b799f0c345ef060f50a098fe5091a5b882116d2cac2caca88dd814149200da6e

Sharing

Copy URL Twitter E-mail

General

Target

b799f0c345ef060f50a098fe5091a5b882116d2cac2caca88dd814149200da6e
Size

8.6MB
MD5

6b7df7f258bf463a6d01567959d41e34
SHA1

ea4a3dd1cca3b2b4e45062edf9331e7360638abc
SHA256

b799f0c345ef060f50a098fe5091a5b882116d2cac2caca88dd814149200da6e
SHA512

a4b25ed9388f3aebcc9075b5b1146d9057fdfe363517bbcc5365805471f34fddb4af5abb8c5110673098be8027801962165c50e7f0ad0edc0d8e1765ef72af99
SSDEEP

196608:A5dfoQNEzBT70b/dc21prl6OfBCR5bd/m+zIUT8qk9:9Q3rtpffBW/zIUTfk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b799f0c345ef060f50a098fe5091a5b882116d2cac2caca88dd814149200da6e

Files

b799f0c345ef060f50a098fe5091a5b882116d2cac2caca88dd814149200da6e
.exe windows:6 windows x86

a349f6e3091eea7d37ffa836d8b4df8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
GetSystemInfo
FindFirstFileA
FindClose
GetProcAddress
LoadLibraryA
HeapFree
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
WriteFile
DeleteFileA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryA
lstrcpyA
lstrlenA
lstrcatA
LocalFileTimeToFileTime
GetFileAttributesA
CreateDirectoryA
SetFileTime
OutputDebugStringA
SetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
LoadLibraryW
GlobalLock
GlobalUnlock
GlobalFree
FindResourceA
MultiByteToWideChar
GlobalAlloc
GlobalSize
LocalFree
MulDiv
FormatMessageA
CopyFileA
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
GetCurrentThread
GetVersionExA
GetModuleFileNameA
lstrcmpA
WaitForSingleObject
SetThreadPriority
ResumeThread
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetACP
GlobalFlags
FileTimeToSystemTime
GetThreadLocale
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
CreateFileMappingA
LocalReAlloc
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
FlushFileBuffers
GetFileSize
GetFullPathNameA
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetCurrentProcess
LoadLibraryExA
lstrcmpiA
GetVolumeInformationA
GetWindowsDirectoryA
FindResourceExW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExA
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTickCount
VerSetConditionMask
VerifyVersionInfoA
GetTempPathA
GetProfileIntA
SearchPathA
Sleep
GetTempFileNameA
GetUserDefaultLCID
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
CreateFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetModuleHandleExW
ExitProcess
RtlUnwind
GetStringTypeW
LCMapStringW
CompareStringW
OutputDebugStringW
CloseHandle
GetLastError
LocalAlloc
CreateFileA
WriteConsoleW

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

shell32

SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
DragFinish
SHBrowseForFolderA
SHAppBarMessage
ShellExecuteA

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW
StrFormatKBSizeA

uxtheme

DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
DrawThemeText
IsAppThemed
GetWindowTheme
GetThemeSysColor
GetThemePartSize

ole32

OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CoUninitialize
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoDisconnectObject
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoInitializeEx
CoCreateInstance
RevokeDragDrop
CoTaskMemFree
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleCreateMenuDescriptor

oleaut32

OleCreateFontIndirect
LoadTypeLi
SysAllocString
VariantCopy
VarBstrFromDate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysFreeString

oledlg

ord8

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipDrawImageRectI
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipBitmapLockBits

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a349f6e3091eea7d37ffa836d8b4df8d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msimg32

winspool.drv

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

wininet

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 350KB - Virtual size: 350KB

.data Size: 4.3MB - Virtual size: 4.3MB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 143KB - Virtual size: 143KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 350KB - Virtual size: 350KB

.data
Size: 4.3MB - Virtual size: 4.3MB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 143KB - Virtual size: 143KB