7e0f7024203901c590767c97c6792fc0

Sharing

Copy URL Twitter E-mail

General

Target

7e0f7024203901c590767c97c6792fc0
Size

266KB
MD5

7e0f7024203901c590767c97c6792fc0
SHA1

695bf87cbfea7d25a2dd112831cb19e8d284d21b
SHA256

26df9118cc10d30f2e19c24ecf6b227273b08159ae247d47d2bf8b0e713bcc4c
SHA512

fe7812f31651f5a02b38e2f487879adbaac3e74cb81a92bd3ec8f765e6176702d13f4b89d5334096f3cfbd9441c6abfc6b10037a6e34a7ee41f741c2cc61281a
SSDEEP

6144:/HuU/QKjlTAjV+1gAfuV81/2PhKFt8VlPGd:fuU/PjN99fG81qKXsGd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e0f7024203901c590767c97c6792fc0

Files

7e0f7024203901c590767c97c6792fc0
.exe windows:4 windows x86 arch:x86

2077126de2671ebeaaf420d106d4e53c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
SetStdHandle
GlobalLock
FindClose
WriteFile
IsDebuggerPresent
GetConsoleMode
GetOEMCP
VirtualFree
ReleaseMutex
GetSystemInfo
HeapReAlloc
LCMapStringW
DeleteFileW
GetCurrentThreadId
GetLocalTime
UnhandledExceptionFilter
GetFileType
GetModuleHandleA
FreeEnvironmentStringsA
TlsAlloc
LCMapStringA
IsProcessorFeaturePresent
WriteConsoleW
WritePrivateProfileStringA
TlsSetValue
SetLastError
TlsGetValue
WaitForSingleObject
SizeofResource
GetConsoleOutputCP
lstrcmpiA
lstrcatA
LoadResource
CreateFileA
CreateFileW
SetFileAttributesA
FlushFileBuffers
WriteConsoleA
GetThreadLocale
lstrcpyA
CreateMutexA
GlobalAlloc
WaitForMultipleObjects
CreateDirectoryW
GetCommandLineA
SetUnhandledExceptionFilter
SetHandleCount
HeapFree
IsDBCSLeadByte
DeleteFileA
FreeEnvironmentStringsW
GetACP
WaitForSingleObjectEx
WideCharToMultiByte
GetProcessHeap
RaiseException
TlsFree
HeapDestroy
DeleteCriticalSection
GetSystemTimeAsFileTime
GetConsoleCP
RtlUnwind
VirtualAlloc
HeapSize
GetStdHandle
CreateMutexW
GetTempPathW
lstrlenW
HeapAlloc
ReadFile
GlobalUnlock
FreeLibrary
SetFilePointer
FindNextFileA
EnterCriticalSection
VirtualProtect
VirtualQuery
lstrlenA
TerminateThread
LeaveCriticalSection
OutputDebugStringA
LoadLibraryExA
CreateThread
FlushInstructionCache
MulDiv
GetTempFileNameW
IsValidCodePage
CloseHandle
GetTempPathA
FindResourceA
FindFirstFileA
CreateEventA
GetStartupInfoA
VirtualAllocEx

user32

SetCursor
EqualRect
GetForegroundWindow
SetWindowRgn
ShowWindow
GetKeyState
OffsetRect
GetWindowLongA
DefWindowProcA
SetWindowPos
UnregisterClassA
CallWindowProcA
DestroyWindow
IsChild
wsprintfA
PtInRect
MessageBoxA
IsWindow
GetDC
CharNextA
GetFocus
LoadCursorA
UnionRect
SetFocus
GetParent
InvalidateRect
GetClientRect
IntersectRect
SetWindowLongA
ReleaseDC

