649921df854c769f58660c8218d3987c

Sharing

Copy URL

Twitter E-mail

General

Target

649921df854c769f58660c8218d3987c
Size

5.5MB
MD5

649921df854c769f58660c8218d3987c
SHA1

7b009e1596cabf8e1661a0f6727de17965b0ea53
SHA256

43178daf1753ac847f5e3e6bd825edabd75c1e09d50a7478ee169c5343561d85
SHA512

0d376fe97ea1ebca108f0bf0d83aeea7328c25ccacf74a7b71c86f09043035905aafae6cf72c88f8fbdc1442153c0b2cfc4fbcdc6ab3fc1934fa6302df38a8d3
SSDEEP

98304:AgylX0QjLrpPhOiae6VN4EfLtigD/Wm3rO1nynNGTZ4UPMyj1TU3oq4:Ajb1j5sZJigD+m3r8oNGTZ4sTU3oq4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
649921df854c769f58660c8218d3987c

Files

649921df854c769f58660c8218d3987c
.exe windows:4 windows x86 arch:x86

d27005fc1fede44c4f151232aa1944a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

TransparentBlt

shell32

SHCreateDirectoryExW
CommandLineToArgvW
SHFileOperationW
SHBrowseForFolderW
SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

msi

ord32
ord159
ord118
ord8
ord92
ord160
ord195
ord137
ord169
ord141
ord70
ord88

advapi32

QueryServiceStatus
RegOpenKeyExW
StartServiceW
OpenServiceW
ChangeServiceConfigW
OpenSCManagerW
RegCreateKeyW
CloseServiceHandle
RegSetValueExW
RegDeleteValueW
RegEnumKeyW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey

shlwapi

PathFileExistsW
PathStripToRootW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

htons
closesocket
connect
WSAStartup
socket
recv
htonl
send
inet_addr
WSACleanup

kernel32

GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
GetLocaleInfoA
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetStdHandle
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
ExitProcess
GetStringTypeW
FormatMessageW
LocalFree
GetLastError
CloseHandle
EnterCriticalSection
FindFirstFileW
CreateMutexW
GetCurrentDirectoryW
GetFileAttributesW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetFileAttributesW
GetSystemDirectoryW
GetVersionExW
LeaveCriticalSection
CreateProcessW
GetModuleFileNameW
VirtualFree
VirtualAlloc
ReadFile
CreateFileW
MultiByteToWideChar
LockResource
FreeResource
GetDriveTypeW
FindResourceW
LoadResource
CreateDirectoryW
WriteFile
EnumSystemLocalesA
GlobalAlloc
GlobalLock
GlobalUnlock
CreateThread
Sleep
FindClose
GetPrivateProfileIntW
GetDiskFreeSpaceExW
FreeEnvironmentStringsA
FindNextFileW
FreeLibrary
GetPrivateProfileStringW
LoadLibraryW
MoveFileExW
GetProcAddress
RemoveDirectoryW
DeleteFileW
WritePrivateProfileStringW
CopyFileW
GetWindowsDirectoryW
MoveFileW
QueryPerformanceCounter
QueryPerformanceFrequency
IsBadWritePtr
IsBadReadPtr
RemoveDirectoryA
WaitForSingleObject
Process32NextW
lstrcmpiW
TerminateProcess
DeleteFileA
OpenProcess
lstrcatA
GetACP
lstrcmpW
Process32FirstW
CreateToolhelp32Snapshot
GetCommandLineW
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
GetProcessTimes
GetCurrentProcessId
SetFilePointer
LoadLibraryA
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
RaiseException
InterlockedIncrement
InterlockedDecrement
GlobalFree
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
GetProcessHeap
GetVersionExA
HeapSize
HeapReAlloc
IsDebuggerPresent
IsValidLocale
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
HeapFree
InterlockedExchange
InterlockedCompareExchange
WideCharToMultiByte
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetThreadLocale
SizeofResource
LocalAlloc

user32

ExitWindowsEx
GetClassInfoExW
DefWindowProcW
GetDesktopWindow
RegisterClassExW
CharNextW
GetKeyboardLayoutList
EnumWindows
PtInRect
GetCursorPos
GetWindowDC
ReleaseDC
IsWindowVisible
LoadCursorW
SetWindowLongW
BringWindowToTop
GetWindowThreadProcessId
LoadBitmapW
OffsetRect
SetWindowPos
DestroyWindow
SetDlgItemTextW
TrackMouseEvent
GetDC
CallNextHookEx
GetClassNameW
SetWindowsHookExW
MapVirtualKeyW
UnhookWindowsHookEx
SetCursor
SetWindowRgn
GetParent
PostMessageW
GetClientRect
DrawTextW
GetWindowLongW
GetWindowRect
CreateDialogParamW
GetDlgItem
SetWindowTextW
GetWindowTextW
ShowWindow
TranslateAcceleratorW
GetMessageW
SendMessageW
TranslateMessage
DispatchMessageW
LoadAcceleratorsW
EndDialog
MessageBoxW
DialogBoxParamW
DestroyIcon
ReleaseCapture
KillTimer
InvalidateRect
SetTimer
UpdateWindow
IsWindow
GetFocus
GetDlgItemTextW
GetKeyState
DrawIconEx
CreateWindowExW
SetFocus
SetClassLongW
PostQuitMessage
GetWindow
LoadImageW
GetActiveWindow
GetDlgCtrlID
EnableWindow

gdi32

CreateFontW
CreateCompatibleDC
CreateRoundRectRgn
SetBkColor
GetObjectW
BitBlt
SelectObject
DeleteDC
CreateCompatibleBitmap
GetStockObject
DeleteObject
GetTextExtentExPointW
SetTextColor
SetBkMode

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromCLSID
CreateStreamOnHGlobal

oleaut32

SysStringLen
SysAllocString
SysFreeString

imm32

ImmGetDescriptionW

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33.9MB - Virtual size: 33.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d27005fc1fede44c4f151232aa1944a4

Headers

File Characteristics

Imports

msimg32

shell32

msi

advapi32

shlwapi

version

ws2_32

kernel32

user32

gdi32

ole32

oleaut32

imm32

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 12KB - Virtual size: 49KB

.rsrc Size: 33.9MB - Virtual size: 33.9MB

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 12KB - Virtual size: 49KB

.rsrc
Size: 33.9MB - Virtual size: 33.9MB