ac1e66f9def561330e1e19a779577a8c5d20b4bc4a673a67c7447a1d95eab123

Sharing

Copy URL Twitter E-mail

General

Target

ac1e66f9def561330e1e19a779577a8c5d20b4bc4a673a67c7447a1d95eab123
Size

2.1MB
MD5

0996a67c5c746b03596a1e102fbb5132
SHA1

9b32e9f3d31a994acf651a9e390d66db6334d85d
SHA256

ac1e66f9def561330e1e19a779577a8c5d20b4bc4a673a67c7447a1d95eab123
SHA512

ca26c390fa43d3f841209ef9c43762ad91a47b60c88bcb6406d18d7688071aa9b6b6b6721abec50047c5d0bb3ac362371bc50a3f6b523bb2c22a06c425036e97
SSDEEP

24576:nF76g/2ACixsBXyIn7jlCfsDmEXu2vhVRT5fg:V+ACixsBiIn7jqs6EX/7RTd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac1e66f9def561330e1e19a779577a8c5d20b4bc4a673a67c7447a1d95eab123

Files

ac1e66f9def561330e1e19a779577a8c5d20b4bc4a673a67c7447a1d95eab123
.exe windows:5 windows x86 arch:x86

33b6ff7fa59dd2d5a4f92173e14747f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

kernel32

EnumResourceNamesA
EnumResourceTypesA
SetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetSystemInfo
GetProcAddress
LoadLibraryW
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcess
GetFileAttributesA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
DeleteFileA
CreateDirectoryA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ResetEvent
GetOverlappedResult
FreeResource
GetCurrentProcessId
GetCurrentThreadId
SetCurrentDirectoryA
SetCurrentDirectoryW
RemoveDirectoryA
RemoveDirectoryW
CreateDirectoryW
MoveFileA
MoveFileW
CopyFileA
CopyFileW
GetModuleFileNameW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCommandLineW
GetComputerNameA
GetComputerNameW
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileStringA
GetPrivateProfileStringW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
WritePrivateProfileStructA
WritePrivateProfileStructW
CreateProcessA
CreateProcessW
GetFileInformationByHandle
GetFullPathNameA
GetTimeZoneInformation
HeapSize
GetLocaleInfoW
CreateMutexW
GetOEMCP
GetACP
EnumResourceLanguagesA
FatalAppExitA
ExitProcess
GetStdHandle
SetHandleCount
HeapDestroy
HeapCreate
GetConsoleMode
GetConsoleCP
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetCurrentThread
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
FindFirstFileExW
GetDriveTypeW
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
HeapReAlloc
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RaiseException
RtlUnwind
InterlockedCompareExchange
DecodePointer
EncodePointer
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
CreateThread
DeleteFileW
CreateFileA
GetFullPathNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
WriteConsoleW
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
LocalFree
lstrlenW
SetFilePointer
CloseHandle
BeginUpdateResourceA
LoadLibraryA
FindResourceA
FreeLibrary
SizeofResource
LoadResource
LockResource
BeginUpdateResourceW
EndUpdateResourceA
UpdateResourceA
ReleaseMutex
FlushFileBuffers
WaitForSingleObject
ReadFile
WriteFile
GetLastError
CreateFileW
GetFileSize
GetCommandLineA
Sleep
IsValidCodePage
PeekNamedPipe

user32

SetWindowRgn
InvalidateRect
GetCursorPos
PtInRect
UnregisterHotKey
DialogBoxParamA
RegisterHotKey
LoadIconA
SetClassLongA
SetTimer
GetDC
ReleaseDC
EndDialog
IsDlgButtonChecked
EnableWindow
SendDlgItemMessageA
SetFocus
CheckDlgButton
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
SystemParametersInfoA
GetDesktopWindow
GetIconInfo
GetAsyncKeyState
DrawIconEx
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
InvalidateRgn
IsWindowVisible
ScreenToClient
GetWindowLongW
SetPropA
RemovePropA
CallWindowProcW
GetKeyNameTextW
GetKeyNameTextA
GetMenuItemInfoW
GetMenuItemInfoA
SetMenuItemInfoW
SetMenuItemInfoA
InsertMenuItemW
InsertMenuItemA
InsertMenuW
InsertMenuA
DrawTextW
DrawTextA
MessageBoxW
MessageBoxA
GetWindowThreadProcessId
DefWindowProcW
DefWindowProcA
SetWindowTextW
SetWindowTextA
GetDlgItem
GetClassWord
GetPropA
SendMessageA
GetWindowTextLengthW
GetWindowTextW
GetWindowTextA
EnumChildWindows
ShowWindow
CreateDialogParamA
GetClientRect
GetClassNameA
FindWindowExA
DestroyWindow
GetWindowRect
SetWindowPos
CallWindowProcA
GetWindowLongA
SetWindowLongA
GetSystemMetrics
PostMessageA
GetDlgItemTextA

gdi32

BitBlt
CreateRectRgn
CombineRgn
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateRectRgnIndirect

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetUserNameW
LookupPrivilegeValueA
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegOpenKeyA
GetUserNameA
RegCloseKey

shell32

DragQueryFileW
SHGetSpecialFolderPathW
SHGetPathFromIDListA
SHGetPathFromIDListW
SHBrowseForFolderA
SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderLocation
DragQueryFileA
SHGetMalloc
ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

imagehlp

MakeSureDirectoryPathExists

ws2_32

connect
recv
send
gethostbyname
select
__WSAFDIsSet
getsockopt
htons
socket
WSAStartup
inet_ntoa
closesocket

netapi32

Netbios

oleaut32

CreateErrorInfo
GetErrorInfo
VariantChangeType
VariantClear
VariantInit
SetErrorInfo
SysFreeString

Sections

.text
Size: 771KB - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

33b6ff7fa59dd2d5a4f92173e14747f5

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

version

imagehlp

ws2_32

netapi32

oleaut32

Sections

.text Size: 771KB - Virtual size: 770KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 9KB - Virtual size: 24KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 90KB - Virtual size: 92KB

.text
Size: 771KB - Virtual size: 770KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 9KB - Virtual size: 24KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 90KB - Virtual size: 92KB