12142c6e71f09d6987e8b7456fc1f507

Sharing

Copy URL Twitter E-mail

General

Target

12142c6e71f09d6987e8b7456fc1f507
Size

1.2MB
MD5

12142c6e71f09d6987e8b7456fc1f507
SHA1

2cd5f9b50fa26e6cf3a2cacb7431f01b5d5c4b0a
SHA256

04bfa07e349723052c6af08a65d11fa20aba30252243ab586fb2482fd817338d
SHA512

73df9bfb9e94e2c1692c89939cc99b3d399ae9ffea46a4192c7bf29c4301a6a27d38d0b79b1a97a5925631f505f28f8ac80bf0229f61de263592aeeced986887
SSDEEP

24576:j6YTGNkPQm5YUhbfNI5hZKM/+qu1mmEIqqWGkuwBV0bX+2:OYTpPBxCh3/++qUuwf0C2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12142c6e71f09d6987e8b7456fc1f507

Files

12142c6e71f09d6987e8b7456fc1f507
.exe windows:4 windows x86 arch:x86

3046ac67fdb7cfb1bcbca6e7c06400d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
malloc
free
time
srand
rand
memcpy
fopen
fread
fwrite
ftell
fseek
fclose
ferror
strncpy
_strnicmp
strncmp
_strdup
strlen
strcmp
memmove
memcmp
strcpy
sprintf
localtime
mktime
gmtime

kernel32

GetModuleHandleA
HeapCreate
GetModuleFileNameA
HeapDestroy
ExitProcess
GetLastError
WideCharToMultiByte
HeapFree
SetFileAttributesA
CreateFileA
SetFileTime
CloseHandle
SystemTimeToFileTime
LocalFileTimeToFileTime
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CreateThread
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
HeapAlloc
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
Sleep
SetLastError
MulDiv
GetCurrentDirectoryA
DeleteFileA
WriteFile
ReadFile
SetFilePointer
HeapReAlloc
GetLocalTime
GetVersionExA
GetTickCount

comctl32

InitCommonControls
InitCommonControlsEx

user32

SetWinEventHook
GetWindowLongA
UnhookWinEvent
GetClassNameA
OemToCharA
MessageBoxA
SendMessageA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
DestroyIcon
GetIconInfo
CreateIconFromResourceEx
CreateIconFromResource
DestroyWindow
CreateWindowExA
SetWindowLongA
PeekMessageA
TranslateMessage
DispatchMessageA
ValidateRect
CallWindowProcA
GetWindowRect
GetParent
MapWindowPoints
InvalidateRect
ScreenToClient
RedrawWindow
SetWindowPos
UpdateWindow
ReleaseCapture
BeginPaint
DrawStateA
EndPaint
SetCapture
GetSystemMetrics
GetSysColor
GetSysColorBrush
SetWindowTextA
GetWindowTextLengthA
GetWindowTextA
ShowWindow
PostMessageA
RemovePropA
DefWindowProcA
SetPropA
GetPropA
MoveWindow
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRect
GetActiveWindow
CreateAcceleratorTableA
MsgWaitForMultipleObjects
GetMessageA
TranslateAcceleratorA
SetCursorPos
LoadImageA
SetCursor
SystemParametersInfoA
GetKeyState
GetCursorPos
GetClientRect
FillRect
EnumChildWindows
DefFrameProcA
SetFocus
GetFocus
IsChild

gdi32

GetObjectType
DeleteObject
CreateCompatibleDC
SetDIBits
DeleteDC
GetObjectA
CreateDCA
CreateCompatibleBitmap
CreateDIBSection
GetStockObject
SetBkColor
SetTextColor
CreateSolidBrush
GetDeviceCaps
CreateFontA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegConnectRegistryA
RegCreateKeyExA
RegSetValueExA
RegCreateKeyA

oleaut32

SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString
VariantInit
DispGetParam
VariantClear

imagehlp

MakeSureDirectoryPathExists

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal
GetHGlobalFromStream
OleInitialize
RevokeDragDrop

shell32

ShellExecuteA

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
connect
ioctlsocket
recvfrom
recv
send
sendto
WSAGetLastError

shlwapi

SHStrDupA

wininet

DeleteUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache

Sections

.code
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3046ac67fdb7cfb1bcbca6e7c06400d2

Headers

File Characteristics

Imports

msvcrt

kernel32

comctl32

user32

gdi32

advapi32

oleaut32

imagehlp

ole32

shell32

wsock32

shlwapi

wininet

Sections

.code Size: 13KB - Virtual size: 12KB

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 32KB - Virtual size: 34KB

.rsrc Size: 5KB - Virtual size: 5KB

.code
Size: 13KB - Virtual size: 12KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 32KB - Virtual size: 34KB

.rsrc
Size: 5KB - Virtual size: 5KB