0f422af40c79da24350a07dca05c6b44

Sharing

Copy URL Twitter E-mail

General

Target

0f422af40c79da24350a07dca05c6b44
Size

483KB
MD5

0f422af40c79da24350a07dca05c6b44
SHA1

fa60e94bdacbd8b91b9466904c0dd11fb694744a
SHA256

3251717d95587f6115358eee0e9e8056258ad56b14cdb86e59d607b8526fccd0
SHA512

50750dfad95b4eeead808d46c45246f6bb1130cc4bafddd36f4dbecde91e2997dacb38935638afdbedc784f8f532f84e1f8d86473a9873860a38babe82bff00e
SSDEEP

12288:+5EUWPIT6X3plqcb6Mk6o56NKrjC1eZcp1k4rKJ8t:+5EUWgT6+cb636o56NiYeZc+J8t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f422af40c79da24350a07dca05c6b44

Files

0f422af40c79da24350a07dca05c6b44
.exe windows:6 windows x64 arch:x64

e8724d3dc22c4765155890459092980b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
wcschr
memcpy
wcslen
wcscpy
wcscmp
memmove
wcscat
strncpy
memcmp
_wfopen
_setjmp
fclose
malloc
free
longjmp
wcsncmp
wcsncpy
_wcsicmp
tolower
floor
_localtime64
_mktime64
_wcsnicmp
_itow
_gmtime64
fabs
ceil
fseek
ftell
fread
pow
??3@YAXPEAX@Z
wcsstr
_wcsdup
_isnan
exit
sprintf
__iob_func
fprintf
fwrite
fflush
ferror
getenv
sscanf
_vsnwprintf
sinf
cosf
fmodf
abs

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
OpenProcess
TerminateProcess
CreateFileW
ReadDirectoryChangesW
GetDriveTypeW
GetVolumeInformationW
GetTickCount
HeapFree
TlsGetValue
HeapAlloc
TlsSetValue
TlsAlloc
UnregisterWait
EnterCriticalSection
LeaveCriticalSection
TlsFree
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
WaitForSingleObject
LoadLibraryW
GetProcAddress
CreateThread
TerminateThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
CreatePipe
GetStdHandle
CreateProcessW
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
FreeLibrary
HeapReAlloc
GetCurrentThreadId
WideCharToMultiByte
DeleteFileW
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
GetComputerNameW
SetLastError
GetCurrentProcessId
SetFileAttributesW
FindFirstFileW
FindClose
GetFileAttributesW
GetLastError
FindNextFileW
GetTempPathW
MoveFileW
CopyFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateDirectoryW
WriteFile
SetFilePointer
ReadFile
MulDiv
GetLocalTime
GlobalLock
GlobalUnlock
HeapSize
MultiByteToWideChar

user32

GetForegroundWindow
SetWindowsHookExW
MapVirtualKeyW
GetKeyNameTextW
GetAsyncKeyState
CallNextHookEx
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
ClientToScreen
GetDesktopWindow
GetDC
ReleaseDC
GetLastInputInfo
GetClassNameW
GetWindowLongPtrW
IsWindow
SetMenu
DestroyMenu
GetSystemMetrics
DestroyWindow
SystemParametersInfoW
GetWindow
SetActiveWindow
SendMessageW
DestroyIcon
LoadIconW
LoadCursorW
GetPropW
RegisterClassW
AdjustWindowRectEx
CreateWindowExW
SetPropW
ShowWindow
CreateAcceleratorTableW
UnregisterClassW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DefFrameProcW
DefWindowProcW
GetParent
RemovePropW
DestroyAcceleratorTable
SetRect
EnumChildWindows
SetFocus
GetFocus
PostMessageW
SetWindowPos
IsWindowEnabled
IsWindowVisible
GetKeyState
GetWindowThreadProcessId
IsChild
RegisterWindowMessageW
EnumDisplaySettingsW
OpenClipboard
GetClipboardData
CloseClipboard
FillRect
CopyImage
CharLowerW
CharUpperW
CallWindowProcW
SetWindowLongPtrW
GetIconInfo
DrawIconEx

gdi32

BitBlt
DeleteObject
GetStockObject
CreateFontIndirectW
GetDeviceCaps
CreateDCW
DeleteDC
GetObjectType
GetObjectW
CreateCompatibleDC
SelectObject
CreateSolidBrush
GdiGetBatchLimit
GdiSetBatchLimit
CreateDIBSection
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateBitmap
SetPixel
GetDIBits
GetTextExtentPoint32W
SetBkMode
SetTextAlign
SetBkColor
SetTextColor
TextOutW
GetTextMetricsW
CreateCompatibleBitmap
GetPixel

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderLocation

wsock32

closesocket
WSACleanup
WSAStartup
select
__WSAFDIsSet
ioctlsocket
recvfrom
socket
inet_addr
gethostbyname
htons
bind
connect
recv
send
sendto
accept
listen
WSAGetLastError

ole32

CoInitialize
CoCreateInstance
CoUninitialize
RevokeDragDrop
CoTaskMemFree

winmm

timeBeginPeriod

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

advapi32

GetUserNameW

comctl32

InitCommonControlsEx

Sections

.code
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8724d3dc22c4765155890459092980b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

shell32

wsock32

ole32

winmm

gdiplus

advapi32

comctl32

Sections

.code Size: 66KB - Virtual size: 65KB

.text Size: 219KB - Virtual size: 218KB

.rdata Size: 37KB - Virtual size: 36KB

.pdata Size: 11KB - Virtual size: 10KB

.data Size: 72KB - Virtual size: 86KB

.rsrc Size: 75KB - Virtual size: 75KB

.reloc Size: 1KB - Virtual size: 1KB

.code
Size: 66KB - Virtual size: 65KB

.text
Size: 219KB - Virtual size: 218KB

.rdata
Size: 37KB - Virtual size: 36KB

.pdata
Size: 11KB - Virtual size: 10KB

.data
Size: 72KB - Virtual size: 86KB

.rsrc
Size: 75KB - Virtual size: 75KB

.reloc
Size: 1KB - Virtual size: 1KB