155321bcbe8c7db01efb763127041ef9

Sharing

Copy URL Twitter E-mail

General

Target

155321bcbe8c7db01efb763127041ef9
Size

5.3MB
MD5

155321bcbe8c7db01efb763127041ef9
SHA1

5e552f4ad151beba543bf5de5677c7618ad457a3
SHA256

e8852c895b31ece5d62c36f712b16b16ccd00e317c7ee385702164eda6744eba
SHA512

3926215ce9dbf8d3e74f8f4a9cbfb2be26ce7ebb93f8660ee704c43d2e10370a097cb65a393ed1a803f5b3eae53891a4ff6286e48e53c3895351a6210675a3ae
SSDEEP

49152:7HeTlP2+rM2F0UaK1Nl5YN4gZCCQCM0Cla1PrIHGKPe8FLfM9tvnq1ucKMre0b7P:7mNr70o7YZQCM0nkRDLXZPbdXiOxp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
155321bcbe8c7db01efb763127041ef9

Files

155321bcbe8c7db01efb763127041ef9
.exe windows:4 windows x86 arch:x86

76dc79ffa6991a3501b61566d57330e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptImportKey
CryptGetHashParam
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
CryptDeriveKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
RegEnumValueA
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptAcquireContextA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
RegCreateKeyExA
RegDeleteValueA

dinput8

DirectInput8Create

gdi32

BitBlt
SelectObject
CreateCompatibleDC
DeleteDC
GetStockObject
GetObjectA

kernel32

OpenProcess
GetModuleFileNameA
LocalLock
ReadProcessMemory
CloseHandle
GetCurrentThreadId
FormatMessageA
lstrlen
LocalAlloc
GetVersionExA
IsBadWritePtr
SetUnhandledExceptionFilter
lstrcmpi
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedExchange
CreateDirectoryA
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
GetLastError
CompareFileTime
lstrcpy
FileTimeToSystemTime
GetVersion
SetFilePointer
GetLocalTime
SystemTimeToFileTime
IsDBCSLeadByte
MultiByteToWideChar
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetConsoleCtrlHandler
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
IsBadCodePtr
GetFileType
LockResource
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetCurrentThread
SetLastError
TlsFree
TlsAlloc
FatalAppExitA
HeapSize
HeapReAlloc
GetSystemTime
GetTimeZoneInformation
GetFileAttributesA
GetCommandLineA
GetStartupInfoA
ExitThread
TlsGetValue
InterlockedIncrement
InterlockedDecrement
GetVolumeInformationA
GetWindowsDirectoryA
Thread32Next
Thread32First
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
TerminateProcess
SetEvent
InitializeCriticalSection
DeleteCriticalSection
SetEndOfFile
WriteFile
ResumeThread
ResetEvent
SetThreadPriority
GetModuleHandleA
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessA
ReadFile
GetFileSize
CreateEventA
WaitForSingleObject
OpenEventA
GetTickCount
CreateFileA
lstrcat
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
OpenMutexA
CreateThread
TerminateThread
CreateMutexA
ReleaseMutex
GetComputerNameA
lstrcmp
ExitProcess
QueryPerformanceCounter
IsBadReadPtr
GetSystemDirectoryA
GetModuleFileNameW
VirtualProtect
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CopyFileA
GetCurrentDirectoryA
VirtualQuery
VirtualAlloc
VirtualFree
LoadLibraryExA
GetTempFileNameA
GetTempPathA
HeapFree
GetProcessHeap
HeapAlloc
GetFileInformationByHandle
DuplicateHandle
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle
PeekNamedPipe
Sleep
lstrlenW
RtlUnwind
RaiseException
FileTimeToLocalFileTime
TlsSetValue

netapi32

Netbios

oleaut32

SysAllocString
CreateErrorInfo
SysFreeString
SetErrorInfo
VariantInit
VariantChangeType
VariantCopy
SafeArrayDestroy
SafeArrayCreate
VariantClear
GetErrorInfo

shell32

SHGetSpecialFolderPathA

user32

wvsprintfA
PtInRect
wsprintfA
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
SetRectEmpty
EnumThreadWindows
MessageBoxA
GetWindowTextA
SetRect
MapVirtualKeyA
DialogBoxParamA
FrameRect
LoadBitmapA
IsWindowEnabled
FindWindowA
CreateWindowExA
GetDlgItem
EnableWindow

wininet

InternetCloseHandle
FtpOpenFileA
InternetConnectA
InternetOpenA
FtpGetFileSize
FtpGetFileA

winmm

timeKillEvent
timeSetEvent
timeGetTime

ws2_32

htonl
WSASend
send
sendto
WSACleanup
WSAStartup
getpeername
socket
inet_addr
gethostbyname
WSAGetLastError
closesocket
htons

ijl15

ijlFree
ijlWrite
ijlInit

npkcrypt

NPKSetDrvPath
NPKOpenDriver
NPKGetAppCompatFlag
NPKLoadAtStartup
NPKRegisterCryptWindowMsg
NPKCloseDriver
NPKSetAppCompatFlag

ole32

CoCreateGuid

Exports

Exports

ZtlTaskMemAllocImp
ZtlTaskMemFreeImp
ZtlTaskMemReallocImp

Sections

Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

76dc79ffa6991a3501b61566d57330e4

Headers

File Characteristics

Imports

advapi32

dinput8

gdi32

kernel32

netapi32

oleaut32

shell32

user32

wininet

winmm

ws2_32

ijl15

npkcrypt

ole32

Exports

Exports

Sections

Size: 4.1MB - Virtual size: 4.1MB

Size: 424KB - Virtual size: 424KB

Size: 112KB - Virtual size: 112KB

.rsrc Size: 656KB - Virtual size: 656KB

.data Size: 72KB - Virtual size: 72KB

.adata Size: 4KB - Virtual size: 4KB

.tls Size: 8KB - Virtual size: 8KB

.mackt Size: 8KB - Virtual size: 8KB

.rsrc
Size: 656KB - Virtual size: 656KB

.data
Size: 72KB - Virtual size: 72KB

.adata
Size: 4KB - Virtual size: 4KB

.tls
Size: 8KB - Virtual size: 8KB

.mackt
Size: 8KB - Virtual size: 8KB