117e6be54196a5cd175f3778236fcb42

Sharing

Copy URL Twitter E-mail

General

Target

117e6be54196a5cd175f3778236fcb42
Size

328KB
MD5

117e6be54196a5cd175f3778236fcb42
SHA1

e51ee3ed1c3bef929adcdc9b163cb9b2061a320e
SHA256

f014b568665d355439fe85d7394c332a2768e2ebf405a655001dfc774abd04ef
SHA512

c0c073fda8e88ebee23145a409b49cd159d6c6c3007d4ecc07af8cb073b39eac5df97b502205b164e85cd8a9b5f51e12ee7d623d4a0b374b632f762e762bbd01
SSDEEP

6144:DeinRGoJi9bJADXLAtBBBuyDZmmEKOARrKRIaaqwRCG:bQ7ArLW+KOARGRIaaZRCG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
117e6be54196a5cd175f3778236fcb42

Files

117e6be54196a5cd175f3778236fcb42
.exe windows:4 windows x86 arch:x86

642dcc5678b0672127dc3333a42d5dc3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceExA
LoadLibraryExW
MoveFileW
LocalReAlloc
CreatePipe
CreateWaitableTimerA
VirtualProtect
OutputDebugStringA
GetPrivateProfileStringW
GetVolumeInformationW
VirtualAlloc
SetProcessWorkingSetSize
lstrcpynA
FormatMessageA
ClearCommBreak
GetSystemDefaultLangID
SetEndOfFile
SwitchToFiber
GetCurrentDirectoryW
GetTapeStatus
SetConsoleMode
GetBinaryTypeW
SetCommTimeouts
SetCommMask
IsBadWritePtr
OpenFile
SetThreadPriorityBoost
GlobalFindAtomW
_hread
VirtualLock
FindCloseChangeNotification
ReleaseMutex
GetLocaleInfoW
EnumSystemCodePagesA
lstrcmpiW
EnumCalendarInfoA
QueryDosDeviceW
FlushConsoleInputBuffer
OpenMutexA
PeekConsoleInputW
SetEnvironmentVariableW
SetVolumeLabelA
LocalAlloc
CreateMutexA
WritePrivateProfileStructA
WriteFile
LocalLock
GetCurrentProcess
CreateDirectoryW
TlsGetValue
GlobalUnlock
MultiByteToWideChar
DuplicateHandle
GetCommConfig
VirtualAllocEx
LeaveCriticalSection
SystemTimeToFileTime
FreeLibraryAndExitThread
OpenSemaphoreW
GetSystemDirectoryW
ExitProcess
lstrcpyA
_lopen
MoveFileExA
GetCommandLineW
_lclose
GetStringTypeExW

user32

LoadStringA
PostMessageA
InflateRect
GetDlgCtrlID
GetKeyboardLayout
SetCursor
SendNotifyMessageA
SetDlgItemTextW
GetMenuItemCount
GetMenuCheckMarkDimensions
SetWindowRgn
GetKeyboardState
IsClipboardFormatAvailable
SendNotifyMessageW
DestroyIcon
CloseDesktop
GetInputState
DestroyAcceleratorTable
SetCaretPos
GetUserObjectSecurity
GetMenuDefaultItem
GetClientRect
IsWindowEnabled
InvertRect
PeekMessageA
DestroyMenu
InvalidateRgn
CreateMenu
SetUserObjectInformationW
EqualRect
MonitorFromRect
GetScrollInfo
keybd_event
MessageBoxIndirectW
wsprintfA
CloseClipboard
CopyAcceleratorTableW
RegisterClassExW
CopyAcceleratorTableA
ClientToScreen
FindWindowW
DeferWindowPos
SetWindowWord
RemoveMenu
SetForegroundWindow
LoadBitmapW
CloseWindow

gdi32

ResizePalette
GetCharWidth32W
GetTextExtentPoint32W
StartDocA
OffsetWindowOrgEx
GetTextCharacterExtra

comdlg32

FindTextA
PrintDlgW

advapi32

ReportEventA
OpenSCManagerA
ObjectCloseAuditAlarmA
RegUnLoadKeyA
AddAce
OpenProcessToken
StartServiceW
SetPrivateObjectSecurity
RegSetValueExA
MakeAbsoluteSD
AbortSystemShutdownW
GetSecurityDescriptorSacl
CreatePrivateObjectSecurity
ObjectCloseAuditAlarmW
CryptDestroyKey
CryptGenRandom
LookupPrivilegeNameA
GetPrivateObjectSecurity
QueryServiceConfigW
StartServiceA
RegFlushKey
GetUserNameA
RegCloseKey
EnumDependentServicesW
RegLoadKeyA
InitiateSystemShutdownA
CryptGetUserKey
LookupPrivilegeDisplayNameA
CreateProcessAsUserA
RegisterServiceCtrlHandlerA
LookupPrivilegeValueA
RegSetValueA
IsValidSid
MapGenericMask
RegDeleteKeyA
EqualSid

shell32

SHChangeNotify
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHFileOperationA
SHFileOperationW
SHAddToRecentDocs
Shell_NotifyIconW

ole32

CoGetTreatAsClass
CreateStreamOnHGlobal
CoInitializeEx
CoRegisterClassObject
ProgIDFromCLSID
CoGetObject
OleCreateFromData
CoResumeClassObjects

oleaut32

LoadTypeLi
SafeArrayUnaccessData
VariantChangeType
SafeArrayPutElement
SafeArrayRedim
LoadTypeLibEx
VariantCopy
SafeArrayCreate
SetErrorInfo
SafeArrayGetElement
SysAllocStringLen
SysFreeString

shlwapi

SHRegGetBoolUSValueW
StrToIntExW
UrlCreateFromPathW
StrTrimA
SHSetValueW
PathIsRootW
StrChrIA
SHDeleteValueW
PathIsNetworkPathW
SHDeleteKeyA

msvcrt

_dup2
getc
putchar
_c_exit
_getdcwd
_execlp
_umask
iswspace
_getdrive
isdigit
_eof
_mbscmp
_popen
_mbsrchr
strncpy
_wsystem
isleadbyte
towupper
_wspawnvp
bsearch
_fcvt
_locking
_ismbcspace
_strcmpi
_wsetlocale
_i64tow
_chmod
_errno
_wgetcwd
rand
ungetc
strncat
_strnicoll
_ui64tow
_strdup
difftime
sscanf
_wstrdate
time

Sections

.text
Size: 11KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

642dcc5678b0672127dc3333a42d5dc3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcrt

Sections

.text Size: 11KB - Virtual size: 227KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 292KB - Virtual size: 291KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 11KB - Virtual size: 227KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 292KB - Virtual size: 291KB

.rsrc
Size: 16KB - Virtual size: 16KB