7f0a3b000ffc7a6c8f10d3aa6b061ad5

Sharing

Copy URL Twitter E-mail

General

Target

7f0a3b000ffc7a6c8f10d3aa6b061ad5
Size

152KB
MD5

7f0a3b000ffc7a6c8f10d3aa6b061ad5
SHA1

2c3923a1b199843ce1326f1ad3d98c1a36b8230e
SHA256

37edc86249ebf50a4dfe5ce0cdf8637a9fb9e1d1d3995f9d6059435b09d4e614
SHA512

623905595ccb16664ace45ce884bc01ae0b594d5fa2b07aac007cd06d9fd88754b8ec9510ac22c0d7e7e417f25eaa400d48bffec0fb7dcc586c737237ee6f058
SSDEEP

3072:lFFI+Kbd9/ABVQZX3vltrVbN2A2pV+fNc3z3dzCvglA:yP/3ZXtZJ2pMQMp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f0a3b000ffc7a6c8f10d3aa6b061ad5

Files

7f0a3b000ffc7a6c8f10d3aa6b061ad5
.exe windows:4 windows x86 arch:x86

01963fb12603c712ba785e4d694220e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Work\Projects\Personal\HitBot\BestClick\Release\BestClick.pdb

Imports

kernel32

MulDiv
HeapAlloc
FlushInstructionCache
GetCurrentProcess
lstrcmpA
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetCurrentThreadId
Sleep
ReadFile
GetFileSize
CreateFileA
GetSystemDirectoryA
GetSystemTime
WriteFile
DeleteFileA
SetPriorityClass
OpenProcess
GetCurrentProcessId
SetThreadPriority
GetCurrentThread
CreateProcessA
ExitProcess
CopyFileA
MoveFileA
MoveFileExA
WriteProcessMemory
ReadProcessMemory
GetProcAddress
SetWaitableTimer
CreateWaitableTimerA
GetTickCount
OutputDebugStringA
CreateEventA
ResetEvent
SetEvent
TerminateThread
LockResource
FindResourceExA
GetTempFileNameA
GetLastError
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCommandLineA
GetStartupInfoA
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
CloseHandle
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateThread
WaitForSingleObject
GetTempPathA

user32

GetSysColor
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DefWindowProcA
UnregisterClassA
GetWindowLongA
SetWindowLongA
CharLowerBuffA
SetRect
IsWindowVisible
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
MessageBoxA
ReleaseCapture
SetCapture
FillRect
GetClientRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
GetDesktopWindow
CallWindowProcA
EndPaint
BeginPaint
SetFocus
GetWindow
IsChild
GetFocus
DestroyAcceleratorTable
SendMessageA
IsWindow
GetDlgItem
RedrawWindow
DestroyWindow
SetWindowPos
GetClassNameA
GetParent
CharNextA
CreateAcceleratorTableA
CreateWindowExA
wsprintfA
GetWindowRect
PostMessageA
ClientToScreen
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageA
FindWindowExA
CreateDesktopA
SetThreadDesktop

gdi32

DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject
CreateSolidBrush
CreateDIBSection
GetPixel
DeleteDC
SetPixel

advapi32

RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA

ole32

CoCreateGuid
CoTaskMemRealloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

oleaut32

SysAllocString
SysAllocStringLen
SafeArrayRedim
VariantCopyInd
SafeArrayCreate
SafeArrayDestroy
VarBstrCmp
SafeArrayLock
SafeArrayUnlock
DispCallFunc
SysAllocStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysStringLen
SysFreeString

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncoders

wininet

FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindCloseUrlCache

ws2_32

htons
connect
send
gethostbyname
closesocket
WSAStartup
WSACleanup
socket
select
ioctlsocket
recv

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01963fb12603c712ba785e4d694220e5

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

gdiplus

wininet

ws2_32

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 16B

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 16B