advapi32

RegCloseKey
RegQueryValueExW
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExW
RegOpenCurrentUser
GetSidSubAuthority
ClearEventLogA
LsaQuerySecret
ConvertSidToStringSidA
EqualDomainSid
CopySid
GetFileSecurityW
RegCreateKeyA
RegReplaceKeyA
LsaOpenTrustedDomainByName
BackupEventLogA
GetNamedSecurityInfoExW
RegEnumValueA
GetServiceKeyNameA
OpenServiceW
RegQueryValueA
MakeAbsoluteSD
BuildExplicitAccessWithNameW
IsTokenUntrusted
CryptImportKey
CloseCodeAuthzLevel
SetEntriesInAclA
OpenEncryptedFileRawA
SetAclInformation
NotifyChangeEventLog
GetEventLogInformation
StopTraceA
GetSecurityDescriptorControl
ConvertStringSDToSDDomainA
LsaICLookupSidsWithCreds
UpdateTraceW
LsaEnumerateAccountsWithUserRight
GetSidIdentifierAuthority
CryptSetProviderExA
TrusteeAccessToObjectA
LsaStorePrivateData
QueryServiceLockStatusW
LsaAddPrivilegesToAccount
ImpersonateSelf
ConvertAccessToSecurityDescriptorW
IsValidSecurityDescriptor
AdjustTokenGroups
CredIsMarshaledCredentialW
GetExplicitEntriesFromAclA
SystemFunction002
InitiateSystemShutdownExA
QueryServiceConfig2A
QueryServiceStatus
CredpEncodeCredential
CryptGetHashParam
SystemFunction041

oleaut32

SysAllocStringByteLen
SysAllocString
VarUI4FromStr
LoadTypeLi
VariantInit
OleCreatePropertyFrame
SysFreeString
LoadRegTypeLi
UnRegisterTypeLi
DispCallFunc
VariantClear
VariantChangeType
SysStringLen
RegisterTypeLi
SysStringByteLen
VariantCopy

ole32

OleRegGetUserType
OleSaveToStream
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
WriteClassStm
StringFromGUID2
CreateOleAdviseHolder
CreateDataAdviseHolder
CoTaskMemAlloc
OleLoadFromStream
OleRegEnumVerbs
OleRegGetMiscStatus

gdi32

CreateRectRgnIndirect
DeleteMetaFile
SetWindowExtEx
DeleteDC
CreateMetaFileA
SaveDC
SetTextAlign
SetViewportOrgEx
CreateDCA
RestoreDC
CloseMetaFile
GetDeviceCaps
SetWindowOrgEx
TextOutA
SetMapMode
LPtoDP

msieftp

DllCanUnloadNow

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DYGMKZV
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NnBiof
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NPQN
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QrVSnYc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jyhI
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VwsItm
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UYcjIK
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GTPmKT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nUqEyu
Size: 512B - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VZXf
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Wvsxyo
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2077126de2671ebeaaf420d106d4e53c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

ole32

gdi32

msieftp

Sections

.text Size: 20KB - Virtual size: 20KB

.DYGMKZV Size: 2KB - Virtual size: 1KB

.NnBiof Size: 1024B - Virtual size: 724B

.NPQN Size: 3KB - Virtual size: 2KB

.QrVSnYc Size: 1KB - Virtual size: 1KB

.jyhI Size: 1024B - Virtual size: 660B

.rdata Size: 211KB - Virtual size: 211KB

.VwsItm Size: 3KB - Virtual size: 2KB

.UYcjIK Size: 1KB - Virtual size: 1KB

.GTPmKT Size: 3KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 139KB

.nUqEyu Size: 512B - Virtual size: 302B

.rsrc Size: 4KB - Virtual size: 4KB

.VZXf Size: 2KB - Virtual size: 1KB

.Wvsxyo Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 20KB

.DYGMKZV
Size: 2KB - Virtual size: 1KB

.NnBiof
Size: 1024B - Virtual size: 724B

.NPQN
Size: 3KB - Virtual size: 2KB

.QrVSnYc
Size: 1KB - Virtual size: 1KB

.jyhI
Size: 1024B - Virtual size: 660B

.rdata
Size: 211KB - Virtual size: 211KB

.VwsItm
Size: 3KB - Virtual size: 2KB

.UYcjIK
Size: 1KB - Virtual size: 1KB

.GTPmKT
Size: 3KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 139KB

.nUqEyu
Size: 512B - Virtual size: 302B

.rsrc
Size: 4KB - Virtual size: 4KB

.VZXf
Size: 2KB - Virtual size: 1KB

.Wvsxyo
Size: 1KB - Virtual size: 1KB