141b4dc565121a9b5a603c778123e69149902862fc89dec6d8952ac7a562b494

Sharing

Copy URL Twitter E-mail

General

Target

141b4dc565121a9b5a603c778123e69149902862fc89dec6d8952ac7a562b494
Size

2.2MB
MD5

e87e16cb8a56f8da7c08a515bce96f13
SHA1

991fb9a00ce97403d67b2979bc2c64f9af82c9ce
SHA256

141b4dc565121a9b5a603c778123e69149902862fc89dec6d8952ac7a562b494
SHA512

6d81bca0a8ed57a1b5c08bd37b67778f2ed697da38a03c716bca8f8292808215b7f3cdd0462fcef62ae4961474dc1f3ba9451f02a8df9b8e4ff3297b70a863c8
SSDEEP

49152:g6iPYLUv6q4u3sNK7XlSxZmftPr3TyYuptT:EPl6Eo7UtPr9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
141b4dc565121a9b5a603c778123e69149902862fc89dec6d8952ac7a562b494

Files

141b4dc565121a9b5a603c778123e69149902862fc89dec6d8952ac7a562b494
.exe windows:6 windows x86

f783c46d35a1ff8ca9c6cfcad3154054

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
GetSystemDirectoryW
GetModuleHandleA
DisconnectNamedPipe
GetLogicalDriveStringsW
CreateEventW
FormatMessageW
GetFileAttributesExW
OutputDebugStringW
SetEvent
GetCurrentThread
TerminateThread
QueryPerformanceFrequency
GetNativeSystemInfo
LoadLibraryW
ResetEvent
GetCurrentDirectoryW
GetOverlappedResult
GetProcAddress
ExitProcess
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
IsDebuggerPresent
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GlobalSize
GlobalAlloc
GlobalLock
GetCurrentProcessId
GlobalUnlock
GetFullPathNameW
MultiByteToWideChar
WideCharToMultiByte
SetFilePointerEx
GetVersionExW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
GetCurrentThreadId
SetFilePointer
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetTimeZoneInformation
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
RtlUnwind
GetCPInfo
LCMapStringW
CompareStringW
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
EncodePointer
GetExitCodeThread
DuplicateHandle
GetStringTypeW
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
CreateFileW
GetFileAttributesW
GetLocaleInfoW
FindClose
VirtualAlloc
SetThreadPriority
WaitForMultipleObjects
GetModuleFileNameW
CreateMutexW
RemoveDirectoryW
WriteFile
GetCurrentProcess
FindNextFileW
FindFirstFileW
CancelIo
GetVolumeInformationW
TryEnterCriticalSection
ReadFile
SetThreadAffinityMask
CreateDirectoryW
GetCommandLineW
GetModuleHandleW
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CopyFileW
DeleteFileW
WaitForSingleObject
TerminateProcess
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
GetTempPathW
HeapFree
CloseHandle
GetLastError
Sleep
GetThreadTimes

user32

PostMessageW
AttachThreadInput
GetWindowThreadProcessId
GetWindowTextW
SetWindowLongW
TranslateMessage
SetFocus
EnumWindows
MessageBoxW
UnregisterClassW
PeekMessageW
DispatchMessageW
RegisterClassExW
CreateWindowExW
DestroyWindow
GetFocus
SendMessageTimeoutW
DefWindowProcW
GetMessageW
GetWindowLongW
EndPaint
BeginPaint
GetCursorPos
ReleaseDC
SetCursorPos
GetAncestor
InvalidateRect
SetForegroundWindow
ReleaseCapture
GetParent
SystemParametersInfoW
EnableMenuItem
GetDesktopWindow
ShowCaret
GetClientRect
SetCursor
ToUnicode
SetClipboardData
SetCapture
DestroyCaret
LoadCursorW
GetClipboardData
SetLayeredWindowAttributes
GetMessageTime
GetForegroundWindow
TrackMouseEvent
CreateCaret
IsChild
EmptyClipboard
CloseClipboard
CreateIconIndirect
GetMonitorInfoW
GetWindowInfo
DestroyIcon
RedrawWindow
GetCapture
OpenClipboard
GetAsyncKeyState
ShowWindow
GetActiveWindow
SetCaretPos
GetKeyboardState
DestroyCursor
GetWindowPlacement
GetSystemMenu
GetMessageExtraInfo
GetUpdateRgn
GetMessagePos
MapVirtualKeyW
GetWindowRect
GetDC
IsWindowVisible
SetWindowPos
EnumChildWindows
EnumDisplayMonitors
GetIconInfo
ScreenToClient
SendMessageW
GetSystemMetrics
SetWindowTextW
MessageBeep
WindowFromPoint

gdi32

SaveDC
StretchDIBits
CreateRectRgnIndirect
GetPixel
CreateRectRgn
GetRegionData
GetObjectW
ExcludeClipRect
RestoreDC
CreateBitmap
CombineRgn
SelectObject
GetKerningPairsW
CreateCompatibleDC
EnumFontFamiliesExW
GetDeviceCaps
GetTextMetricsW
DeleteDC
SetMapperFlags
GetGlyphIndicesW
DeleteObject
RemoveFontMemResourceEx
SetMapMode
CreateFontIndirectW
GetOutlineTextMetricsW
CreateDIBSection
GetGlyphOutlineW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

shell32

ShellExecuteW
SHGetKnownFolderPath
SHGetSpecialFolderPathW
CommandLineToArgvW
SHFileOperationW
SHGetMalloc
ExtractAssociatedIconW
SHBrowseForFolderW
SHGetPathFromIDListW
ord165

ole32

RevokeDragDrop
RegisterDragDrop
DoDragDrop
OleInitialize
OleUninitialize
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc

shlwapi

PathStripToRootW

ws2_32

select
inet_ntoa
recv
getsockopt
send
setsockopt
closesocket
accept
__WSAFDIsSet
WSAStartup

winmm

timeGetTime
timeKillEvent
timeBeginPeriod

imm32

ImmNotifyIME
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f783c46d35a1ff8ca9c6cfcad3154054

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

ws2_32

winmm

imm32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 302KB - Virtual size: 301KB

.data Size: 28KB - Virtual size: 33KB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 3KB - Virtual size: 2KB

.rsrc Size: 285KB - Virtual size: 285KB

.reloc Size: 85KB - Virtual size: 84KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 302KB - Virtual size: 301KB

.data
Size: 28KB - Virtual size: 33KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 285KB - Virtual size: 285KB

.reloc
Size: 85KB - Virtual size: 84KB