17f320feea8cd0a7c99ea7c06dcdb34c

Sharing

Copy URL Twitter E-mail

General

Target

17f320feea8cd0a7c99ea7c06dcdb34c
Size

360KB
MD5

17f320feea8cd0a7c99ea7c06dcdb34c
SHA1

fea0829704b2870e4b52d590b470b07107028cc5
SHA256

e0c5019344e38578c06b2913a31f3b278ec44a7fff62f58033ed357e21fd5a66
SHA512

bd46af2abbd36617372f7cd6fe2f16ece63f7726528037309ceceb27211522a2c71799ef7c6e3c8f6d49767c698fe9e4faabb25f9202513814bfc44d970e87ac
SSDEEP

6144:2mGVVYrVMgO34kaR1YOXEqafad5d7PkFmbLlA2sWEgZPgStchro:2rL+O3yV4uHPkGlAGOStch

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17f320feea8cd0a7c99ea7c06dcdb34c

Files

17f320feea8cd0a7c99ea7c06dcdb34c
.exe windows:4 windows x86 arch:x86

b55da4cc75b3308066f2be48fcad3413

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GlobalDeleteAtom
GlobalAddAtomA
GetExitCodeProcess
CreateProcessA
GetTempFileNameA
GetVersion
GetVersionExA
lstrcpynA
lstrcpyA
lstrcmpA
lstrcatA
lstrlenA
GlobalFree
GetTempPathA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetSystemTime
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
CreateDirectoryA
SetErrorMode
GlobalAlloc
GlobalLock
GlobalUnlock
GetCommandLineA
GetTickCount
SetFilePointer
ReadFile
CreateFileA
WriteFile
CloseHandle
GetCurrentThreadId
RemoveDirectoryA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
GetStartupInfoA
GetProcAddress

user32

DialogBoxParamA
GetTopWindow
GetClassNameA
GetWindow
LoadIconA
RegisterClassA
LoadImageA
RegisterClassExA
OemToCharA
GetAsyncKeyState
GetActiveWindow
ShowCursor
SetCapture
ReleaseCapture
GetKeyState
GetWindowRect
GetSystemMetrics
IsWindowVisible
LockWindowUpdate
SendMessageA
GetWindowLongA
AdjustWindowRectEx
IsZoomed
SetWindowPos
GetClientRect
SetWindowTextA
IsDialogMessageA
SetTimer
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxA
wsprintfA
ShowWindow
PostMessageA
CheckMenuItem
EnableMenuItem
GetMenu
InvalidateRect
ClientToScreen
SetCursorPos
GetKeyboardState
GetCursorPos
ScreenToClient
CopyRect
UnhookWindowsHookEx
KillTimer
SetWindowsHookExA
CallNextHookEx
DestroyIcon
GetMenuState
DeleteMenu
GetSubMenu
GetDC
CreateIconIndirect
ReleaseDC
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMDISysAccel
DispatchMessageA
TranslateMessage
InvertRect
IsClipboardFormatAvailable
SetRect
LoadStringA
EnumThreadWindows
SetForegroundWindow
WinHelpA
MapWindowPoints
UpdateWindow
SetWindowLongA
RedrawWindow
GetDesktopWindow
SetFocus
GetSysColor
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetParent
DestroyWindow
SetScrollPos
SetScrollRange
CreateWindowExA
UnionRect
GetPropA
SetPropA
CallWindowProcA
RemovePropA
GetFocus
GetWindowPlacement
SetWindowPlacement
GetMenuItemCount
LoadMenuIndirectA
DestroyMenu
DrawMenuBar
EndDialog
SendDlgItemMessageA
GetDlgItemTextA
GetInputState
MapVirtualKeyA
GetDlgItem
PtInRect
EndPaint
BeginPaint
SetDlgItemTextA
FillRect
GetUpdateRect
IsIconic
DefMDIChildProcA
ModifyMenuA
GetMenuStringA
GetMenuItemID
GetTabbedTextExtentA
DrawTextA
DrawEdge
SystemParametersInfoA
PostQuitMessage
IntersectRect
DrawFocusRect

