7ec1fe9068db1ce0e99357ab742c143d

Sharing

Copy URL Twitter E-mail

General

Target

7ec1fe9068db1ce0e99357ab742c143d
Size

209KB
MD5

7ec1fe9068db1ce0e99357ab742c143d
SHA1

b41de21e1a9002f9ebaeb30acc76f9a79bdb11d4
SHA256

97caa5b6bccc57e4bcfefe4f6f84f4aa92520919698aa7a7c417c255a5ef4ce5
SHA512

60460d634b4c3faaead254e6499f1249c1def6cb860054506bd58d1ef4c1fb71543735992b926ebf809cd4b49f848b2662139df593f651936bc12915acde1546
SSDEEP

3072:xy33mdojtUBU+6UZJaQ+lODmntERZEpEe/+XCBM391cl5ZeuMpKZhW:0ftUH6UZf+GmCE+w+XeMX85jZZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ec1fe9068db1ce0e99357ab742c143d

Files

7ec1fe9068db1ce0e99357ab742c143d
.exe windows:4 windows x86 arch:x86

1408caf790afe2da3628730fa4b36462

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetComputerNameW
RemoveDirectoryW
FindResourceA
OpenEventA
WaitForMultipleObjects
EnumCalendarInfoA
GetProcAddress
EndUpdateResourceA
OpenWaitableTimerW
WinExec
GlobalAlloc
lstrcmpi
IsDebuggerPresent
lstrcat
CreateMutexA
SetLastError
EnumTimeFormatsA
SetErrorMode
InitializeCriticalSection
ConnectNamedPipe
GetTempPathW
FindAtomA
GetEnvironmentVariableW
GetOEMCP
GetModuleHandleA
GetCurrentThreadId
GetShortPathNameA
lstrlenW
CreateMailslotA
GetDateFormatW
FileTimeToLocalFileTime
GetModuleFileNameW
lstrcmpW
CreateFileMappingW
GetSystemDirectoryW
lstrcpynW

user32

LoadBitmapW
DefDlgProcA
ShowCaret
CharPrevA
WinHelpA
GetWindowTextLengthW
GetDCEx
InvalidateRect
CreateDialogIndirectParamA
GetParent
InsertMenuItemW
InsertMenuW
CallWindowProcA
InvalidateRgn
CharNextW
CreateCaret
GetClassLongA
CharPrevW
GetDesktopWindow
GetCapture
PeekMessageA
MessageBeep
BringWindowToTop
DestroyMenu
EmptyClipboard
DialogBoxParamW
RegisterWindowMessageA
GetMenuStringW
GetActiveWindow

gdi32

GetMetaFileW
SetBoundsRect
FixBrushOrgEx
GetPixel
CreateSolidBrush
GetBoundsRect
CombineRgn
PaintRgn
GetBrushOrgEx

advapi32

RegCreateKeyExW
RegQueryValueA
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyW
RegEnumValueA
RegQueryValueW
RegQueryInfoKeyA

shell32

ShellExecuteA
Shell_NotifyIcon
StrRStrIA
StrChrIW
StrNCmpIW
StrRChrA
StrNCmpIA
ExtractIconW
SHBrowseForFolder
SHGetDataFromIDListA
ShellExecuteExW

shlwapi

SHRegSetPathA
StrCpyNW
StrFromTimeIntervalA
StrStrIW
SHCreateStreamOnFileEx
StrPBrkW
SHRegisterValidateTemplate
UrlIsNoHistoryA
PathCommonPrefixW

comctl32

ImageList_Add
AddMRUStringW
CreateStatusWindow
ImageList_SetOverlayImage
ImageList_AddIcon
MenuHelp
FlatSB_GetScrollInfo
ImageList_Create
FlatSB_GetScrollRange
CreateStatusWindowW
ImageList_Read

ole32

CreateErrorInfo
CoFileTimeNow
CoDeactivateObject
CoCreateInstance
IsValidIid
GetClassFile
CoGetClassVersion

winspool.drv

EnumPrinterKeyW
GetSpoolFileHandle
CloseSpoolFileHandle
SetPrinterDataW
AddPortExA

sqlunirl

_LoadAccelerators_@8
_lstrcat_@8
_WriteConsoleInput_@16
_RegQueryInfoKey_@48
_RegSetValueEx_@24
_GetWindowText@12
_GetUnicodeRedirectionLayer@0
_BuildCommDCB_@8
_DrawTextEx_@24
_ReadEventLog_@28
newWideCharFromMultiByte

wsock32

accept
getservbyname
bind
s_perror
htons
gethostbyaddr

Sections

.MbK
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.B
Size: 4KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.X
Size: 2KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.o
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.KipYkw
Size: 1KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.JAmzql
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.FowRNG
Size: 1024B - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iMSWJ
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1408caf790afe2da3628730fa4b36462

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

ole32

winspool.drv

sqlunirl

wsock32

Sections

.MbK Size: 3KB - Virtual size: 3KB

.B Size: 4KB - Virtual size: 400KB

.X Size: 2KB - Virtual size: 26KB

.o Size: 9KB - Virtual size: 8KB

.KipYkw Size: 1KB - Virtual size: 37KB

.JAmzql Size: 4KB - Virtual size: 9KB

.FowRNG Size: 1024B - Virtual size: 58KB

.iMSWJ Size: 1KB - Virtual size: 108KB

.data Size: 99KB - Virtual size: 267KB

.rsrc Size: 80KB - Virtual size: 79KB

.reloc Size: 1024B - Virtual size: 664B

.MbK
Size: 3KB - Virtual size: 3KB

.B
Size: 4KB - Virtual size: 400KB

.X
Size: 2KB - Virtual size: 26KB

.o
Size: 9KB - Virtual size: 8KB

.KipYkw
Size: 1KB - Virtual size: 37KB

.JAmzql
Size: 4KB - Virtual size: 9KB

.FowRNG
Size: 1024B - Virtual size: 58KB

.iMSWJ
Size: 1KB - Virtual size: 108KB

.data
Size: 99KB - Virtual size: 267KB

.rsrc
Size: 80KB - Virtual size: 79KB

.reloc
Size: 1024B - Virtual size: 664B