330e4e5dd65a855e4cb04d2ae7e8bab7

Sharing

Copy URL Twitter E-mail

General

Target

330e4e5dd65a855e4cb04d2ae7e8bab7
Size

139KB
MD5

330e4e5dd65a855e4cb04d2ae7e8bab7
SHA1

2e380fa8eb59265a5e0fb66e8e28aff6f9b6a4cd
SHA256

b26ffd083041f9da6d8c3892c38d1093548075e45b3675086adcb92fdb26970d
SHA512

2b8b907ed3215abd25322cab4cfbe2714bd96aa47740436e0e6752593fb58751007f735d0001f98c80b0e566a3476e1e7b0e12959e33ce21b7fadf072b0fc3b3
SSDEEP

1536:nGAoS8UzFffX8KnToIfhylvsDyKDF2ZDS:GAoFUJff8mTBfhylvUZDsE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
330e4e5dd65a855e4cb04d2ae7e8bab7

Files

330e4e5dd65a855e4cb04d2ae7e8bab7
.exe windows:4 windows x86 arch:x86

f1409d3c50f91cecf6160a35fdd1efc6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyHash

msvcrt

memcmp
memcpy
malloc
strstr
free
memset

user32

SetCursorPos
ReleaseDC
mouse_event
GetSystemMetrics
GetCursorPos
EnumDisplaySettingsA
GetWindowDC
keybd_event
BlockInput

kernel32

VirtualAlloc
lstrlenA
lstrcpyA
lstrcatA
WriteFile
WaitForSingleObject
VirtualFree
TerminateThread
TerminateProcess
Sleep
RtlZeroMemory
ReadFile
PeekNamedPipe
MultiByteToWideChar
HeapFree
HeapAlloc
GetSystemDirectoryA
GetStartupInfoA
GetProcessHeap
GetModuleFileNameA
GetLastError
GetFileSize
FormatMessageA
DeleteFileA
CloseHandle
CreateFileA
CreatePipe
CreateProcessA
CreateThread

gdi32

GetObjectA
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SetBrushOrgEx
SelectObject

winhttp

WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpOpen
WinHttpConnect
WinHttpCloseHandle
WinHttpOpenRequest

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

ws2_32

connect
getsockname
htons
inet_addr
inet_ntoa
recv
send
setsockopt
socket
closesocket
WSAStartup
gethostbyname

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f1409d3c50f91cecf6160a35fdd1efc6

Headers

File Characteristics

Imports

shlwapi

bcrypt

msvcrt

user32

kernel32

gdi32

winhttp

advapi32

ws2_32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 98KB - Virtual size: 98KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 98KB - Virtual size: 98KB