942b5e61e20b774a9aafca74c1409d946cd24c30f978388740755393868aa0cb

Sharing

Copy URL Twitter E-mail

General

Target

942b5e61e20b774a9aafca74c1409d946cd24c30f978388740755393868aa0cb
Size

10.0MB
MD5

04d511e6515e6cc7350dcf416e1c5e47
SHA1

c11a8e1fd086efe8cc55e2891eca478c1b601026
SHA256

942b5e61e20b774a9aafca74c1409d946cd24c30f978388740755393868aa0cb
SHA512

62527df48a8da04e683f3233121fa78004c789de0a1eb2ff4327283d369c6645b14b7f38c340ee80c4d3da2a832d477ad7fd3df53a4944f819070534af0048aa
SSDEEP

196608:7QKj1jzQ+5rX59reC4QvDSqb/zd4G0g22BzCYf3WbPh1rMuf5DJh5JX90I:7Q0j1rjeXQ7Sqbzdh0g2iGY+t1R5DJ9f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
942b5e61e20b774a9aafca74c1409d946cd24c30f978388740755393868aa0cb

Files

942b5e61e20b774a9aafca74c1409d946cd24c30f978388740755393868aa0cb
.exe windows:5 windows x86 arch:x86

02c7c5f225be22d95c6105623f6b04c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
CreateDirectoryW
GetSystemDirectoryW
SetFileTime
GetShortPathNameW
GetFullPathNameW
SearchPathW
GetTempFileNameW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
GetFileInformationByHandle
GetStdHandle
CompareFileTime
FileTimeToSystemTime
WideCharToMultiByte
WaitForMultipleObjects
GetSystemWindowsDirectoryW
InterlockedCompareExchange
GetCurrentThread
GetThreadSelectorEntry
GetThreadContext
VirtualQuery
SetThreadPriority
VirtualAlloc
OpenThread
GetSystemInfo
GetThreadPriority
VirtualProtect
SuspendThread
CreateMutexW
SetEndOfFile
SetFilePointer
ReadFile
GetFileSizeEx
WriteFile
SetLastError
GetDiskFreeSpaceExW
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
FindNextFileW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetExitCodeThread
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
GetStartupInfoA
SetHandleCount
HeapCreate
FatalAppExitA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
lstrcmpiW
GetModuleFileNameA
RtlUnwind
GetStartupInfoW
GetFileType
WriteConsoleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
SetWaitableTimer
CreateWaitableTimerW
CancelWaitableTimer
lstrcmpiA
lstrcmpA
CreateThread
ExpandEnvironmentStringsW
GetProcessTimes
DuplicateHandle
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
ExitProcess
OpenProcess
CopyFileW
lstrlenA
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
FindFirstFileW
GetVolumeInformationW
MoveFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFileSize
GetWindowsDirectoryW
ResetEvent
SetEvent
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
CreateEventW
GetCurrentProcessId
DeviceIoControl
LoadLibraryA
GetSystemDirectoryA
InterlockedIncrement
GetStringTypeW
InterlockedDecrement
RemoveDirectoryW
Sleep
RaiseException
TerminateProcess
GetCurrentThreadId
FlushInstructionCache
GetTickCount
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenW
lstrcpynW
CreateFileW
LocalAlloc
LocalFree
DeleteFileW
MoveFileExW
SetFileAttributesW
GetFileAttributesW
GetTempPathW
GetVersionExW
GetCurrentProcess
GetModuleHandleW
GetExitCodeProcess
WaitForSingleObject
GetPrivateProfileIntW
CloseHandle
CreateProcessW
FreeLibrary
GetAtomNameW
TlsSetValue
TlsGetValue
GetSystemTime
GetLocalTime
FormatMessageW
OutputDebugStringW
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
VirtualFree
IsProcessorFeaturePresent
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetCPInfo
GetLastError
LoadLibraryW
GetProcAddress
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchange
GetModuleHandleA

