300751be7115ecae1b8fdfd6ecf2d845

Sharing

Copy URL Twitter E-mail

General

Target

300751be7115ecae1b8fdfd6ecf2d845
Size

1.7MB
MD5

300751be7115ecae1b8fdfd6ecf2d845
SHA1

cfe74c9b7b8ca73dac7bbbb518343de030aafdaa
SHA256

d9d9f756c57aa7db24908b7aa3459358dd12ea7c227f1b7b7e06af51aabd6cf7
SHA512

8abd7018b8c1fbc8503d3c025c1b0f74eb9b58704ddd1f84a472b3da2c6021607a838c6432b45641925070d7de5b74654b3822601111418ce2fbf33dc347fbff
SSDEEP

49152:uPOY0FqP5MmPiGDbP2h8PytR9PzS55OP3+tPBetlnl:Mqo5MEBTq2GRBW5s3KKpl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
300751be7115ecae1b8fdfd6ecf2d845

Files

300751be7115ecae1b8fdfd6ecf2d845
.exe windows:5 windows x86 arch:x86

4e95cfeaeb9c79b8b9daae36fa5ddebb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msacm32

acmMetrics

msvcrt

memset
_except_handler3
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

comctl32

_TrackMouseEvent
InitCommonControlsEx

kernel32

GetProcessHeap
GetStartupInfoW
GetSystemTime
GetSystemTimeAsFileTime
GetThreadLocale
GetTickCount
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
GetProcAddress
InterlockedCompareExchange
InterlockedExchange
IsBadReadPtr
IsBadWritePtr
LeaveCriticalSection
LoadLibraryW
LoadResource
LocalFree
LockResource
lstrcpyW
lstrlenA
lstrlenW
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
RemoveDirectoryW
SetFileAttributesW
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TerminateThread
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileStringA
WritePrivateProfileStringW
LoadLibraryA
GetCommandLineA
GetModuleHandleA
GetStartupInfoA
GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntW
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetLogicalDrives
GetLocalTime
GetLocaleInfoA
GetLastError
GetFileAttributesW
GetDriveTypeW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCommandLineW
GetACP
FreeLibrary
FlushFileBuffers
FindResourceW
FindResourceExW
FindNextFileW
FindFirstFileW
FindClose
EnterCriticalSection
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateProcessA
CreateMutexW
CreateFileW
CreateFileA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
ExitProcess
GetOEMCP
InitializeCriticalSection

user32

LoadBitmapW
KillTimer
IsWindowVisible
IsWindow
IsIconic
InvalidateRect
InflateRect
GrayStringW
GetWindowTextW
GetWindowRect
GetSystemMetrics
LoadCursorW
GetSysColor
GetParent
GetIconInfo
PeekMessageW
GetCursorPos
GetClientRect
GetAsyncKeyState
FrameRect
FillRect
ExitWindowsEx
EnableWindow
GetSystemMenu
MessageBeep
MessageBoxW
DrawTextW
DrawTextExW
DrawStateW
DrawIconEx
DispatchMessageW
DestroyCursor
CopyIcon
GetWindowLongW
PostMessageW
PtInRect
RedrawWindow
ReleaseDC
SendMessageW
GetDesktopWindow
wsprintfW
WindowFromPoint
UpdateWindow
UnregisterClassA
TranslateMessage
TabbedTextOutW
SystemParametersInfoW
SetWindowRgn
SetWindowLongW
SetTimer
SetForegroundWindow
LoadIconW
GetDC
SetCursor

gdi32

CreatePolygonRgn
DeleteDC
DeleteObject
Escape
ExtTextOutW
FillRgn
FrameRgn
GetCurrentObject
GetDeviceCaps
GetObjectW
GetStockObject
GetTextExtentPoint32W
GetTextMetricsW
CreateRoundRectRgn
MoveToEx
PtVisible
RectVisible
SelectObject
SetBkColor
SetBkMode
SetTextColor
SetTextJustification
StretchBlt
CreatePen
CreateFontW
CreateFontIndirectW
CreateCompatibleDC
CreateRectRgnIndirect
LineTo
CreateRectRgn
CreateSolidBrush
CreateCompatibleBitmap

winspool.drv

EnumPrintersW
OpenPrinterW
DocumentPropertiesW

advapi32

RegUnLoadKeyW
RegSetValueExW
RegSetKeySecurity
RegQueryValueW
RegQueryValueExW
RegQueryMultipleValuesA
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyA
RegLoadKeyW
RegGetKeySecurity
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenThreadToken
LookupPrivilegeValueW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
RegQueryValueExA
OpenProcessToken

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoTaskMemFree
CoUninitialize

shlwapi

PathFileExistsW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.acdata0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e95cfeaeb9c79b8b9daae36fa5ddebb

Headers

File Characteristics

Imports

msacm32

msvcrt

comctl32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 12.1MB

.tls Size: 4KB - Virtual size: 12B

.data1 Size: 4KB - Virtual size: 648B

.acdata0 Size: 8KB - Virtual size: 4KB

.rsrc Size: 104KB - Virtual size: 101KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 12.1MB

.tls
Size: 4KB - Virtual size: 12B

.data1
Size: 4KB - Virtual size: 648B

.acdata0
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 104KB - Virtual size: 101KB