f64a5216893f8be047841904ea8f1853

Sharing

Copy URL

Twitter E-mail

General

Target

f64a5216893f8be047841904ea8f1853
Size

384KB
MD5

f64a5216893f8be047841904ea8f1853
SHA1

4b969ead20a7c30498234d39b5449a1480e787d0
SHA256

7eafbfe2884e7a1eb2be1a4b2e347a509b02cc5c4cff157ecd9bf8b0cdd20c2a
SHA512

b2305efffbb426fd3df3fb11b9fcb71351edc81c81de2c46593ef8f7e34ac96ceee40559c652fcd32a9aa8a0e07fc89682234c6e85c90bfd689b3eb97d45e296
SSDEEP

6144:5wvpiHFaJuEmoIcLVlHHrBpTbOTDtJz5Z5Mmz:SwHcuE/nnrBp/OTDtF5Z3z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f64a5216893f8be047841904ea8f1853

Files

f64a5216893f8be047841904ea8f1853
.exe windows:5 windows x86 arch:x86

e69e1cc1079922ffcb5d93964adb9f8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidLocale
GetStringTypeW
WriteConsoleW
SetStdHandle
SetEndOfFile
CreateFileW
FindNextFileW
TerminateProcess
FindFirstFileW
GetModuleHandleA
FindClose
GetTempPathA
Process32Next
GetTempFileNameA
Process32First
InitializeCriticalSectionAndSpinCount
CancelIo
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileA
GetLocaleInfoW
FlushFileBuffers
SetFilePointer
ReadFile
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WriteFile
CreateIoCompletionPort
WaitForMultipleObjects
GetSystemInfo
PostQueuedCompletionStatus
GetQueuedCompletionStatus
MultiByteToWideChar
CreateThread
CloseHandle
DeleteCriticalSection
CreateToolhelp32Snapshot
WTSGetActiveConsoleSessionId
Process32NextW
Process32FirstW
GetProcAddress
WritePrivateProfileStringW
GetModuleFileNameW
Sleep
LoadLibraryW
OpenProcess
GetPrivateProfileStringW
WaitForSingleObject
GetCurrentProcess
FreeLibrary
LockResource
GetLocalTime
EnterCriticalSection
GetLastError
LeaveCriticalSection
SizeofResource
WideCharToMultiByte
InitializeCriticalSection
LoadResource
FindResourceW
FindResourceExW
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
ExitProcess
GetModuleHandleW
GetCurrentThreadId
ExitThread
GetStartupInfoW
HeapSetInformation
GetCommandLineA
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InterlockedExchange
GetSystemTimeAsFileTime

user32

GetMessageW
KillTimer
DispatchMessageW
SetTimer
PeekMessageW
TranslateMessage

advapi32

SetServiceStatus
ImpersonateLoggedOnUser
QueryServiceStatus
DuplicateTokenEx
StartServiceW
LookupPrivilegeValueW
DeregisterEventSource
CreateProcessAsUserW
GetTokenInformation
RegisterServiceCtrlHandlerExW
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
OpenProcessToken
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
ReportEventW
ControlService
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RevertToSelf

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

shlwapi

PathFileExistsW

ws2_32

WSAEventSelect
ntohs
shutdown
setsockopt
bind
WSACreateEvent
closesocket
WSASocketA
listen
WSAWaitForMultipleEvents
WSAStartup
WSACleanup
WSAAccept
WSARecvFrom
htons
WSAGetLastError
WSASend
WSARecv
inet_ntoa
WSAIoctl
getpeername
WSAEnumNetworkEvents
inet_addr

desktopsearch

?GetIconIndex@CExtArray@@QBEHH@Z
?g_vDirOutPtr@@3VCOutVector@@A
?s_dwOmitExt@CExtArray@@2KA
?Type_Qsort@@YAX_N@Z
?GetUnicodeName@DirectoryRecord@@QBEHPA_W@Z
?Help_InitCompare@@YAHXZ
?SetSearchRoot@@YAXPB_W@Z
?SetSearchTime@@YAXJJ@Z
?Time_QsortFiles@@YAXAAVCOutVector@@HH_N@Z
?Time_QsortDir@@YAXAAVCOutVector@@HH_N@Z
?g_vFileOutPtr@@3VCOutVector@@A
?DirectoryChangeCallback@@YAXP6AXHPA_W0@Z@Z
?ReSetSearchTime@@YAXXZ
?g_hEventSearchOk@@3PAXA
?Helper_GetPath@@YAHQA_WPAUDirectoryRecord@@@Z
?Path_QsortFile@@YAXAAVCOutVector@@_N@Z
?SetSearchExtType@@YAXK@Z
?Path_QsortDir@@YAXAAVCOutVector@@_N@Z
?Helper_InitNoCaseTable@@YAXXZ
?g_ExtMgr@@3VCExtArray@@A
?Helper_GetFileIconIndex@@YAHPA_WH0H@Z
?WriteToDatabase@@YAX_N@Z
?g_iRootIcon@@3HA
??ACOutVector@@QBEPAEH@Z
?size@COutVector@@QBEKXZ
?InitDatabase@@YGKPAX@Z
?Save@@YGXXZ
?Size_Qsort@@YAX_N@Z
?KernelSearch@@YAHPB_W@Z
?SetSearchSize@@YAXKK@Z
?GetUnicodeName@NormalFileRecord@@QBEHPA_W@Z
?GetCodeName@NormalFileRecord@@QAEHAAPAE@Z
?GetExtendID@NormalFileRecord@@QAEKPAEPAK@Z
?g_iDirIcon@@3HA
?SetIconIndex@CExtArray@@QAEHHPA_WH0H@Z

imagehlp

MakeSureDirectoryPathExists

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

netapi32

Netbios

wininet

InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
HttpQueryInfoA
InternetOpenA
InternetCloseHandle
InternetReadFileExA

Sections

.text
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e69e1cc1079922ffcb5d93964adb9f8e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

desktopsearch

imagehlp

wtsapi32

userenv

netapi32

wininet

Sections

.text Size: 230KB - Virtual size: 229KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 79KB - Virtual size: 80KB

.text
Size: 230KB - Virtual size: 229KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 79KB - Virtual size: 80KB