9350fd017f6ee0237261fcb87e439247d7755ca8402dd860dfde70b7691f7db2

Sharing

Copy URL Twitter E-mail

General

Target

9350fd017f6ee0237261fcb87e439247d7755ca8402dd860dfde70b7691f7db2
Size

1.4MB
MD5

a2e0b10d1c463185ed77280e868da614
SHA1

454d244bef0c295abe9a4e61fe85efcd69105797
SHA256

9350fd017f6ee0237261fcb87e439247d7755ca8402dd860dfde70b7691f7db2
SHA512

a18fc008e56398bb3febe64871a469df3de8ca388a09a3bdef6c1d88710ebff9450c1d15a3cbfe2edcc6501fb8a21e0fad6d2ae8c6aa047dded4b8268f9677cf
SSDEEP

24576:wHeHMk2OByY/HmMtD04W90vQ/qpyr0kziGPMOUuBIjAnwtNCnDlPnsIFcv1NtrZT:FHX1JvQ/qpyr0ktjaUnDlPnsecNNtrZT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9350fd017f6ee0237261fcb87e439247d7755ca8402dd860dfde70b7691f7db2

Files

9350fd017f6ee0237261fcb87e439247d7755ca8402dd860dfde70b7691f7db2
.exe windows:5 windows x86 arch:x86

3762a9d784e803228c54dc9f3f35e60c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapReAlloc
HeapSize
HeapDestroy
FindNextFileW
CreateProcessW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetPrivateProfileIntW
GetPrivateProfileStringW
HeapFree
GetProcessHeap
HeapAlloc
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerW
MapViewOfFile
CreateFileMappingW
FindFirstFileW
GetExitCodeProcess
OpenFileMappingW
UnmapViewOfFile
CloseHandle
GetPrivateProfileStringA
WideCharToMultiByte
SystemTimeToFileTime
GetSystemTime
SetLastError
LoadLibraryA
GlobalMemoryStatus
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
GetEnvironmentVariableW
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetModuleHandleExW
GetFileType
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
EncodePointer
ProcessIdToSessionId
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
GetLocalTime
FlushFileBuffers
WriteFile
GetFileSize
SetFilePointer
CreateFileW
GetModuleHandleW
LocalFree
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
MultiByteToWideChar
GetCurrentThreadId
Sleep
GetTickCount
GetLastError
GetModuleFileNameW
FindClose

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetActiveWindow
GetForegroundWindow
PostThreadMessageW

advapi32

CryptEnumProvidersW
DeleteService
ControlService
CreateServiceW
CloseServiceHandle
OpenServiceW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
OpenSCManagerW
CryptGenRandom
QueryServiceStatusEx
RegisterEventSourceW
StartServiceW
ReportEventW
DeregisterEventSource
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ChangeServiceConfigW
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

oleaut32

VariantInit
SysStringLen
VarBstrCat
SysAllocStringLen
SysFreeString
SysAllocString

shlwapi

PathFileExistsW

iphlpapi

GetAdaptersAddresses

msvcp120

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ

msvcr120

_commode
?terminate@@YAXXZ
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_CxxThrowException
_stat64i32
_except1
abort
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
printf
strtok_s
calloc
_vsnprintf
wcsrchr
memset
_fmode
_purecall
wcscpy_s
wmemcpy_s
memchr
memmove_s
iswspace
isdigit
isxdigit
toupper
malloc
swprintf_s
wcscat_s
memmove
??2@YAPAXI@Z
memcpy_s
_time64
free
_beginthreadex
strstr
vsprintf_s
atoi
remove
_access
sprintf_s
_vsnwprintf
vswprintf_s
_wcsicmp
??3@YAXPAX@Z
_wcmdln
_initterm
_initterm_e
sprintf
strtol
signal
fputs
_gmtime64
__setusermatherr
_configthreadlocale
_cexit
_exit
getenv
sscanf
_wfopen
fopen
strncpy
strcmp
strerror_s
strtoul
_stricmp
__CxxFrameHandler3
raise
wcsstr
qsort
tolower
isspace
_strnicmp
_setmode
_errno
fwrite
ftell
fseek
fread
_fileno
fgets
fflush
ferror
feof
fclose
strspn
strncmp
strcspn
fprintf
__iob_func
strrchr
strchr
realloc
memcpy

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

crypt32

CertCompareCertificate
CertGetCertificateContextProperty
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore
CertAddCertificateContextToStore
CertCreateCertificateContext
CertDuplicateCertificateContext
CryptStringToBinaryA

ws2_32

inet_addr
socket
WSAEnumNetworkEvents
WSAResetEvent
WSAEventSelect
WSACreateEvent
WSAGetLastError
htons
connect
bind
WSASetLastError
recv
send
recvfrom
inet_ntoa
ntohs
sendto
closesocket
gethostbyname
WSAAccept
WSAStartup
listen
WSAWaitForMultipleEvents
WSACleanup

Sections

.text
Size: 953KB - Virtual size: 953KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3762a9d784e803228c54dc9f3f35e60c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

msvcp120

msvcr120

wtsapi32

userenv

crypt32

ws2_32

Sections

.text Size: 953KB - Virtual size: 953KB

.rdata Size: 367KB - Virtual size: 366KB

.data Size: 43KB - Virtual size: 53KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 53KB - Virtual size: 53KB

.text
Size: 953KB - Virtual size: 953KB

.rdata
Size: 367KB - Virtual size: 366KB

.data
Size: 43KB - Virtual size: 53KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 53KB - Virtual size: 53KB