00b1d692cce3111e309ad368347c4e87

Sharing

Copy URL

Twitter E-mail

General

Target

00b1d692cce3111e309ad368347c4e87
Size

6.1MB
MD5

00b1d692cce3111e309ad368347c4e87
SHA1

4e2e2fe4e8b5200d97bb5dbb4b659dd200112487
SHA256

542435dfb75ebea346ed609d77e66939b083d372fac4a11e518c74b610780b3c
SHA512

4a2c85bf7f355a31fd735999e6684ec14c9167f3535f0a1fd44c452024cf06cd3cf3597ff33936bebb9dc843a5ce33d1a8dc2a4eb2e38771c60f8a383d9be566
SSDEEP

196608:sl8jd1gwY/NM32B4zy90/uzTbArQXvnVQheZxAqhkDTjj7D22EgLQs6GPt0fDLho:y8R1gwY/NM32B4zy90/uzTbArQXvnEsO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00b1d692cce3111e309ad368347c4e87

Files

00b1d692cce3111e309ad368347c4e87
.exe windows:5 windows x86 arch:x86

f76ecc353f97d936c66868968a50a7f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sensapi

IsNetworkAlive

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
HttpAddRequestHeadersW

kernel32

CreateFileW
CloseHandle
FindResourceExW
DeleteAtom
GlobalAddAtomW
lstrcpyW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
SetEnvironmentVariableW
FindFirstFileA
GetEnvironmentVariableW
FreeLibrary
CreateProcessW
CreateDirectoryW
WaitForSingleObject
WriteFile
OpenProcess
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
GetExitCodeProcess
TerminateProcess
GetEnvironmentVariableA
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
DeleteFileW
LocalFree
GetFileSize
FindFirstFileW
SetFilePointer
GetFileAttributesW
FindClose
FindNextFileW
SetFileAttributesW
CopyFileW
ReadFile
CreateDirectoryA
RemoveDirectoryA
FindNextFileA
DeleteFileA
CopyFileA
CreateMutexW
OpenMutexW
ReleaseMutex
GetCommandLineA
CreateThread
GetFullPathNameW
GetFullPathNameA
CreateFileA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
SetLastError
LockFile
GetCommandLineW
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
GetFileAttributesA
FlushFileBuffers
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
InterlockedExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
ExitProcess
GetStdHandle
GetFileType
WriteConsoleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetDateFormatA
GetTimeFormatA
GetStartupInfoW
WideCharToMultiByte
GetProcAddress
RaiseException
lstrlenA
MultiByteToWideChar
lstrcmpW
MulDiv
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalFree
GlobalHandle
GetTickCount
GetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
LockResource
LoadResource
SizeofResource
FindResourceW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
UnlockFile

user32

UnregisterClassA
SetWindowTextW
SetDlgItemTextW
GetDlgItem
LoadIconW
SendMessageW
SetWindowTextA
GetDlgItemTextW
ShowWindow
SetWindowPos
GetClientRect
ScreenToClient
GetWindowRect
GetWindowTextW
GetParent
TranslateAcceleratorW
SetTimer
GetMessageW
KillTimer
TranslateMessage
LoadAcceleratorsW
DispatchMessageW
wsprintfW
MessageBoxW
PostMessageW
EnumWindows
GetSystemMetrics
SetCursor
RemovePropW
SetPropW
DrawFocusRect
GetPropW
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageW
EndDialog
RegisterWindowMessageW
GetWindowTextLengthW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
IsWindow
GetActiveWindow
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
GetClassInfoExW
CreateWindowExW
CreateAcceleratorTableW
ClientToScreen
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
DialogBoxIndirectParamW
EnableWindow
DestroyWindow

advapi32

CryptAcquireContextW
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptDestroyKey
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegFlushKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
OpenProcessToken
SetNamedSecurityInfoW
LookupPrivilegeValueW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
AdjustTokenPrivileges
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA
CryptEncrypt
CryptCreateHash
RegOpenKeyExW

ole32

StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CoGetClassObject
CoTaskMemAlloc
CLSIDFromString
OleInitialize
CoInitialize
CoUninitialize
CoCreateGuid
CLSIDFromProgID
OleUninitialize

shell32

SHGetFolderPathA
ShellExecuteW
SHGetSpecialFolderPathW
ord680
ShellExecuteExW

oleaut32

VariantClear
SysAllocStringLen
SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantInit

shlwapi

PathFileExistsW

gdi32

CreateSolidBrush
CreateCompatibleDC
SetTextColor
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
CreateFontIndirectW
GetDeviceCaps
GetObjectW

wintrust

WinVerifyTrust

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptMsgClose
CryptMsgGetParam

Sections

.text
Size: 931KB - Virtual size: 931KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f76ecc353f97d936c66868968a50a7f0

Headers

DLL Characteristics

File Characteristics

Imports

sensapi

version

wininet

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

wintrust

crypt32

Sections

.text Size: 931KB - Virtual size: 931KB

.rdata Size: 218KB - Virtual size: 217KB

.data Size: 14KB - Virtual size: 23KB

.rsrc Size: 7.8MB - Virtual size: 7.8MB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 931KB - Virtual size: 931KB

.rdata
Size: 218KB - Virtual size: 217KB

.data
Size: 14KB - Virtual size: 23KB

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

.reloc
Size: 41KB - Virtual size: 41KB