007d94cb47650460430e7aab97444261

Sharing

Copy URL

Twitter E-mail

General

Target

007d94cb47650460430e7aab97444261
Size

1.4MB
MD5

007d94cb47650460430e7aab97444261
SHA1

719168183460bcf12eb85d3f429e471864cee38e
SHA256

e34356125be82194c14159c62261fb0cbe305b55194d29a031aef08e72d32ed8
SHA512

5f2d1673cb7d7b4990edf4afb3628eaf07cd50ba56d107fdeab6bbfa337f09086dc3bbddc8c5e833ae39cb7858d8acd85adbb5c0c0e0f090ace475cca50669d4
SSDEEP

24576:5/2p4hfmuvoHSPqmmg+dVrTvTW3+tYnofX3nBspaPbOJlqejm4NT1VgpW2sfABhz:CMfm9EugiVrTvTW3+t3fXxsIKPq8fTs7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
007d94cb47650460430e7aab97444261

Files

007d94cb47650460430e7aab97444261
.exe windows:5 windows x86 arch:x86

831c564946229bd579b3626ccfa85027

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
CreateThread
GetFileAttributesW
FormatMessageW
GetFileAttributesExW
UnlockFileEx
LockFile
UnlockFile
InterlockedCompareExchange
UnmapViewOfFile
MapViewOfFile
GetFullPathNameW
AreFileApisANSI
DeleteFileW
LoadLibraryW
ExitThread
MultiByteToWideChar
GetPrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
SystemTimeToFileTime
GetLocalTime
GetTickCount
WritePrivateProfileStringA
WaitForSingleObject
CreateMutexA
ReleaseMutex
SetUnhandledExceptionFilter
GetCurrentThreadId
Sleep
GetLastError
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CreateFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
RtlUnwind
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
RaiseException
FormatMessageA
GetModuleHandleA
LocalAlloc
lstrlenA
LocalFree
BeginUpdateResourceA
HeapAlloc
GetProcessHeap
UpdateResourceA
HeapFree
EndUpdateResourceA
LoadLibraryA
EnumResourceNamesA
EnumResourceLanguagesA
FreeLibrary
LoadLibraryExA
GetUserDefaultUILanguage
GetTempPathA
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
MoveFileA
GetModuleFileNameA
GetCurrentDirectoryA
GetFullPathNameA
GetLongPathNameA
GetPrivateProfileSectionNamesA
CloseHandle
CreateProcessA
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
GetExitCodeProcess
Module32First
Module32Next
GetProcAddress
GetCurrentProcessId
VirtualQuery
GetCurrentThread
GetCurrentProcess
CreateEventA
WaitForSingleObjectEx
ResetEvent
SetEvent
FileTimeToSystemTime
GetTimeZoneInformation
CreateFileA
GetFileTime
FileTimeToLocalFileTime
GetFileSize
ReadFile
WriteFile
SetFilePointer
GetVersionExA
GetSystemInfo
GetWindowsDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
GlobalMemoryStatus
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapCreate
VirtualFree
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetStdHandle
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetCPInfo

user32

IsWindowEnabled
GetWindowThreadProcessId
FindWindowExA
GetClassNameA
EnumChildWindows
GetSystemMetrics
SystemParametersInfoA
GetShellWindow
FindWindowA
GetDesktopWindow
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CallWindowProcA
DefWindowProcA
ReleaseCapture
EnumWindows
CreatePopupMenu
DestroyMenu
AppendMenuA
TrackPopupMenu
WaitForInputIdle
LoadStringA
AdjustWindowRectEx
OffsetRect
SetClassLongA
IsIconic
GetDC
DrawIcon
ReleaseDC
GetMessagePos
PostMessageA
SendMessageA
DialogBoxParamA
ScreenToClient
ClientToScreen
SetWindowPos
SetTimer
CreateDialogParamA
EndDialog
GetDlgItem
SendMessageW
GetDlgCtrlID
ShowWindow
EnableWindow
SetForegroundWindow
UpdateWindow
GetSysColor
GetSysColorBrush
GetCursorPos
LoadCursorA
SetCursor
PostQuitMessage
LoadIconA
GetFocus
SetFocus
IsWindowVisible
MessageBoxExA
MessageBoxA
IsWindow
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
SetWindowLongA
DestroyWindow
LoadAcceleratorsA
SetDlgItemTextA
GetKeyboardState
InvalidateRgn
InvalidateRect
MoveWindow
GetClientRect
GetWindowRect
KillTimer
GetWindowLongA

