033794c19451444035cc934713fdf949

Sharing

Copy URL

Twitter E-mail

General

Target

033794c19451444035cc934713fdf949
Size

508KB
MD5

033794c19451444035cc934713fdf949
SHA1

242139246a3d13c4b2869198f24da8acff18c890
SHA256

0070d50c75ad75c7d2f2e1e5873337be76167711d0bd83a0f672ec0bdea4f95f
SHA512

af0d80c16e2401cf202a42757369e72ae56b2edce237a7de501f39d5362b189d9f3e4205df1b570f50a22f4036739d5e5bc08102863a08e06bcf56025ae9c43b
SSDEEP

12288:oms4EZCLkVACBFUWTK6F2EB0NxDIBuOFe7/uT:i4EZ8kVPBxTK6F2DtIoOFdT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
033794c19451444035cc934713fdf949

Files

033794c19451444035cc934713fdf949
.exe windows:4 windows x86 arch:x86

86d156d8f1b80f20300196e2ab65c3ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
FlushInstructionCache
WideCharToMultiByte
GetModuleHandleW
GetCommandLineW
lstrcmpiW
LoadLibraryExW
FreeLibrary
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
IsValidCodePage
LeaveCriticalSection
HeapCreate
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
GetStartupInfoA
GetStdHandle
SetHandleCount
ReadFile
GetCurrentDirectoryA
GetFullPathNameW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CreateFileA
GetFileType
ExitProcess
GetModuleHandleA
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
EnterCriticalSection
SetLastError
GetCurrentThreadId
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
RaiseException
GetModuleFileNameW
lstrlenW
CreateThread
lstrcpyW
WaitForSingleObject
UnmapViewOfFile
GetFileSize
MapViewOfFile
CloseHandle
CreateFileMappingW
GetLastError
GetOEMCP
CreateFileW
LCMapStringA
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FindFirstFileW
GetDriveTypeW
FileTimeToLocalFileTime
GetDriveTypeA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
SetEndOfFile
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
Sleep
FindClose
FileTimeToSystemTime

user32

CreateDialogParamW
GetMessageW
CharNextW
DestroyWindow
MessageBoxW
PostQuitMessage
IsWindowVisible
wsprintfA
GetWindowLongW
DefWindowProcW
SendMessageW
BeginPaint
GetWindowTextW
LoadCursorW
UnregisterClassA
GetActiveWindow
GetWindowRect
GetCursorPos
GetDlgCtrlID
DialogBoxParamW
PostMessageW
ScreenToClient
ShowWindow
DrawIcon
SetForegroundWindow
LoadBitmapW
LoadStringW
CallWindowProcW
EndPaint
EndDialog
SetWindowLongW
GetDlgItem
EnableWindow
SetDlgItemTextW
wsprintfW
PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
SetCursor

gdi32

DeleteObject
SetBkMode
CreateSolidBrush
SelectObject
SetTextColor
CreateFontW
DeleteDC
BitBlt
CreateBitmap
SetBkColor
CreateCompatibleDC
TextOutW

advapi32

RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW

shell32

SHGetFileInfoW
ShellExecuteW
CommandLineToArgvW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathFindFileNameW

ws2_32

htons
inet_addr
gethostbyname
connect
WSAAsyncSelect
socket
WSACleanup
closesocket
WSAStartup
WSAGetLastError
send

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tc
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

86d156d8f1b80f20300196e2ab65c3ea

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 12KB - Virtual size: 9KB

.tc Size: 244KB - Virtual size: 244KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 12KB - Virtual size: 9KB

.tc
Size: 244KB - Virtual size: 244KB