342d1187f276e925f48a7ca66d01af0dc67828e845268b52177be6fc6da50e50

Sharing

Copy URL

Twitter E-mail

General

Target

342d1187f276e925f48a7ca66d01af0dc67828e845268b52177be6fc6da50e50
Size

758KB
MD5

7600bf24e1fcf69db77d635e9c724c7c
SHA1

41365129355bf062474640359dd5fa3b68c4c620
SHA256

342d1187f276e925f48a7ca66d01af0dc67828e845268b52177be6fc6da50e50
SHA512

531c599ecf9eb160020d623fea1c9832bc4ff280c58a748c26bbb48fd8b03f98afeb18d86428b18d3698f7d0a592a70f30f6d5342c5f068f3c3540cbc362a2dd
SSDEEP

12288:jUZy93y/u81hwyayMUx9XZ0rajhHCYdzyU1WjTA1Ax9rtn:jUZKyuwLayTor+NyRjk1MB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
342d1187f276e925f48a7ca66d01af0dc67828e845268b52177be6fc6da50e50

Files

342d1187f276e925f48a7ca66d01af0dc67828e845268b52177be6fc6da50e50
.exe windows:5 windows x86 arch:x86

3cdbd323b5afb0e05c8e80099e3b150a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessMemoryInfo
QueryWorkingSet
GetModuleInformation
GetModuleFileNameExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

FindNextFileW
FindFirstFileW
ReadProcessMemory
VirtualQueryEx
OpenThread
GetLocalTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalMemoryStatus
Sleep
WideCharToMultiByte
ExpandEnvironmentStringsW
InterlockedExchange
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
ReadFile
MoveFileExW
GetFileSize
GetVolumeInformationW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFilePointer
GetLogicalDrives
GetDriveTypeW
DeviceIoControl
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
CreateMutexW
InterlockedCompareExchange
SystemTimeToFileTime
GetPrivateProfileStringW
GetFileSizeEx
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetPrivateProfileIntW
InitializeCriticalSectionAndSpinCount
Module32NextW
VirtualProtect
Module32FirstW
HeapCreate
HeapAlloc
CreateEventW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
LeaveCriticalSection
SetEndOfFile
CreateFileA
GetTimeZoneInformation
WriteFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
EnterCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
ExitProcess
FatalAppExitA
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetFileAttributesW
GetSystemTimeAsFileTime
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
lstrlenA
CreateFileW
SetEvent
GetLastError
DeleteFileW
CreateProcessW
GetCommandLineW
LocalFree
GetNativeSystemInfo
IsWow64Process
lstrcmpiW
LoadLibraryExW
InitializeCriticalSection
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
GetLocaleInfoW
RaiseException
DeleteCriticalSection
OpenProcess
LoadLibraryW
WaitForSingleObject
CloseHandle
FreeLibrary
GetCurrentThreadId
GetProcAddress
FindResourceExW
GetVersionExW
MultiByteToWideChar
lstrlenW
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
LockResource
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushInstructionCache
TerminateProcess
GetStringTypeA

user32

TrackMouseEvent
GetFocus
PostMessageW
PostQuitMessage
SetCursor
ScreenToClient
GetCursorPos
LoadCursorW
UnregisterClassA
DispatchMessageW
EnumWindows
GetWindowThreadProcessId
UpdateLayeredWindow
GetWindowDC
GetWindowRect
DrawTextW
DestroyCursor
TranslateAcceleratorW
DefWindowProcW
SetWindowPos
MessageBeep
LoadStringW
SendMessageW
IsWindow
PtInRect
PeekMessageW
EnumChildWindows
GetClassNameW
GetWindowTextW
CharNextW
CreateWindowExW
GetClassInfoExW
LoadImageW
RegisterClassExW
LoadMenuW
LoadAcceleratorsW
DestroyWindow
ShowWindow
GetMessageW
TranslateMessage
SetTimer
CallWindowProcW
SetWindowLongW
LoadStringA
GetParent
GetWindow
MonitorFromWindow
MonitorFromPoint
GetMonitorInfoW
SetFocus
KillTimer
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
TrackPopupMenuEx
DestroyMenu
ReleaseDC
CreatePopupMenu
MapWindowPoints
GetClientRect
SetWindowTextW
GetWindowLongW
InvalidateRect

gdi32

CreateDIBSection
CreateCompatibleDC
SelectObject
SetTextColor
SetBkMode
CreateCompatibleBitmap
SaveDC
GetBitmapBits
SetBitmapBits
RestoreDC
DeleteObject
DeleteDC
CreateFontW

advapi32

LookupPrivilegeValueW
RegQueryValueExW
AdjustTokenPrivileges
RevertToSelf
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
AllocateAndInitializeSid
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
QueryServiceStatus
DeleteService
ControlService
OpenServiceW
StartServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
RegEnumValueW

shell32

SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoUninitialize
CoTaskMemRealloc
CoCreateGuid
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoInitialize

oleaut32

VariantChangeType
GetErrorInfo
SysAllocStringByteLen
SysAllocString
CreateErrorInfo
SysStringLen
SetErrorInfo
VariantClear
SysFreeString
VariantInit
VarUI4FromStr

shlwapi

SHDeleteKeyW
PathFindFileNameW
PathRemoveExtensionW
PathAppendW
StrStrIW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathFindExtensionW
PathGetDriveNumberW
PathStripPathW

comctl32

InitCommonControlsEx

msimg32

GradientFill
AlphaBlend

iphlpapi

GetAdaptersAddresses
GetIpForwardTable

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpOpen
WinHttpReadData

Sections

.text
Size: 622KB - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cdbd323b5afb0e05c8e80099e3b150a

Headers

DLL Characteristics

File Characteristics

Imports

psapi

userenv

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

iphlpapi

wtsapi32

winhttp

Sections

.text Size: 622KB - Virtual size: 622KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 8KB - Virtual size: 29KB

.rsrc Size: 23KB - Virtual size: 22KB

.text
Size: 622KB - Virtual size: 622KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 8KB - Virtual size: 29KB

.rsrc
Size: 23KB - Virtual size: 22KB