280dab207d0931b4d58c13e6726052eb

Sharing

Copy URL Twitter E-mail

General

Target

280dab207d0931b4d58c13e6726052eb
Size

823KB
MD5

280dab207d0931b4d58c13e6726052eb
SHA1

bb630d6dca793f1f4ceaa9321043ea914f201432
SHA256

d82fec27e440b42e2243bcee77fe32838284466296106ee4878028847ed00193
SHA512

29beab75cb49f071756450f4140d970f89774a25c448a452816328021a6a5fe3695d787bfd940e40ba1fac0f1ea7d87bbca310c805fc1f1d697b5de5e3beca93
SSDEEP

24576:fcbHq17Uz85Ool9E8pmfRBEmvir5Lp1stEcBwFne:0c7UqFl9EUSRBEmvi1N1suple

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
280dab207d0931b4d58c13e6726052eb

Files

280dab207d0931b4d58c13e6726052eb
.exe windows:5 windows x86 arch:x86

34b0e1f37ed584b38bc2cb4c3977ea8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetCurrentProcess
FormatMessageW
GetSystemDirectoryW
GetQueuedCompletionStatus
HeapSetInformation
GetSystemTime
DeleteCriticalSection
GetStartupInfoW
EnterCriticalSection
LocalFree
CreateMutexW
HeapAlloc
CreateThread
GetTickCount
GetCurrentProcessId
LoadLibraryExA
FreeLibrary
RaiseException
OpenProcess
LocalAlloc
HeapSize
GetModuleFileNameW
DelayLoadFailureHook
GetCurrentThread
InitializeCriticalSectionAndSpinCount
ResumeThread
LoadLibraryExW
WaitForMultipleObjects
ReleaseMutex
ResetEvent
LoadLibraryW
VirtualFree
FlushInstructionCache
CloseHandle
GetVersionExW
ExpandEnvironmentStringsW
ProcessIdToSessionId
GetCurrentThreadId
FileTimeToSystemTime
lstrlenA
lstrlenW
GetSystemInfo
OutputDebugStringA
MultiByteToWideChar
HeapFree
ExitProcess
InitializeCriticalSection
GetSystemTimeAsFileTime
CompareStringW
LoadResource
PostQueuedCompletionStatus
HeapDestroy
CreateIoCompletionPort
SetEvent
QueryPerformanceCounter
GetBinaryTypeW
MulDiv
GetUserDefaultUILanguage
WideCharToMultiByte
OpenEventW
HeapCreate
GetLastError
GetSystemWindowsDirectoryW
GetProcessHeap
GetProcAddress
CreateEventW
LoadLibraryA
SetCurrentDirectoryW
SetUnhandledExceptionFilter
LeaveCriticalSection
HeapReAlloc
GetExitCodeThread
LockResource
SetLastError
SystemTimeToFileTime
Sleep
VirtualAlloc
TerminateThread
SizeofResource
lstrcmpiW
FindResourceW
UnhandledExceptionFilter
TerminateProcess
FindResourceExW
WaitForSingleObject
GetUserDefaultLCID
GetVersionExA
FindResourceA

user32

UnregisterClassA
CharLowerBuffW
AdjustWindowRectEx
GetSystemMetrics
CreateWindowExW
CheckDlgButton
LoadAcceleratorsW
ShowWindow
TrackPopupMenuEx
GetClassNameW
SendMessageW
InvalidateRect
CallWindowProcW
TranslateMessage
GetKeyState
IsDlgButtonChecked
GetWindowThreadProcessId
GetProcessDefaultLayout
DestroyWindow
KillTimer
SetWindowTextW
LockWindowUpdate
DispatchMessageW
GetMessageW
IsWindowVisible
EnableMenuItem
SetWindowPos
SetActiveWindow
PostMessageW
GetMenu
MonitorFromPoint
TranslateAcceleratorW
GetWindowPlacement
SetWindowLongW
SetCursor
SetFocus
GetMonitorInfoW
LoadCursorW
GetClassInfoExW
IsWindow
GetDlgItem
LoadMenuW
BringWindowToTop
GetSysColorBrush
ReleaseDC
GetFocus
CharNextW
GetParent
GetDC
CheckMenuRadioItem
DefWindowProcW
DeleteMenu
EnumChildWindows
IsWindowEnabled
SystemParametersInfoW
GetClientRect
IsZoomed
GetSysColor
TrackMouseEvent
RegisterClassExW
GetWindowRect
MoveWindow
GetSubMenu
DestroyMenu
GetWindowLongW
GetShellWindow
PostQuitMessage
MonitorFromRect
DestroyIcon
SetTimer
IsIconic
ClientToScreen
LoadStringW
EnableWindow

