6781525777b7d253857e80ef63b85719

Sharing

Copy URL Twitter E-mail

General

Target

6781525777b7d253857e80ef63b85719
Size

3.9MB
MD5

6781525777b7d253857e80ef63b85719
SHA1

a0b8917928ab029a9c35e01a399d06606e100fba
SHA256

6bb3cd13f7ad72aba8e24c40ff3c7079cd70d145c3c91300c7f68fb97f4340cb
SHA512

b88a6039af642ec13a052446d366835462a6a541b471bb6d55ba13a0446444c681c085a60cd50bf8d060e1710f640b325827e4820486716f3555c138002de0f1
SSDEEP

98304:QzYPzhqRxK4151IywuNoT4XKzsYquNQ5hTVH:Q8zONjxokaIqNQ9H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6781525777b7d253857e80ef63b85719

Files

6781525777b7d253857e80ef63b85719
.exe windows:5 windows x86 arch:x86

bedaaf604edf1cffe39e0bac41cdc6ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FlushInstructionCache
HeapFree
GetProcessHeap
GetCurrentThreadId
FreeLibrary
LoadLibraryExW
HeapAlloc
Sleep
lstrcpynW
MulDiv
RemoveDirectoryW
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapDestroy
HeapReAlloc
HeapSize
GetTimeZoneInformation
RaiseException
lstrcmpiW
GetModuleFileNameW
AreFileApisANSI
CreateFileMappingW
CreateMutexW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileSize
GetSystemTime
GetTempPathA
GetVersionExA
HeapValidate
LockFile
LockFileEx
MapViewOfFile
UnlockFile
UnlockFileEx
UnmapViewOfFile
SetEnvironmentVariableW
SetEndOfFile
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
SetStdHandle
lstrcpyW
GetOEMCP
SetFilePointer
FlushFileBuffers
IsDebuggerPresent
UnhandledExceptionFilter
GetLocaleInfoW
QueryPerformanceCounter
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
SetUnhandledExceptionFilter
GetConsoleMode
GetConsoleCP
WriteFile
CreateThread
ExitThread
GetCPInfo
ReadFile
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetVersion
GetFileAttributesW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
CompareStringW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WritePrivateProfileStringW
MoveFileExW
OutputDebugStringA
GetACP
OpenProcess
TerminateProcess
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
GetCurrentProcess
LocalFree
GetQueuedCompletionStatus
CreateEventW
TerminateThread
QueueUserAPC
CreateIoCompletionPort
SleepEx
GetExitCodeProcess
GetTempPathW
GetBinaryTypeW
GetVersionExW
lstrlenA
FreeResource
FormatMessageW
SetWaitableTimer
WaitForMultipleObjects
SystemTimeToFileTime
GetTickCount
ResumeThread
TlsSetValue
ResetEvent
OpenEventA
GetCurrentProcessId
WaitForSingleObject
TlsAlloc
GetLastError
InterlockedExchangeAdd
SetEvent
CreateEventA
SetLastError
CloseHandle
PostQueuedCompletionStatus
TlsFree
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
GetModuleHandleW
IsValidCodePage
GetSystemInfo
TlsGetValue
GetSystemTimeAsFileTime
FindNextFileW
FindFirstFileW
CopyFileW
MoveFileW
DeleteFileA
GetFullPathNameA
GetStringTypeW
InitializeCriticalSection
EncodePointer
DecodePointer
FormatMessageA
GetUserDefaultLCID
GetStringTypeExA
GetStringTypeExW
LCMapStringA
LCMapStringW
GetFileAttributesA
GetFileAttributesExW
CreateFileW
CreateFileA
FindClose
GetFullPathNameW
DeleteFileW
CreateDirectoryW
SetEnvironmentVariableA

user32

GetParent
InvalidateRect
LoadStringA
LoadStringW
GetClientRect
GetWindowLongW
wsprintfW
MessageBoxW
DrawTextW
DefWindowProcW
GetDC
ReleaseDC
OffsetRect
IsWindow
SetRectEmpty
UnregisterClassA
GetDesktopWindow
GetDlgItem
MoveWindow
GetActiveWindow
DialogBoxParamW
GetSystemMetrics
LoadImageW
EndDialog
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetClassNameW
LoadCursorW
SetCursor
GetSysColor
GetFocus
GetCapture
ReleaseCapture
EndPaint
BeginPaint
CharNextW
CreateWindowExW
DrawFocusRect
FillRect
GetCursorPos
PtInRect
CallWindowProcW
SetWindowPos
SetFocus
SetCapture
IsWindowEnabled
UpdateWindow
ScreenToClient
SendMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DestroyWindow
SetWindowLongW

advapi32

ControlService
EqualSid
FreeSid
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
ConvertSidToStringSidW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
OpenSCManagerW
CloseServiceHandle
OpenServiceW
AllocateAndInitializeSid
QueryServiceStatus
DeleteService
RegQueryInfoKeyW
RegDeleteValueW

ole32

CoTaskMemAlloc
CoCreateGuid
StringFromCLSID
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize

shell32

CommandLineToArgvW
FindExecutableW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW

oleaut32

VarUI4FromStr
SysAllocString
VariantClear
SysFreeString

shlwapi

PathIsNetworkPathW

comctl32

InitCommonControlsEx

gdi32

GetObjectW
SelectObject
DeleteObject
DeleteDC
CreateFontIndirectW
SetBkMode
SetTextColor
GetStockObject
DPtoLP
CreateCompatibleDC
SetViewportOrgEx
CreateCompatibleBitmap
BitBlt
GetDeviceCaps

ws2_32

WSAStartup
WSACleanup
inet_addr
closesocket
getaddrinfo
select
WSASocketW
WSASend
WSARecv
listen
ioctlsocket
getsockname
getsockopt
setsockopt
connect
WSASetLastError
freeaddrinfo
__WSAFDIsSet
accept
WSAGetLastError
bind

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

psapi

EnumProcesses
GetModuleBaseNameW

urlmon

CoInternetParseUrl

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bedaaf604edf1cffe39e0bac41cdc6ca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

comctl32

gdi32

ws2_32

wtsapi32

psapi

urlmon

version

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 253KB - Virtual size: 253KB

.data Size: 30KB - Virtual size: 43KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 96KB - Virtual size: 95KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 253KB - Virtual size: 253KB

.data
Size: 30KB - Virtual size: 43KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 96KB - Virtual size: 95KB