8f6dc5fce38883c3fa4981da884aae87049b83bc98b93bdb7a870ef6d01d9028

Sharing

Copy URL Twitter E-mail

General

Target

8f6dc5fce38883c3fa4981da884aae87049b83bc98b93bdb7a870ef6d01d9028
Size

3.2MB
MD5

f3f6d71afed3fc4212f653d6f0097163
SHA1

35e4232aca358f698a6c8102bfcf3fd41c9d8bb2
SHA256

8f6dc5fce38883c3fa4981da884aae87049b83bc98b93bdb7a870ef6d01d9028
SHA512

97b01af705c868e12b7de5066a93532cddda88bb648a22a797336ceaa7defc8221396b213c4ce8b3bde2025a15fbe5a16f1c99f61931b99206933293f3d627dd
SSDEEP

98304:abVKjWnrBDC6Xl2LJFkeKQ1L8Lyb+jgI04FsA9FgN6pX1:abVDrBO612VdvVmPdFsAbbpF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f6dc5fce38883c3fa4981da884aae87049b83bc98b93bdb7a870ef6d01d9028

Files

8f6dc5fce38883c3fa4981da884aae87049b83bc98b93bdb7a870ef6d01d9028
.exe windows:5 windows x86 arch:x86

a6bfa1fa437fb78f491ca8c34ad2dec0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses

kernel32

lstrcmpA
InterlockedExchange
GetLocaleInfoA
GetModuleFileNameA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetCurrentProcessId
GetModuleFileNameW
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
GlobalFlags
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetCPInfo
GetOEMCP
GetModuleHandleW
FileTimeToSystemTime
WritePrivateProfileStringA
SetErrorMode
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetTickCount
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitProcess
SetStdHandle
GetFileType
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
SetLastError
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
SetFileTime
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
lstrcpyA
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
SetFilePointer
lstrlenA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
lstrcatA
DeleteFileA
WriteFile
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetWindowsDirectoryA
FlushViewOfFile
FindFirstFileA
FindClose
CreateFileA
GetLastError
CreateFileMappingA
CloseHandle
MapViewOfFile
UnmapViewOfFile
GetSystemInfo
LoadResource
LockResource
SizeofResource
FindResourceA
WideCharToMultiByte
Sleep
TlsGetValue

user32

DrawTextExA
GrayStringA
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
CharUpperA
GetSysColorBrush
LoadCursorA
SetCapture
ReleaseCapture
CharNextA
CopyAcceleratorTableA
IsRectEmpty
SetRect
InvalidateRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
DrawTextA
RemovePropA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
EnableWindow
SendMessageA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
TabbedTextOutA
DestroyMenu
LoadIconA
GetClientRect
GetSystemMetrics
IsIconic
wsprintfA
ReleaseDC
GetDC
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
GetPropA
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetLastActivePopup

shell32

ShellExecuteA

ole32

CoRegisterMessageFilter
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoRevokeClassObject
CoTaskMemAlloc

oleaut32

SysAllocStringLen
VariantCopy
VariantChangeType
SysStringLen
VariantInit
VariantClear
SysFreeString
SysAllocStringByteLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFileExistsA
PathFindExtensionA

oledlg

ord8

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

DeleteDC
GetStockObject
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
GetDeviceCaps
CreateRectRgnIndirect
ExtSelectClipRgn
ExtTextOutA
SaveDC
RestoreDC
SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetClipBox
SelectObject
Escape
TextOutA
RectVisible
SetViewportOrgEx

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6bfa1fa437fb78f491ca8c34ad2dec0

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

shell32

ole32

oleaut32

shlwapi

oledlg

oleacc

gdi32

winspool.drv

comdlg32

advapi32

Sections

.text Size: 231KB - Virtual size: 231KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 2.9MB - Virtual size: 2.9MB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 231KB - Virtual size: 231KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 2.9MB - Virtual size: 2.9MB

.rsrc
Size: 18KB - Virtual size: 17KB