66fcf9738d7978d4738e39a41376dfb3a42f1f6750998e7664aa3cc50dd7779e

Sharing

Copy URL

Twitter E-mail

General

Target

66fcf9738d7978d4738e39a41376dfb3a42f1f6750998e7664aa3cc50dd7779e
Size

1.6MB
MD5

6502bc81a1723ff8a43966fbbed17d08
SHA1

1a9056b10bfb8a2b44e41a3024f0997b8e5883b8
SHA256

66fcf9738d7978d4738e39a41376dfb3a42f1f6750998e7664aa3cc50dd7779e
SHA512

db094b40e6c967c235b1bec4e7511453aa7da846f6f58f19de82c4666c4760a975eb59a9b0eabfaf375ebce678fe1de228f0d64cb86d604783563160ac5a87ab
SSDEEP

24576:++0dUzpytWJOIEagRxJYzNTmcjBr1Ic9Zs62u0xqUn:zLysMV1ATZr1I8a62uzUn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66fcf9738d7978d4738e39a41376dfb3a42f1f6750998e7664aa3cc50dd7779e

Files

66fcf9738d7978d4738e39a41376dfb3a42f1f6750998e7664aa3cc50dd7779e
.exe windows:5 windows x86 arch:x86

81971984ec430524b721c3868334b9d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileW
GetTickCount
GetCurrentThreadId
GetModuleHandleW
GetVersionExW
GetProcAddress
GetModuleFileNameW
LoadLibraryW
FreeLibrary
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetProcessHeap
SetEndOfFile
SetStdHandle
GetFullPathNameA
GetModuleHandleA
GetConsoleMode
GetConsoleCP
LCMapStringW
SetFilePointer
VirtualQuery
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcess
WriteFile
FormatMessageW
CreateFileW
lstrlenW
GetLocalTime
lstrcatW
IsDebuggerPresent
CloseHandle
GetCurrentProcessId
lstrcpyW
CreateDirectoryW
WaitForSingleObject
GlobalAlloc
Sleep
FileTimeToSystemTime
GetLastError
DeleteFileW
SetFileAttributesW
SetLastError
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
CreateMutexW
OpenMutexW
ReleaseMutex
GetCommandLineW
GetTempPathW
ExitThread
LocalFree
CreateThread
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindFirstFileW
GlobalSize
GlobalLock
GetSystemDirectoryW
GlobalUnlock
FindClose
RemoveDirectoryW
FindNextFileW
GetFileSize
ReadFile
FlushFileBuffers
LocalAlloc
InterlockedIncrement
InterlockedDecrement
GetACP
CreateFileA
CreateFileMappingA
OpenFileMappingA
GetWindowsDirectoryA
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
HeapReAlloc
GetSystemTimeAsFileTime
GetStartupInfoW
FileTimeToLocalFileTime
GetDriveTypeW
ResumeThread
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
RtlUnwind
GetDriveTypeA
FindFirstFileA
GetFileType
GetCPInfo
GetOEMCP
IsValidCodePage
RaiseException
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA

user32

FindWindowW
PostMessageW
IsIconic
GetMessageW
TranslateMessage
GetForegroundWindow
wvsprintfW
SetClipboardData
OpenClipboard
EmptyClipboard
GetClipboardData
EnumClipboardFormats
CloseClipboard
keybd_event
PostThreadMessageW
GetDesktopWindow
DrawTextW
DefWindowProcW
IsWindow
RegisterClassExW
SetPropW
IsWindowEnabled
GetKeyState
ScreenToClient
SetTimer
ClientToScreen
GetFocus
KillTimer
FillRect
ReleaseDC
IntersectRect
MonitorFromRect
GetCursorPos
ShowWindow
IsWindowVisible
GetMonitorInfoW
GetPropW
DispatchMessageW
GetSystemMetrics
ReleaseCapture
GetDC
EndPaint
TrackMouseEvent
BeginPaint
SetWindowLongW
CreateWindowExW
CallWindowProcW
DestroyWindow
SetCursor
EnumDisplayMonitors
PostQuitMessage
SetForegroundWindow
CopyImage
GetClientRect
LoadIconW
GetAsyncKeyState
InvalidateRect
DestroyCursor
SetWindowPos
SendMessageW
EnableWindow
MoveWindow
UpdateLayeredWindow
GetWindowRect
MonitorFromPoint
NotifyWinEvent
SetCapture
GetParent
LoadCursorW
SubtractRect
PtInRect

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler

oleaut32

OleCreatePictureIndirect
SysAllocString

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msimg32

AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow

gdiplus

GdipSetSmoothingMode
GdipCreatePen1
GdipDrawLineI
GdipSetPenStartCap
GdiplusShutdown
GdiplusStartup
GdipDeletePen
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetPenEndCap

wininet

InternetOpenW
InternetQueryOptionW
HttpEndRequestW
HttpOpenRequestW
HttpQueryInfoW
InternetWriteFile
InternetConnectW
InternetOpenUrlW
InternetSetOptionW
InternetCloseHandle
HttpAddRequestHeadersW
HttpSendRequestExW

gdi32

MoveToEx
BitBlt
LineTo
SetTextColor
DeleteDC
CreateDIBSection
CreatePen
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
SelectClipRgn
CreateSolidBrush
GetFontData
CreateFontIndirectW

advapi32

RegCreateKeyExW
RegOpenKeyW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
GetSidLengthRequired
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
LookupAccountSidW
RegQueryValueExW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

Sections

.text
Size: 747KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 646KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

81971984ec430524b721c3868334b9d0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

imm32

version

msimg32

oleacc

gdiplus

wininet

gdi32

advapi32

shell32

Sections

.text Size: 747KB - Virtual size: 747KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 17KB - Virtual size: 33KB

.rsrc Size: 646KB - Virtual size: 648KB

.text
Size: 747KB - Virtual size: 747KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 17KB - Virtual size: 33KB

.rsrc
Size: 646KB - Virtual size: 648KB