7f7824c6ccb9483ad707ba7e4d12def492c2b89b6ece8acba55091d816fc46de

Sharing

Copy URL

Twitter E-mail

General

Target

7f7824c6ccb9483ad707ba7e4d12def492c2b89b6ece8acba55091d816fc46de
Size

2.9MB
MD5

367fbf4a6a1814631cb81b73d0c2397e
SHA1

8c0b10d7f377e4e8faff99bd33d1ba33a8fe10bd
SHA256

7f7824c6ccb9483ad707ba7e4d12def492c2b89b6ece8acba55091d816fc46de
SHA512

88fd3a65e67ceedcc7556b1278eb2cabdcda9c220714cfa2927bd622a14531f5f218c76537be17ddc693b0f27a0651f59e1e47940429ff25a6d99bc80f15746a
SSDEEP

49152:2no9rXYUw7JSz6gbfQqPBgTlhNVTjB2IU6iFW3th/U:rNXYUw7JSuifJCTlXF+k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f7824c6ccb9483ad707ba7e4d12def492c2b89b6ece8acba55091d816fc46de

Files

7f7824c6ccb9483ad707ba7e4d12def492c2b89b6ece8acba55091d816fc46de
.exe windows:5 windows x86 arch:x86

39d693f7fbe311b7e0a1b4f734071ba5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
RtlCaptureContext

bcrypt

BCryptGenRandom

kernel32

LocalFileTimeToFileTime
VirtualAlloc
VirtualFree
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
FileTimeToLocalFileTime
InitializeCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
WaitForMultipleObjects
GetFileSize
WriteFile
SetEndOfFile
SetFilePointer
SetLastError
GetCurrentDirectoryW
GetModuleHandleA
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
TlsGetValue
TlsSetValue
WakeAllConditionVariable
SwitchToThread
SleepConditionVariableSRW
GetModuleHandleExW
TlsAlloc
GetStdHandle
GetConsoleMode
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetFileInformationByHandle
DeviceIoControl
GetFullPathNameW
SetHandleInformation
QueryPerformanceFrequency
GetCurrentThread
SetThreadStackGuarantee
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
ReadFile
CreateFileW
GetModuleFileNameA
LocalFree
GetCommandLineW
GetTempPathW
lstrcmpiW
FreeResource
CreateThread
CloseHandle
TerminateThread
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
Process32NextW
lstrcatW
Sleep
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
CopyFileW
GetModuleFileNameW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GlobalLock
GlobalAlloc
GetLocalTime
DuplicateHandle
GetFileType
MulDiv
GetACP
ExitProcess
FreeLibrary
GetProcAddress
LoadLibraryW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
SetEnvironmentVariableA
ReadConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
PeekNamedPipe
VirtualProtect
UnregisterWaitEx
InitializeSListHead
FlushFileBuffers
SetFilePointerEx
GetConsoleCP
AreFileApisANSI
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
SetFileAttributesW
SetFileTime
InterlockedDecrement
InterlockedIncrement
MoveFileExW
FormatMessageW
GetVersionExW
TerminateProcess
QueryFullProcessImageNameW
OpenProcess
GetDiskFreeSpaceExW
lstrcmpW
IsValidLocale
GetLocaleInfoW
HeapDestroy
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
ExitThread
GetDriveTypeW
FindFirstFileExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
GetFileAttributesExW
GetCPInfo
IsProcessorFeaturePresent
EncodePointer
GetExitCodeThread
GetStringTypeW
OutputDebugStringW
IsDebuggerPresent
Process32FirstW
CreateToolhelp32Snapshot
DeleteCriticalSection
CreateDirectoryW
DecodePointer
GlobalUnlock

user32

CharPrevExA
CharUpperW
GetWindowThreadProcessId
FindWindowW
SetWindowPos
PostQuitMessage
SendMessageW
SetWindowLongW
GetWindowLongW
HideCaret
CreateCaret
GetCaretPos
GetCaretBlinkTime
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
OffsetRect
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
MoveWindow
SetRect
FillRect
DrawTextW
CharPrevW
GetSysColor
ClientToScreen
ShowCaret
KillTimer
wvsprintfW
GetPropW
SetPropW
EnableWindow
ShowWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMonitorInfoW
MonitorFromWindow
MessageBoxW
SetWindowRgn
IsZoomed
GetWindow
IntersectRect
PtInRect
CharNextW
SetCursor
IsRectEmpty
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
CreateWindowExW
IsWindow
DestroyWindow
IsWindowVisible
IsIconic
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
GetParent
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
UnionRect
SetCaretPos

advapi32

RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
SystemFunction036
RegQueryValueExW

shell32

SHCreateDirectoryExW
SHGetPathFromIDListA
SHChangeNotify
SHFileOperationW
SHCreateItemFromParsingName
CommandLineToArgvW
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
CoInitialize
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoCreateGuid
CLSIDFromString

oleaut32

VariantInit
SysAllocStringLen
VariantCopy
VariantClear
SysFreeString
SysAllocString

ws2_32

getsockopt
getsockname
WSAGetLastError
ioctlsocket
freeaddrinfo
WSACleanup
getaddrinfo
WSARecv
recv
send
accept
getpeername
listen
select
WSASocketW
closesocket
WSAStartup
connect
bind
setsockopt
WSASend

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

shlwapi

SHCreateStreamOnFileEx

gdiplus

GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipAlloc

imm32

ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

comctl32

_TrackMouseEvent
ord17

gdi32

CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
SetStretchBltMode
CreateDIBSection
MoveToEx
CreateCompatibleDC
ExtTextOutW
GdiFlush
CreateCompatibleBitmap
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
GetObjectA
CreatePatternBrush
RoundRect
SelectClipRgn
Rectangle
BitBlt
StretchBlt
SetBkColor
TextOutW
ExtSelectClipRgn
CreateSolidBrush
SetBkMode
SetTextColor
GetDeviceCaps
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 767KB - Virtual size: 767KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39d693f7fbe311b7e0a1b4f734071ba5

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

bcrypt

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

iphlpapi

shlwapi

gdiplus

imm32

comctl32

gdi32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 767KB - Virtual size: 767KB

.data Size: 40KB - Virtual size: 87KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 424KB - Virtual size: 423KB

.reloc Size: 90KB - Virtual size: 89KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 767KB - Virtual size: 767KB

.data
Size: 40KB - Virtual size: 87KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 424KB - Virtual size: 423KB

.reloc
Size: 90KB - Virtual size: 89KB