23579c39b5a619cb4e995b0c156739be

Sharing

Copy URL Twitter E-mail

General

Target

23579c39b5a619cb4e995b0c156739be
Size

344KB
MD5

23579c39b5a619cb4e995b0c156739be
SHA1

32f6c8a1232ed4820cba0da505544110879e07c1
SHA256

e79549eafc748af751d77d123e03720783463fcba31d4426f6a9c5daf6d9a0e2
SHA512

cd0fa3ac76cfab828fca1dc97ea6cba10745e0ef5debcf1b915356317d457b02d22db3c91b12704cf7a5430147250e3fecdb92aed8bd02ebf26776b77f66f7be
SSDEEP

6144:NlA1UXNKwaKuKovCjo0Ox63lSUaUlwFCYQ8B575/MCtQUo:NlA1UXNK7P3vCjVSUau8B57qT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23579c39b5a619cb4e995b0c156739be

Files

23579c39b5a619cb4e995b0c156739be
.exe windows:4 windows x86 arch:x86

4d660e05408d1e552465a777c71f80e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageDecodersSize
GdipAlloc
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipGetImageDecoders
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile

btchooser

BluetoothSelectDevicesWizard

btsendto

SENDTO_BipTransferProgressDialog
SENDTO_TransferProgressDialog
SENDTO_SetServiceFilter

shlwapi

PathCombineW
PathMakeSystemFolderW
PathFileExistsW
PathIsDirectoryW

ws2_32

WSAStartup
bind
socket
ntohl
sendto

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW

netapi32

NetUserEnum
NetApiBufferFree

mfc80u

ord1479
ord870
ord2895
ord282
ord6700
ord6111
ord1472
ord860
ord1002
ord1003
ord2444
ord774
ord5485
ord5558
ord3990
ord1476
ord2261
ord283
ord631
ord1431
ord4032
ord3925
ord2279
ord2271
ord900
ord386
ord280
ord2311
ord5524
ord776
ord287
ord5434
ord4026
ord2277
ord5113
ord1121
ord762
ord1058
ord266
ord265
ord1079
ord777
ord896
ord755
ord2340
ord6003
ord5713
ord6751
ord2121
ord314
ord1172
ord5316
ord1571
ord6282
ord899
ord564
ord3927
ord5327
ord6293
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord566
ord293
ord757
ord577
ord4535
ord3677
ord746
ord5119
ord3249
ord334
ord558
ord593
ord1182
ord1178
ord1176
ord764
ord581
ord1200
ord1170
ord1168
ord1192
ord1115
ord1162
ord1908
ord371
ord1093
ord1199
ord1197
ord1087
ord1033
ord315
ord765
ord372
ord2742
ord1198

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_time64
_CIfmod
ceil
_localtime64_s
wcsftime
wcsncmp
_wsplitpath
_wrmdir
strtok
sscanf
atoi
_vswprintf
wcsrchr
_wcsdup
wcschr
wcsncat
sprintf
_wcsicmp
strstr
strncpy
_memicmp
_stricmp
_purecall
isdigit
toupper
vsprintf
_wtoi
_swprintf
_wrename
_wfopen
wcsncpy
fclose
_wremove
_errno
memcpy
swscanf
wcstol
_wfopen_s
malloc
fgetws
feof
_get_errno
_recalloc
calloc
free
memcpy_s
memset
__CxxFrameHandler3
wcsstr
_crt_debugger_hook

kernel32

GetCurrentProcess
OutputDebugStringA
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
SetLastError
EnumResourceNamesW
GetCommandLineW
GetSystemDirectoryW
DeleteCriticalSection
InterlockedDecrement
LeaveCriticalSection
FreeLibrary
EnterCriticalSection
LoadLibraryW
InitializeCriticalSection
InterlockedIncrement
CloseHandle
WaitForSingleObject
FindFirstFileW
GetExitCodeProcess
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
GetLocaleInfoW
GetEnvironmentVariableW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetEvent
WaitForMultipleObjects
CreateEventW
CreateThread
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathW
WriteFile
CreateFileW
SetFileAttributesW
GetTickCount
lstrlenA
LocalFree
LocalAlloc
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FindNextFileW
FindClose
lstrcpynW
WritePrivateProfileStringW
GetLongPathNameW
lstrlenW
WideCharToMultiByte
CreateProcessW
GetLastError

user32

MessageBoxW
LoadIconW
SetCursor
LoadCursorW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
SetWindowTextW
LoadStringW
EnumChildWindows
RealGetWindowClassW
wsprintfW
GetWindowLongW

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
CryptAcquireContextW
CryptReleaseContext
CryptSetProvParam
InitializeSecurityDescriptor
CryptDestroyKey
RegCloseKey
CryptEncrypt
CryptExportKey
CryptGenKey
CryptGetUserKey
CryptDecrypt
CryptImportKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegNotifyChangeKeyValue
RegEnumValueW
RegSetValueExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4d660e05408d1e552465a777c71f80e8

Headers

File Characteristics

Imports

gdiplus

btchooser

btsendto

shlwapi

ws2_32

wininet

netapi32

mfc80u

msvcr80

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 4KB

PACK Size: 144KB - Virtual size: 380KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 4KB

PACK
Size: 144KB - Virtual size: 380KB