477b0356e945dfaeb474631e7ca063ec

Sharing

Copy URL Twitter E-mail

General

Target

477b0356e945dfaeb474631e7ca063ec
Size

20.0MB
MD5

477b0356e945dfaeb474631e7ca063ec
SHA1

dc0189d56f0ae8e593ef088da336e016344f9df9
SHA256

3e1fa086b7f9e7cfb3e2c74d8b44c1ca515e4e7846675a915e4cfe5330205f76
SHA512

3aca4655eebfa4085b96063657e31558c07b1569fe073b3251f5775c324d77d11529894c1b94f46ba123b9b5177b2966350fe278e2d6aed584b2647a0a95a3ca
SSDEEP

393216:Omba6SJQRrlvkHdDMMKPtrsTZIlywFt9bo7piTsd7lE/crDq4UeRrZRZNf/ns:pCxqUIlywDBY4TsPqleRrZBHs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
477b0356e945dfaeb474631e7ca063ec

Files

477b0356e945dfaeb474631e7ca063ec
.exe windows:5 windows x86 arch:x86

ab7f0fe7d4053b05ad307f8e45e036ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileW

kernel32

WaitForSingleObject
MoveFileExW
MoveFileW
LocalFree
GetCurrentThreadId
DeleteCriticalSection
RaiseException
HeapAlloc
GetProcessHeap
HeapFree
CreateEventA
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
InitializeCriticalSection
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
FlushInstructionCache
GetCurrentProcess
GetVersionExW
CreateDirectoryW
WideCharToMultiByte
SetEvent
CreateEventW
TerminateThread
GetExitCodeThread
SetEndOfFile
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
SetFilePointer
ReadFile
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
ExitProcess
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
CreateThread
ExitThread
TerminateProcess
GetExitCodeProcess
GetStartupInfoW
CreateProcessW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GetModuleHandleW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
WriteFile
GetLastError
CreateFileW
CloseHandle
DeleteFileW
GetTickCount
lstrlenW
SetLastError
MulDiv
CreateFileA
GetFileAttributesExW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
Sleep
InterlockedExchange
ResumeThread
HeapSize
TlsSetValue
ResetEvent
OpenEventA
GetCurrentProcessId
TlsGetValue
TlsFree
TlsAlloc
GetSystemTimeAsFileTime
FormatMessageA
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
LoadLibraryW
FormatMessageW
GetACP
GetFileAttributesW
lstrlenA
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc

user32

GetWindowTextLengthW
MoveWindow
UnregisterClassA
wsprintfW
SetCursor
LoadCursorW
MapWindowPoints
GetDesktopWindow
GetCursorPos
DrawTextW
SendMessageW
GetClientRect
GetWindowTextW
GetParent
PtInRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
GetWindowLongW
EndDialog
SetWindowTextW
SetTimer
GetDlgItem
SetWindowPos
GetMonitorInfoW
GetDC
GetActiveWindow
MonitorFromWindow
GetWindowRect
GetWindow
MessageBoxW
DestroyWindow
CharNextW
LoadImageW
EndPaint
BeginPaint
PostThreadMessageW
IsDialogMessageW
DialogBoxParamW
ScreenToClient
IsWindow
KillTimer
CreateWindowExW
IsWindowVisible
ShowWindow
GetSystemMetrics

gdi32

DeleteObject
CreateCompatibleBitmap
SetViewportOrgEx
CreateCompatibleDC
BitBlt
SetTextColor
SelectObject
DeleteDC
GetDeviceCaps
CreateFontIndirectW
GetObjectW
SetBkMode

advapi32

RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW

shell32

SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr

shlwapi

PathIsURLW

comctl32

InitCommonControlsEx

gdiplus

GdipLoadImageFromStream
GdipDeleteGraphics
GdipDrawImageRectI
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipLoadImageFromFile
GdipCreateFromHDC
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCloneImage

wininet

InternetSetOptionW
InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetReadFile

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 431KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34.3MB - Virtual size: 34.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab7f0fe7d4053b05ad307f8e45e036ed

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wininet

version

Sections

.text Size: 431KB - Virtual size: 430KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 14KB - Virtual size: 24KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 34.3MB - Virtual size: 34.3MB

.reloc Size: 112KB - Virtual size: 111KB

.text
Size: 431KB - Virtual size: 430KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 14KB - Virtual size: 24KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 34.3MB - Virtual size: 34.3MB

.reloc
Size: 112KB - Virtual size: 111KB