shell32

Shell_NotifyIconA
ShellExecuteExA
SHGetSpecialFolderPathA

ole32

OleUninitialize
CoInitializeSecurity
CoCreateGuid
StringFromGUID2
OleInitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
VariantClear
VariantInit
SysStringLen
SysFreeString
SysAllocStringLen
VariantChangeType
SysAllocString
SafeArrayAccessData
SafeArrayCreateVector

psapi

GetModuleFileNameExA
EnumProcesses

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

userenv

ExpandEnvironmentStringsForUserA

wininet

InternetCloseHandle
InternetReadFileExA
InternetErrorDlg
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
InternetSetStatusCallback
InternetOpenA

shlwapi

UrlEscapeA
SHDeleteEmptyKeyA
PathRenameExtensionA
PathCombineA
PathStripPathA
PathRemoveFileSpecA
PathIsDirectoryEmptyA
PathFindExtensionA

urlmon

IsValidURL

advapi32

RevertToSelf
RegEnumValueA
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
LookupPrivilegeValueA
DuplicateTokenEx
ImpersonateLoggedOnUser
GetLengthSid
AdjustTokenPrivileges
RegOpenCurrentUser
RegOpenUserClassesRoot
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA

gdi32

SetBkColor

comdlg32

GetOpenFileNameA

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-fr
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-de
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-de
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-fr
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

831c564946229bd579b3626ccfa85027

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

shell32

ole32

oleaut32

psapi

version

userenv

wininet

shlwapi

urlmon

advapi32

gdi32

comdlg32

Sections

.text Size: 362KB - Virtual size: 361KB

.text-co Size: 17KB - Virtual size: 16KB

.text-co Size: 92KB - Virtual size: 92KB

.text-co Size: 50KB - Virtual size: 49KB

.text-co Size: 10KB - Virtual size: 10KB

.text-co Size: 19KB - Virtual size: 18KB

.text-co Size: 13KB - Virtual size: 13KB

.text-co Size: 40KB - Virtual size: 40KB

.text-fr Size: 36KB - Virtual size: 35KB

.text-co Size: 33KB - Virtual size: 33KB

.text-co Size: 64KB - Virtual size: 63KB

.text-co Size: 33KB - Virtual size: 33KB

.text-co Size: 11KB - Virtual size: 10KB

.text-co Size: 10KB - Virtual size: 10KB

.text-co Size: 25KB - Virtual size: 25KB

.text-ti Size: 41KB - Virtual size: 40KB

.text-co Size: 9KB - Virtual size: 9KB

.text-de Size: 80KB - Virtual size: 79KB

.rdata Size: 246KB - Virtual size: 246KB

.data Size: 16KB - Virtual size: 24KB

.data-de Size: 512B - Virtual size: 48B

.data-co Size: 512B - Virtual size: 140B

.data-co Size: 512B - Virtual size: 44B

.data-co Size: 512B - Virtual size: 48B

.data-co Size: 512B - Virtual size: 40B

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 68B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 44B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-fr Size: 512B - Virtual size: 48B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 24B

.rsrc Size: 365KB - Virtual size: 365KB

.text
Size: 362KB - Virtual size: 361KB

.text-co
Size: 17KB - Virtual size: 16KB

.text-co
Size: 92KB - Virtual size: 92KB

.text-co
Size: 50KB - Virtual size: 49KB

.text-co
Size: 10KB - Virtual size: 10KB

.text-co
Size: 19KB - Virtual size: 18KB

.text-co
Size: 13KB - Virtual size: 13KB

.text-co
Size: 40KB - Virtual size: 40KB

.text-fr
Size: 36KB - Virtual size: 35KB

.text-co
Size: 33KB - Virtual size: 33KB

.text-co
Size: 64KB - Virtual size: 63KB

.text-co
Size: 33KB - Virtual size: 33KB

.text-co
Size: 11KB - Virtual size: 10KB

.text-co
Size: 10KB - Virtual size: 10KB

.text-co
Size: 25KB - Virtual size: 25KB

.text-ti
Size: 41KB - Virtual size: 40KB

.text-co
Size: 9KB - Virtual size: 9KB

.text-de
Size: 80KB - Virtual size: 79KB

.rdata
Size: 246KB - Virtual size: 246KB

.data
Size: 16KB - Virtual size: 24KB

.data-de
Size: 512B - Virtual size: 48B

.data-co
Size: 512B - Virtual size: 140B

.data-co
Size: 512B - Virtual size: 44B

.data-co
Size: 512B - Virtual size: 48B

.data-co
Size: 512B - Virtual size: 40B

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 68B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 44B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-fr
Size: 512B - Virtual size: 48B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 24B

.rsrc
Size: 365KB - Virtual size: 365KB