27470a280579c4fe380d2b85c14c2453

Sharing

Copy URL

Twitter E-mail

General

Target

27470a280579c4fe380d2b85c14c2453
Size

328KB
MD5

27470a280579c4fe380d2b85c14c2453
SHA1

fd9bcd77606caf7fc11ca85770d3221d1a338201
SHA256

9a6247cae5c99382412799bda2014e16211d5533e740aae66a7eb213bd6e06c8
SHA512

159166b14fcf7a040f6435a993d5b145b3b556cf0406e9789a4b971331dfe70a02cca9f30ed65f992280da7d0569fc140a9f9c6b7468ed616f098d2410e9b11d
SSDEEP

6144:5d4xGx3yu8UpudC5yRxEv7ww3EzzWwCC8JFAv34CGg:5dgGx3bRpudGKxG6zzh6JFAvnB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27470a280579c4fe380d2b85c14c2453

Files

27470a280579c4fe380d2b85c14c2453
.exe windows:5 windows x86 arch:x86

cf080e9903ffc5281ac98673883797a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
GetProfileStringA
GetSystemInfo
FindNextFileA
CreateIoCompletionPort
GetModuleHandleA
FindFirstChangeNotificationA
GetCurrentDirectoryA
GetFileTime
CloseHandle
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
HeapSize
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
FindFirstFileA
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetFileType
GetStdHandle
GetFileSizeEx
lstrcatA
ReadFile
FileTimeToSystemTime
CreateEventA
LoadLibraryW
GlobalAlloc
WriteFile
FormatMessageA
GetProcessHeap
FindCloseChangeNotification
WaitForSingleObject
GlobalLock
HeapFree
HeapAlloc
SystemTimeToTzSpecificLocalTime
FreeLibrary
UnmapViewOfFile
CreateFileA
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameA
InterlockedDecrement
GetCurrentThreadId
GetProcAddress
FindClose
GetCurrentProcessId
GetLastError
SetLastError
InterlockedIncrement
TlsFree
MapViewOfFile
lstrlenA
VirtualAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetModuleHandleW
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
SetEnvironmentVariableA

user32

LoadImageA
SetWindowTextA
GetDlgCtrlID
MessageBoxW
IsDlgButtonChecked
ShowWindow
ChangeDisplaySettingsA
CopyRect
GetWindow
GetSystemMetrics
EnumWindowStationsW
EnumChildWindows
EndPaint
DestroyWindow
GetClassNameA
SetTimer
PostQuitMessage
DrawTextA
LoadBitmapA
EnumDisplaySettingsA
GetClientRect
SetFocus
SendMessageA
BeginPaint
GetDC
MessageBoxA
CreateWindowExA
GetDlgItem
DefWindowProcA
GetSysColor

gdi32

MoveToEx
BitBlt
LineTo
DeleteDC
GetDeviceCaps
StretchBlt
GetDIBits
CreateDCA
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
StartDocA
SetStretchBltMode
Polyline
CreatePen
GetObjectA
GetStockObject
AbortDoc

ole32

CoInitialize
CoCreateInstance

oleaut32

OleCreatePropertyFrame
SysFreeString
SysAllocString

ws2_32

htons
WSAStartup
htonl
listen
WSASocketA
socket
bind

iphlpapi

GetAdaptersAddresses

imm32

ImmGetDefaultIMEWnd

urlmon

CreateURLMoniker
CoInternetParseUrl

authz

AuthzReportSecurityEventFromParams
AuthzReportSecurityEvent

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf080e9903ffc5281ac98673883797a3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

ws2_32

iphlpapi

imm32

urlmon

authz

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 6KB - Virtual size: 12KB

.rsrc Size: 198KB - Virtual size: 197KB

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 6KB - Virtual size: 12KB

.rsrc
Size: 198KB - Virtual size: 197KB