7dee634d9c914967f803d51c63f02e31

Sharing

Copy URL Twitter E-mail

General

Target

7dee634d9c914967f803d51c63f02e31
Size

344KB
MD5

7dee634d9c914967f803d51c63f02e31
SHA1

7849ceda625adf28e86a1f374d33de90a43a20c3
SHA256

6bc4a976345438fea2666939a15e9cd86bdf34c65ef372586f23e6d03330e49f
SHA512

7be5321f6e393e447af24b63c860291b299ebadeb4bf6ef12773849e16aa31d9cb0918802613d6eadfdd7190fd58f2f6497b1e2f67d3e7f28d47c1ce38cf6c80
SSDEEP

6144:g2JLPxle64DmFw6TBJDxpKDVLUSgMxIDoY4dBew5d78gMv:g76TVpKDudeI8I+d78g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7dee634d9c914967f803d51c63f02e31

Files

7dee634d9c914967f803d51c63f02e31
.exe windows:4 windows x86 arch:x86

caba13471c37db81660a91a168e2d2c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\seseoedf\jbu\

Imports

kernel32

DeleteCriticalSection
WriteConsoleOutputW
CreateEventW
GetProcAddress
QueryPerformanceCounter
CompareStringW
GetEnvironmentStringsW
GetModuleFileNameA
GetDiskFreeSpaceW
SetStdHandle
CompareStringA
RtlUnwind
GetLastError
OpenMutexA
ExitProcess
HeapFree
AddAtomW
GetTickCount
FreeEnvironmentStringsA
GetStringTypeW
GetSystemTime
GetEnvironmentStrings
CloseHandle
TlsGetValue
SetThreadAffinityMask
WriteFileEx
TerminateThread
GetStringTypeA
HeapCreate
HeapDestroy
SetHandleCount
TlsSetValue
GetSystemTimeAsFileTime
GetStdHandle
GetFileType
GetCurrentThread
FileTimeToLocalFileTime
HeapAlloc
GetCommandLineA
GetTimeZoneInformation
GetCurrentProcess
FreeEnvironmentStringsW
HeapReAlloc
ReadConsoleOutputCharacterA
SetWaitableTimer
GetStartupInfoW
GetCommandLineW
FillConsoleOutputCharacterW
GetVersion
TlsFree
SetThreadIdealProcessor
TerminateProcess
VirtualAlloc
InterlockedDecrement
GetConsoleMode
GetCurrentThreadId
GetModuleHandleA
UnhandledExceptionFilter
AddAtomA
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
GetLocalTime
CreateSemaphoreW
LoadLibraryA
LCMapStringW
LCMapStringA
CreateMutexA
SetEnvironmentVariableA
WriteFile
SetLastError
InterlockedExchange
lstrlen
WaitForMultipleObjectsEx
GetModuleFileNameW
WideCharToMultiByte
GetCurrentProcessId
EnterCriticalSection
SetFilePointer
CreateProcessW
VirtualQuery
GetCPInfo
FlushFileBuffers
ReadFile
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WritePrivateProfileStructW
VirtualFree
GetWindowsDirectoryA
InterlockedIncrement
IsBadWritePtr
GetThreadSelectorEntry
TlsAlloc
EnumSystemLocalesA

user32

DestroyWindow
DrawAnimatedRects
CreateAcceleratorTableW
GetKBCodePage
DrawTextW
ShowWindow
CreateIconIndirect
SendDlgItemMessageA
DefWindowProcW
VkKeyScanExW
DdeClientTransaction
GetKeyState
RegisterClassA
CreatePopupMenu
ValidateRgn
RemoveMenu
RegisterClassExA
EndMenu
ModifyMenuW
GetWindowTextW
GetMonitorInfoA
DdeGetLastError
MessageBoxW
CloseWindow
GetWindowDC
CopyAcceleratorTableW
CreateWindowExA
BroadcastSystemMessage
SetWindowsHookExA
GetSystemMenu
DialogBoxIndirectParamA
BringWindowToTop
GetDlgItemInt
DdeQueryConvInfo
CharLowerBuffA
SendIMEMessageExW
OpenDesktopW
GetMonitorInfoW
SetKeyboardState
MenuItemFromPoint
SetWindowRgn
AdjustWindowRect
DrawFrame

wininet

RegisterUrlCacheNotification
InternetGetLastResponseInfoW
CommitUrlCacheEntryA
InternetGetConnectedState
FtpFindFirstFileW
InternetConfirmZoneCrossingA

comctl32

DrawStatusTextW
ImageList_DragLeave
ImageList_Write
ImageList_Duplicate
ImageList_GetImageCount
InitCommonControlsEx
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_SetIconSize
InitMUILanguage
ImageList_Destroy
ImageList_Add
ImageList_Remove
ImageList_GetImageRect
ImageList_DragEnter

comdlg32

PageSetupDlgW
ReplaceTextW

shell32

SHLoadInProc
DoEnvironmentSubstA
SHFormatDrive
ShellExecuteA
SheSetCurDrive

advapi32

RegEnumKeyW
LookupPrivilegeDisplayNameA
CryptHashData
LookupPrivilegeValueA
RegEnumValueW
CryptEncrypt
CryptGenRandom
RegSaveKeyA
CryptEnumProviderTypesW
RegQueryMultipleValuesA
ReportEventA
CryptDuplicateKey

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caba13471c37db81660a91a168e2d2c3

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

wininet

comctl32

comdlg32

shell32

advapi32

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 92KB - Virtual size: 120KB

.rsrc Size: 68KB - Virtual size: 65KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 92KB - Virtual size: 120KB

.rsrc
Size: 68KB - Virtual size: 65KB