649df564c677607bab55b3919e74cfae794d65a7ce957e2e42ee18cf94933c74

Sharing

Copy URL Twitter E-mail

General

Target

649df564c677607bab55b3919e74cfae794d65a7ce957e2e42ee18cf94933c74
Size

239KB
MD5

c118a65a48730491a46efe7d53e81e80
SHA1

a785abbb37fa31d1f0480691014726f428f7ac91
SHA256

649df564c677607bab55b3919e74cfae794d65a7ce957e2e42ee18cf94933c74
SHA512

816d01d0ac5211de6ea08c7fb43e6ba764cdd055f1afaf9bf9addd8be57d14c3bdab006111d175e5320cd3d1403d462e28845118b2ab122a4d5666b87e7df1ad
SSDEEP

6144:5xS5QQp9gfX8LSWPS8qPkGTVeAg2RdgDrioA3k23LdlC08zYuzGBCBi:5eQQgfX8LSWPS8qPkGTV7g2RdgDrioAT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
649df564c677607bab55b3919e74cfae794d65a7ce957e2e42ee18cf94933c74

Files

649df564c677607bab55b3919e74cfae794d65a7ce957e2e42ee18cf94933c74
.exe windows:6 windows x86 arch:x86

7a1ec21e5754e64de5f671496ac20d95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupCopyOEMInfA

kernel32

GetProcAddress
LoadLibraryExA
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryA
lstrcmpiA
FindResourceA
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByte
GetCommandLineA
CloseHandle
SetEvent
WaitForSingleObject
CreateEventA
Sleep
CreateThread
GetCurrentThreadId
GetModuleHandleW
lstrcpyA
CreateFileA
ReadFile
WriteFile
GetModuleHandleA
QueryPerformanceFrequency
DeviceIoControl
ReleaseMutex
CreateMutexA
MapViewOfFile
UnmapViewOfFile
SetupComm
SetCommState
SetCommTimeouts
CreateFileMappingA
LocalFree
LCMapStringW
ReadConsoleW
CreateFileW
FlushFileBuffers
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCPInfo
GetOEMCP
GetModuleFileNameA
FreeLibrary
FindResourceExW
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetTempFileNameA
GetTempPathA
WriteConsoleW
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
SetEndOfFile
GetConsoleOutputCP
QueryPerformanceCounter
CompareStringW
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
GetFileType
DeleteFileW
SetFilePointerEx
GetFileSizeEx
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlUnwind
GetConsoleMode

user32

CharNextA
LoadImageA
LoadStringA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
CharUpperA
CharNextW
MessageBoxA

advapi32

ChangeServiceConfigA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerW
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
ChangeServiceConfig2A
RegQueryValueExA
RegQueryInfoKeyA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegSetValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance
StringFromGUID2
CoInitialize
CoTaskMemRealloc

oleaut32

VariantClear
VariantInit
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
RegisterTypeLi
SysAllocString
OleCreatePictureIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocStringLen
SysFreeString
UnRegisterTypeLi

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a1ec21e5754e64de5f671496ac20d95

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 167KB - Virtual size: 166KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 9KB - Virtual size: 9KB