5794cea1849919030a9bcfec01524300

Sharing

Copy URL Twitter E-mail

General

Target

5794cea1849919030a9bcfec01524300
Size

680KB
MD5

5794cea1849919030a9bcfec01524300
SHA1

0818795d8292cf75eb60be609c36336564fe3fea
SHA256

e6e7522ce5b57f56d9d6df683294d6e940a20c52a7a3ef4f79e56bfc22349d9a
SHA512

993a18e644b34d82836cb130593d2fe88400e8dba7b69f5f174c53cd27d09fac383894fb50b6695976eb060d58a4211e021f41f8fc441bc07d6b63d814871cc5
SSDEEP

12288:6oBbV3U5Ubz99N6B698oTal9hJdGwvcEemx+N7VzFBNG2tTx+gyq6y7GLnRBr3ch:6Kmx0N7VggTkgyqYP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5794cea1849919030a9bcfec01524300

Files

5794cea1849919030a9bcfec01524300
.exe windows:4 windows x86 arch:x86

e2e7e18cf3ba4227c8e7161330335e2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenUrlA
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA
InternetReadFile
InternetSetFilePointer
InternetOpenA

ws2_32

WSACloseEvent
WSARecvFrom
WSAResetEvent
inet_addr
gethostbyname
inet_ntoa
shutdown
closesocket
WSACreateEvent
WSASocketA
setsockopt
WSAGetLastError
WSASendTo
WSASetEvent
WSAWaitForMultipleEvents

kernel32

lstrlenA
Sleep
CloseHandle
GetCurrentThreadId
CreateThread
SetEvent
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
LockResource
LoadResource
FindResourceA
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpA
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
GetModuleFileNameA
EnterCriticalSection
ReadFile
GetFileSize
CreateFileA
WriteFile
CreateDirectoryA
GetSystemTime
GetCurrentProcessId
OutputDebugStringA
SetFilePointer
GetTickCount
CreateEventA
WaitForMultipleObjectsEx
TerminateThread
WaitForSingleObject
GlobalFree
GlobalHandle
ResetEvent
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
ResumeThread
FreeResource
SizeofResource
SetFileAttributesA
DeleteFileA
OpenEventA
FindClose
FindNextFileA
GetFileAttributesA
RemoveDirectoryA
FindFirstFileA
CreateProcessA
SetEndOfFile
GetDriveTypeA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
CopyFileA
GetCommandLineA
GetModuleHandleA
FreeLibrary
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
lstrcpynW
GetTempFileNameA
GetTempPathA
LocalFree
lstrcpyA
GetProcAddress
LoadLibraryA
FlushFileBuffers
SetErrorMode
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
lstrcmpiA
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
ExitProcess
GetSystemTimeAsFileTime
ExitThread
GetStartupInfoA
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
QueryPerformanceCounter
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LCMapStringA
RtlUnwind
LCMapStringW
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
DebugBreak
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
FindResourceExA

user32

GetForegroundWindow
MessageBoxA
DispatchMessageA
EnableWindow
PostThreadMessageA
TranslateAcceleratorA
GetWindowTextLengthA
GetWindowTextA
GetClassInfoExA
wsprintfA
RegisterClassExA
CreateAcceleratorTableA
CharNextA
GetClassNameA
RedrawWindow
SetFocus
GetFocus
IsChild
InvalidateRgn
FillRect
SetCapture
ReleaseCapture
GetDesktopWindow
DestroyAcceleratorTable
CreateWindowExA
MapDialogRect
SetWindowContextHelpId
RegisterWindowMessageA
LoadStringA
MonitorFromPoint
ReleaseDC
GetDC
DrawFocusRect
SetCursor
InvalidateRect
GetWindowThreadProcessId
AttachThreadInput
SetWindowRgn
LoadCursorA
GetSysColor
DefWindowProcA
PostMessageA
PtInRect
LoadIconA
PostQuitMessage
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SendDlgItemMessageA
GetMonitorInfoA
TrackPopupMenuEx
CreatePopupMenu
GetMenuItemCount
AppendMenuA
DestroyMenu
MessageBeep
LoadStringW
SetMenuDefaultItem
GetMenuItemInfoA
SetMenuItemInfoA
LoadMenuA
LoadAcceleratorsA
LoadImageA
GetWindowDC
ValidateRect
DrawTextA
GetActiveWindow
DialogBoxIndirectParamA
IsDialogMessageA
SetForegroundWindow
KillTimer
MoveWindow
SetTimer
EndDialog
CreateDialogIndirectParamA
CallWindowProcA
RemoveMenu
IsWindowEnabled
ShowWindow
ScreenToClient
SetWindowPos
SetWindowTextA
GetWindowLongA
SetWindowLongA
DestroyWindow
BeginPaint
EndPaint
PeekMessageA
GetMessageA
LoadBitmapA
TranslateMessage
IsWindow
SendMessageA
UnregisterClassA
GetDlgItem

gdi32

SetBkMode
CreatePen
MoveToEx
LineTo
CombineRgn
CreateRectRgn
GetClipRgn
SelectClipRgn
SetBkColor
SetTextColor
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetStockObject
GetObjectA
GetDeviceCaps
GetDIBits
CreateFontA
DeleteDC
DeleteObject

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SafeArrayLock
VarUI4FromStr
SysAllocStringByteLen
DispCallFunc
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
SysFreeString
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
OleLoadPicture
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysAllocString
SysStringLen
SysAllocStringLen

shlwapi

PathFileExistsA

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_DrawEx
ImageList_Add
ImageList_Create
ImageList_GetIconSize
ImageList_Draw
ImageList_AddMasked
InitCommonControlsEx

msimg32

TransparentBlt

setupapi

SetupInstallFileA

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2e7e18cf3ba4227c8e7161330335e2b

Headers

File Characteristics

Imports

wininet

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

setupapi

Sections

.text Size: 300KB - Virtual size: 298KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 292KB - Virtual size: 290KB

.text
Size: 300KB - Virtual size: 298KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 292KB - Virtual size: 290KB