67ba89e94f829ab57f32d62e3c4e21c4

Sharing

Copy URL

Twitter E-mail

General

Target

67ba89e94f829ab57f32d62e3c4e21c4
Size

169KB
MD5

67ba89e94f829ab57f32d62e3c4e21c4
SHA1

f649ceb11c354f845e93893a4b91c539def5914b
SHA256

8df570cb93a853ef716a4480193f94258c390f5b5f05369df0c44932df6dc752
SHA512

9237909a682c158f081ca5f446dca3bd589f4c0583bf3fc4b5c8d22b1bb6504968d884821a1ffc2e017a566b0837bd34a669e2f686eb033f4083b7d648925aa6
SSDEEP

3072:0RfRrEzKGmRy5svvR96OKwSt7JgrkaRuOSymqZeo3b7ZGyq3E9s4gIu3yJTfbkKI:6fRZRy5sxlkmMGeUb7ZGp3EbBTfPe9vX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67ba89e94f829ab57f32d62e3c4e21c4

Files

67ba89e94f829ab57f32d62e3c4e21c4
.exe windows:6 windows x86 arch:x86

83dc6b81471eb3c79da74e27363bddf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundW

kernel32

HeapReAlloc
HeapSize
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
MultiByteToWideChar
CloseHandle
FlushFileBuffers
CreateFileW
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetModuleHandleExW
SetEndOfFile
GetModuleFileNameW
WriteFile
GetStdHandle
ReadFile
RaiseException
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetConsoleOutputCP
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
SetUnhandledExceptionFilter
GetFileAttributesExW
lstrcmpW
LocalFree
GetCommandLineW
FindNextFileA
GetCommandLineA
GetLogicalDrives
LockFileEx
WriteConsoleW
ExitProcess
DecodePointer
UnhandledExceptionFilter

comdlg32

PageSetupDlgW
PrintDlgExW
GetOpenFileNameA
GetOpenFileNameW
FindTextW
ReplaceTextW

loadperf

LoadPerfCounterTextStringsW
LoadPerfCounterTextStringsA

shell32

SHGetSpecialFolderPathW
SHGetDiskFreeSpaceA
ShellExecuteA
CommandLineToArgvW
SHGetFolderPathW
DragFinish

pdh

PdhGetDataSourceTimeRangeW
PdhGetCounterInfoA
PdhGetDefaultPerfObjectW
PdhParseInstanceNameW
PdhRemoveCounter
PdhVbIsGoodStatus
PdhConnectMachineW
PdhVbGetOneCounterPath
PdhGetDefaultPerfObjectA
PdhEnumObjectsW

user32

SendMessageW
SetWindowTextW
ShowWindow
IsWindow
SetFocus
wsprintfW
SetWindowLongW
GetSysColorBrush
LoadImageW
GetWindowTextLengthW
GetWindowRect
FillRect
GetSystemMetrics
RedrawWindow
MapWindowPoints
GetClientRect
DrawTextW
InvalidateRect
GetWindowTextW
DefWindowProcW
CreateWindowExW
GetMenuItemInfoW
SetWindowPlacement
GetNextDlgGroupItem
SetScrollRange
MessageBoxIndirectA
EnumDisplaySettingsW
IsWindowVisible
SetWindowPos
LoadImageA
LoadCursorW
TranslateMessage
RegisterClassW
DispatchMessageW
GetMessageW
PostQuitMessage

rpcrt4

NDRSContextUnmarshall
RpcSmSetThreadHandle
I_RpcNsBindingSetEntryNameW
RpcObjectSetType
RpcServerUseAllProtseqs
NdrNonConformantStringUnmarshall
RpcServerUseAllProtseqsEx
NdrEncapsulatedUnionMarshall
I_RpcIfInqTransferSyntaxes
I_RpcGetBufferWithObject
RpcMgmtEpEltInqDone
RpcEpRegisterNoReplaceW

mscms

GetPS2ColorRenderingIntent
GetColorDirectoryW
IsColorProfileTagPresent
InstallColorProfileW
SetColorProfileElementSize
GetCountColorProfileElements
EnumColorProfilesA
GetStandardColorSpaceProfileW

gdi32

SetBkMode
SetTextColor
CreateSolidBrush
SelectObject
BitBlt
SetBkColor
GetStockObject
CreateFontW
GetObjectW
CreateCompatibleDC

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83dc6b81471eb3c79da74e27363bddf4

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

comdlg32

loadperf

shell32

pdh

user32

rpcrt4

mscms

gdi32

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B