fa0c61667eccee23c2eb81c60f62b48b

Sharing

Copy URL

Twitter E-mail

General

Target

fa0c61667eccee23c2eb81c60f62b48b
Size

6.4MB
MD5

fa0c61667eccee23c2eb81c60f62b48b
SHA1

643c98a9967462fb757bae63124dd4105fee7d6c
SHA256

7100f9b34c4fa9f7bbe79dbb3ce7e435146ab2fa8f03cacfd9bb65eaaec5d950
SHA512

1b23c978df1d14af9dc9c89bbac29e960077ff1be6446bf868b896a9f6a1418e30b9c65339bae7e50ccb1197251fbfbfae954822754b148862da6b491d50735d
SSDEEP

196608:mOpvC/UnwR6KOax4N1hoYMq3/kUmbACjCB+cH:lRSU+o/PMqMUKAKCd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa0c61667eccee23c2eb81c60f62b48b

Files

fa0c61667eccee23c2eb81c60f62b48b
.exe windows:4 windows x86 arch:x86

cf93c8634960e8e84bce8864c131359f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
CommandLineToArgvW
ShellExecuteW
SHGetPathFromIDListW
SHFileOperationW
SHBrowseForFolderW
SHCreateDirectoryExW
Shell_NotifyIconW

msi

ord159
ord118
ord8
ord92
ord195
ord160
ord32
ord70
ord88
ord137
ord141
ord169

advapi32

RegQueryValueExW
OpenServiceW
ChangeServiceConfigW
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
CloseServiceHandle
RegCloseKey
OpenSCManagerW
QueryServiceStatus
RegOpenKeyExW
RegEnumKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
StartServiceW

shlwapi

PathAppendW
PathFileExistsW
PathStripToRootW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

EnumProcessModules
GetModuleFileNameExW

ws2_32

htonl
htons
send
inet_addr
closesocket
connect
WSAStartup
socket
recv
WSACleanup

kernel32

FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetCPInfo
FormatMessageW
LocalFree
GetLastError
GetSystemDirectoryW
GetVersionExW
SetFileAttributesW
LeaveCriticalSection
CreateProcessW
GetModuleFileNameW
EnterCriticalSection
CloseHandle
FindFirstFileW
CreateMutexW
GetCurrentDirectoryW
GetFileAttributesW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
VirtualFree
VirtualAlloc
FreeResource
GetDriveTypeW
FindResourceW
LoadResource
CreateDirectoryW
WriteFile
SizeofResource
ReadFile
CreateFileW
MultiByteToWideChar
GlobalLock
GlobalUnlock
GlobalAlloc
Sleep
CopyFileW
CreateThread
SuspendThread
WideCharToMultiByte
GetDiskFreeSpaceExW
FreeLibrary
FindNextFileW
GetPrivateProfileStringW
LoadLibraryW
MoveFileExW
GetProcAddress
RemoveDirectoryW
FindClose
GetPrivateProfileIntW
DeleteFileW
ResumeThread
WritePrivateProfileStringW
GetTickCount
GetWindowsDirectoryW
QueryPerformanceFrequency
QueryPerformanceCounter
MoveFileW
IsBadReadPtr
IsBadWritePtr
GetACP
lstrcmpW
Process32FirstW
CreateToolhelp32Snapshot
RemoveDirectoryA
Process32NextW
WaitForSingleObject
lstrcmpiW
TerminateProcess
DeleteFileA
OpenProcess
lstrcatA
LoadLibraryA
VirtualQuery
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetCommandLineW
GetModuleHandleW
GetSystemTimeAsFileTime
GetProcessTimes
GetCurrentProcessId
SetFilePointer
GetProcessAffinityMask
SetProcessAffinityMask
RaiseException
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetStringTypeW
GetStringTypeA
RtlUnwind
GetStartupInfoW
GetProcessHeap
GetVersionExA
HeapSize
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
HeapFree
InterlockedExchange
InterlockedCompareExchange
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetThreadLocale
LockResource
LocalAlloc

user32

DefWindowProcW
ExitWindowsEx
RegisterClassExW
GetClassInfoExW
GetDesktopWindow
ReleaseDC
LoadCursorW
IsWindowVisible
SetWindowLongW
BringWindowToTop
SetCursor
EnumWindows
SetDlgItemTextW
GetWindowThreadProcessId
PtInRect
CharNextW
InvalidateRect
GetWindowLongW
CreateDialogParamW
GetDlgCtrlID
OffsetRect
DestroyWindow
GetClassNameW
GetClientRect
GetKeyState
DrawIconEx
MapVirtualKeyW
GetWindow
SetWindowTextW
SetWindowRgn
SetWindowsHookExW
UnhookWindowsHookEx
BeginPaint
GetParent
TrackMouseEvent
ReleaseCapture
PostMessageW
DrawTextW
GetWindowTextW
SetTimer
ShowWindow
GetDlgItem
EnableWindow
TranslateMessage
LoadAcceleratorsW
DispatchMessageW
EndDialog
MessageBoxW
DialogBoxParamW
TranslateAcceleratorW
GetMessageW
SendMessageW
DestroyIcon
EndPaint
CallNextHookEx
GetDC
UpdateWindow
KillTimer
IsWindow
GetFocus
GetDlgItemTextW
CreateWindowExW
SetFocus
LoadBitmapW
GetActiveWindow
SetClassLongW
PostQuitMessage
ScreenToClient
GetWindowDC
SetWindowPos
LoadImageW
GetWindowRect
GetCursorPos

gdi32

CreateCompatibleDC
OffsetRgn
CreateRectRgn
CombineRgn
SetBkColor
BitBlt
CreateCompatibleBitmap
GetStockObject
DeleteObject
SelectObject
DeleteDC
GetTextExtentExPointW
GetTextExtentPointW
SetTextColor
CreateFontW
SetBkMode

ole32

CoUninitialize
CoCreateInstance
StringFromCLSID
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36.3MB - Virtual size: 36.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf93c8634960e8e84bce8864c131359f

Headers

File Characteristics

Imports

shell32

msi

advapi32

shlwapi

version

psapi

ws2_32

kernel32

user32

gdi32

ole32

oleaut32

Sections

.text Size: 368KB - Virtual size: 365KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 12KB - Virtual size: 436KB

.rsrc Size: 36.3MB - Virtual size: 36.3MB

.text
Size: 368KB - Virtual size: 365KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 12KB - Virtual size: 436KB

.rsrc
Size: 36.3MB - Virtual size: 36.3MB