79cfc6eebab955c6b7f319c775eab859

Sharing

Copy URL Twitter E-mail

General

Target

79cfc6eebab955c6b7f319c775eab859
Size

1.8MB
MD5

79cfc6eebab955c6b7f319c775eab859
SHA1

91cc9465e1f60499742ddd454d3fbbfbe2faddaf
SHA256

056317a5a61aa0da37cbcde5ac9e47e10bc9d0b6cff9ff98c5479ecfdb93f08d
SHA512

7d294e2088e76fe806a97217dde5b72c754cfbc44771de1ce84b09b121a66aa46690f9cbd0984064c38ba57358495c40507087c7f3dee2455ec6610359ae3d17
SSDEEP

24576:Srv5CNr4Xz7fpRpqsLlCn1AKZogl/d22QoeaGh9:Ser4XXpK7Z/Gh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79cfc6eebab955c6b7f319c775eab859

Files

79cfc6eebab955c6b7f319c775eab859
.exe windows:4 windows x86 arch:x86

08da7eca951ba084603903d2f0081be7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeSetEvent
timeKillEvent
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeGetTime

comctl32

ImageList_DragMove
ImageList_DragShowNolock
ImageList_GetDragImage
ImageList_Read
ImageList_Write
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_GetImageInfo
_TrackMouseEvent
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollProp
InitializeFlatSB
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_SetOverlayImage
ImageList_Replace
ImageList_DrawEx
ImageList_Remove
ImageList_GetIcon
ImageList_LoadImageW
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_Create
ImageList_DragLeave

kernel32

HeapDestroy
HeapAlloc
HeapFree
HeapSize
GetCurrentProcessId
ExitProcess
RaiseException
UnhandledExceptionFilter
CreateThread
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
ExitThread
GetExitCodeThread
GetLastError
SetLastError
SetErrorMode
SuspendThread
ResumeThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
Sleep
LoadResource
SizeofResource
GlobalDeleteAtom
GetFileType
GetFileSize
GetStdHandle
WriteFile
ReadFile
SetEndOfFile
SetFilePointer
FindClose
GetFileTime
CloseHandle
MulDiv
GetSystemTimeAsFileTime
GetLocalTime
GetSystemInfo
GetTimeZoneInformation
FileTimeToLocalFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
GetTickCount
FormatMessageW
HeapCreate
UnmapViewOfFile
lstrlenW
TlsGetValue
TlsSetValue
SleepEx
WaitForMultipleObjectsEx
CreateMutexW
CreateEventW
CreateFileMappingW
VirtualQueryEx
LoadLibraryA
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetStartupInfoW
GetCommandLineA
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
OutputDebugStringW
FindResourceW
EnumResourceNamesW
GlobalAddAtomW
GlobalFindAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetDriveTypeW
GetTempPathW
GetTempFileNameW
GetWindowsDirectoryW
GetDiskFreeSpaceW
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
QueryDosDeviceW
CreateFileW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
GetVolumeInformationW
GetComputerNameW
QueryPerformanceCounter
QueryPerformanceFrequency
GetVersionExW
GetACP
GetCPInfoExW
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
GetLocaleInfoW
GetDateFormatW
EnumCalendarInfoW
IsValidLocale
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleOutputCP
GetStringTypeA
SetConsoleCtrlHandler
IsBadWritePtr
HeapReAlloc
GetOEMCP
GetCPInfo
FatalAppExitA
InterlockedIncrement
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalSize
GlobalAlloc
GetModuleHandleA
GetStartupInfoA
RtlUnwind
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
TlsAlloc
TlsFree
GetEnvironmentVariableA
GetVersionExA
InterlockedDecrement
GetVersion
GetProcAddress
FreeLibrary
LockResource
FreeResource
GetLogicalDriveStringsW
LCMapStringA
LCMapStringW
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
CompareStringA
MapViewOfFile
SetEnvironmentVariableA
GetStringTypeW

