7ffca5ddb0842cc81e94291abf175864d8ef08a19830ef02220f84f5999e858f

Sharing

Copy URL Twitter E-mail

General

Target

7ffca5ddb0842cc81e94291abf175864d8ef08a19830ef02220f84f5999e858f
Size

9.7MB
MD5

e183de98addfa74797ceb235efd38add
SHA1

509ff9a1d3037a91b7e8c8e348df44b9055c7e54
SHA256

7ffca5ddb0842cc81e94291abf175864d8ef08a19830ef02220f84f5999e858f
SHA512

58d3746a570d57381dee1e233d075ddc64a8a2e68973bf0c3275e85f05ef737147fd39d83d926ae3d32afea3cef74951ad93b0ce3d4bf53d0acd9d80338657df
SSDEEP

196608:XfneIt1ONiKwKGCOkqp028H7udicyQik/ah06GLFDK:XfeThwnCPt28H7ud5hikiG6Gxm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ffca5ddb0842cc81e94291abf175864d8ef08a19830ef02220f84f5999e858f

Files

7ffca5ddb0842cc81e94291abf175864d8ef08a19830ef02220f84f5999e858f
.exe windows:6 windows x64 arch:x64

0e0efd8d710936c0a7cff0b4e52a011b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

OleInitialize
CoInitialize
CoUninitialize
CoCreateGuid
StringFromGUID2
IIDFromString
OleRun
OleSetContainedObject
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleUninitialize
CoCreateInstance

shell32

SHBrowseForFolderA
SHGetFolderPathA
FindExecutableA
SHGetFolderPathW
CommandLineToArgvW
SHGetFolderLocation
SHGetPathFromIDListA

wininet

InternetCrackUrlA
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetErrorDlg

user32

PostMessageA
EnumWindows
SetRect
SetFocus
IsChild
GetAncestor
MessageBoxW
GetMessageW
DispatchMessageW
PeekMessageA
MsgWaitForMultipleObjectsEx
IsWindowUnicode
GetWindowThreadProcessId
LoadStringA
CharNextA
MessageBoxA
wsprintfA
SendMessageA
DefWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
DestroyWindow
ShowWindow
SetWindowPos
GetSystemMenu
SetWindowLongPtrA
GetWindowLongPtrA
GetFocus
CreateWindowExA
RegisterClassExA
PostQuitMessage
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
GetParent
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
ReleaseDC
GetDC
EnableMenuItem

comctl32

InitCommonControlsEx

kernel32

GetStdHandle
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwindEx
RtlPcToFileHeader
InitializeSListHead
GetConsoleOutputCP
GetModuleHandleW
GetStartupInfoW
GetModuleFileNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
LCMapStringEx
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
GetConsoleMode
CreateThread
ExitThread
FreeLibraryAndExitThread
GetFileType
GetFullPathNameW
WriteConsoleW
DeleteFileW
GetSystemTimeAsFileTime
GetDriveTypeW
CreateDirectoryW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
SetStdHandle
HeapAlloc
HeapFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
GetCommandLineA
GetCommandLineW
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExA
LoadResource
SizeofResource
lstrcmpA
lstrcmpiA
FindResourceA
SetDllDirectoryA
MultiByteToWideChar
IsDBCSLeadByte
DeleteFileA
GetTempPathA
lstrcpyA
lstrcatA
lstrlenA
LocalFree
CreateDirectoryA
CreateFileA
WriteFile
CloseHandle
GetSystemDirectoryA
LockResource
FindResourceW
lstrcpynA
CreateToolhelp32Snapshot
Process32First
Process32Next
ReadFile
MulDiv
GetCurrentThreadId
LocalAlloc
FormatMessageA
Sleep
GetUserDefaultLCID
SetEvent
CreateEventA
FileTimeToSystemTime
GetCurrentProcessId
GetLocalTime
FormatMessageW
FindClose
FindFirstFileA
FindNextFileA
GetDriveTypeA
GetFileAttributesA
RemoveDirectoryA
SetFileAttributesA
SetLastError
GetTickCount
MoveFileExA
WaitForSingleObject
ExitProcess
TerminateProcess
OpenProcess
GetWindowsDirectoryA
GetLocaleInfoA
GetSystemDefaultUILanguage
GetThreadLocale
GetUserDefaultUILanguage
GetCurrentProcess
GetNativeSystemInfo
GetSystemWow64DirectoryA
GetModuleHandleExW
LoadLibraryExW
OpenMutexA
SetEndOfFile
SetFilePointerEx
QueryPerformanceCounter
QueryPerformanceFrequency
RtlUnwind
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
OpenThread
GetExitCodeThread
SetHandleInformation
CreatePipe
PeekNamedPipe
GetExitCodeProcess
CreateProcessA
GetModuleHandleExA
LoadLibraryW
ReleaseMutex
CreateMutexA
CreateFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
OutputDebugStringW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
FlushFileBuffers
GetFileSizeEx
GetCurrentDirectoryW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WideCharToMultiByte
MapViewOfFile

advapi32

CopySid
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExA
RegSetValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidA
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertStringSecurityDescriptorToSecurityDescriptorW

oleaut32

GetErrorInfo
SysStringByteLen
VariantChangeType
VariantCopy
VariantInit
SysAllocString
SysFreeString
VarUI4FromStr
SysAllocStringLen
VariantClear

shlwapi

PathAppendA
SHDeleteKeyA
ord12
PathIsDirectoryEmptyA

gdi32

GetDeviceCaps

iphlpapi

GetAdaptersAddresses

crypt32

CryptUnprotectData
CryptStringToBinaryA
CryptBinaryToStringA
CryptProtectData

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW

msi

ord87
ord189
ord31
ord159
ord160
ord158
ord91
ord168
ord137
ord141
ord8
ord117
ord115
ord44
ord204
ord67

Sections

.text
Size: 893KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 61.0MB - Virtual size: 61.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e0efd8d710936c0a7cff0b4e52a011b

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

wininet

user32

comctl32

kernel32

advapi32

oleaut32

shlwapi

gdi32

iphlpapi

crypt32

version

msi

Sections

.text Size: 893KB - Virtual size: 892KB

.rdata Size: 274KB - Virtual size: 273KB

.data Size: 16KB - Virtual size: 25KB

.pdata Size: 40KB - Virtual size: 39KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 61.0MB - Virtual size: 61.0MB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 893KB - Virtual size: 892KB

.rdata
Size: 274KB - Virtual size: 273KB

.data
Size: 16KB - Virtual size: 25KB

.pdata
Size: 40KB - Virtual size: 39KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 61.0MB - Virtual size: 61.0MB

.reloc
Size: 5KB - Virtual size: 4KB