33b2b639df7136bbd0f49104eaa056d4

Sharing

Copy URL

Twitter E-mail

General

Target

33b2b639df7136bbd0f49104eaa056d4
Size

140KB
MD5

33b2b639df7136bbd0f49104eaa056d4
SHA1

565d0e5653df6dabbbba805600ef97026c9d4c2a
SHA256

8955fd480c5dc49df33f921a0dca92032a8f7661ac04590b2a6641cd4d54d999
SHA512

805ccef3fa71b8a9d13503f6d0c7e4f4f1c52ee0d90c2d84cffc4a454760d82ffd60260bddf59101a11f5d15808fa82fd226576024cb70debf4b4bee46772b89
SSDEEP

3072:DgVZ5bfhMSLrwJvNR/kuRjfJACYfsG+qeL0WT7B43foo1Oe7hu:DoZLpLUJLRjRTGgVT7B43KWhu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33b2b639df7136bbd0f49104eaa056d4

Files

33b2b639df7136bbd0f49104eaa056d4
.exe windows:5 windows x86 arch:x86

cc1c8e87ca79bdf902cbaeda84aac151

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
WriteFile
CreateMutexW
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
VirtualProtect
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
GetThreadContext
SetThreadContext
GetProcessId
GetModuleHandleW
GetCurrentThreadId
LoadLibraryA
SetLastError
ReleaseMutex
CreateThread
GetSystemTime
GetLocalTime
GetNativeSystemInfo
WriteProcessMemory
GetCurrentProcessId
ExpandEnvironmentStringsW
LocalFree
DuplicateHandle
OpenEventW
GetFileAttributesExW
GetVersionExW
VirtualFree
GetComputerNameW
SetErrorMode
GetCommandLineW
ResetEvent
SetThreadPriority
TerminateProcess
TlsSetValue
GetCurrentThread
TlsGetValue
Thread32Next
FlushFileBuffers
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
OpenProcess
CreateRemoteThread
EnterCriticalSection
GlobalUnlock
LeaveCriticalSection
InitializeCriticalSection
GlobalLock
WaitForMultipleObjects
CreateEventW
SetFileAttributesW
CloseHandle
WTSGetActiveConsoleSessionId
GetProcAddress
lstrcmpiA
CreateFileW
LoadLibraryW
SetEvent
CreateDirectoryW
FreeLibrary
ExitProcess
GetUserDefaultUILanguage
lstrcmpiW
GetModuleFileNameW
GetFileAttributesW
Sleep
GetTickCount
WaitForSingleObject
HeapCreate
MoveFileExW

user32

SetCapture
DefDlgProcW
DefFrameProcA
OpenInputDesktop
GetCapture
RegisterClassExW
SetCursorPos
PeekMessageW
PeekMessageA
DefWindowProcA
GetCursorPos
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
ReleaseCapture
RegisterClassW
RegisterClassExA
CallWindowProcW
GetMessagePos
DefFrameProcW
RegisterClassA
ExitWindowsEx
EndPaint
GetUpdateRgn
GetClassNameW
GetWindowDC
FillRect
GetWindowInfo
DrawEdge
BeginPaint
GetMessageA
GetSystemMetrics
GetWindowThreadProcessId
SystemParametersInfoW
CharLowerBuffA
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharLowerA
CharUpperW
SetWindowLongW
GetWindow
DispatchMessageW
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
MenuItemFromPoint
GetMenu
GetMenuItemRect
GetMenuState
GetMenuItemCount
IsWindow
HiliteMenuItem
TrackPopupMenuEx
CallWindowProcA
EndMenu
GetShellWindow
CharLowerW
MapWindowPoints
CharToOemW
PostMessageW
GetIconInfo
GetWindowRect
GetParent
GetClassLongW
GetUpdateRect
GetDC
IntersectRect
GetDCEx
ReleaseDC
PostThreadMessageW
EqualRect
PrintWindow
SendMessageW
DefWindowProcW
IsRectEmpty
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
GetWindowLongW
GetAncestor
SetWindowPos
SendMessageTimeoutW
GetMessageW
MapVirtualKeyW
ToUnicode
GetClipboardData
GetKeyboardState
TranslateMessage
OpenWindowStationW
GetUserObjectInformationW
SetThreadDesktop
CloseDesktop
DrawIcon

advapi32

EqualSid
GetLengthSid
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
IsWellKnownSid
InitiateSystemShutdownExW
ConvertSidToStringSidW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
AllocateAndInitializeSid
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
GetSecurityDescriptorSacl
CheckTokenMembership
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData

shlwapi

StrStrIA
PathRenameExtensionW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathQuoteSpacesW
PathIsURLW
PathRemoveBackslashW
StrStrIW
StrCmpNIW
PathRemoveFileSpecW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

gdi32

GetDeviceCaps
CreateCompatibleBitmap
CreateDIBSection
SetViewportOrgEx
DeleteDC
GdiFlush
DeleteObject
SelectObject
SetRectRgn
CreateCompatibleDC
GetDIBits
RestoreDC
SaveDC

ws2_32

WSASend
getpeername
WSAGetLastError
listen
WSASetLastError
freeaddrinfo
socket
bind
recvfrom
sendto
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
select
shutdown
setsockopt
closesocket
send
WSAEventSelect
getsockname
accept
recv

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
PFXImportCertStore
CryptUnprotectData
PFXExportCertStoreEx

wininet

HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetQueryOptionA
InternetSetOptionA
InternetQueryOptionW
InternetOpenA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
HttpSendRequestA
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpQueryInfoA
HttpSendRequestExA
InternetCloseHandle

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc1c8e87ca79bdf902cbaeda84aac151

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 132KB - Virtual size: 131KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 132KB - Virtual size: 131KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 6KB - Virtual size: 5KB