119705427a7df1c84a9b6aa90d2214d6

Sharing

Copy URL Twitter E-mail

General

Target

119705427a7df1c84a9b6aa90d2214d6
Size

216KB
MD5

119705427a7df1c84a9b6aa90d2214d6
SHA1

69ebeff4375763656ed0fe1a6c027a9b611a98f9
SHA256

f14f649665722479346eee81610006d4e16b58365f4f3996fd02aa860f1c91e8
SHA512

6bcec3f160e7a9e9c301ea3a069a34013a59b7fb2ec8beb73f93dca6f83d3ab9a80650aeed781a9d1cf6ca4ca34ef9f8d15978645982e588cfbf8c758601d449
SSDEEP

3072:TqI+ck+cHdpcQqA9hv1ymxfX8HpCefCcfgrvG9Hnd4tmkgfy4TzKyvlA:ir9ll+EvG99KqBG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
119705427a7df1c84a9b6aa90d2214d6

Files

119705427a7df1c84a9b6aa90d2214d6
.exe windows:4 windows x86 arch:x86

766a38fc7e3bfbdab1402fb47c2c426d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetCurrentThreadId
Sleep
GetProcAddress
ExitProcess
SystemTimeToFileTime
GetSystemTime
SetFileValidData
ReleaseMutex
ReadFile
GetFileSize
CreateFileA
GetSystemDirectoryA
WriteFile
DeleteFileA
LoadLibraryA
MoveFileA
GetTempFileNameA
SetPriorityClass
OpenProcess
GetCurrentProcessId
SetThreadPriority
GetCurrentThread
CreateProcessA
CopyFileA
MoveFileExA
CreateMutexA
WriteProcessMemory
ReadProcessMemory
SetWaitableTimer
CreateWaitableTimerA
GetTickCount
OutputDebugStringA
GetLocalTime
SetFilePointer
CreateEventA
ResetEvent
SetEvent
TerminateThread
TerminateProcess
LockResource
FindResourceExA
GetTempPathA
SetupComm
ContinueDebugEvent
FindResourceA
TlsGetValue
LockFile
EraseTape
WritePrivateProfileStringA
GlobalFindAtomA
RequestDeviceWakeup
LoadResource
SizeofResource
FreeLibrary
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
QueryPerformanceCounter
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCommandLineA
GetStartupInfoA
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
lstrcmpA
FlushInstructionCache
HeapAlloc
MulDiv
GetLastError
lstrlenW
CreateThread
WaitForSingleObject
CloseHandle
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetExitCodeProcess
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetCurrentProcess
GetProcessWorkingSetSize
WriteTapemark

user32

SetWindowLongA
GetWindowLongA
UnregisterClassA
DefWindowProcA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
GetSysColor
ReleaseCapture
GetThreadDesktop
GetSysColorBrush
EnumDesktopWindows
EnumWindows
EnumChildWindows
GetWindowThreadProcessId
IsWindowVisible
SetRect
GetWindowRect
ClientToScreen
PostMessageA
CharLowerBuffA
FindWindowExA
MessageBoxA
GetKeyState
SetCapture
FillRect
GetClientRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
GetDesktopWindow
CallWindowProcA
EndPaint
BeginPaint
SetFocus
IsChild
GetFocus
DestroyAcceleratorTable
SendMessageA
IsWindow
GetDlgItem
RedrawWindow
DestroyWindow
SetWindowPos
GetClassNameA
GetParent
CharNextA
CreateAcceleratorTableA
CreateWindowExA
wsprintfA
SetThreadDesktop
CreateDesktopA
RegisterClipboardFormatA
PeekMessageA
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
GetWindow

gdi32

RemoveFontResourceA
GdiGetBatchLimit
SetTextJustification
CreateDIBSection
DeleteObject
GetPixel
Chord
CreateHalftonePalette
SetTextAlign
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject
CreateSolidBrush
PtVisible
UpdateICMRegKeyA
LineTo
SetPixel
GetTextColor

advapi32

ImpersonateNamedPipeClient
RegLoadKeyA
CloseEventLog
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegRestoreKeyA
RegQueryValueExA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
DispCallFunc
SafeArrayUnlock
SafeArrayLock
VarBstrCmp
SafeArrayDestroy
SafeArrayCreate
VariantCopyInd
SafeArrayRedim
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

PathFindExtensionW
PathFindExtensionA

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage

winmm

waveOutOpen

wininet

FindCloseUrlCache
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

ws2_32

recv
send
WSAStartup
WSACleanup
connect
htons
gethostbyname
socket
select
ioctlsocket
closesocket

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

766a38fc7e3bfbdab1402fb47c2c426d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

gdiplus

winmm

wininet

ws2_32

Sections

.text Size: 168KB - Virtual size: 165KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 16B

.text
Size: 168KB - Virtual size: 165KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 16B