

GetAdaptersAddresses

crypt32

CryptUnprotectData
CryptStringToBinaryA
CryptBinaryToStringA
CryptProtectData

version

GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeA

msi

ord8
ord204
ord44
ord115
ord117
ord91
ord158
ord160
ord159
ord31
ord189
ord87
ord67
ord168
ord137
ord141

Sections

.text
Size: 632KB - Virtual size: 631KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55.7MB - Virtual size: 55.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63d18efb58721bc3f250c613923bad89

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

wininet

user32

comctl32

kernel32

advapi32

oleaut32

shlwapi

gdi32

iphlpapi

crypt32

version

msi

Sections

.text Size: 632KB - Virtual size: 631KB

.rdata Size: 222KB - Virtual size: 222KB

.data Size: 13KB - Virtual size: 19KB

.rsrc Size: 55.7MB - Virtual size: 55.7MB

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 632KB - Virtual size: 631KB

.rdata
Size: 222KB - Virtual size: 222KB

.data
Size: 13KB - Virtual size: 19KB

.rsrc
Size: 55.7MB - Virtual size: 55.7MB

.reloc
Size: 40KB - Virtual size: 39KB