65c7547392fd1acd5f8004b717aeae12

Sharing

Copy URL Twitter E-mail

General

Target

65c7547392fd1acd5f8004b717aeae12
Size

204KB
MD5

65c7547392fd1acd5f8004b717aeae12
SHA1

1f40cfd4a46420e13e977faefb8b35da43533a35
SHA256

75f4a4b270d8b8d9b651537ceeea3dee2bd39915f83d089cd4286661fa93556f
SHA512

b9274e011346a91693cd67acafcd0e44378cb1c5a98c62318429c16a7ea54b9fed8d47cff4b2f0c963398e6573499471198ae5f9f6a53d12d69813174a41e821
SSDEEP

3072:HDhtgN6/MK6ecCodLpi3BCeRXhGVNkJADjIZnvVPB5F1MtPStN5uko:NiyM/CgLI3BnhG7kJA4ZnvVP/XeP0xo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65c7547392fd1acd5f8004b717aeae12

Files

65c7547392fd1acd5f8004b717aeae12
.exe windows:4 windows x86 arch:x86

6cd9e18ae394f98d8bbf3da5bf274cfc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getsockname
ioctlsocket
shutdown
select
recv
ntohs
inet_ntoa
WSAStartup
inet_addr
htons
gethostbyname
connect
WSAGetLastError
socket
closesocket
getsockopt
setsockopt
send

shlwapi

StrCmpNA
StrStrW
wvnsprintfW
StrCmpW
StrToIntExW
StrPBrkA
StrStrA
wnsprintfA
StrToIntExA
wnsprintfW
StrChrA
StrRChrA
StrRChrW
StrChrIA
StrCmpNIA
StrStrIA
StrStrIW

gdiplus

GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipLoadImageFromStream

wininet

DeleteUrlCacheEntryW
GetUrlCacheEntryInfoW

kernel32

IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
HeapSize
GetOEMCP
GetACP
GetStringTypeA
TlsSetValue
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
VirtualFree
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
GetStringTypeW
LCMapStringA
LCMapStringW
GetThreadLocale
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetConsoleOutputCP
GetCPInfo
CreateProcessA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
OpenThread
ExitThread
OpenMutexA
CreateMutexA
GetVersion
GetCommandLineA
DeleteCriticalSection
InterlockedDecrement
MultiByteToWideChar
lstrcmpW
lstrlenW
IsBadReadPtr
HeapCreate
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadWritePtr
CloseHandle
WriteFile
SetFilePointer
CreateFileA
GetTickCount
GetCurrentThreadId
WaitForSingleObject
ReleaseMutex
lstrcmpA
SystemTimeToFileTime
GetLocalTime
GetSystemTime
GetTimeZoneInformation
Sleep
lstrlenA
WideCharToMultiByte
RaiseException
lstrcmpiW
lstrcpyA
lstrcmpiA
ReadFile
GetFileSize
CreateFileW
GetLastError
InterlockedCompareExchange
InterlockedExchange
LocalFree
FormatMessageA
CreateThread
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
lstrcatA
TerminateThread
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
lstrcatW
VirtualProtect
GetProcAddress
GetModuleHandleA
GetEnvironmentVariableA
InitializeCriticalSection
GetModuleFileNameW
InterlockedExchangeAdd
InterlockedIncrement
GetVersionExA
GetProcessHeap
GetStdHandle
SetLastError
DeviceIoControl
LoadLibraryA
SetStdHandle
WriteConsoleW
WriteConsoleA
lstrcpynA
GlobalUnlock
GlobalLock
GlobalSize

user32

SetThreadDesktop
MessageBoxW
EnumChildWindows
CreateDesktopA
CloseClipboard
GetClipboardData
CountClipboardFormats
OpenClipboard
CharLowerW
GetDesktopWindow
GetWindowTextW
DestroyWindow
PostMessageA
GetDlgItem
GetWindowInfo
GetDlgCtrlID
GetClassNameA
GetAncestor
IsWindow
GetWindowThreadProcessId
wsprintfA
SendMessageW

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

shell32

SHFileOperationA

ole32

StringFromCLSID
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SafeArrayCreate
VariantCopy
SysAllocString
VariantClear
VariantInit
VarBstrCmp
SysFreeString
SafeArrayPutElement
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysStringLen

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 67.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6cd9e18ae394f98d8bbf3da5bf274cfc

Headers

File Characteristics

Imports

ws2_32

shlwapi

gdiplus

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 176KB - Virtual size: 175KB

.data Size: 24KB - Virtual size: 67.7MB

.text
Size: 176KB - Virtual size: 175KB

.data
Size: 24KB - Virtual size: 67.7MB