f90774021f2a2fe8e4c43d45ed8884cad3a792bb6b62f56f3158fb0005825d21

Sharing

Copy URL Twitter E-mail

General

Target

f90774021f2a2fe8e4c43d45ed8884cad3a792bb6b62f56f3158fb0005825d21
Size

735KB
MD5

9a9f8e43091f0556338a978ade15c2e9
SHA1

4766c5abfe5444c1009034105ffb0a2a59830f5a
SHA256

f90774021f2a2fe8e4c43d45ed8884cad3a792bb6b62f56f3158fb0005825d21
SHA512

c1caf1a1f7deef2c69abf31ad7f5fc9a7dbf2b9b3c3a73bec73f19ec72958ebfb50dbd250ac4f0c73855d976097034e1488b7ce9cb07188baa0ebe568c60359f
SSDEEP

12288:WhIXh3UDJH6y0Ao83jpPFCQffgKT9fvfx+2hD16JHYGH2OxVHs5UiU8B+yAp:WhIXhEDJH6y0ajpd9fvfx+4D16XHFxVu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f90774021f2a2fe8e4c43d45ed8884cad3a792bb6b62f56f3158fb0005825d21

Files

f90774021f2a2fe8e4c43d45ed8884cad3a792bb6b62f56f3158fb0005825d21
.exe windows:6 windows x86 arch:x86

ce4b707a9072dbdaa8c96fcddfdefe58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
lstrcmpiW
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
CloseHandle
OpenProcess
CopyFileW
WideCharToMultiByte
InitializeCriticalSection
OutputDebugStringW
GetCurrentProcessId
FreeLibrary
FindResourceExW
GetCurrentThreadId
WriteConsoleW
FlushFileBuffers
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
ReadConsoleW
ReadFile
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapDestroy
GetLastError
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetACP
RaiseException
DecodePointer
IsDebuggerPresent
FormatMessageW
GetStringTypeW
EncodePointer
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
Sleep
InitializeCriticalSectionEx
GetCurrentProcess
GetSystemWindowsDirectoryW
GetVersionExW
FreeResource
CreateFileW
DeviceIoControl
lstrcmpA
LoadLibraryW
GetFileSizeEx
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
LocalFree
ReleaseMutex
WaitForSingleObject
CreateMutexW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetFileType
SetFilePointerEx
WriteFile
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle

user32

GetMessageW
wsprintfW
UnregisterClassW
CharNextW
DestroyWindow
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage

advapi32

GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW

ole32

CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
SysAllocStringLen
VarUI4FromStr
SysFreeString

shlwapi

StrCmpIW
PathAppendW
PathFileExistsW
StrStrIW
StrStrIA
PathCombineW
StrTrimA
StrCmpNIW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW

version

VerQueryValueW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 585KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce4b707a9072dbdaa8c96fcddfdefe58

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

comctl32

psapi

version

iphlpapi

Sections

.text Size: 585KB - Virtual size: 584KB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 585KB - Virtual size: 584KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 26KB - Virtual size: 25KB