00419a1aaecaa4f9c138ccb61f24f413ebf7aa78a2e72fbbcb59655e3032259f

Sharing

Copy URL

Twitter E-mail

General

Target

00419a1aaecaa4f9c138ccb61f24f413ebf7aa78a2e72fbbcb59655e3032259f
Size

4.8MB
MD5

cd790655dd06b7c8234d842c14e31383
SHA1

fc2011cc336d1e00bdcb06a1a752db9e4fc0c49e
SHA256

00419a1aaecaa4f9c138ccb61f24f413ebf7aa78a2e72fbbcb59655e3032259f
SHA512

be7cc2611e68bda7528b371b05e81f21b78c1c4171ebe3000b36955567aad93b5646f4e48cd1f64f4275d43ec4169fa10b69e9ea758a8c938a86d8959800cf7a
SSDEEP

98304:YXNV2/Ob29x9rEt48QyK0TCIibS9+EA4oIoMwGLKJy4yTz:YXNVwOu3rEPHK0TCBg+J9BMDeJyXn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00419a1aaecaa4f9c138ccb61f24f413ebf7aa78a2e72fbbcb59655e3032259f

Files

00419a1aaecaa4f9c138ccb61f24f413ebf7aa78a2e72fbbcb59655e3032259f
.exe windows:5 windows x86 arch:x86

90e7d5f73cdac943894311d79e503e19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError
WSACleanup
__WSAFDIsSet
select
ntohl
htonl
gethostname
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
WSASetLastError
recv
WSAStartup

crypt32

CertFreeCertificateContext

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord46
ord211
ord143
ord60
ord27
ord26
ord22
ord41
ord50

kernel32

GetCurrentProcess
SetLastError
FindNextFileW
FindClose
GetSystemInfo
CreateProcessA
GetExitCodeProcess
GetModuleFileNameA
CreateDirectoryW
CreateDirectoryA
CreateToolhelp32Snapshot
TerminateProcess
MoveFileExW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateFileA
SetFilePointer
WriteFile
ReadFile
CreateThread
GetTickCount
FreeResource
LoadLibraryA
FreeLibrary
ExitProcess
GetModuleHandleA
Process32First
Process32Next
FileTimeToLocalFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileSize
SetEndOfFile
InterlockedCompareExchange
GetPrivateProfileIntA
InterlockedExchange
GetPrivateProfileStringA
SwitchToThread
GetSystemDirectoryW
LoadLibraryW
DeviceIoControl
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
VerSetConditionMask
GetSystemDirectoryA
VerifyVersionInfoA
FormatMessageA
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
FindFirstFileExW
GetCommandLineW
WriteConsoleW
GetModuleHandleExW
MulDiv
DuplicateHandle
LocalFree
lstrlenA
SetEnvironmentVariableA
SetStdHandle
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
OutputDebugStringW
FlushFileBuffers
ReadConsoleW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
AreFileApisANSI
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetVersionExW
GetFullPathNameW
GetModuleFileNameW
WaitForSingleObject
DecodePointer
InterlockedDecrement
FindFirstFileW
SetFileAttributesW
MoveFileW
DeleteFileW
CreateFileW
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
Sleep
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetStringTypeW
EncodePointer
SystemTimeToTzSpecificLocalTime
GetCurrentThreadId
ExitThread
LoadLibraryExW
SetFilePointerEx
GetFileInformationByHandle
GetCurrentProcessId
RtlUnwind
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetDriveTypeW

user32

PtInRect
ShowCaret
CreateCaret
IntersectRect
CharNextW
ClientToScreen
GetWindow
CreateAcceleratorTableW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
CharPrevW
SetRect
DrawTextW
FillRect
GetCaretPos
GetSysColor
SetCaretPos
GetParent
GetWindowRgn
MoveWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
DefWindowProcW
ShowWindow
IsZoomed
MonitorFromWindow
GetMonitorInfoW
SetWindowRgn
GetClientRect
ScreenToClient
IsIconic
SetWindowLongW
GetWindowLongW
KillTimer
SetWindowPos
GetWindowRect
SetTimer
PostQuitMessage
wsprintfW
OffsetRect
InflateRect
SetCursor
SendMessageW
GetKeyState
ReleaseDC
GetDC
SetFocus
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
UpdateLayeredWindow
InvalidateRect
MapWindowPoints
GetCursorPos
GetMessageW
TranslateMessage
DispatchMessageW
GetFocus
IsWindow
SetCapture
ReleaseCapture
PostMessageW
MessageBoxW
EnableWindow
LoadImageW
GetSystemMetrics
RegisterClassW
GetClassInfoExW
CallWindowProcW
SetPropW
GetPropW
HideCaret

gdi32

SelectClipRgn
GetDeviceCaps
GetTextMetricsW
SetWindowOrgEx
GetClipBox
SetStretchBltMode
Rectangle
BitBlt
RestoreDC
SaveDC
CreateCompatibleBitmap
CreatePen
CreateFontIndirectW
CreateRectRgnIndirect
GetObjectW
SetBkColor
ExtTextOutW
CreateSolidBrush
CreatePenIndirect
MoveToEx
SelectObject
LineTo
RoundRect
SetBkMode
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
ExtSelectClipRgn
CombineRgn
GetStockObject
CreateCompatibleDC
CreateDIBSection
DeleteObject
StretchBlt
PtInRegion
CreateRectRgn
DeleteDC
CreateRoundRectRgn

advapi32

CryptHashData
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteA
SHGetPathFromIDListA
SHGetFolderPathA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoInitializeSecurity
OleLockRunning
CLSIDFromString
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID

oleaut32

VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString

shlwapi

StrStrIA
StrRChrIA
PathIsDirectoryA
PathIsDirectoryW
PathFileExistsW
PathAppendW

wininet

InternetOpenW
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetGetConnectedState

netapi32

Netbios

comctl32

_TrackMouseEvent
ord17

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 820KB - Virtual size: 820KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xxx
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90e7d5f73cdac943894311d79e503e19

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wldap32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

netapi32

comctl32

imm32

Sections

.text Size: 820KB - Virtual size: 820KB

.rdata Size: 165KB - Virtual size: 165KB

.data Size: 11KB - Virtual size: 21KB

.xxx Size: 512B - Virtual size: 20B

.rsrc Size: 9.2MB - Virtual size: 9.2MB

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 820KB - Virtual size: 820KB

.rdata
Size: 165KB - Virtual size: 165KB

.data
Size: 11KB - Virtual size: 21KB

.xxx
Size: 512B - Virtual size: 20B

.rsrc
Size: 9.2MB - Virtual size: 9.2MB

.reloc
Size: 39KB - Virtual size: 38KB