289a422e358058f96944a79bb71579ec

Sharing

Copy URL

Twitter E-mail

General

Target

289a422e358058f96944a79bb71579ec
Size

829KB
MD5

289a422e358058f96944a79bb71579ec
SHA1

4a7d40b384c3bd7b191e0e86816644ea5744c376
SHA256

7d3e1b52fcc37221b4daac727ed6dca4889096051e339bc32969320bb747c3a6
SHA512

9e5c381c71e706772a11adf1c334711a1f6b20dd4200480c129e391737b97631ab03773b7a9c71ada5967d3905100dc1ca230504d5b48fbaa86e8d9ed4fbf6fc
SSDEEP

24576:L5MFOlyU/F1EXbRRwBE1owCYOurfvOoE8RSDo:tq8B1EXbRRF19Cceo7RSc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
289a422e358058f96944a79bb71579ec

Files

289a422e358058f96944a79bb71579ec
.exe windows:5 windows x86 arch:x86

3ee983c950fe013ed06ac37ab9f268ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msoert2

PszSkipWhiteW
PVGetMsgParam
HrCheckTridentMenu
FIsHTMLFile
CreateStreamOnHFile
HrLPSZToBSTR
IVoidPtrList_CreateInstance
PszMonthFromIndex
WriteStreamToFile
HrIsStreamUnicode
CreateDataObject
UnlocStrEqNW
HrCopyStreamCB
IDrawText
PszDayFromIndex
CryptFreeFunc
PszScanToCharA
HrRewindStream
FMissingCert
HrIndexOfMonth
PszAllocA
PszScanToWhiteA
CreateTempFileStream
CreateNotify
HrStreamSeekCur
HrCreateTridentMenu
MessageBoxInst
UlStripWhitespace
fGetBrowserUrlEncoding
ShellUtil_GetSpecialFolderPath
HrIStreamWToBSTR
ReplaceChars
OpenFileStreamShareW
WriteStreamToFileW
CreateLogFile
IsUpper
ChConvertFromHex
PszFromANSIStreamA
CleanupFileNameInPlaceA

kernel32

RtlMoveMemory
GetCurrentThread
LoadLibraryW
ClearCommBreak
GetLocaleInfoW
GetSystemPowerStatus
GetModuleHandleW
DebugBreak
ConvertThreadToFiber
SetCommConfig
SetCalendarInfoW
SetComputerNameExW
FreeEnvironmentStringsW
GetConsoleCommandHistoryLengthA
SetConsoleNumberOfCommandsW
LockFile
GetConsoleAliasExesLengthW
GetCurrentDirectoryA
RemoveVectoredExceptionHandler
GetAtomNameA
SetConsoleActiveScreenBuffer
GetNativeSystemInfo

winscard

SCardIntroduceCardTypeW
SCardBeginTransaction
SCardIntroduceReaderA
SCardAccessNewReaderEvent
SCardReleaseAllEvents
SCardLocateCardsByATRA
SCardEstablishContext
SCardSetCardTypeProviderNameA
SCardSetAttrib
SCardGetAttrib
ClassInstall32
SCardForgetCardTypeW
SCardListCardsW
SCardGetCardTypeProviderNameW
SCardAddReaderToGroupA
SCardForgetReaderGroupW
SCardGetProviderIdW
SCardControl
SCardGetProviderIdA

dnsapi

DnsQuery_W
DnsRecordSetCopyEx
DnsNameCopy
DnsMapRcodeToStatus
Dns_BuildPacket
DnsAcquireContextHandle_W
Dns_CloseConnection
DnsDhcpSrvRegisterHostName
Dns_RecvTcp
Dns_InitializeMsgRemoteSockaddr
DnsGetDomainName

user32

IsIconic
AlignRects
GetDialogBaseUnits
GetShellWindow
BroadcastSystemMessageExW
GetMenuContextHelpId
IsClipboardFormatAvailable
CharToOemA
ReuseDDElParam
BroadcastSystemMessage
SetLayeredWindowAttributes
IsCharUpperW
SetCursorContents
ToUnicodeEx
CreateDialogIndirectParamA
InsertMenuW
GetKeyboardLayoutNameA
InvalidateRect
IsCharAlphaNumericA
ChildWindowFromPointEx

Sections

.text
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ee983c950fe013ed06ac37ab9f268ae

Headers

DLL Characteristics

File Characteristics

Imports

msoert2

kernel32

winscard

dnsapi

user32

Sections

.text Size: 390KB - Virtual size: 390KB

.rdata Size: 122KB - Virtual size: 121KB

.data Size: 165KB - Virtual size: 1.6MB

.rsrc Size: 149KB - Virtual size: 149KB

.reloc Size: 1024B - Virtual size: 820B

.text
Size: 390KB - Virtual size: 390KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 165KB - Virtual size: 1.6MB

.rsrc
Size: 149KB - Virtual size: 149KB

.reloc
Size: 1024B - Virtual size: 820B