gdi32

RealizePalette
SelectPalette
CreateFontIndirectA
GetObjectA
LineTo
MoveToEx
SelectObject
Rectangle
CreatePen
CreateSolidBrush
GetStockObject
SetBkMode
SetTextColor
GetTextExtentPointA
GetDeviceCaps
GetTextMetricsA
SetROP2
SetBkColor
GetNearestPaletteIndex
SetTextAlign
DPtoLP
CreateHatchBrush
Polygon
SetPolyFillMode
TextOutA
SelectClipRgn
CreateRectRgn
LPtoDP
CreatePalette
CreateBitmap
CreateCompatibleBitmap
SetDIBits
GetCharWidthA
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueA

shell32

DragQueryFileA
DragAcceptFiles
ShellExecuteA

mmfs2

ord92
ord788
ord117
ord90
ord110
ord71
ord116
ord109
ord73
ord108
ord115
ord241
ord245
ord363
ord645
ord584
ord519
ord356
ord739
ord787
ord137
ord571
ord753
ord155
ord274
ord272
ord691
ord46
ord111
ord42
ord113
ord114
ord104
ord171
ord789
ord790
ord93
ord9
ord75
ord412
ord677
ord611
ord234
ord413
ord678
ord612
ord414
ord679
ord443
ord680
ord681
ord232
ord415
ord416
ord476
ord620
ord762
ord236
ord309
ord268
ord267
ord269
ord185
ord162
ord163
ord189
ord182
ord183
ord158
ord177
ord186
ord6
ord7
ord825
ord69
ord829
ord830
ord827
ord828
ord826
ord84
ord591
ord794
ord35
ord18
ord12
ord14
ord68
ord820
ord819
ord28
ord30
ord682
ord118
ord122
ord484
ord573
ord493
ord750
ord418
ord695
ord23
ord57
ord58
ord22
ord756
ord373
ord4
ord2
ord29
ord45
ord37
ord40
ord39
ord27
ord798
ord804
ord802
ord48
ord72
ord713
ord807
ord812
ord810
ord800
ord43
ord64
ord65
ord66
ord81
ord97
ord83
ord74
ord79
ord80
ord187
ord82
ord76
ord78
ord172
ord19
ord31
ord121
ord431
ord333
ord423
ord419
ord425
ord430
ord424
ord255
ord3
ord688
ord281
ord192
ord120
ord765
ord276
ord366
ord249
ord411
ord34
ord153
ord176
ord50
ord168
ord178
ord175
ord77
ord70
ord101
ord102
ord103
ord47
ord105
ord107
ord106
ord94
ord95
ord286
ord170
ord554
ord169
ord264
ord786
ord98
ord91
ord433
ord420
ord536
ord422
ord125
ord67
ord11
ord174
ord51
ord344
ord343
ord568
ord372
ord173
ord587
ord448
ord342
ord445
ord610
ord520
ord585
ord32
ord355
ord361
ord740
ord546
ord487
ord62
ord17
ord16
ord742
ord63
ord124
ord123
ord60
ord61
ord59
ord389
ord755
ord191
ord592
ord795
ord190
ord201
ord195
ord196
ord198
ord199
ord184
ord204
ord205
ord203
ord193
ord813
ord808
ord805
ord799
ord801
ord797
ord811
ord814
ord809
ord803
ord806

comctl32

ord17

winmm

timeBeginPeriod
joyGetPosEx
timeGetTime
timeEndPeriod
joyGetDevCapsA

msvcrt

_strlwr
free
_ftol
??3@YAXPAX@Z
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_strupr
isalnum
_strnicmp
_makepath
isalpha
isdigit
tolower
isspace
_msize
_heapmin
_findfirst
_findnext
_findclose
_rmdir
_splitpath
_chdrive
_chdir
strrchr
strchr
_CIpow
_CIfmod
strstr
_CIacos
_CIasin
floor
ceil
atof
modf
toupper
_stricmp
strncpy
_ltoa
sprintf
_fcvt
_gcvt
__CxxFrameHandler
realloc
calloc
memmove
??2@YAPAXI@Z
remove
malloc

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b55da4cc75b3308066f2be48fcad3413

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

mmfs2

comctl32

winmm

msvcrt

Sections

.text Size: 296KB - Virtual size: 295KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 13KB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 296KB - Virtual size: 295KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 32KB - Virtual size: 31KB