user32

TranslateMessage
BeginPaint
SendMessageW
GetWindowLongW
GetClientRect
GetWindowTextW
EndPaint
SetWindowPos
SetWindowLongW
InvalidateRect
KillTimer
GetWindowRect
GetKeyNameTextW
MapVirtualKeyW
SubtractRect
FindWindowExW
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
MonitorFromPoint
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
UnregisterClassA
SetTimer
LoadCursorW
ShowWindow
GetDlgItem
SetWindowTextW
EnableWindow
MapWindowPoints
GetDesktopWindow
GetMessageW
SetDlgItemTextW
wsprintfW
GetWindowDC
CharToOemW
CopyRect
GetUpdateRect
ReleaseDC
SetRect
GetWindow
MonitorFromWindow
PostThreadMessageW
LoadImageW
GetWindowTextLengthW
ReleaseCapture
GetDlgCtrlID
SystemParametersInfoW
SetCapture
CreateDialogParamW
CallWindowProcW
SetCursor
GetDC
PtInRect
ClientToScreen
GetCapture
UpdateWindow
DrawFocusRect
GetSystemMetrics
InflateRect
DrawEdge
GetSysColor
IsWindowEnabled
OffsetRect
FillRect
DrawTextW
MessageBoxW
PeekMessageW
GetMonitorInfoW
DispatchMessageW
CharNextW
DefWindowProcW
BringWindowToTop
SetForegroundWindow
FindWindowW
SetWindowRgn
GetParent
AdjustWindowRectEx
GetMenu
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
IsWindow
RedrawWindow
IsIconic
PostQuitMessage
PostMessageW

gdi32

OffsetViewportOrgEx
CreatePatternBrush
CreateDIBPatternBrushPt
CreateFontW
GetDeviceCaps
CreateSolidBrush
GetCurrentObject
CreateDIBSection
StretchBlt
SetTextColor
CreatePolygonRgn
CreateFontIndirectW
GetObjectW
GetStockObject
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
DeleteDC
SelectObject
SetBkMode
GetBitmapBits

advapi32

OpenProcessToken
RegGetKeySecurity
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegQueryValueExA
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
GetUserNameW
OpenThreadToken
GetTokenInformation
GetAce
GetAclInformation
AddAce
InitializeAcl
EqualSid
IsValidSid
GetLengthSid
CopySid
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
RegSetKeySecurity

shell32

SHBrowseForFolderW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHChangeNotify
SHGetSpecialFolderLocation
SHAppBarMessage
SHFreeNameMappings
SHFileOperationW
ord165

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
OleUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateGuid
OleInitialize
CoTaskMemFree

oleaut32

VariantClear
SysAllocString
VarUI4FromStr
SysFreeString
OleLoadPicture
VariantInit
SysAllocStringByteLen
VariantCopy

shlwapi

PathIsPrefixW
SHDeleteKeyW
PathFindExtensionW
PathIsRootW
PathIsURLW
StrToIntExW
SHGetValueA
PathGetDriveNumberW
PathIsDirectoryW
StrStrIA
PathRemoveFileSpecW
PathAppendW
PathCombineW
PathFileExistsW
SHGetValueW
StrStrW
StrStrIW
SHSetValueW

comctl32

ImageList_SetImageCount
ImageList_Add
ImageList_GetIconSize
ImageList_Create
_TrackMouseEvent
ImageList_Destroy
ImageList_Draw
InitCommonControlsEx
ImageList_Duplicate
ImageList_Remove

msimg32

AlphaBlend

setupapi

SetupIterateCabinetW

wintrust

WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminReleaseContext

crypt32

CertGetNameStringW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

userenv

UnloadUserProfile

wininet

InternetSetOptionA
HttpOpenRequestW
InternetOpenUrlW
InternetOpenW
CommitUrlCacheEntryW
InternetCloseHandle
HttpSendRequestExW
HttpQueryInfoW
FtpGetFileSize
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
InternetCrackUrlW
InternetQueryOptionW
InternetSetOptionW
InternetGetLastResponseInfoW
FtpCommandW
InternetWriteFile
HttpEndRequestW
FtpOpenFileW
InternetReadFileExA
InternetReadFile
InternetSetStatusCallbackW
InternetConnectW

urlmon

ObtainUserAgentString

netapi32

Netbios

psapi

GetProcessMemoryInfo
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses
EnumProcessModules

comdlg32

GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 510KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 163KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.4MB - Virtual size: 11.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02c7c5f225be22d95c6105623f6b04c5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

setupapi

wintrust

crypt32

version

userenv

wininet

urlmon

netapi32

psapi

comdlg32

Sections

.text Size: 510KB - Virtual size: 510KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 163KB - Virtual size: 192KB

.rsrc Size: 11.4MB - Virtual size: 11.4MB

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 510KB - Virtual size: 510KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 163KB - Virtual size: 192KB

.rsrc
Size: 11.4MB - Virtual size: 11.4MB

.reloc
Size: 54KB - Virtual size: 53KB