b2308da81abf3071e5a2d9908273ce4a569c0e92297870fb34d3752bd3372ca7

Sharing

Copy URL Twitter E-mail

General

Target

b2308da81abf3071e5a2d9908273ce4a569c0e92297870fb34d3752bd3372ca7
Size

4.5MB
MD5

e23613692ea438d79374cb42bf7de74d
SHA1

2ef45c16cc4bdb3050b512d14fcf5f2f0ae8d19f
SHA256

b2308da81abf3071e5a2d9908273ce4a569c0e92297870fb34d3752bd3372ca7
SHA512

7c36804fd3316903a348895a3bd221e4f7478a831b4b448f74608f9eef48a56613ead31038d342f621d28677ef7a9d6143e7c5b4c9014cf82b8ca960ee0768a7
SSDEEP

98304:zwq+spxaohKfhEXKgYcVLudq67VmXXS+DQJ:zD+waohKfcKgYcVLg78y+D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2308da81abf3071e5a2d9908273ce4a569c0e92297870fb34d3752bd3372ca7

Files

b2308da81abf3071e5a2d9908273ce4a569c0e92297870fb34d3752bd3372ca7
.exe windows:6 windows x86 arch:x86

d2e5cb5896d9caa7c7fb7a7664389cf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

gdi32

SetPixel
GetPixel
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
EnumFontFamiliesExW
EnumFontsW
GetStockObject
DeleteDC
GetObjectW
SelectObject
GetTextMetricsW
GetFontData
CreateFontIndirectW
ExtCreateRegion
CreateRectRgn
DeleteObject
CombineRgn
GetTextExtentPoint32W
GetGlyphOutlineW
GetOutlineTextMetricsW
GetDeviceCaps
CreateCompatibleBitmap

imm32

ImmGetOpenStatus
ImmGetContext
ImmIsIME
ImmSetConversionStatus
ImmSetOpenStatus
ImmAssociateContext
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmGetConversionStatus
ImmReleaseContext

kernel32

Sleep
LockResource
GlobalAlloc
GlobalFree
HeapSetInformation
LoadResource
FindResourceW
SetCurrentDirectoryW
GetProcessHeap
GlobalMemoryStatusEx
GetSystemTime
IsBadReadPtr
VirtualQuery
CreateMutexW
HeapWalk
GetNativeSystemInfo
GetProcessHeaps
HeapCompact
HeapQueryInformation
GetConsoleMode
FreeConsole
GetLocalTime
WriteConsoleW
SetConsoleTitleW
SetThreadAffinityMask
GetProcessAffinityMask
TerminateProcess
GlobalMemoryStatus
SetThreadPriority
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomW
MulDiv
FormatMessageW
OutputDebugStringW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
CreateThread
ResetEvent
InitializeCriticalSectionEx
RaiseException
DecodePointer
MultiByteToWideChar
GetVersionExA
LoadLibraryExW
SearchPathW
GetSystemDirectoryW
GetWindowsDirectoryW
GlobalLock
GlobalUnlock
SuspendThread
ResumeThread
ExitThread
CreateEventW
GetThreadPriority
GetSystemInfo
SetThreadIdealProcessor
HeapCreate
HeapFree
HeapAlloc
HeapDestroy
LocalSize
GetCurrentDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
OpenProcess
HeapSize
GetConsoleCP
GetCurrentProcessId
SetFilePointerEx
GetTimeZoneInformation
GetFileAttributesExW
GetExitCodeProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
HeapReAlloc
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
RtlUnwind
FreeLibraryAndExitThread
GetThreadTimes
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
QueryPerformanceCounter
EncodePointer
WaitForSingleObjectEx
WideCharToMultiByte
GetStringTypeW
lstrcmpW
VirtualFree
VirtualAlloc
ReleaseSemaphore
CreateSemaphoreW
ExitProcess
GetVersionExW
GetCurrentThreadId
SetProcessAffinityMask
GetFullPathNameW
SizeofResource
LocalUnlock
LocalFree
LocalLock
GetDriveTypeW
FindNextFileW
GetTickCount
FindFirstFileW
GetModuleHandleW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
GetFileSize
DeleteFileW
GetFileAttributesW
CreateFileW
GetTempPathW
SetEndOfFile
SetFilePointer
RemoveDirectoryW
GetVolumeInformationW
CreateDirectoryW
FlushFileBuffers
CreateProcessW
SetStdHandle
CloseHandle
DuplicateHandle
CreatePipe
GetModuleFileNameW
WriteFile
GetStdHandle
GetCurrentProcess
ReadFile
FreeLibrary
GetProcAddress
LoadLibraryW
ReadConsoleW
FindClose
LeaveCriticalSection
EnterCriticalSection

