ee6b88cc461522da447d37a2215db4fbc8173415b7500415e87fca4074ca9a96

Sharing

Copy URL

Twitter E-mail

General

Target

ee6b88cc461522da447d37a2215db4fbc8173415b7500415e87fca4074ca9a96
Size

2.2MB
MD5

e8d9f5064a245b92ae4115d40a3728af
SHA1

b6ab0071fff33365a3a3dfabbb3ff94360f20188
SHA256

ee6b88cc461522da447d37a2215db4fbc8173415b7500415e87fca4074ca9a96
SHA512

f0c16513cb55ea3e00b89c7bc85cb65e356af1535d23db5078ce0ec4d8b5494985baee267ae5f8625feaa8849c5741224b00bae46ecfe187efcb84c91839e7e1
SSDEEP

49152:19UJj87k/a4nQkh6ZISIyR7fJATyIeOgWfPfyDLmd/DIuJxThJqEB6ZmKYGCsWH1:m8D4nQkhSRtATyIe+fPf6Lmd/DI0xT5Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee6b88cc461522da447d37a2215db4fbc8173415b7500415e87fca4074ca9a96

Files

ee6b88cc461522da447d37a2215db4fbc8173415b7500415e87fca4074ca9a96
.exe windows:5 windows x86 arch:x86

60892b288ccc180a39a95b6e54766716

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ord165
SHGetFolderPathW

crypt32

CryptBinaryToStringA

kernel32

DeleteVolumeMountPointW
FindNextVolumeW
RemoveDirectoryW
FindFirstVolumeW
GetVersionExW
GetFileAttributesW
GetCurrentProcessId
MoveFileExW
GetSystemWindowsDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempPathW
GetPrivateProfileIntW
GetLocalTime
CreateEventW
GetSystemInfo
GetWindowsDirectoryW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SystemTimeToFileTime
FileTimeToSystemTime
CreateThread
GetCurrentThreadId
SetVolumeMountPointW
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ExitProcess
HeapCreate
GetFileType
GetStdHandle
SetHandleCount
IsProcessorFeaturePresent
CreateDirectoryW
FindVolumeClose
CopyFileW
TerminateProcess
GetExitCodeProcess
SetLastError
GetUserDefaultLangID
ReadFile
SetEndOfFile
SetFilePointer
LocalFree
FindNextFileW
DeviceIoControl
LocalAlloc
FindClose
GetProcAddress
GetSystemDirectoryW
GetModuleHandleW
WaitForSingleObject
CreateProcessW
InterlockedDecrement
CloseHandle
CreateFileW
WriteFile
DeleteFileW
MoveFileW
GetLastError
lstrlenW
GetBinaryTypeW
GetModuleFileNameW
Sleep
WideCharToMultiByte
FindFirstFileW
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
FindResourceExW
OutputDebugStringA
OutputDebugStringW
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
RtlUnwind
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
InterlockedIncrement

user32

LoadIconW
DrawFocusRect
GetDC
SetFocus
GetClientRect
TrackMouseEvent
GetParent
DialogBoxParamW
InvalidateRect
DrawTextW
EndDialog
FillRect
GetWindowRect
SetTimer
GetDesktopWindow
ShowWindow
GetWindowTextW
SystemParametersInfoW
GetDlgItem
KillTimer
SetWindowLongW
LoadBitmapW
EnableWindow
GetDlgCtrlID
SetWindowTextW
wsprintfW
MessageBoxExW
ExitWindowsEx
SendMessageW
GetSystemMetrics
CallWindowProcW
PostMessageW
MoveWindow

gdi32

SetTextColor
DeleteDC
CreateFontIndirectW
GetCurrentObject
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
Rectangle
GetObjectW
CreatePen
CreateSolidBrush
BitBlt

advapi32

OpenSCManagerW
RegOpenKeyExW
RegFlushKey
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegDeleteKeyW
RegCreateKeyExW
RegEnumValueW
SetNamedSecurityInfoW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetNamedSecurityInfoA
QueryServiceStatusEx
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
QueryServiceConfigW
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
RegCloseKey
CloseServiceHandle
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExW

ole32

CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoInitialize
CLSIDFromProgID
CoQueryProxyBlanket

oleaut32

VariantCopy
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantChangeType
VarCmp
SysAllocString
SafeArrayGetLBound
VariantClear
VariantInit
SafeArrayGetElement
SysFreeString
SafeArrayGetUBound

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

shlwapi

PathFileExistsW
PathCombineW

msi

ord32
ord8
ord92
ord125
ord20
ord17
ord163

winhttp

WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetOption
WinHttpSetTimeouts

Sections

.text
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60892b288ccc180a39a95b6e54766716

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shell32

crypt32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

rpcrt4

shlwapi

msi

winhttp

Sections

.text Size: 448KB - Virtual size: 447KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 448KB - Virtual size: 447KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 33KB - Virtual size: 32KB