sample | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

sample
Size

9.7MB
MD5

a2f39491c9d6e8be4a1bf05ac024fdb4
SHA1

e9ebec33472c7c78900214c363aeb45027f0c8c4
SHA256

6cadfb0b3edb3fd000c5df1c8853957efe2de172befc3132c96e4afeee2b0427
SHA512

9635600632e65c630a629449198b323d673b9370b44e4c839b52e8a18db1e25b881ee34660e3d3b8e3303d9b07a459bed1bb78c10d2edf2e4890bf86f41296ec
SSDEEP

196608:vOlhlJ0nBjr+3XR1qU1SoisXgLp7iy39KqQv43nKZ:GhfYJy3HSBsXgRfO43y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sample

Files

sample
.exe windows:5 windows x86 arch:x86

817659d4155ea1f078b4ced0ba1f20e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
GetCurrentThreadId
CloseHandle
GetShortPathNameW
CreateEventW
LeaveCriticalSection
GetCommandLineW
SetCurrentDirectoryW
CreateThread
WaitForSingleObject
SetEvent
GetDriveTypeW
GetVersionExW
SetFileAttributesW
CopyFileW
GetExitCodeThread
GetCurrentProcess
FlushInstructionCache
SetLastError
lstrcmpiW
FreeLibrary
GetLastError
WriteFile
CreateFileW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentProcessId
RaiseException
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
lstrlenW
MultiByteToWideChar
GetFileAttributesW
WideCharToMultiByte
GetModuleHandleA
RtlUnwind
LCMapStringW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
LocalAlloc
LocalFree
GetProcAddress
InterlockedExchange
LoadLibraryA
GetTempPathW
GetTempFileNameW
DeleteFileW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
CreateDirectoryW
GetLogicalDriveStringsW
GetFileSize
ReadFile
GetDiskFreeSpaceExW
GetEnvironmentVariableW
SetFilePointer
SetEndOfFile
EnumResourceLanguagesW
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemTime
CreateProcessW
GetExitCodeProcess
GetWindowsDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetVersion
GlobalMemoryStatus
OutputDebugStringW
GetLocalTime
FlushFileBuffers
lstrcpynW
GetSystemDirectoryW
TerminateThread
MoveFileW
Sleep
ResetEvent
GlobalFree
MulDiv
CreateFileA
CreateNamedPipeW
ConnectNamedPipe
FormatMessageW
GetTempPathA
GetTempFileNameA
DuplicateHandle
GetStdHandle
CreateProcessA
DeleteFileA
LockFile
UnlockFile
GetStringTypeW
GetLocaleInfoA
SearchPathW
GlobalLock
GlobalUnlock
GlobalAlloc
lstrcmpW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
HeapCreate
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetUserDefaultLCID

user32

SetWindowPos
MapWindowPoints
GetClientRect
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
ShowWindow
EnableWindow
EndDialog
CreateDialogParamW
SendMessageW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetForegroundWindow
LoadStringW
SetForegroundWindow
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
GetSystemMetrics
GetDC
CreateWindowExW
ScreenToClient
PostQuitMessage
CallWindowProcW
GetPropW
RedrawWindow
InvalidateRect
GetWindowTextW
SetWindowTextW
SetFocus
LoadImageW
GetDesktopWindow
GetSystemMenu
EnableMenuItem
DestroyMenu
ModifyMenuW
FindWindowW
MessageBeep
ExitWindowsEx
GetScrollRange
GetScrollPos
GetDlgCtrlID
SetPropW
RemovePropW
TrackPopupMenu
LoadMenuW
GetSubMenu
SetTimer
KillTimer
ReleaseDC
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
UnregisterClassA
GetDlgItem
IsWindow
DialogBoxParamW
MessageBoxW
GetActiveWindow
SetWindowLongW
DefWindowProcW
CharNextW
DestroyWindow
PostMessageW
GetWindowTextLengthW

gdi32

GetDeviceCaps
DeleteObject
GetObjectW
DeleteDC
SetBkMode
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
CreateFontIndirectW

shell32

SHGetPathFromIDListW
ShellExecuteW
SHGetFolderPathW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteExW
SHGetSpecialFolderLocation

ole32

CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CreateILockBytesOnHGlobal
CoInitialize

oleaut32

OleLoadPicture
VarUI4FromStr

shlwapi

PathFileExistsW

comctl32

PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

Sections

.text
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

817659d4155ea1f078b4ced0ba1f20e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

secur32

Sections

.text Size: 281KB - Virtual size: 281KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 82KB - Virtual size: 81KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 281KB - Virtual size: 281KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 82KB - Virtual size: 81KB

.reloc
Size: 19KB - Virtual size: 19KB