56d192837cee77940a9bb7bdf232a22041152ba34103f9ebf9b2ee84573154a7

Sharing

Copy URL Twitter E-mail

General

Target

56d192837cee77940a9bb7bdf232a22041152ba34103f9ebf9b2ee84573154a7
Size

534KB
MD5

f3ce930944eeb197ccd1e40af0d62a08
SHA1

b5d1e32758e9fdd268bbad290f73dc76685c140e
SHA256

56d192837cee77940a9bb7bdf232a22041152ba34103f9ebf9b2ee84573154a7
SHA512

a052af1ac4e4add3b7ce4a1aff5aaa0bb1dcd0b1111f130b1cadb70e8aea39ac6bc251640a5289e233d05d87caf499b0758b330fa2ddab8205cc23529e2a3825
SSDEEP

12288:eixs0fKAEfxmIMHrtWq2ldFyUzz/qzlmawQ4m5DW:fxffKHfkOd0Uzz/xazvM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56d192837cee77940a9bb7bdf232a22041152ba34103f9ebf9b2ee84573154a7

Files

56d192837cee77940a9bb7bdf232a22041152ba34103f9ebf9b2ee84573154a7
.exe windows:6 windows x64 arch:x64

93c914c3b470cdac5919b192caf1e976

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateDirectoryW
GetModuleHandleW
GetFileSize
FindResourceW
LoadResource
FindResourceExW
CloseHandle
LockResource
SetEvent
CreateFileW
GetModuleFileNameW
WaitForMultipleObjects
WaitForSingleObject
GetTempPathW
QueryFullProcessImageNameW
GetCurrentProcessId
GetSystemInfo
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
WriteFile
FindClose
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
Process32FirstW
Process32NextW
Sleep
CreateEventW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcess
OpenEventW
SizeofResource
ReadFile
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
ExitProcess
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
FindFirstFileExW
HeapFree
CompareStringOrdinal
LoadLibraryExW
VirtualProtect
GetProcAddress
SetProcessAffinityMask
GetActiveProcessorGroupCount
TerminateProcess
LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetLogicalProcessorInformationEx
GetActiveProcessorCount
GetNumaHighestNodeNumber
IsDebuggerPresent
OutputDebugStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
WaitForSingleObjectEx
GetExitCodeThread
QueryPerformanceCounter
EncodePointer
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlUnwind

user32

DialogBoxParamW
UpdateWindow
EndDialog
GetWindowTextW
SetWindowTextW
RedrawWindow
SetDlgItemTextW
GetSysColor
SystemParametersInfoW
CheckMenuItem
SetMenu
SetTimer
SendMessageW
GetDlgItem
LoadImageW
GetWindowLongPtrW
GetDC
ReleaseDC
GetMessageW
DefWindowProcW
RegisterClassExW
LoadAcceleratorsW
TrackPopupMenu
GetSubMenu
DispatchMessageW
TranslateAcceleratorW
TranslateMessage
LoadIconW
FindWindowW
LoadCursorW
wsprintfW
PostQuitMessage
RegisterWindowMessageW
SetForegroundWindow
GetCursorPos
LoadMenuW
PostMessageW
GetWindowRect
GetMenu
DestroyWindow
MessageBoxW
SetPropW
GetClientRect
BeginPaint
FillRect
FrameRect
EndPaint
GetMenuBarInfo
OffsetRect
GetMenuItemInfoW
IntersectRect
DrawTextW
LoadStringW
GetClassLongPtrW
SetWindowPos
ShowWindow
SetClassLongPtrW
EnumChildWindows
SetWindowLongPtrW
CreateWindowExW
ScreenToClient

gdi32

CreateCompatibleDC
GetTextExtentPoint32W
CreateFontIndirectW
SetTextColor
SetBkColor
DeleteObject
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
BitBlt
DeleteDC
SetBkMode
GetObjectW
GetStockObject
CreateBitmap

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW

shell32

ShellExecuteExW
ShellExecuteW
SHGetKnownFolderPath
Shell_NotifyIconW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

shlwapi

PathMatchSpecW

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW

uxtheme

CloseThemeData
DrawThemeText
DrawThemeBackground
OpenThemeData
SetWindowTheme

pdh

PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCloseQuery
PdhCollectQueryData
PdhAddEnglishCounterW
PdhOpenQueryW

wintrust

WinVerifyTrust

comctl32

InitCommonControlsEx
ord17
ord413
ord410
ord412

Sections

.text
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93c914c3b470cdac5919b192caf1e976

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

uxtheme

pdh

wintrust

comctl32

Sections

.text Size: 381KB - Virtual size: 380KB

.rdata Size: 111KB - Virtual size: 110KB

.data Size: 10KB - Virtual size: 18KB

.pdata Size: 18KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 381KB - Virtual size: 380KB

.rdata
Size: 111KB - Virtual size: 110KB

.data
Size: 10KB - Virtual size: 18KB

.pdata
Size: 18KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 3KB - Virtual size: 3KB