20e15ee592204c35046c32ee0e31cc94

Sharing

Copy URL Twitter E-mail

General

Target

20e15ee592204c35046c32ee0e31cc94
Size

1.5MB
MD5

20e15ee592204c35046c32ee0e31cc94
SHA1

47b8ebe667d2c23456268bb8dec6839ad034787e
SHA256

da881ce94a72713ebe8ff4e4c37972ee893475611ba69c0e61c71439f48809c0
SHA512

8eeba1179c67785efda19ea297ce39d3530a78ea0e3fdb344a0ac8b164324e80bb7593be76c36aaa3014c37f35907fbc44f3e29dafdc5db581aa69f11502f8c4
SSDEEP

24576:WCEw8Zc2GaWVotIzQnEIoPEkqkr0dH8xldZ6ZosgmAoQ72GCz4jBhcloOvm:xEtq2uajnHB8fldZycaVz4j6m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20e15ee592204c35046c32ee0e31cc94

Files

20e15ee592204c35046c32ee0e31cc94
.exe windows:5 windows x86 arch:x86

8f91a91067f5306c855b6ce83bc9927d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetSystemDirectoryW
UnmapViewOfFile
GetVersionExW
GetDriveTypeW
SleepEx
GetStdHandle
GetFileType
GetCurrentThreadId
GetModuleHandleA
QueryPerformanceCounter
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
InterlockedDecrement
InterlockedIncrement
DuplicateHandle
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
InitializeCriticalSection
PeekNamedPipe
ExpandEnvironmentStringsA
FormatMessageA
SetConsoleCtrlHandler
SetEnvironmentVariableA
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
SetStdHandle
ReadConsoleW
FlushFileBuffers
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetFileInformationByHandle
SetFilePointerEx
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
AreFileApisANSI
ExitProcess
IsProcessorFeaturePresent
GetTimeZoneInformation
LoadLibraryExW
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetFullPathNameW
WriteConsoleW
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
ProcessIdToSessionId
GetStartupInfoW
LocalFree
TerminateProcess
OpenProcess
QueryDosDeviceW
GetCurrentDirectoryW
CreateProcessW
ResumeThread
LoadLibraryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
GetProcAddress
FindResourceExW
GetTickCount
ExpandEnvironmentStringsW
SetEndOfFile
GetPrivateProfileStringW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
ReadFile
GetTempPathW
DecodePointer
GetFileSize
FindClose
SetFileAttributesW
DeleteFileW
MoveFileExW
SizeofResource
LockResource
LoadResource
FindResourceW
WriteFile
CreateFileW
CreateDirectoryW
lstrcpynW
GetFileAttributesW
GetModuleFileNameW
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
InterlockedCompareExchange
InterlockedExchange
SetDllDirectoryW
GetCommandLineW
GetModuleHandleW
CreateMutexW
CloseHandle
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetModuleHandleExW
GetStringTypeW
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetCurrentProcessId
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy

user32

PostMessageW
CallWindowProcW
SendMessageTimeoutW
FindWindowA
CreateWindowExW
IsWindow
DestroyWindow
GetWindowLongW
SetWindowLongW
FindWindowW
CreateDesktopW
GetMessageW
TranslateMessage
DispatchMessageW
SetTimer
KillTimer
DefWindowProcW
PeekMessageW
GetWindowThreadProcessId
MessageBoxA
SendMessageW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatusEx
DeleteService
ControlService
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
ChangeServiceConfig2W
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CreateProcessAsUserW
GetTokenInformation
DuplicateTokenEx
OpenProcessToken

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteW

shlwapi

PathFileExistsW
StrCmpNIW
PathRemoveFileSpecW
PathAppendW
PathAddBackslashW
StrToIntExW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

iphlpapi

GetAdaptersInfo

wininet

HttpOpenRequestW
HttpQueryInfoW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
InternetCloseHandle
HttpSendRequestW
InternetReadFileExA
InternetOpenW
InternetCrackUrlW
InternetConnectW

wldap32

ord167
ord208
ord145
ord147
ord79
ord26
ord41
ord127
ord118
ord27
ord301
ord46
ord142
ord133
ord14
ord216

ntdll

RtlUnwind

ws2_32

freeaddrinfo
getaddrinfo
listen
accept
__WSAFDIsSet
WSAIoctl
gethostname
getpeername
getsockname
bind
connect
WSAGetLastError
ntohs
recvfrom
sendto
htons
WSASetLastError
select
WSAStartup
setsockopt
ioctlsocket
recv
send
WSACleanup
closesocket
socket
getsockopt

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f91a91067f5306c855b6ce83bc9927d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

wtsapi32

userenv

iphlpapi

wininet

wldap32

ntdll

ws2_32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 334KB - Virtual size: 333KB

.data Size: 27KB - Virtual size: 50KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 57KB - Virtual size: 56KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 334KB - Virtual size: 333KB

.data
Size: 27KB - Virtual size: 50KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 57KB - Virtual size: 56KB