364c6d8645d4d25c0b9c8e5c82644b9e

Sharing

Copy URL Twitter E-mail

General

Target

364c6d8645d4d25c0b9c8e5c82644b9e
Size

59KB
MD5

364c6d8645d4d25c0b9c8e5c82644b9e
SHA1

c8a303c04301145a7cae3f0520c77cefa2c9b7d1
SHA256

16bddcedc92ffd247c79ec23873f9d38b079fd954a8b02eb4e1d9f872066cb51
SHA512

f052069a9646d3db095a43d835ca21faa5a3fec2b1e528b0eaacda5e460b68b166f9e517990d60f648a87e0ca0324898f2c49beb1ee1985d43f74e266cb556f2
SSDEEP

1536:7nd3WeCbSYQrib6og0n3YxvJ6tGEnkq/rH:TcJWYf6sn3YZJ6tGEkqjH

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MultiMS/MultiMSGUI.exe
unpack001/MultiMS/MultiMSH.dll

Files

364c6d8645d4d25c0b9c8e5c82644b9e
.rar
MultiMS/MultiMSGUI.exe
.exe windows:5 windows x86 arch:x86

a2e8d8c9416981b28eaaeddf7d3a146b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
WriteProcessMemory
CreateThread
HeapSize
GetProcessHeap
VirtualAllocEx
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetProcAddress
CreateRemoteThread
VirtualFreeEx
CloseHandle
WaitForSingleObject
GetCurrentDirectoryA
TerminateProcess
CreateProcessA
Sleep
SetEndOfFile
OpenProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLastError
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetModuleHandleW
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
ReadFile
CreateFileA
SetStdHandle
FlushFileBuffers
LoadLibraryA

user32

DestroyWindow
CreateDialogParamA
PostQuitMessage
MessageBoxA
ShowWindow
GetDlgCtrlID
GetDlgItemInt
GetWindowTextLengthA
SendMessageA
SetDlgItemInt
GetDlgItem
SetWindowTextA
EnableWindow
GetDlgItemTextA
SetDlgItemTextA
DialogBoxParamA

gdi32

GetStockObject
SetTextColor

comdlg32

GetOpenFileNameA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

comctl32

ord17

psapi

GetModuleBaseNameA
EnumProcesses

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MultiMS/MultiMSH.dll
.dll windows:5 windows x86 arch:x86

663c122d807bce74aa5b05b8d2166069

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThread
CreateMutexA
ReleaseMutex
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
FlushInstructionCache
GetCurrentProcess
GetThreadContext
SetThreadContext
GetLastError
SuspendThread
SetLastError
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
HeapAlloc
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2e8d8c9416981b28eaaeddf7d3a146b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

comctl32

psapi

Sections

.text Size: 54KB - Virtual size: 53KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

663c122d807bce74aa5b05b8d2166069

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 5KB