00ff94a9770d4eb7995d26f975eea881

Sharing

Copy URL Twitter E-mail

General

Target

00ff94a9770d4eb7995d26f975eea881
Size

84KB
MD5

00ff94a9770d4eb7995d26f975eea881
SHA1

582514fc4d83205be9574f62b788e83a1f5a9a94
SHA256

73f4bc2127649cfe6d161abce741886f14498289a385aa8b34c8372ac4a5fc75
SHA512

acc1373b73f741b34c34cfd54ee4c2416508ac14f386690f94e0cde0c54c6b04f9893a5e7ce367073754a16e4428d43104ca7a139df5828fb1152d9936e3cdc6
SSDEEP

1536:7HfGFo0l3cot5mExoCf4cfDTBjpi1veAV+QzRTB0Y8KsRBxk/b1gJk/:783cCf42TBYveAV+QzMYHlb1gJk/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00ff94a9770d4eb7995d26f975eea881

Files

00ff94a9770d4eb7995d26f975eea881
.exe windows:4 windows x86 arch:x86

70970381cd687658f92d45347d6cdea6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetOptionA
InternetOpenUrlA
InternetGetConnectedState
InternetOpenA
InternetReadFile
InternetCloseHandle

shlwapi

SHSetValueA
SHDeleteValueA
StrRChrA
StrToIntA
SHDeleteKeyA
SHGetValueA

sensapi

IsDestinationReachableA

shell32

ShellExecuteA

kernel32

ResetEvent
GetVersionExA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetShortPathNameA
GetWindowsDirectoryA
MoveFileExA
DeleteFileA
CreateThread
FindFirstChangeNotificationA
WaitForSingleObject
FindNextChangeNotification
WaitForMultipleObjects
InterlockedIncrement
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
WideCharToMultiByte
DebugBreak
InterlockedDecrement
lstrlenA
GetStartupInfoA
MoveFileA
GetSystemDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
CloseHandle
CreateEventA
lstrcpynA
CopyFileA
GetLocaleInfoA
GetVolumeInformationA
lstrcatA
CreateProcessA
GetCurrentProcessId
GetModuleHandleA
OpenProcess
GetCommandLineA
OpenMutexA
Sleep
SetEvent
ReleaseMutex
GetLastError
CreateMutexA
lstrcmpiA
GetCurrentThreadId
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
lstrcmpA
FlushInstructionCache
GetCurrentProcess
LocalFree
MultiByteToWideChar
OutputDebugStringA
lstrcpyA

user32

LoadStringA
wsprintfA
wvsprintfA
PostQuitMessage
PostThreadMessageA
CharNextA
GetDlgItem
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
DefWindowProcA
GetDesktopWindow
GetParent
GetClassNameA
RedrawWindow
IsWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
EndPaint
GetDC
ReleaseDC
GetFocus
IsChild
GetWindowTextLengthA
CallWindowProcA
GetWindowLongA
SetWindowLongA
GetWindowTextA
SetWindowTextA
GetClassInfoExA
GetWindow
RegisterWindowMessageA
SetFocus
SendMessageA
DestroyWindow
DispatchMessageA
GetMessageA
TranslateMessage
RegisterClassExA
CreateWindowExA
LoadCursorA
GetSysColor
CreateAcceleratorTableA

olepro32

ord253

advapi32

RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegSetValueExA
RegCreateKeyA
RegCreateKeyExA

ole32

OleUninitialize
CoCreateGuid
CLSIDFromProgID
CoTaskMemFree
CLSIDFromString
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
CoCreateInstance
CoInitialize
OleInitialize
CreateStreamOnHGlobal
StringFromGUID2

oleaut32

VariantInit
SysAllocString
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantClear

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
GetDeviceCaps
DeleteObject
GetStockObject
CreateSolidBrush
GetObjectA
SelectObject
BitBlt

urlmon

CreateURLMoniker
URLDownloadToFileA

msvcrt

_ltoa
_strcmpi
?terminate@@YAXXZ
_acmdln
exit
memcmp
free
_CxxThrowException
_mbschr
_ftol
_mbsrchr
difftime
_mbsstr
mktime
_mbscmp
_stat
strncpy
time
localtime
gmtime
atol
_except_handler3
strftime
sscanf
_mbsicmp
strcpy
atoi
_ismbcdigit
wcslen
fgets
fopen
fprintf
fclose
_access
_purecall
memmove
_ismbcspace
__CxxFrameHandler
strchr
strlen
??2@YAPAXI@Z
memset
memcpy
??1type_info@@UAE@XZ
_controlfp
_exit
_onexit
__dllonexit
__getmainargs
_initterm
__setusermatherr
__set_app_type
_XcptFilter
__p__commode
_adjust_fdiv
__p__fmode

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70970381cd687658f92d45347d6cdea6

Headers

File Characteristics

Imports

wininet

shlwapi

sensapi

shell32

kernel32

user32

olepro32

advapi32

ole32

oleaut32

gdi32

urlmon

msvcrt

version

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 896B

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 896B