d25b4afef1b454ce924e40179449363f6883e802cb26f2ff216f5139c3918157

Sharing

Copy URL Twitter E-mail

General

Target

d25b4afef1b454ce924e40179449363f6883e802cb26f2ff216f5139c3918157
Size

1.2MB
MD5

a2825bc0a5af8db8e161c6580283efd1
SHA1

82b6bd70e4125ce767be88a448495e77cd64cb7f
SHA256

d25b4afef1b454ce924e40179449363f6883e802cb26f2ff216f5139c3918157
SHA512

a083f56e772979f7e474bf69843919aa00483ee3608bb4ee6592867a302a8bd0eb64e62a42c45f3fedee708f829c707200dc65fd60ad2581d2276c7e3bbd7aa2
SSDEEP

24576:44pEO6HKStVRdQW60PF74gwppDfnlgsXySX8WInGMPtjd59SKAg3cnExLi:4qMEWp0f3Xyy8WInGMPtjd59SKH3mExm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d25b4afef1b454ce924e40179449363f6883e802cb26f2ff216f5139c3918157

Files

d25b4afef1b454ce924e40179449363f6883e802cb26f2ff216f5139c3918157
.exe windows:6 windows x86 arch:x86

9b183eb282ecf29214d03610230c04c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathMatchSpecW
PathRemoveFileSpecW
PathCombineW

kernel32

MoveFileExW
Sleep
DeleteFileW
GetTempPathW
GetModuleFileNameW
WriteConsoleW
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
SetFileAttributesW
GetLastError
GetFileAttributesExW
FileTimeToSystemTime
GlobalAlloc
GlobalFree
CloseHandle
CreateProcessW
CopyFileW
GetFileTime
ReadFile
SetLastError
GetCurrentProcess
WriteFile
ExitThread
CreateEventW
FormatMessageW
CreateThread
LocalFree
GetFileSize
K32GetModuleFileNameExW
GetEnvironmentVariableW
RaiseException
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetSystemTimeAsFileTime
FlushFileBuffers
GetCommandLineW
GetSystemDirectoryW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetCurrentProcessId
FreeLibrary
OpenMutexW
QueryDosDeviceW
FindNextFileW
RemoveDirectoryW
FindClose
OpenProcess
GetLogicalDriveStringsW
OpenEventW
LoadLibraryExW
HeapFree
GetFullPathNameW
InitializeCriticalSectionAndSpinCount
LocalAlloc
OutputDebugStringW
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
CreateMutexW
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
GetWindowsDirectoryW
SetEvent
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeCriticalSection
GetTickCount
TerminateProcess
InitializeCriticalSectionEx
GetTickCount64
GetLocalTime
IsProcessorFeaturePresent
CreatePipe
PeekNamedPipe
ReleaseSRWLockExclusive
AttachConsole
GetConsoleDisplayMode
FreeConsole
OutputDebugStringA
GetCurrentDirectoryW
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
IsDebuggerPresent
GetNativeSystemInfo
FindFirstFileExW
SetEnvironmentVariableW
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ResetEvent
InitializeSRWLock
WaitForSingleObjectEx
GetExitCodeThread
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
RtlUnwind
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
GetFileType
ExitProcess
GetStdHandle
ReadConsoleW
HeapReAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetDriveTypeW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize

user32

GetWindowLongW
WindowFromPoint
PeekMessageW
wsprintfW
MsgWaitForMultipleObjects
PostMessageW
GetWindowTextW
SetPropW
ReplyMessage
GetPropW
LoadCursorW
LoadIconW
RegisterClassW
RemovePropW
CreateWindowExW
DefWindowProcW
KillTimer
IntersectRect
EqualRect
FindWindowExW
GetWindowRect
SendMessageTimeoutW
MonitorFromRect
IsWindow
GetMonitorInfoW
GetWindowThreadProcessId
PostQuitMessage
TranslateMessage
SetTimer
DispatchMessageW
SystemParametersInfoW
GetMessageW
GetSystemMetrics
GetForegroundWindow
SetRectEmpty
GetClassInfoW

imm32

ImmDisableIME

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

wininet

InternetQueryOptionW
HttpQueryInfoA
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetReadFile
HttpAddRequestHeadersW
InternetOpenUrlW
HttpOpenRequestA
InternetWriteFile
InternetCrackUrlA
HttpEndRequestW
HttpSendRequestExW
InternetConnectA
HttpOpenRequestW

winmm

timeGetTime

advapi32

CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
RegCreateKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
GetLengthSid
OpenProcessToken
LookupAccountSidW
GetTokenInformation
RegCloseKey

shell32

ShellExecuteW
SHQueryUserNotificationState
SHGetFolderPathW
CommandLineToArgvW
SHGetKnownFolderPath

ole32

CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoTaskMemFree
PropVariantClear

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

winhttp

WinHttpConnect
WinHttpOpen
WinHttpWriteData
WinHttpReadData
WinHttpQueryOption
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpSendRequest

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 30KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9b183eb282ecf29214d03610230c04c2

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

imm32

version

psapi

wininet

winmm

advapi32

shell32

ole32

oleaut32

winhttp

Exports

Exports

Sections

.text Size: 812KB - Virtual size: 812KB

.rdata Size: 200KB - Virtual size: 200KB

.data Size: 30KB - Virtual size: 86KB

.rsrc Size: 105KB - Virtual size: 104KB

.reloc Size: 107KB - Virtual size: 108KB

.text
Size: 812KB - Virtual size: 812KB

.rdata
Size: 200KB - Virtual size: 200KB

.data
Size: 30KB - Virtual size: 86KB

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 107KB - Virtual size: 108KB