22546c5c1802ad1c92434d246259f08c

Sharing

Copy URL Twitter E-mail

General

Target

22546c5c1802ad1c92434d246259f08c
Size

1.0MB
MD5

22546c5c1802ad1c92434d246259f08c
SHA1

bb9044e691fc2c3af4a34fd13bae1c5b15fa8f3e
SHA256

8f6477e11f11d454b3af6cac09fa2b1cb0955fe2e8b7449eb194a5f4ab07ee34
SHA512

200c0c7bf374d1424a54f5917d3554744944772a801344a7c155d24bb773466e28c108e2fd04c6025392e37595e834c9a635c9adff27500e7cd20408695bee60
SSDEEP

24576:sf/8u9UktLpr/ESblujR74T8rxy3va6ocZ:Q/88UktLJESbG74T4SEcZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ICPFTU~1.EXE
unpack001/WKGKQELD.exe

Files

22546c5c1802ad1c92434d246259f08c
.cab
ICPFTU~1.EXE
.exe windows:4 windows x86 arch:x86

e3b041b7a0a7bdb4b856f35960290e62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
CallNamedPipeA
EraseTape
GetEnvironmentVariableW
CreateMailslotA
WaitForSingleObject
GetLastError
GetCurrentProcess
RtlMoveMemory
GetEnvironmentVariableA
WritePrivateProfileSectionA
RemoveDirectoryW
FreeEnvironmentStringsA
GetModuleHandleA
WriteProfileStringW

msvcrt

_wspawnle
??_Ebad_typeid@@UAEPAXI@Z
??_V@YAXPAX@Z
_mbbtombc
_fdopen
??1bad_typeid@@UAE@XZ
_CIpow
_mbstok
__getmainargs
__argc
__pioinfo
_ismbbalnum
_ismbcgraph
_safe_fprem
memcpy
??0bad_cast@@QAE@ABQBD@Z
_pipe
_wcsupr

winmm

DefDriverProc
midiInReset
timeBeginPeriod
mciGetErrorStringA
joy32Message
timeGetDevCaps
mciSetDriverData
waveOutGetVolume
waveInReset

opengl32

glMapGrid2f
glEvalMesh1
glRasterPos2d
glColor3ub
glVertex4d
glCopyPixels
glColor3f
glTranslatef
glPixelStorei
glEvalCoord1fv
glTexImage1D
glEvalCoord1dv
glRasterPos3fv
glTexGenf

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WKGKQELD.exe
.exe windows:4 windows x86 arch:x86

b032cd2e9edb087602c3e5701e7f974a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mmioSetInfo
timeEndPeriod
timeKillEvent
timeGetTime
timeBeginPeriod
mmioGetInfo
mmioAdvance
timeSetEvent
mmioSeek
mmioOpenA
mmioDescend
mmioRead
mmioAscend
mmioClose

ddraw

DirectDrawCreateEx

kernel32

GetSystemInfo
SetErrorMode
GetSystemTime
GetComputerNameA
GlobalMemoryStatus
GetVersionExA
FormatMessageA
GetLastError
CreateMutexA
OpenMutexA
SetFilePointer
ReadFile
WriteFile
MoveFileA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
GetVersion
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapReAlloc
TerminateProcess
ExitProcess
HeapFree
HeapAlloc
UnmapViewOfFile
CreateFileA
CreateFileMappingA
CloseHandle
MapViewOfFile
GetLocalTime
GetCurrentProcess
GetPriorityClass
GetCurrentThread
GetThreadPriority
SetPriorityClass
SetThreadPriority
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
GlobalFree
GetModuleHandleA
Sleep
InterlockedExchange
OutputDebugStringA
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers

user32

PostQuitMessage
GetUpdateRect
ValidateRect
SetCursor
DefWindowProcA
SetCapture
PeekMessageA
IsWindow
IsDialogMessageA
TranslateMessage
DispatchMessageA
CreateDialogParamA
DialogBoxParamA
GetDlgItemTextA
EndDialog
SendMessageA
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItem
SetFocus
FlashWindow
SetWindowTextA
wsprintfA
ReleaseCapture
SetWindowPos
MessageBoxA
GetUpdateRgn
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
SetCursorPos
GetCursorPos
SystemParametersInfoA
GetSystemMetrics
GetKeyboardType
DestroyWindow
LoadImageA
GetDC
ReleaseDC
GetClientRect
ClientToScreen

gdi32

GetBkMode
GetBkColor
RealizePalette
SetDIBColorTable
GetTextColor
SetBkMode
SetBkColor
SetTextColor
SelectPalette
StretchDIBits
CreatePalette
GetSystemPaletteUse
GetStockObject
GdiFlush
CreateFontIndirectA
GetRegionData
CreateRectRgn
SetViewportOrgEx
SetSystemPaletteUse
GetSystemPaletteEntries
DeleteObject
GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateDIBSection
AnimatePalette
GetDeviceCaps

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

GetUserNameA
RegCloseKey
RegQueryValueExA
RegOpenKeyA

shell32

DragQueryFileA

dinput

DirectInputCreateA

dplayx

ord1
ord2

dsound

ord1
ord2

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODESEG
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATASEG
Size: 4KB - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cms_t
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cms_d
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3b041b7a0a7bdb4b856f35960290e62

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

winmm

opengl32

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 78KB - Virtual size: 77KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 38B

b032cd2e9edb087602c3e5701e7f974a

Headers

File Characteristics

Imports

winmm

ddraw

kernel32

user32

gdi32

comdlg32

advapi32

shell32

dinput

dplayx

dsound

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

CODESEG Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 240KB - Virtual size: 10.5MB

DATASEG Size: 4KB - Virtual size: 700B

.cms_t Size: 164KB - Virtual size: 164KB

.cms_d Size: 356KB - Virtual size: 355KB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 32KB - Virtual size: 29KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 38B

.text
Size: 3.0MB - Virtual size: 3.0MB

CODESEG
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 240KB - Virtual size: 10.5MB

DATASEG
Size: 4KB - Virtual size: 700B

.cms_t
Size: 164KB - Virtual size: 164KB

.cms_d
Size: 356KB - Virtual size: 355KB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 32KB - Virtual size: 29KB