7bfbf0479842925d24e2dffbbce976a2

Sharing

Copy URL

Twitter E-mail

General

Target

7bfbf0479842925d24e2dffbbce976a2
Size

885KB
MD5

7bfbf0479842925d24e2dffbbce976a2
SHA1

7e41705e60bab419d3d7668e6c0016f775313a56
SHA256

55a515cb5285b7b80167427d6bda8deaf306c425a478829e90abd19c25cbf75c
SHA512

562019cfaacfca811a2f4782634b37019cc2196d3a52e792e7eccfb6cf317dac0b3a419f0d00747f6e0dd2c2089747391fe84b5f79819bb66df6eca9e5612b7c
SSDEEP

24576:7cPIzwFP0KRG21hri1e2pfvGePhYzxKjyxY:7wiKRrhrgxGePhYzxsH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bfbf0479842925d24e2dffbbce976a2

Files

7bfbf0479842925d24e2dffbbce976a2
.exe windows:5 windows x86 arch:x86

f4fdc4ba6b5dcd89991eba43efda41e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\ryanch\MyBranches\DEV-MIP-Geocomply\src\MicrogamingInstall\Release\MicrogamingInstall.pdb

Imports

kernel32

FormatMessageA
WriteFile
GetVolumePathNameW
CopyFileW
FormatMessageW
ReadFile
GetModuleFileNameW
FindFirstFileA
GetProcAddress
FindClose
RemoveDirectoryW
FindNextFileA
GetModuleHandleA
ReleaseMutex
GetVersionExA
DeleteFileW
FreeLibrary
SetEvent
GetPrivateProfileStringW
CreateEventA
CreateDirectoryA
LoadLibraryA
CreateMutexA
LocalFree
lstrcpynA
GetDriveTypeA
GetVolumeInformationA
DeviceIoControl
InterlockedDecrement
MoveFileExA
Process32First
GetFileAttributesA
TerminateProcess
GetSystemDirectoryA
GetLastError
GetLocalTime
Process32Next
CreateToolhelp32Snapshot
lstrlenA
lstrcpynW
GetFileAttributesW
lstrlenW
lstrcpyA
InterlockedIncrement
GetPrivateProfileIntA
InterlockedExchange
GetExitCodeThread
WaitForMultipleObjects
GetCurrentThreadId
CreateThread
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
SetLastError
CreateSemaphoreA
ReleaseSemaphore
GetLogicalDriveStringsA
GlobalMemoryStatusEx
GetSystemInfo
GetDiskFreeSpaceExA
CreateDirectoryW
SetThreadPriority
GetCurrentThread
GetThreadTimes
ResumeThread
CompareStringW
WriteConsoleW
GetTimeZoneInformation
GetProcessHeap
SetStdHandle
GetStringTypeW
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetHandleCount
LCMapStringW
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetStdHandle
MoveFileA
RaiseException
RtlUnwind
GetFullPathNameA
GetDriveTypeW
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetStartupInfoW
HeapSetInformation
GetCommandLineA
SetFilePointer
GetFileSize
GetComputerNameA
DeleteFileA
GetTempPathA
GetCurrentProcessId
GetTempFileNameA
GetModuleFileNameA
CopyFileA
RemoveDirectoryA
lstrcmpiA
CreateProcessA
Sleep
OpenProcess
MapViewOfFile
WaitForSingleObject
CreateProcessW
CreateFileA
OutputDebugStringA
WideCharToMultiByte
CloseHandle
CreateFileMappingA
MultiByteToWideChar
CreateFileW
GetEnvironmentVariableA
HeapReAlloc
HeapFree
ExitThread
GetSystemTimeAsFileTime
HeapAlloc
ExitProcess
GetModuleHandleW
EncodePointer
DecodePointer
SetFileAttributesA

