4969ab85e7d02ddd5674171c1594bf94

Sharing

Copy URL Twitter E-mail

General

Target

4969ab85e7d02ddd5674171c1594bf94
Size

22KB
MD5

4969ab85e7d02ddd5674171c1594bf94
SHA1

b6f2629114b41281e2f2126f619a6c7ae4c39065
SHA256

d4c0a1faad59627192c711f59911321e007984a80bd4f38fe6cf5e2b7bc26105
SHA512

0295735c3725714608c55fa17d31ef20a37a0ce2c4727ba7b1ecdc52474143b87fc3f597884d2c2bef6dd026d9e9f91d99b0f40949a4d713cb6439c4705ffab3
SSDEEP

384:go0LhbNUFOU+Hzbi7lfGIJbpZ9kTbpETO0q1qiOpmy29GxuDoSb/NVZ0+NSu:go0LhuOUMf61Gmbf+3+O0IrKSZ/X6+Nj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/hoodwinker.scr

Files

4969ab85e7d02ddd5674171c1594bf94
.zip
hoodwinker.zip
.zip
hoodwinker.scr
.exe windows:5 windows x86 arch:x86

bfee1a4e562a1806cd6e27db7a389270

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

modemui

InvokeControlPanel
drvCommConfigDialogA
CountryRunOnce

advapi32

IsTextUnicode
RegCreateKeyA
RegFlushKey
RegDeleteKeyA
ClearEventLogA
RegOpenKeyExA
IsValidSid
RegEnumKeyA
RegQueryValueA
RegEnumValueA
RegSaveKeyA
OpenServiceA

nddeapi

NDdeShareSetInfoA
NDdeShareEnumA

user32

DialogBoxParamA
CreateWindowExA
SetCursorPos
IsCharLowerW
GetPropA
DrawIcon
LoadCursorA
DispatchMessageA
GetMessageA
CharToOemA
IsWindow
GetCaretPos
PostMessageA

certcli

CACloseCertType
CAEnumNextCA
CAEnumFirstCA
CACloseCA

wtsapi32

WTSRegisterSessionNotification
WTSEnumerateProcessesA
WTSUnRegisterSessionNotification
WTSSetSessionInformationW
WTSEnumerateServersA
WTSWaitSystemEvent
WTSVirtualChannelRead
WTSVirtualChannelQuery
WTSQueryUserToken
WTSSendMessageA
WTSVirtualChannelOpen
WTSVirtualChannelPurgeInput
WTSFreeMemory
WTSOpenServerW

kernel32

GetBinaryTypeA
LoadLibraryA
GetFullPathNameA
DeviceIoControl
GetTickCount
CloseHandle
GetNumberFormatW
GetCurrentProcess
GetProcAddress
GetCurrentDirectoryA
GetDateFormatA
ReadFile
GetConsoleTitleA
SetEnvironmentVariableW
lstrcmpiA
GetProcessId
WaitForSingleObject
CreateDirectoryA
GetStringTypeA
GetPrivateProfileIntA
ReadConsoleA
lstrcpynA
GetPrivateProfileStructW
GetTimeFormatA
FormatMessageA
UpdateResourceA
GetPrivateProfileStructW

shlwapi

UrlCombineA
UrlIsNoHistoryW
UrlCompareA
UrlIsOpaqueA
UrlCanonicalizeA
UrlGetPartA
UrlIsA
PathCommonPrefixA
PathCombineA
UrlGetLocationA
UrlCreateFromPathA
UrlUnescapeA
UrlEscapeA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 674B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfee1a4e562a1806cd6e27db7a389270

Headers

DLL Characteristics

File Characteristics

Imports

modemui

advapi32

nddeapi

user32

certcli

wtsapi32

kernel32

shlwapi

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 674B

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 674B

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 2KB - Virtual size: 2KB