08b49e1ffdcb7cf44cd341a39d644d37

Sharing

Copy URL Twitter E-mail

General

Target

08b49e1ffdcb7cf44cd341a39d644d37
Size

7.5MB
MD5

08b49e1ffdcb7cf44cd341a39d644d37
SHA1

310899ac0b77c390c520317c133bc47005b35247
SHA256

44d1fb0a2dc190b00f92391117dd76f3e49212c6501953aba9ff26feafd522cb
SHA512

3f3100959a7ed1188fb08cd4f1267808ae49b34c360b801a22a244af228de6aadce97c1750d248a8025bfe0bc80c2e71b6855f3ac0ad7a2a3e014cdf968004c1
SSDEEP

196608:pNiTzoPETdZNv/KNBXpaZBbRH2wq1pCod:yTzUmZNvCNBZaf1WwYpCM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08b49e1ffdcb7cf44cd341a39d644d37

Files

08b49e1ffdcb7cf44cd341a39d644d37
.exe windows:6 windows x86 arch:x86

4f03247e8e2133cbc29da43042c8041e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
OpenProcessToken
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
DuplicateTokenEx
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
GetTokenInformation

kernel32

SetLastError
LocalFree
CloseHandle
GetCurrentThread
GlobalAlloc
MultiByteToWideChar
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
lstrcmpW
MulDiv
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalFree
GlobalHandle
WaitForSingleObject
CreateFileW
GetCurrentThreadId
FreeLibrary
LoadLibraryW
GetVersionExW
GetProcAddress
Sleep
RemoveDirectoryW
DeleteFileW
CreateEventW
SetEvent
GetCurrentProcessId
GetTempPathW
CreateDirectoryW
GetExitCodeProcess
LocalUnlock
LockResource
FormatMessageW
CreateMutexW
VerLanguageNameW
GetModuleHandleW
lstrlenW
GetCurrentProcess
FlushInstructionCache
GetLastError
LeaveCriticalSection
EnterCriticalSection
LoadResource
RaiseException
FindResourceExW
FindResourceW
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
RtlUnwind
GetStartupInfoW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetOEMCP
GetCPInfo
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SizeofResource
LocalLock
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

gdi32

CreateCompatibleDC
GetStockObject
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetDeviceCaps
GetObjectW

user32

DispatchMessageA
GetMessageA
IsWindowUnicode
MsgWaitForMultipleObjects
IsRectEmpty
PeekMessageW
MessageBoxW
MapDialogRect
SetWindowContextHelpId
PostThreadMessageW
GetSystemMetrics
EndDialog
GetMessageW
CharUpperW
TranslateMessage
DispatchMessageW
LoadIconW
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
MoveWindow
CharNextW
GetSysColor
DefWindowProcW
GetKeyState
GetFocus
GetWindow
SystemParametersInfoW
MapWindowPoints
IsWindow
IsDialogMessageW
GetDlgItem
IsChild
SendDlgItemMessageW
GetNextDlgTabItem
EnableWindow
ShowWindow
ScreenToClient
GetClientRect
GetWindowRect
SetWindowPos
PostMessageW
PostQuitMessage
GetWindowLongW
CreateWindowExW
RegisterClassExW
SendMessageW
LoadCursorW
GetClassInfoExW
GetDlgCtrlID
GetParent
SetWindowLongW
DestroyWindow
GetDesktopWindow
UnregisterClassA

shell32

ord680
CommandLineToArgvW
SHAppBarMessage
ShellExecuteExW

ole32

CoUninitialize
CoQueryProxyBlanket
CoInitializeEx
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoCreateInstance
CoCopyProxy

oleaut32

VarBstrCmp
VariantClear
VariantInit
SafeArrayLock
SafeArrayUnlock
SysFreeString
SafeArrayDestroy
SafeArrayCreate
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocStringLen
SysStringLen
SafeArrayAccessData
SafeArrayUnaccessData
DispCallFunc
SysAllocString
VariantChangeType

rpcrt4

UuidFromStringW
UuidCreate

shlwapi

PathAppendW
PathAddBackslashW
PathFindFileNameW
PathCombineW

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrustEx
WTHelperProvDataFromStateData

crypt32

CertVerifyCertificateChainPolicy

userenv

UnloadUserProfile

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18.8MB - Virtual size: 18.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f03247e8e2133cbc29da43042c8041e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

shell32

ole32

oleaut32

rpcrt4

shlwapi

wintrust

crypt32

userenv

version

Sections

.text Size: 168KB - Virtual size: 167KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 18.8MB - Virtual size: 18.8MB

.text
Size: 168KB - Virtual size: 167KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 18.8MB - Virtual size: 18.8MB