08df19a30c1a2de4ebab7fdcd96c5d4c

Sharing

Copy URL Twitter E-mail

General

Target

08df19a30c1a2de4ebab7fdcd96c5d4c
Size

1.4MB
MD5

08df19a30c1a2de4ebab7fdcd96c5d4c
SHA1

df61b2d06f2dd6cf96f8e70afa3686536ed15fa9
SHA256

6302755781961341a91cc889d27f3b553066908aa7ce50dd0cde5be0cee19ed1
SHA512

4acac0b2255a6979f81a0c7c3a56366020b2febbabc3fb779c026ae104adbcc6fa1d9c13a2655ce6dded0aff3905c2f7d05dcfabde2158e22fa3289c19f0a0e3
SSDEEP

24576:GJWnWWWGW0fW7WcWc8ijiBYkG5bQXkWLYkJZRXeisrnmSFlPTJXE8KOVF9ylKpkB:Gg2Z5gkqYGZROiYnlPTJUrOVFglZqiM2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08df19a30c1a2de4ebab7fdcd96c5d4c

Files

08df19a30c1a2de4ebab7fdcd96c5d4c
.exe windows:5 windows x86 arch:x86

dd657042f23b748da4404d2b37c6263d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
CreateDirectoryW
WideCharToMultiByte
MultiByteToWideChar
FindClose
FindNextFileW
GetModuleFileNameW
GlobalAlloc
GlobalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetProcessHeap
SetEndOfFile
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
CreateFileW
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
SetErrorMode
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
LoadLibraryA
RaiseException
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FindFirstFileW
GetLastError
GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
CloseHandle
WaitForMultipleObjects
InterlockedExchangeAdd
VirtualAlloc
InterlockedExchange
SetThreadPriority
CreateEventA
HeapSize
SetFilePointer
ReadFile
GetStdHandle
HeapCreate
InterlockedDecrement
InterlockedCompareExchange
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetConsoleMode
GetConsoleCP
WriteFile
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetCurrentThreadId
HeapReAlloc
ExitProcess
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
VirtualFree
SetEvent
QueryPerformanceFrequency
Sleep
GetEnvironmentStringsW
QueryPerformanceCounter
ExitThread
ResumeThread
CreateThread
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

user32

UpdateWindow
GetSystemMetrics
DispatchMessageA
ShowWindow
DefWindowProcA
PeekMessageA
CreateWindowExA
UnregisterClassA
InvalidateRect
LoadCursorA
GetDC
BeginPaint
LoadIconA
GetWindowRect
EndPaint
GetActiveWindow
MessageBoxA
SetDlgItemTextW
SendDlgItemMessageW
RegisterClassA
SetMenu
DialogBoxParamA
TranslateMessage
SetWindowTextA
MessageBoxW
GetMessageA
DialogBoxParamW
LoadBitmapA
GetMenu
EndDialog
CreatePopupMenu
PostMessageA
InsertMenuW
ModifyMenuA
CheckMenuItem
SendDlgItemMessageA
SendMessageA
ReleaseDC
GetDlgItem
SetDlgItemTextA

gdi32

BitBlt
GetStockObject
DeleteDC
SelectObject
CreateCompatibleDC
GetObjectA
CreateDIBSection
DeleteObject
StretchDIBits
SetStretchBltMode

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteA

winmm

timeGetTime

wsock32

WSACleanup
sendto
htons
socket
ioctlsocket
WSAStartup
inet_ntoa
gethostbyname
__WSAFDIsSet
shutdown
select
htonl
recvfrom
inet_addr
closesocket

comctl32

ord17
ImageList_Remove
ImageList_Add
ImageList_Create

iphlpapi

GetNetworkParams

Sections

.text
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 244.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd657042f23b748da4404d2b37c6263d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

winmm

wsock32

comctl32

iphlpapi

Sections

.text Size: 496KB - Virtual size: 495KB

.rdata Size: 584KB - Virtual size: 584KB

.data Size: 151KB - Virtual size: 244.8MB

.rsrc Size: 157KB - Virtual size: 160KB

.text
Size: 496KB - Virtual size: 495KB

.rdata
Size: 584KB - Virtual size: 584KB

.data
Size: 151KB - Virtual size: 244.8MB

.rsrc
Size: 157KB - Virtual size: 160KB