user32

LoadCursorA
AdjustWindowRect
EnableWindow
UpdateWindow
MapWindowPoints
LoadImageA
IsWindowVisible
GetSystemMetrics
RegisterClassW
MessageBoxW
DispatchMessageA
RegisterClassA
CreatePopupMenu
SetLayeredWindowAttributes
GetCursorPos
GetDlgCtrlID
SetWindowLongW
ReleaseDC
PeekMessageA
AppendMenuW
GetWindowLongW
SetWindowLongA
OffsetRect
ChildWindowFromPoint
TranslateMessage
IsDialogMessageA
SendMessageA
GetClientRect
IsWindowEnabled
LoadIconA
DefWindowProcW
MoveWindow
FlashWindowEx
CreateWindowExA
DefWindowProcA
SetWindowPos
ShowWindow
DestroyWindow
SendMessageTimeoutA
wvsprintfA
SetForegroundWindow
GetWindowDC
TrackPopupMenu
GetWindowRect
PostMessageA
SetWindowTextA
MessageBoxA
SetFocus
CopyRect
wsprintfW
InvalidateRect
wsprintfA
CreateWindowExW
PostThreadMessageA
GetActiveWindow
GetMessageA

gdi32

DeleteDC
CreateDIBSection
GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
GetStockObject
BitBlt

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyW
OpenSCManagerA
CloseServiceHandle
OpenServiceA
RegSetValueExW
RegQueryValueExW
RegSetValueW
RegSetValueA
FreeSid
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegQueryValueW

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHGetSpecialFolderPathA
SHChangeNotify
ShellExecuteA

ole32

StringFromIID
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateGuid
CoCreateInstance
OleUninitialize
OleInitialize
OleCreate
OleSetContainedObject
CLSIDFromProgID
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysStringLen
SafeArrayUnaccessData
VariantInit
SafeArrayAccessData
SafeArrayCreateVector
VariantClear
SysFreeString
SysAllocString
SysAllocStringLen

wsock32

WSAStartup
gethostbyname
inet_addr
ioctlsocket
htonl
WSAGetLastError
htons
ntohs
getservbyport
getservbyname
WSASetLastError
gethostbyaddr
WSACleanup

wininet

InternetConnectA
InternetOpenUrlA
InternetCrackUrlA
InternetOpenA
InternetQueryOptionA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetGetLastResponseInfoA
HttpQueryInfoA
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCreateUrlA
InternetCrackUrlW
InternetCloseHandle

shlwapi

PathAppendA
SHDeleteKeyA
PathCanonicalizeW
PathAppendW
StrStrA
PathCanonicalizeA

psapi

GetModuleFileNameExA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

WSAAddressToStringA

urlmon

CoInternetGetSession

Exports

Exports

?CreateDefaultBrowserInfo@@YGPAVIDefaultBrowserInfo@@XZ
?CreateDirectXVersionInfo@@YGPAVIDirectXVersionInfo@@XZ
?CreateDisplaysDeviceInfo@@YGPAVIDisplayDevicesInfo@@XZ
?CreateFixedDriveInfo@@YGPAVIFixedDriveInfo@@XZ
?CreateFixedDrivesInfo@@YGPAVIFixedDrivesInfo@@XZ
?CreateFlashInfo@@YGPAVIFlashInfo@@XZ
?CreateIEVersionInfo@@YGPAVIIEVersionInfo@@XZ
?CreateMacAddress@@YGPAVIMacAddress@@XZ
?CreateMachineInfo@@YGPAVIMachineInfo@@XZ
?CreateMachineInfoXML@@YGPAVIMachineInfoXML@@XZ
?CreateOSInfo@@YGPAVIOSInfo@@XZ
?CreateProcessorsInfo@@YGPAVIProcessorsInfo@@XZ
?CreateRamInfo@@YGPAVIRamInfo@@XZ
?CreateSoundDevicesInfo@@YGPAVISoundDevicesInfo@@XZ
?CreateUserExperience@@YGPAVIUserExperience@@XZ
?CreateVMInfo@@YGPAVIVMInfo@@XZ

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4fdc4ba6b5dcd89991eba43efda41e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wsock32

wininet

shlwapi

psapi

version

ws2_32

urlmon

Exports

Exports

Sections

.text Size: 406KB - Virtual size: 406KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 67KB - Virtual size: 85KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 406KB - Virtual size: 406KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 67KB - Virtual size: 85KB

.rsrc
Size: 4KB - Virtual size: 3KB