801faa49ecd76c4d640c4e0aaaa05cd28feeac6721f82b44631a8e36048e504f

Sharing

Copy URL

Twitter E-mail

General

Target

801faa49ecd76c4d640c4e0aaaa05cd28feeac6721f82b44631a8e36048e504f
Size

3.3MB
MD5

3c7191e978aa1a3e59c863958e31e151
SHA1

dc1a72af7f995ee6a3a22751d3a878738212a39b
SHA256

801faa49ecd76c4d640c4e0aaaa05cd28feeac6721f82b44631a8e36048e504f
SHA512

eb50299d3fb682c611d786d9004fa79cd2734bc56e58c3803c62b1138cddcd928ea3fef7b9dcb076259136d05e60569aaa5f1b2c7cfa802e635a19271203a2ec
SSDEEP

49152:98aJh3tR1C7whaIASlhkPJFMZeieXuYEc1rJeWky8AA2QFIBPqqv:98y3tR1C7wBASvo02vqqv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
801faa49ecd76c4d640c4e0aaaa05cd28feeac6721f82b44631a8e36048e504f

Files

801faa49ecd76c4d640c4e0aaaa05cd28feeac6721f82b44631a8e36048e504f
.exe windows:5 windows x86 arch:x86

e724d7f57e571f0cef818a02acee15b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
RaiseException
HeapSize
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
VirtualFree
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcessHeap
GetOEMCP
GetCPInfo
GetModuleHandleW
CreateFileA
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomA
InterlockedIncrement
FormatMessageA
MultiByteToWideChar
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GlobalFlags
GlobalFree
GlobalUnlock
InterlockedDecrement
WritePrivateProfileStringA
CloseHandle
GetLastError
SetLastError
lstrlenA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
WideCharToMultiByte
CompareStringA
FindResourceA
LoadResource
LockResource
SizeofResource
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetProcAddress
GetModuleHandleA
GetCommandLineA
VirtualAlloc
Sleep
GetConsoleWindow

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetMenuItemID
GetSubMenu
GetWindow
GetDlgCtrlID
GetWindowRect
GetWindowLongA
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnhookWindowsHookEx
GetMenuItemCount
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
PostMessageA
PostQuitMessage
EnumWindows
MessageBoxA
ShowWindow
SendMessageA
RegisterClassA

gdi32

GetStockObject
SelectObject
GetDeviceCaps
DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateBitmap
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
SetViewportOrgEx

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e724d7f57e571f0cef818a02acee15b7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

wininet

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 34KB - Virtual size: 34KB