28e9ac7647aa5c97b26ac7dc2ea63c07c2cb09bb65f17f1e44b6af32889159dc

Sharing

Copy URL Twitter E-mail

General

Target

28e9ac7647aa5c97b26ac7dc2ea63c07c2cb09bb65f17f1e44b6af32889159dc
Size

3.4MB
MD5

7fe08bf0e42e44d107c5f7aa80548673
SHA1

2464d1a9dd2b88177c8156e1618c8300dbe9ad6a
SHA256

28e9ac7647aa5c97b26ac7dc2ea63c07c2cb09bb65f17f1e44b6af32889159dc
SHA512

68f3fa25a9f51ebad6aaba98d3b4c26e0d89eb11f68f295301c43f56af69c3a519f6603474dcca02b5e6167d55cf934a38da1e375f9a543d7522f12bc734d8d2
SSDEEP

49152:UePIQTbWukSy3O0OK07vtIWQGJMYfUfVhywDsmJm8SF3ZxHQ56041QcfDB:NwwWpSy1OK61IWrMYfUfVhywDs4YgW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28e9ac7647aa5c97b26ac7dc2ea63c07c2cb09bb65f17f1e44b6af32889159dc

Files

28e9ac7647aa5c97b26ac7dc2ea63c07c2cb09bb65f17f1e44b6af32889159dc
.exe windows:6 windows x86 arch:x86

30af9635b64b84ddf99aec9d39e5a3aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpEndRequestW
InternetConnectA
InternetReadFile
HttpAddRequestHeadersW
InternetCanonicalizeUrlW
HttpQueryInfoW
InternetGetConnectedState
HttpOpenRequestW
InternetCrackUrlA
InternetWriteFile
HttpOpenRequestA
InternetQueryOptionW
InternetOpenW
HttpSendRequestExW
HttpSendRequestW
InternetConnectW
HttpQueryInfoA
InternetSetOptionW
HttpAddRequestHeadersA
InternetCloseHandle

kernel32

UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SwitchToThread
GetModuleHandleA
GetDiskFreeSpaceExW
GetTempPathW
SetFileAttributesW
CopyFileW
MoveFileExW
OpenFileMappingW
GetStartupInfoW
GetLocalTime
GetCurrentThreadId
GetSystemDirectoryW
LocalAlloc
ReleaseMutex
OpenMutexW
SetLastError
CreateMutexW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
CreateFileA
LoadLibraryA
DeleteFileA
LoadLibraryW
HeapCompact
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
SystemTimeToFileTime
FreeLibrary
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
CloseHandle
WaitForSingleObject
GetModuleHandleW
GetProcAddress
GetSystemInfo
Sleep
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
HeapFree
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetTempFileNameW
SetStdHandle
SetFilePointerEx
GetFileSizeEx
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
ExitProcess
GetTimeZoneInformation
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCurrentProcess
DuplicateHandle
ExitThread
CreateEventW
GlobalAlloc
GlobalFree
CreateThread
lstrlenW
CreateDirectoryW
GetProcessId
FileTimeToSystemTime
CreateProcessW
GetFileTime
GetExitCodeProcess
GetCommandLineW
RemoveDirectoryW
OpenProcess
SetPriorityClass
TlsSetValue
TlsGetValue
OpenEventW
LoadLibraryExW
QueryPerformanceFrequency
GetVersionExW
SetEvent
VirtualFree
VirtualAlloc
TlsAlloc
TlsFree
WaitForSingleObjectEx
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
SetNamedPipeHandleState
WaitNamedPipeW
TerminateProcess
lstrcatW
lstrcpyW
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetExitCodeThread
InitOnceBeginInitialize
InitOnceComplete
CompareStringEx
InitializeCriticalSectionEx
EncodePointer
LCMapStringEx
GetCPInfo
ResetEvent
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
RaiseException
RtlUnwind
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
FindFirstFileExW
SetEnvironmentVariableW
GetFileType

user32

LoadIconW
GetSystemMetrics
CreateWindowExW
DestroyWindow
SetRectEmpty
FindWindowW
wsprintfW
wvsprintfW
PostMessageW

advapi32

CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptReleaseContext
RegSetValueExW
GetTokenInformation
LookupAccountSidW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetLengthSid
AddAccessAllowedAceEx
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
RegOpenKeyW
CryptImportKey

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
SHFileOperationW

ole32

CoCreateGuid
CoTaskMemFree
StringFromCLSID

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessMemoryInfo

winhttp

WinHttpConnect
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryOption
WinHttpSetOption
WinHttpWriteData
WinHttpOpen
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpAddRequestHeaders

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 553KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 93KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 217KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

30af9635b64b84ddf99aec9d39e5a3aa

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

advapi32

shell32

ole32

imm32

version

psapi

winhttp

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 553KB - Virtual size: 552KB

.data Size: 93KB - Virtual size: 242KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 217KB - Virtual size: 220KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 553KB - Virtual size: 552KB

.data
Size: 93KB - Virtual size: 242KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 217KB - Virtual size: 220KB