6633bfea94cfca1dad3571b7f5025f3d

Sharing

Copy URL Twitter E-mail

General

Target

6633bfea94cfca1dad3571b7f5025f3d
Size

147KB
MD5

6633bfea94cfca1dad3571b7f5025f3d
SHA1

b43afc88f2b7d97fb230e926b02a76ef8b64eec9
SHA256

35f7fed8970ca545cf107a37b941fb7da686dc45a0f9bc7850264cadc0256267
SHA512

0c9cc095a93ddbb34129c96e5fa379402953d1e26cdac58a641136f4afa059be4e524d7f491c480c901fd20772abf862dc7a2a9dacd810379a4b668488416029
SSDEEP

3072:/4PdSlenPzm6SsPUL/Tzlb22H2NyMM067AWatuIu/PgrtTB2zSB/g:/4CUFSsG/V22SxMd7Af2ngr1B9B/g

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Save.exe
unpack001/SaveUninst.exe

Files

6633bfea94cfca1dad3571b7f5025f3d
.cab
ReadMe.txt
Save.exe
.exe windows:4 windows x86 arch:x86

a751df276d2fb99aa69458a89ff13982

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
GlobalFree
LoadLibraryA
GlobalHandle
LockResource
LoadResource
FindResourceA
GlobalAlloc
GetCurrentProcess
GetProcAddress
lstrcmpA
FlushInstructionCache
CreateMutexA
HeapDestroy
SetLastError
CreateThread
WaitForSingleObject
FreeLibrary
GetFileAttributesA
DeleteFileA
MoveFileA
SetFilePointer
GetSystemTime
SystemTimeToFileTime
GetCurrentThreadId
GlobalLock
GlobalUnlock
lstrcmpiA
TlsSetValue
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
HeapSize
HeapAlloc
HeapReAlloc
TerminateProcess
TlsGetValue
TlsAlloc
EnterCriticalSection
HeapFree
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RtlUnwind
RaiseException
InterlockedExchange
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetModuleFileNameA
LeaveCriticalSection
Sleep
GetLastError
MultiByteToWideChar
lstrlenW
CloseHandle
CreateFileA
CompareStringA
GetStringTypeExA
WideCharToMultiByte
ReadFile
WriteFile
InterlockedIncrement
lstrlenA
InterlockedDecrement

user32

DispatchMessageA
PeekMessageA
DestroyWindow
SetTimer
KillTimer
PostMessageA
GetMessageA
MsgWaitForMultipleObjects
TranslateMessage
IsWindow
ReleaseDC
wsprintfA
EnumWindows
GetWindowLongA
IsWindowVisible
GetParent
GetClassNameA
GetWindowRect
GetWindow
FindWindowExA
SetFocus
GetDC
PostQuitMessage
keybd_event
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
ShowWindow
IsIconic
BringWindowToTop
SetWindowPos
GetForegroundWindow
SendMessageTimeoutA
IntersectRect
IsZoomed
AdjustWindowRectEx
SystemParametersInfoA
SetWindowRgn
LoadIconA
MapWindowPoints
CreateDialogIndirectParamA
GetTopWindow
GetSystemMetrics
ScreenToClient
MoveWindow
GetSystemMenu
SetKeyboardState
GetKeyboardState
OffsetRect
FindWindowA
CreateWindowExA
CreateAcceleratorTableA
GetDesktopWindow
DefWindowProcA
CharLowerA
RegisterClassExA
LoadCursorA
GetClassInfoExA
SendMessageA
EnableMenuItem
GetCapture
GetCursorPos
WindowFromPoint
GetDlgItem
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
SetWindowLongA
RegisterWindowMessageA
RedrawWindow
BeginPaint
GetClientRect
FillRect
EndPaint
CallWindowProcA
GetFocus
IsChild
GetSysColor
DestroyAcceleratorTable
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA

gdi32

GetDeviceCaps
GetStockObject
CreateRectRgn
GetDIBits
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetObjectA
ExcludeClipRect

advapi32

CryptCreateHash
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyExA
CryptAcquireContextA
RegCloseKey
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA

shell32

ShellExecuteExA
ShellExecuteA

ole32

StringFromCLSID
CLSIDFromString
CoTaskMemFree
CoCreateGuid
CoDisconnectObject
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoUninitialize
OleLockRunning
CoTaskMemAlloc
OleInitialize
CoRegisterMessageFilter
CreateStreamOnHGlobal
CLSIDFromProgID
CreateBindCtx
OleUninitialize
CoFreeUnusedLibraries
CoGetInterfaceAndReleaseStream
CoCreateInstance
StringFromGUID2

oleaut32

SysStringLen
SysFreeString
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysAllocString
LoadTypeLi
VariantCopy
LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect

shlwapi

PathIsURLA
PathRemoveFileSpecA

wininet

InternetGetConnectedState

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

urlmon

CreateURLMoniker
RegisterBindStatusCallback
CoInternetGetSession

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SaveUninst.exe
.exe windows:4 windows x86 arch:x86

c90412bf8a041d9500eccced42658f93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
CreateDirectoryA
GetWindowsDirectoryA
FindClose
FindFirstFileA
RemoveDirectoryA
GetTempPathA
GetShortPathNameA
GetModuleFileNameA
WideCharToMultiByte
lstrlenW
lstrcmpiA
SetLastError
CloseHandle
WriteFile
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
Sleep
GetTickCount
TerminateProcess
WaitForSingleObject
lstrcatA
lstrcpyA
ResumeThread
SetPriorityClass
lstrlenA
GetCurrentThread
SetThreadPriority
CreateProcessA
GetTempFileNameA
MultiByteToWideChar
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetModuleHandleA
GetStartupInfoA
ExitProcess
DebugBreak
HeapReAlloc
HeapFree
LocalFree
GetLastError
FormatMessageA
OpenProcess
GetFileAttributesA
DeleteFileA
GetCurrentProcess

user32

GetWindowRect
GetWindow
SystemParametersInfoA
GetParent
GetSystemMetrics
CreateWindowExA
RegisterClassExA
GetWindowLongA
MapWindowPoints
GetClientRect
CallWindowProcA
DispatchMessageA
DestroyWindow
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
FindWindowA
PostMessageA
CharNextA
PeekMessageA
SetWindowLongA
SetWindowPos
LoadCursorA
GetClassInfoExA
IsWindow
SetWindowTextA
ShowWindow
MessageBoxA
PostQuitMessage
GetWindowThreadProcessId
SendMessageTimeoutA
CreateDialogParamA
UpdateWindow
DefWindowProcA
wsprintfA

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey

shell32

ShellExecuteA

ole32

StringFromGUID2
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen
VariantClear

setupapi

SetupGetStringFieldA
SetupFindFirstLineA
SetupFindNextLine
SetupOpenInfFileA
SetupSetDirectoryIdA
SetupCloseInfFile
SetupTermDefaultQueueCallback
SetupInstallFromInfSectionA
SetupDefaultQueueCallbackA
SetupCloseFileQueue
SetupInitDefaultQueueCallbackEx

wininet

InternetGetConnectedState
InternetQueryOptionA

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
save.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

a751df276d2fb99aa69458a89ff13982

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

version

urlmon

Sections

.text Size: 163KB - Virtual size: 162KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 31KB - Virtual size: 30KB

c90412bf8a041d9500eccced42658f93

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

setupapi

wininet

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 163KB - Virtual size: 162KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 31KB - Virtual size: 30KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB