361097301fd7a2315fe0fcaa96551df881b5f36aec956bf202e25540d84c2b44

Sharing

Copy URL

Twitter E-mail

General

Target

361097301fd7a2315fe0fcaa96551df881b5f36aec956bf202e25540d84c2b44
Size

4.8MB
MD5

577b7f728eab4cfa0325128130c85ef1
SHA1

80f0d66fb7b5be6c21c6a48117c466f32591b7ab
SHA256

361097301fd7a2315fe0fcaa96551df881b5f36aec956bf202e25540d84c2b44
SHA512

6feced12c7ce0497a25a6e37c65ef21fb3663179af0d127cf1ed87d9b4bc1542fd19b2257b94f81a1ba7939f0e3b193b2d40b6457622041a7ffa8b952193d76f
SSDEEP

98304:lU2+998aC9x9rmERN0RwUV75ZyGsu/8tiowqGkM9iKTN3KCHen/8:lUV9SJ3rmERNIVV0a/8G7kM9YUX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
361097301fd7a2315fe0fcaa96551df881b5f36aec956bf202e25540d84c2b44

Files

361097301fd7a2315fe0fcaa96551df881b5f36aec956bf202e25540d84c2b44
.exe windows:5 windows x86 arch:x86

534301424fc0fba03a853d846684ae83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError
WSACleanup
__WSAFDIsSet
select
ntohl
htonl
gethostname
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
WSASetLastError
recv
WSAStartup

crypt32

CertFreeCertificateContext

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord46
ord211
ord143
ord60
ord27
ord26
ord22
ord41
ord50

kernel32

GetCurrentProcess
SetLastError
FindNextFileW
FindClose
GetSystemInfo
CreateProcessA
GetExitCodeProcess
GetModuleFileNameA
CreateDirectoryW
CreateDirectoryA
TerminateProcess
MoveFileExW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateFileA
SetFilePointer
WriteFile
ReadFile
CreateThread
GetTickCount
Sleep
FreeResource
LoadLibraryA
FreeLibrary
ExitProcess
GetModuleHandleA
FileTimeToLocalFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileSize
SetEndOfFile
InterlockedCompareExchange
GetPrivateProfileIntA
InterlockedExchange
GetPrivateProfileStringA
SwitchToThread
GetSystemDirectoryW
LoadLibraryW
DeviceIoControl
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
VerSetConditionMask
GetSystemDirectoryA
VerifyVersionInfoA
FormatMessageA
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
FindFirstFileExW
GetCommandLineW
WriteConsoleW
GetModuleHandleExW
MulDiv
DuplicateHandle
LocalFree
lstrlenA
SetEnvironmentVariableA
SetStdHandle
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
AreFileApisANSI
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetVersionExW
GetFullPathNameW
GetModuleFileNameW
WaitForSingleObject
DecodePointer
InterlockedDecrement
FindFirstFileW
SetFileAttributesW
MoveFileW
DeleteFileW
CreateFileW
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetStringTypeW
EncodePointer
SystemTimeToTzSpecificLocalTime
GetCurrentThreadId
ExitThread
LoadLibraryExW
SetFilePointerEx
GetFileInformationByHandle
GetCurrentProcessId
RtlUnwind
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetDriveTypeW

user32

PtInRect
ShowCaret
CreateCaret
IntersectRect
CharNextW
ClientToScreen
GetWindow
CreateAcceleratorTableW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
CharPrevW
SetRect
DrawTextW
FillRect
GetCaretPos
GetSysColor
SetCaretPos
GetParent
GetWindowRgn
MoveWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
DefWindowProcW
ShowWindow
IsZoomed
MonitorFromWindow
GetMonitorInfoW
SetWindowRgn
GetClientRect
ScreenToClient
IsIconic
SetWindowLongW
GetWindowLongW
KillTimer
SetWindowPos
GetWindowRect
SetTimer
PostQuitMessage
wsprintfW
OffsetRect
InflateRect
SetCursor
SendMessageW
GetKeyState
ReleaseDC
GetDC
SetFocus
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
UpdateLayeredWindow
InvalidateRect
MapWindowPoints
GetCursorPos
GetMessageW
TranslateMessage
DispatchMessageW
GetFocus
IsWindow
SetCapture
ReleaseCapture
PostMessageW
MessageBoxW
EnableWindow
LoadImageW
GetSystemMetrics
RegisterClassW
GetClassInfoExW
CallWindowProcW
SetPropW
GetPropW
HideCaret

gdi32

GetClipBox
SelectClipRgn
GetDeviceCaps
GetTextMetricsW
SetWindowOrgEx
SetBkColor
CreateRectRgnIndirect
Rectangle
BitBlt
RestoreDC
SaveDC
CreateCompatibleBitmap
CreatePen
ExtSelectClipRgn
GetStockObject
GetObjectW
ExtTextOutW
CreateSolidBrush
CreatePenIndirect
MoveToEx
SelectObject
LineTo
RoundRect
SetBkMode
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
CombineRgn
StretchBlt
CreateFontIndirectW
CreateCompatibleDC
CreateDIBSection
DeleteObject
SetStretchBltMode
PtInRegion
CreateRectRgn
DeleteDC
CreateRoundRectRgn

advapi32

CryptDestroyHash
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyKey
CryptImportKey
CryptEncrypt
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteA
SHGetPathFromIDListA
SHGetFolderPathA
ShellExecuteW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoInitializeSecurity
OleLockRunning
CLSIDFromString
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID

oleaut32

VariantInit
VariantClear
SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringByteLen

shlwapi

StrRChrIA
PathIsDirectoryA
PathFileExistsW
PathIsDirectoryW
PathAppendW

wininet

InternetOpenW
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetGetConnectedState

netapi32

Netbios

comctl32

_TrackMouseEvent
ord17

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 806KB - Virtual size: 805KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xxx
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

534301424fc0fba03a853d846684ae83

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wldap32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

netapi32

comctl32

imm32

Sections

.text Size: 806KB - Virtual size: 805KB

.rdata Size: 159KB - Virtual size: 159KB

.data Size: 11KB - Virtual size: 21KB

.xxx Size: 512B - Virtual size: 20B

.rsrc Size: 8.8MB - Virtual size: 8.8MB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 806KB - Virtual size: 805KB

.rdata
Size: 159KB - Virtual size: 159KB

.data
Size: 11KB - Virtual size: 21KB

.xxx
Size: 512B - Virtual size: 20B

.rsrc
Size: 8.8MB - Virtual size: 8.8MB

.reloc
Size: 38KB - Virtual size: 37KB