8c9fd2f4d80be1a02a0712aa32076d1d

Sharing

Copy URL Twitter E-mail

General

Target

8c9fd2f4d80be1a02a0712aa32076d1d
Size

217KB
MD5

8c9fd2f4d80be1a02a0712aa32076d1d
SHA1

a4ee6820ff0474091ab896fde4746e6c37acdf6f
SHA256

cb8b9ad1e9c24641b56f230447b7d0bd11a15f13dd55559a24993441caa76b85
SHA512

cd76eeeba4063ae02d9eb553bf8b66c4aef20dad0cf15157d79224e6d759b29108e84c53fdd529087820acb820d0905e6bebe0c9a03fde7e353fa782c9951991
SSDEEP

6144:1DSp4k7l30M4D+ZX18PJCK0j1zRZeWH9QIL:gp4aF4mX1vNj1tZPK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c9fd2f4d80be1a02a0712aa32076d1d

Files

8c9fd2f4d80be1a02a0712aa32076d1d
.exe windows:5 windows x86 arch:x86

6522d9b6cf358c70ba2adbb83a0919c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

N:\ruEgoHJwv\ritXdxyrr\vvwfyneoq\idFjIkYiABhery.pdb

Imports

user32

SendMessageTimeoutA
ChangeMenuW
GrayStringW
PeekMessageW
RegisterClassExA
GetMessageTime
SendMessageTimeoutW
LookupIconIdFromDirectory
IntersectRect
CharLowerA
AllowSetForegroundWindow
DestroyCaret
CharNextExA
DeferWindowPos
LoadStringA
ReleaseDC
MessageBoxW
CreateMenu
PostMessageW
IsZoomed
SetScrollPos
CharToOemW
EnableScrollBar
GetMenuItemInfoW
GetKeyboardLayoutList
SwitchToThisWindow
GetClassInfoExW
GetPropW
PtInRect
TabbedTextOutW
CheckMenuItem
CloseDesktop
GetMessageExtraInfo
GetSystemMenu
GetShellWindow
GetMessageW
GetScrollPos
wvsprintfW
SendMessageW
DrawFocusRect
DrawTextW
InSendMessageEx
ChildWindowFromPointEx
InternalGetWindowText
HiliteMenuItem
GetUserObjectInformationW
UpdateWindow
KillTimer
DragObject
CreateIconFromResource
DefFrameProcA
wvsprintfA
EndPaint
SetMenuItemBitmaps
CreatePopupMenu
EnableMenuItem
LoadCursorA
DestroyAcceleratorTable
DialogBoxIndirectParamA
EqualRect
ClipCursor
CharUpperA
TileWindows
CheckMenuRadioItem
IsCharAlphaNumericW
SetTimer
SetMenuDefaultItem
SetWindowRgn
SetDlgItemInt
OpenInputDesktop
ShowScrollBar
FrameRect
OpenDesktopW
LoadStringW
TranslateAcceleratorA
InsertMenuItemW
IsWindow
IsCharUpperA
GetClassInfoA
ScrollWindowEx
ActivateKeyboardLayout
CharPrevA
DrawTextA
CreateWindowExW
PostQuitMessage
GetNextDlgTabItem
DialogBoxParamW
DestroyIcon
GetUpdateRect
PeekMessageA
SendMessageA

kernel32

AddAtomW
LocalFree
EnumResourceLanguagesA
CreateMutexA
ReleaseSemaphore
FormatMessageW
VirtualProtect
GetTempPathW
MoveFileW
GlobalLock
SetThreadAffinityMask
GetFileAttributesExA
GetComputerNameExW
CloseHandle
OpenEventA
GetFileInformationByHandle
SetSystemTimeAdjustment
CompareStringA
GetFileTime
GlobalGetAtomNameW
CreateNamedPipeW
GlobalFlags
OpenSemaphoreW
CreateSemaphoreA
GetCommProperties
SetUnhandledExceptionFilter
LoadLibraryExW
GetSystemTime
GetBinaryTypeA
lstrcpyA
CreateRemoteThread
DuplicateHandle
GetCPInfo
WriteFile
GetSystemWindowsDirectoryA
FoldStringW
GetVersionExW
GetFullPathNameW
GetNumberFormatW
GetTimeFormatA
PulseEvent

