7dd4fd5ee0d6bdc8c1e577bd33e5789bad3ff6586b398044268ef162ec92680c

Sharing

Copy URL Twitter E-mail

General

Target

7dd4fd5ee0d6bdc8c1e577bd33e5789bad3ff6586b398044268ef162ec92680c
Size

2.0MB
MD5

5357b1cd6b718ea32ca65b3c560a5e9b
SHA1

05098319ddc634e1d21891aa05d0a48634862897
SHA256

7dd4fd5ee0d6bdc8c1e577bd33e5789bad3ff6586b398044268ef162ec92680c
SHA512

2e718dffee2472bde9df9056ce2b34b983a100ec5ff2f0da11737f1b3ff78fe7f6a02e4779310972df44ddee392d4327fff7aa6ce4ac01f34ad6c9f5862a592f
SSDEEP

24576:7jyJZ9+n6a9DhvhtIGwq4lxiKzKo/XxvtbAdUPjSTIrk:7j+Cn6a3vjiJWE1iaPjSs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7dd4fd5ee0d6bdc8c1e577bd33e5789bad3ff6586b398044268ef162ec92680c

Files

7dd4fd5ee0d6bdc8c1e577bd33e5789bad3ff6586b398044268ef162ec92680c
.exe windows:6 windows x86 arch:x86

3f6c528d54eb589d991071bf7daf9fea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

ArcTo

user32

IsZoomed
CreateCursor
UnhookWinEvent
TrackMouseEvent

ole32

CoGetApartmentType
CoGetObjectContext

advapi32

SetServiceStatus
RegGetKeySecurity
CloseEventLog
GetSidSubAuthority
CopySid

kernel32

GetConsoleOutputCP
ReadFile
ReadConsoleW
CreateFileW
WriteConsoleW
HeapReAlloc
HeapSize
GetConsoleMode
GetProcAddress
RaiseException
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
FormatMessageA
InitOnceBeginInitialize
InitOnceComplete
GetLastError
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
RtlCaptureStackBackTrace
IsProcessorFeaturePresent
QueryPerformanceCounter
QueryPerformanceFrequency
CloseHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
LocalFree
GetLocaleInfoEx
SetFileInformationByHandle
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
InitOnceExecuteOnce
SleepConditionVariableCS
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetModuleHandleW
GetFileInformationByHandleEx
CreateSymbolicLinkW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
FlushFileBuffers
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
GetCurrentThread
SetConsoleCtrlHandler
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetFileSizeEx
SetFilePointerEx
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
DecodePointer

Sections

.text
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 757KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 669KB - Virtual size: 675KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Bss
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f6c528d54eb589d991071bf7daf9fea

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

ole32

advapi32

kernel32

Sections

.text Size: 576KB - Virtual size: 575KB

.rdata Size: 757KB - Virtual size: 756KB

.data Size: 669KB - Virtual size: 675KB

.idata Size: 5KB - Virtual size: 5KB

.Bss Size: 512B - Virtual size: 294B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 270B

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 576KB - Virtual size: 575KB

.rdata
Size: 757KB - Virtual size: 756KB

.data
Size: 669KB - Virtual size: 675KB

.idata
Size: 5KB - Virtual size: 5KB

.Bss
Size: 512B - Virtual size: 294B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 270B

.reloc
Size: 26KB - Virtual size: 25KB