431d2647ada5a2cae8d2a050b8c1238e

Sharing

Copy URL Twitter E-mail

General

Target

431d2647ada5a2cae8d2a050b8c1238e
Size

185KB
MD5

431d2647ada5a2cae8d2a050b8c1238e
SHA1

d8d7e9cc5041fa575a5d7c1ed8b5673eda532f12
SHA256

9d7b1bfd736f64d167e4e81abb2d85eeaf759f977c6f6c0a938d20cca8ca56ed
SHA512

248c02355db57c9750bb5132f8a64726e4b88337f9c5e4239c6e1f24aaec044962d29c8e3ed794d0d672b73f495e25309b4471b75b116d27f5464fcfb7d3da67
SSDEEP

3072:Jhy/RqKyXgiYqq5OZQIoa7xcmIvR9WOLpdt7JQwHh6USCOuq0G5gzsDauxdPubYw:Jhy/RqKyXgiYqq5yTxcmsphA+G5gzseH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
431d2647ada5a2cae8d2a050b8c1238e

Files

431d2647ada5a2cae8d2a050b8c1238e
.exe windows:6 windows x86 arch:x86

83dc6b81471eb3c79da74e27363bddf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundW

kernel32

HeapReAlloc
HeapSize
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
MultiByteToWideChar
CloseHandle
FlushFileBuffers
CreateFileW
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetModuleHandleExW
SetEndOfFile
GetModuleFileNameW
WriteFile
GetStdHandle
ReadFile
RaiseException
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetConsoleOutputCP
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
SetUnhandledExceptionFilter
GetFileAttributesExW
lstrcmpW
LocalFree
GetCommandLineW
FindNextFileA
GetCommandLineA
GetLogicalDrives
LockFileEx
WriteConsoleW
ExitProcess
DecodePointer
UnhandledExceptionFilter

comdlg32

PageSetupDlgW
PrintDlgExW
GetOpenFileNameA
GetOpenFileNameW
FindTextW
ReplaceTextW

loadperf

LoadPerfCounterTextStringsW
LoadPerfCounterTextStringsA

shell32

SHGetSpecialFolderPathW
SHGetDiskFreeSpaceA
ShellExecuteA
CommandLineToArgvW
SHGetFolderPathW
DragFinish

pdh

PdhGetDataSourceTimeRangeW
PdhGetCounterInfoA
PdhGetDefaultPerfObjectW
PdhParseInstanceNameW
PdhRemoveCounter
PdhVbIsGoodStatus
PdhConnectMachineW
PdhVbGetOneCounterPath
PdhGetDefaultPerfObjectA
PdhEnumObjectsW

user32

SendMessageW
SetWindowTextW
ShowWindow
IsWindow
SetFocus
wsprintfW
SetWindowLongW
GetSysColorBrush
LoadImageW
GetWindowTextLengthW
GetWindowRect
FillRect
GetSystemMetrics
RedrawWindow
MapWindowPoints
GetClientRect
DrawTextW
InvalidateRect
GetWindowTextW
DefWindowProcW
CreateWindowExW
GetMenuItemInfoW
SetWindowPlacement
GetNextDlgGroupItem
SetScrollRange
MessageBoxIndirectA
EnumDisplaySettingsW
IsWindowVisible
SetWindowPos
LoadImageA
LoadCursorW
TranslateMessage
RegisterClassW
DispatchMessageW
GetMessageW
PostQuitMessage

rpcrt4

NDRSContextUnmarshall
RpcSmSetThreadHandle
I_RpcNsBindingSetEntryNameW
RpcObjectSetType
RpcServerUseAllProtseqs
NdrNonConformantStringUnmarshall
RpcServerUseAllProtseqsEx
NdrEncapsulatedUnionMarshall
I_RpcIfInqTransferSyntaxes
I_RpcGetBufferWithObject
RpcMgmtEpEltInqDone
RpcEpRegisterNoReplaceW

mscms

GetPS2ColorRenderingIntent
GetColorDirectoryW
IsColorProfileTagPresent
InstallColorProfileW
SetColorProfileElementSize
GetCountColorProfileElements
EnumColorProfilesA
GetStandardColorSpaceProfileW

gdi32

SetBkMode
SetTextColor
CreateSolidBrush
SelectObject
BitBlt
SetBkColor
GetStockObject
CreateFontW
GetObjectW
CreateCompatibleDC

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83dc6b81471eb3c79da74e27363bddf4

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

comdlg32

loadperf

shell32

pdh

user32

rpcrt4

mscms

gdi32

Sections

.text Size: 138KB - Virtual size: 138KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 138KB - Virtual size: 138KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB