7bc3a99e7d132076a002af61234885ce

Sharing

Copy URL

Twitter E-mail

General

Target

7bc3a99e7d132076a002af61234885ce
Size

800KB
MD5

7bc3a99e7d132076a002af61234885ce
SHA1

5bb82828859f5ab71e7a8640366915c8b5808a14
SHA256

e42a6c568a675f8e39676ac5dd19bc5e68b8c60fe8be434cb4a8cf64d62645f5
SHA512

277f2e1122a563fb9afe5982891183b3a567d0c152a1031388e9d02fe748e19930c6b5cae38f85d67a8b8672df034ce803a68c96d98ff28c8000c47480c424ca
SSDEEP

12288:xN1cfUqNnkf7Z1IFNwyeqEbQb9IpYVwj8xVV:vIU+mV2prEQ9IpYVwEVV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bc3a99e7d132076a002af61234885ce

Files

7bc3a99e7d132076a002af61234885ce
.exe windows:5 windows x86 arch:x86

760a986801e74d726e3d8c7bea45c3ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup_wm.pdb

Imports

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
strstr
strrchr
wcstok
_itow
free
malloc
wcscmp
memmove
strchr
calloc
__set_app_type
ceil
time
_wcsupr
iswalnum
_stricmp
_except_handler3
wcsncpy
_snwprintf
iswspace
wcsncmp
wcspbrk
iswdigit
towupper
iswalpha
exit
_cexit
_XcptFilter
_exit
_controlfp
__dllonexit
_onexit
_c_exit
_endthread
_vsnprintf
_wcsnicmp
_wtol
_beginthreadex
_wcslwr
swscanf
wcsrchr
wcsstr
wcschr
_purecall
_wtoi
_strlwr
wcstol
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsicmp
wcslen
strpbrk
_vsnwprintf

advapi32

RegQueryValueExA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
CloseServiceHandle
QueryServiceStatus
EnumDependentServicesW
ControlService
OpenServiceW
OpenSCManagerW
StartServiceW
CreateServiceW
DeleteService
QueryServiceConfigW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW

kernel32

InitializeCriticalSection
WaitForSingleObject
CreateEventW
DeleteCriticalSection
ResetEvent
LeaveCriticalSection
EnterCriticalSection
SetEvent
QueryPerformanceCounter
LoadLibraryExW
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
FreeLibrary
LoadLibraryW
GetProcAddress
CreateMutexW
ReleaseMutex
MoveFileExW
GetModuleFileNameA
FindFirstFileA
FindClose
CreateFileA
ReadFile
GetWindowsDirectoryW
CopyFileW
DeleteFileW
GetTempPathW
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetCurrentDirectoryW
CreateFileW
MoveFileW
GetModuleFileNameW
GetTickCount
GetCommandLineW
GetExitCodeThread
QueryDosDeviceW
GetVersion
GetDriveTypeW
GlobalFree
SetErrorMode
GetLocaleInfoW
GetUserDefaultLangID
DeviceIoControl
LoadLibraryA
GetProcessHeap
HeapAlloc
HeapFree
GetProfileStringW
WriteProfileStringW
GlobalAlloc
GlobalLock
GlobalUnlock
CreateThread
lstrlenA
DeleteFileA
InterlockedDecrement
InterlockedIncrement
ExpandEnvironmentStringsW
GetLongPathNameW
OpenEventW
WritePrivateProfileStringW
GetLocalTime
lstrlenW
LocalAlloc
LocalFree
Sleep
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
GetSystemDefaultLangID
FindFirstFileW
FindNextFileW
GetShortPathNameW
GetWindowsDirectoryA
GetModuleHandleA
CreateProcessW
WaitForMultipleObjects
GetExitCodeProcess
GetDiskFreeSpaceExW
SetFileAttributesW
GetFileTime
FileTimeToSystemTime
WideCharToMultiByte
CloseHandle
lstrcpynW
CompareStringW
GetTimeZoneInformation
GetModuleHandleW
GetLastError
MultiByteToWideChar
WriteFile
GetFileSize
SetLastError
GetVersionExA
GetVersionExW
GetFileAttributesW
GetFileAttributesA
SetCurrentDirectoryW
GetUserDefaultLCID
GetUserGeoID
GetTempPathA
CreateDirectoryW
RemoveDirectoryW
GetPrivateProfileStringW

gdi32

GetTextFaceA
CreateFontA
GetTextMetricsW
CreatePen
PatBlt
CreateFontIndirectW
DeleteObject
SetBkColor
SetBkMode
SetTextColor
CreateSolidBrush
GetDeviceCaps
GetStockObject
CreateCompatibleDC
SetMapMode
SelectObject
GetObjectW
DeleteDC
ExtTextOutW

user32

GetDesktopWindow
RegisterClassW
MsgWaitForMultipleObjects
UnregisterClassW
CharNextA
IsCharAlphaW
SetTimer
LoadStringA
FindWindowW
SendMessageW
SetFocus
MoveWindow
MapWindowPoints
GetParent
GetWindowRect
DefWindowProcW
ReleaseDC
DrawFocusRect
GetDC
GetDlgItem
ShowWindow
SetWindowTextW
LoadStringW
EnableWindow
PostMessageW
SetWindowPos
ScreenToClient
MessageBoxW
EnableMenuItem
GetSystemMenu
FindWindowExW
KillTimer
SetWindowTextA
CreateWindowExW
PeekMessageW
PostThreadMessageW
SetCursor
CallWindowProcW
DrawTextW
LoadCursorW
DestroyCursor
GetScrollInfo
SetScrollInfo
ScrollWindow
GetActiveWindow
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
LoadIconW
UpdateWindow
GetClientRect
IsWindow
BeginPaint
CreateDialogParamW
LoadImageW
GetWindowLongW
SetWindowLongW
EndPaint
PostQuitMessage
InvalidateRect
GetSystemMetrics
SendDlgItemMessageW
DestroyWindow

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize

comctl32

InitCommonControlsEx

shell32

CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFolderLocation
ShellExecuteW
SHChangeNotify
ShellExecuteExW
SHGetPathFromIDListW

wininet

InternetCrackUrlW

setupapi

SetupCloseInfFile
SetupIterateCabinetA
SetupFindNextLine
SetupGetStringFieldW
SetupFindFirstLineW
SetupGetLineTextW
SetupGetBinaryField
SetupInstallFromInfSectionW
SetupGetLineCountW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

wsock32

inet_ntoa
socket
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSACleanup
WSAStartup
closesocket
getsockopt
__WSAFDIsSet
select
WSAGetLastError
connect
ioctlsocket
htons

urlmon

UrlMkSetSessionOption
ObtainUserAgentString

shlwapi

PathGetCharTypeA
PathGetCharTypeW
SHDeleteKeyW
PathFindFileNameW
PathFindExtensionW
PathAddBackslashA
PathAddBackslashW

crypt32

CertVerifyCertificateChainPolicy

oleaut32

SysAllocStringLen
VariantInit
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysStringLen
VariantClear

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetAddConnection2W

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 484KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vfshcft
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

760a986801e74d726e3d8c7bea45c3ba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

ole32

comctl32

shell32

wininet

setupapi

wintrust

wsock32

urlmon

shlwapi

crypt32

oleaut32

version

mpr

Sections

.text Size: 300KB - Virtual size: 298KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 484KB - Virtual size: 512KB

vfshcft Size: - Virtual size: 4KB

.text
Size: 300KB - Virtual size: 298KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 484KB - Virtual size: 512KB

vfshcft
Size: - Virtual size: 4KB