user32

DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
CheckMenuItem
EnableMenuItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
DeleteMenu
TrackPopupMenu
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawTextExW
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
EnableScrollBar
SetPropW
GetPropW
RemovePropW
SetWindowTextW
GetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBoxW
MessageBeep
SetCursorPos
GetCursorPos
HideCaret
ShowCaret
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColorBrush
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
SubtractRect
GetWindowLongW
SetWindowLongW
GetClassLongW
GetMenuState
GetDesktopWindow
GetParent
SetParent
EnumChildWindows
FindWindowW
FindWindowExW
EnumWindows
EnumThreadWindows
GetClassNameW
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadBitmapW
LoadCursorW
DestroyCursor
LoadIconW
CreateIcon
DestroyIcon
CopyImage
DrawIconEx
CopyIcon
GetIconInfo
LoadStringW
IsDialogMessageA
IsDialogMessageW
SetScrollInfo
GetScrollInfo
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SystemParametersInfoW
EnableWindow
IsWindowUnicode
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
GetKeyboardType
GetKeyNameTextW
GetKeyboardState
GetAsyncKeyState
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextW
CharLowerBuffW
CharLowerW
CharUpperBuffW
CharUpperW
IsClipboardFormatAvailable
EmptyClipboard
EnumClipboardFormats
CountClipboardFormats
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
CloseClipboard
GetDlgCtrlID
GetDlgItem
IsZoomed
IsIconic
IsWindowVisible
GetMenuStringW
GetSystemMetrics
CreateAcceleratorTableW
SetClassLongW
IsWindowEnabled
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
OpenIcon
ShowOwnedPopups
ShowWindow
DestroyWindow
IsChild
CreateWindowExW
GetClassInfoW
UnregisterClassW
RegisterClassW
CallWindowProcW
PostQuitMessage
DefWindowProcW
WaitMessage
PostMessageW
SendMessageW
SendMessageA
GetMessageExtraInfo
GetMessageTime
GetMessagePos
PeekMessageW
PeekMessageA
DispatchMessageW
DispatchMessageA
TranslateMessage
DrawFrameControl
DrawEdge
RegisterWindowMessageW
EnumDesktopWindows
GetKeyboardLayoutList
GetKeyboardLayoutNameW
ActivateKeyboardLayout
LoadKeyboardLayoutW
OpenClipboard

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
EnumPrintersW

comdlg32

GetOpenFileNameW
ChooseColorW
GetSaveFileNameW

advapi32

RegFlushKey
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegReplaceKeyW
RegEnumValueW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenThreadToken
OpenProcessToken
RegLoadKeyW

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW
Shell_NotifyIconW

ole32

OleUninitialize
OleSetMenuDescriptor
OleDraw
StringFromCLSID
CoCreateInstance
OleRegEnumVerbs
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoGetClassObject
OleInitialize
ProgIDFromCLSID
CLSIDFromProgID
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
IsAccelerator

oleaut32

SysAllocString
SysAllocStringLen
SysReAllocStringLen
SysFreeString
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantInit
VariantClear
VariantCopy
VariantChangeType
GetActiveObject
GetErrorInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msacm32

acmStreamClose

Sections

.text
Size: 481KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.efox
Size: 572KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 766KB - Virtual size: 766KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08da7eca951ba084603903d2f0081be7

Headers

DLL Characteristics

File Characteristics

Imports

winmm

comctl32

kernel32

user32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

version

msacm32

Sections

.text Size: 481KB - Virtual size: 480KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 13KB - Virtual size: 14.1MB

.efox Size: 572KB - Virtual size: 572KB

.rsrc Size: 766KB - Virtual size: 766KB

.text
Size: 481KB - Virtual size: 480KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 13KB - Virtual size: 14.1MB

.efox
Size: 572KB - Virtual size: 572KB

.rsrc
Size: 766KB - Virtual size: 766KB