15791fd1120a9f506cef5582a299875a69c45b3d17ac86b5ec2c31ee7d5c8655

Sharing

Copy URL

Twitter E-mail

General

Target

15791fd1120a9f506cef5582a299875a69c45b3d17ac86b5ec2c31ee7d5c8655
Size

2.3MB
MD5

1de3e620fc8ce5a3518d8dea0fd90969
SHA1

86cd06ec282f22cecb2ba6dde9fc3b5886433ad9
SHA256

15791fd1120a9f506cef5582a299875a69c45b3d17ac86b5ec2c31ee7d5c8655
SHA512

0c5ce6f284d2812d5aa9059814d576d3b6d603ab182f5ab3bbc357b520a0f20ab6bf3bb4cf64cf13c714633ee190667f50c14a8d78b32aa1be7e8b0778a972ec
SSDEEP

49152:YB9aVB9lB9lB9EB99zB99B9LB9YYSuyrsj1XAn2rf36nIj0TwuNj:YHaVHlHlHEH9zH9HLHYYSuyrSg2rfqnV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15791fd1120a9f506cef5582a299875a69c45b3d17ac86b5ec2c31ee7d5c8655

Files

15791fd1120a9f506cef5582a299875a69c45b3d17ac86b5ec2c31ee7d5c8655
.exe windows:4 windows x86 arch:x86

0fca658cacb9d20af5c2792d6e8760f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_except_handler3
memset

imm32

ImmGetOpenStatus
ImmReleaseContext

comctl32

InitCommonControlsEx
ImageList_DragLeave
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageCount

version

VerQueryValueW
GetFileVersionInfoW

setupapi

SetupTermDefaultQueueCallback
SetupPromptReboot
SetupOpenInfFileW
SetupOpenAppendInfFileW
SetupInstallFilesFromInfSectionW
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW

kernel32

GetStartupInfoA
LeaveCriticalSection
GetTickCount
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DosDateTimeToFileTime
DuplicateHandle
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
EnumSystemLocalesA
ExitThread
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindResourceW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeResource
GetACP
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryW
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
EnterCriticalSection
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberFormatW
GetOEMCP
GetPrivateProfileIntW
GetProcAddress
GetProcessHeap
GetProfileIntW
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
InitializeCriticalSection
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetThreadLocale
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
GetLogicalDrives
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
lstrcmpA
lstrcmpiW
lstrcmpW
lstrcpynW
lstrcpyW
lstrlenA
lstrlenW
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenFileMappingW
OutputDebugStringA
QueryDosDeviceW
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ResetEvent
ResumeThread
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringW
FreeLibrary
GetCommandLineA
ExitProcess
GetSystemDefaultLangID
LoadLibraryA

user32

ValidateRect
DestroyIcon
TranslateMessage
UnhookWindowsHookEx
UpdateWindow
UnregisterClassW
WaitMessage
UnionRect
WindowFromPoint
WinHelpW
wsprintfW
GetSystemMetrics

gdi32

StrokePath
StrokeAndFillPath
StretchDIBits
SetWindowOrgEx
SetWindowExtEx
SetMapMode
SetPixel
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportExtEx
SetViewportOrgEx

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

OpenThreadToken
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegQueryValueW
RegSetValueExW
GetTokenInformation
RegDeleteKeyW
OpenProcessToken
RegCreateKeyExW
EqualSid
FreeSid
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
ExtractIconW

ole32

OleInitialize
OleIsCurrentClipboard
OleRun
OleFlushClipboard
RegisterDragDrop
RevokeDragDrop
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
CoUninitialize
CoTaskMemAlloc
OleUninitialize
CoRevokeClassObject
CoTaskMemFree

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW

Sections

.text
Size: 432KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 545B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dxc113
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0fca658cacb9d20af5c2792d6e8760f0

Headers

File Characteristics

Imports

msvcrt

imm32

comctl32

version

setupapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 432KB - Virtual size: 429KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 12.1MB

.data1 Size: 4KB - Virtual size: 545B

.rsrc Size: 16KB - Virtual size: 14KB

.dxc113 Size: 1.8MB - Virtual size: 1.8MB

.text
Size: 432KB - Virtual size: 429KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 12.1MB

.data1
Size: 4KB - Virtual size: 545B

.rsrc
Size: 16KB - Virtual size: 14KB

.dxc113
Size: 1.8MB - Virtual size: 1.8MB