86038c31aaed1ed72727c9ac59e5639a29a1c29bf0d071c6c60ac42ece4471c5

Sharing

Copy URL Twitter E-mail

General

Target

86038c31aaed1ed72727c9ac59e5639a29a1c29bf0d071c6c60ac42ece4471c5
Size

340KB
MD5

87626ffaa848c541fd054d72fb91e185
SHA1

53227ed2257c29b4bc862ad868e01a3d014578a7
SHA256

86038c31aaed1ed72727c9ac59e5639a29a1c29bf0d071c6c60ac42ece4471c5
SHA512

1017a1bfe26ed8b4a469abf84ad99740a60d908ff40bb5172983e548e0aed0968331e7cde225dd6b4574e2103b1366d14a9acb95dc24576ebfa2eb89d95864d4
SSDEEP

6144:elMx3NyGBynzXO+5y/JmqOKI1Z2RXvE/irk4W+Vz:IMx3NybzX2/Uq/E/Ik4Wy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86038c31aaed1ed72727c9ac59e5639a29a1c29bf0d071c6c60ac42ece4471c5

Files

86038c31aaed1ed72727c9ac59e5639a29a1c29bf0d071c6c60ac42ece4471c5
.exe windows:4 windows x86 arch:x86

bf99b754db5bf625d931fbd3194bd4e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyn
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
GetModuleFileNameA
VirtualProtect
GetProcAddress
GetCurrentProcess
GetModuleHandleA
CloseHandle
CreateFileA
HeapSize
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
InterlockedExchange
HeapFree
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
RtlUnwind
TerminateProcess
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
CreateFileA
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
MultiByteToWideChar
Sleep
GetProcAddress
SetFilePointer
ReadFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
GetModuleHandleA

hyjrd

LIV_open
LIV_get_hardware_info
LIV_passwd
LIV_read
LIV_close

ntdll

RtlAdjustPrivilege
NtRaiseHardError

wmvert

wm_GetWidth
wm_Copy
wm_CBGetItemData
wm_Destroy
wm_FillRect
wm_Clear
wm_LoadWin
wm_GotoInternet
wm_BXor
wm_GetHDiskCode
wm_SHL
wm_BinLen
wm_Trim
wm_RpSubBin
wm_pstr
wm_RTrim
wm_GetRunPath
wm_InStrRev
wm_Space
wm_WriteFile
wm_RpBin
wm_InBin
wm_BinMid
wm_InBinRev
wm_CnvToBin
wm_BinLeft
wm_ReadFile
wm_GetHeight
wm_BNot
wm_BOr
wm_Split
wm_BAnd
wm_pbin
wm_GetBinData
wm_SpaceBin
wm_Randomize
wm_GetTickCount
wm_MsgBox
wm_Close
wm_WriteLine
wm_Right
wm_Left
wm_Rnd
wm_Open
wm_OpenDlg
wm_InStr
wm_Chr
wm_Asc
wm_Pow
wm_Str
wm_Mod
wm_ToInt
wm_Mid
wm_Len
wm_TrimAll
wm_DrawRect
wm_Now
wm_GetPic
wm_Say
wm_Year
wm_Month
wm_Day
wm_Val
wm_FileCopy
wm_SaveRegItem
wm_String
wm_CreateWindowFromTemplate
wm_SHR
wm_NotifySys

user32

wsprintfA

Sections

.text
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf99b754db5bf625d931fbd3194bd4e9

Headers

File Characteristics

Imports

kernel32

hyjrd

ntdll

wmvert

user32

Sections

.text Size: 184KB - Virtual size: 182KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 108KB - Virtual size: 132KB

.rsrc Size: 32KB - Virtual size: 28KB

.text
Size: 184KB - Virtual size: 182KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 108KB - Virtual size: 132KB

.rsrc
Size: 32KB - Virtual size: 28KB