gdi32

ExtFloodFill
RemoveFontResourceW
LineTo
CreateRoundRectRgn
CreateCompatibleBitmap
GetRgnBox
PathToRegion
SetPaletteEntries
GetTextAlign
OffsetRgn
GetFontData
MoveToEx
SelectObject
CreateDiscardableBitmap
GetTextExtentExPointW
DPtoLP
GetTextExtentPoint32W
DeleteDC
CreateRectRgnIndirect
GetDIBColorTable
LineDDA
TextOutW
Polyline
SetBkColor
GetBkMode
Ellipse
CreateSolidBrush
CreateDIBSection
BeginPath
SetBitmapBits
AddFontResourceW
GetTextExtentPoint32A
ExcludeClipRect
GetTextExtentPointW
SetWindowExtEx
CreateICW
SetStretchBltMode
GetPaletteEntries

msvcrt

_controlfp
malloc
printf
strstr
iswxdigit
__set_app_type
__p__fmode
__p__commode
isprint
isalnum
setlocale
fseek
wcspbrk
wcscpy
sscanf
_amsg_exit
gets
_initterm
remove
mbtowc
_acmdln
setvbuf
wcschr
swprintf
isalpha
exit
wcstoul
wcscoll
free
_ismbblead
fclose
wcstod
_XcptFilter
atoi
_exit
_cexit
system
puts
__setusermatherr
__getmainargs

Exports

Exports

?FreeThreadW@@YGPAGPAHGH&U
?WindowNew@@YGKMPA_NE&U
?SendSystemEx@@YGFM&U
?PutProcessOld@@YGDPAGPAFG&U
?CopyClassW@@YGJI&U
?EnumDialogA@@YGPAXKEDI&U
?DeleteCharNew@@YGIPAEPAF&U
?DecrementSemaphoreOld@@YGMPAJ&U
?EnumStringOriginal@@YGEFFE&U
?KillProjectA@@YGPAG_N_NE&U
?WindowInfoNew@@YGMEKIK&U
?InsertMessageOriginal@@YGXJ&U
?DecrementPointerOriginal@@YGXKD&U
?InstallPenEx@@YGXJ&U
?FormatSectionOld@@YGPAKPAF&U
?FreeVersionA@@YGJGPAG&U
?RectExW@@YGPANKPAG&U
?InsertMediaType@@YGIE_NPAD&U
?KillCharOriginal@@YGJPAM&U
?InvalidateStateExA@@YGDKE&U
?FormatProviderW@@YGPADGPAHK&U
?CancelProjectEx@@YGPAJPAM&U
?RemoveExpression@@YGHJ&U
?InstallTimerEx@@YGHPAJ&U
?PutProviderNew@@YGFFDJ&U
?EnumPointerEx@@YGPANDM&U
?PutSystemOld@@YGXJ&U
?CrtOption@@YGNPAGII&U
?GenerateValueExW@@YGXJJ&U
?DeleteMutantExA@@YGPAMJPAMPAJ&U
?IsValidOptionW@@YGDPAD&U
?CloseKeyboardExW@@YGIJ_NHE&U

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imdat
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6522d9b6cf358c70ba2adbb83a0919c6

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

gdi32

msvcrt

Exports

Exports

Sections

.text Size: 86KB - Virtual size: 86KB

.imdat Size: 1024B - Virtual size: 856B

.edata Size: 1KB - Virtual size: 1KB

.data Size: 13KB - Virtual size: 13KB

.rdata Size: 5KB - Virtual size: 56KB

.rsrc Size: 106KB - Virtual size: 105KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 86KB - Virtual size: 86KB

.imdat
Size: 1024B - Virtual size: 856B

.edata
Size: 1KB - Virtual size: 1KB

.data
Size: 13KB - Virtual size: 13KB

.rdata
Size: 5KB - Virtual size: 56KB

.rsrc
Size: 106KB - Virtual size: 105KB

.reloc
Size: 2KB - Virtual size: 1KB