mf

MFCreateMediaSession
MFCreateSourceResolver
MFCreateTopology
MFCreateVideoRendererActivate
MFCreateAudioRendererActivate
MFCreateTopologyNode

mfplat

MFShutdown
MFStartup
MFFrameRateToAverageTimePerFrame

mpr

WNetGetUniversalNameW

oleaut32

VariantClear

propsys

PropVariantToDouble

quartz

AMGetErrorTextW

shell32

ShellExecuteW
DragAcceptFiles
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetKnownFolderPath

shlwapi

PathIsDirectoryW
PathFileExistsW

user32

GetClassInfoExW
SetWindowLongW
PostMessageW
DestroyWindow
RegisterClassExW
GetDC
ReleaseDC
SetTimer
KillTimer
GetPriorityClipboardFormat
OpenClipboard
CloseClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
LoadStringW
DefWindowProcW
GetWindowLongW
GetWindowRect
SetWindowPos
GetParent
MessageBoxW
PostQuitMessage
RegisterClipboardFormatW
PostThreadMessageW
GetQueueStatus
MsgWaitForMultipleObjects
GetSysColor
SystemParametersInfoW
LoadCursorFromFileW
EnumDisplaySettingsW
CreateWindowExW
MoveWindow
GetFocus
MonitorFromWindow
SetWindowRgn
SetCaretPos
GetMonitorInfoW
ClientToScreen
EnumDisplaySettingsExW
CreateCaret
GetKeyboardLayout
GetForegroundWindow
SetFocus
DestroyCaret
SetCapture
SetCursorPos
GetWindowTextLengthW
GetSystemMenu
AdjustWindowRectEx
GetKeyState
GetMessageExtraInfo
GetMenu
IsWindowVisible
SetActiveWindow
GetMenuItemCount
ScreenToClient
SetWindowTextW
GetCapture
TrackMouseEvent
IsWindowEnabled
SetPropW
LoadIconW
GetClientRect
SetRect
UpdateWindow
ReleaseCapture
InvalidateRect
BeginPaint
EndPaint
GetWindowTextW
GetCursor
WindowFromPoint
LoadCursorW
SetCursor
EndDialog
SetDlgItemTextW
GetDlgItem
DialogBoxParamW
EnableWindow
WaitMessage
LoadAcceleratorsW
ShowWindow
DispatchMessageW
DestroyAcceleratorTable
PeekMessageW
CreateAcceleratorTableW
TranslateAcceleratorW
TranslateMessage
IsIconic
GetSystemMetrics
GetAsyncKeyState
GetWindowThreadProcessId
SendMessageW
EnumWindows
GetCursorPos
ChangeDisplaySettingsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeKillEvent
timeGetTime
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeSetEvent

dbghelp

MiniDumpWriteDump

ole32

GetRunningObjectTable
CreateItemMoniker
CoInitialize
CoFreeUnusedLibraries
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
StringFromGUID2
PropVariantClear

Sections

Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1002KB - Virtual size: 1012KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 42KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 321KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 311KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.04Ver
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d2e5cb5896d9caa7c7fb7a7664389cf8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comdlg32

gdi32

imm32

kernel32

mf

mfplat

mpr

oleaut32

propsys

quartz

shell32

shlwapi

user32

version

winmm

dbghelp

ole32

Sections

Size: 2.9MB - Virtual size: 2.9MB

Size: 512B - Virtual size: 4KB

Size: 1002KB - Virtual size: 1012KB

Size: 42KB - Virtual size: 684KB

Size: 1024B - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

Size: 2KB - Virtual size: 4KB

Size: 321KB - Virtual size: 404KB

Size: - Virtual size: 152KB

.rsrc Size: 311KB - Virtual size: 312KB

.04Ver Size: 8KB - Virtual size: 12KB

.rsrc
Size: 311KB - Virtual size: 312KB

.04Ver
Size: 8KB - Virtual size: 12KB