gdi32

CreateFontIndirectW
SetBkMode
GetTextMetricsW
CreateDIBSection
SelectObject
CreateCompatibleDC
DeleteObject
DeleteDC
GetTextExtentPoint32W
GetObjectW
SetTextColor
GetDeviceCaps
GetStockObject

advapi32

GetTokenInformation
GetTraceEnableLevel
EqualSid
RegisterTraceGuidsW
SetEntriesInAclW
GetLengthSid
TraceEvent
CopySid
SetSecurityDescriptorDacl
GetTraceEnableFlags
RegCreateKeyExW
RegDeleteValueW
GetTraceLoggerHandle
RegCreateKeyW
RegSetValueExW
RegOpenKeyExW
AllocateAndInitializeSid
FreeSid
IsValidSid
InitializeSid
UnregisterTraceGuids
RegCloseKey
GetSidLengthRequired
RegEnumKeyExW
RegOpenKeyW
RegQueryInfoKeyW
OpenThreadToken
GetSidSubAuthority
OpenProcessToken
InitializeSecurityDescriptor

shell32

ShellExecuteW

ole32

CoTaskMemRealloc
CoRevokeClassObject
CoInitializeSecurity
OleInitialize
OleGetClipboard
CoResumeClassObjects
CoInitialize
CoGetClassObject
PropVariantClear
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal
CoRegisterClassObject
CoRevertToSelf
OleUninitialize
CoImpersonateClient
CoUninitialize
StringFromCLSID

oleaut32

VarUI4FromStr
SafeArrayGetUBound
SysStringByteLen
VariantCopy
SysAllocStringByteLen
DispCallFunc
SafeArrayGetLBound
VarBstrCat
GetErrorInfo
SafeArrayCreate
SysAllocString
SafeArrayDestroy
VariantInit
LoadRegTypeLi
VarBstrCmp
SafeArrayUnlock
VariantClear
SafeArrayRedim
SysAllocStringLen
SafeArrayLock
SysFreeString
LoadTypeLi
SysStringLen
VariantCopyInd

comctl32

ImageList_Add

shlwapi

UrlEscapeW
SHStrDupW
ColorHLSToRGB
UrlUnescapeW

winmm

midiInGetErrorTextA
midiInClose
midiInAddBuffer
midiDisconnect
midiOutClose

rpcrt4

UuidFromStringA
UuidIsNil
UuidCreate
UuidCreateNil
RpcStringFreeA
UuidToStringA

wldap32

ord47
ord316

gdiplus

GdiplusStartup

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wert
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zert
Size: 697KB - Virtual size: 697KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xyu
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34b0e1f37ed584b38bc2cb4c3977ea8c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

winmm

rpcrt4

wldap32

gdiplus

Sections

.text Size: 4KB - Virtual size: 4KB

.wert Size: 16KB - Virtual size: 16KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 5.9MB

.zert Size: 697KB - Virtual size: 697KB

.xyu Size: 9KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 8B

.tls Size: 512B - Virtual size: 57B

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 4KB - Virtual size: 4KB

.wert
Size: 16KB - Virtual size: 16KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 5.9MB

.zert
Size: 697KB - Virtual size: 697KB

.xyu
Size: 9KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 8B

.tls
Size: 512B - Virtual size: 57B

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 7KB - Virtual size: 7KB