8ecf6e09a63838192f170c5097360ae0

Sharing

Copy URL Twitter E-mail

General

Target

8ecf6e09a63838192f170c5097360ae0
Size

176KB
MD5

8ecf6e09a63838192f170c5097360ae0
SHA1

0859fd867750437c64385b5b32ed19722c8f21f2
SHA256

abfdff745c64337d726833ea0292396cb563f3788b8fa6fc6c48d7162b40f9e4
SHA512

f2c64b01c90fc3c73a96049f09e142ce7bebdb655e360e6965eb0d649e8b7d641bf666b9d706218b24ea628e4f8286a89c11f79bb0ac30a4d7d32e5bbad8edaa
SSDEEP

3072:GU24P5Gzfryl54BbfsHFgathgdw1k0p79qnDHQ7JxlqgAx+PBsqdavj1HE1mX4wj:GU3Gzfryl5Eaga/gr0ppXnwgdzdSjdE6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ecf6e09a63838192f170c5097360ae0

Files

8ecf6e09a63838192f170c5097360ae0
.exe windows:4 windows x86 arch:x86

55515f69b63a4d6a95d2ef9712629446

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FillRect
ReleaseCapture
DrawTextA
DestroyWindow
PeekMessageA
GetSysColor
CreateAcceleratorTableA
ReleaseDC
SetParent
GetWindowTextLengthA
SetRect
InvalidateRect
IsWindow
SendMessageTimeoutA
PostMessageA
SendNotifyMessageA
GetWindow
KillTimer
PostThreadMessageA
IsChild
CallWindowProcA
EndPaint
BeginPaint
GetActiveWindow
FindWindowA
SendMessageA
SetWindowLongA
CreateWindowExA
GetQueueStatus
GetWindowLongA
CharNextA
MoveWindow
SetCapture
ShowWindow
CopyRect
CreateDialogParamA
GetDC
GetDesktopWindow
DefWindowProcA
GetClassInfoExA
wvsprintfA
DispatchMessageA
DestroyAcceleratorTable
InvalidateRgn
GetParent
RegisterClassExA
SetWindowTextA
EnumDisplayDevicesA
GetDlgItem
GetClientRect
wsprintfA
SetFocus
RegisterWindowMessageA
SetTimer
GetFocus
GetWindowRect
RedrawWindow
GetWindowTextA
EqualRect
UnregisterClassA
MsgWaitForMultipleObjects
GetClassNameA
LoadCursorA
SetWindowPos

advapi32

CryptImportKey
RegDeleteValueA
CryptEncrypt
RegQueryInfoKeyA
RegCloseKey
RegSetValueExA
RegEnumKeyExA
CryptDestroyKey
CryptGetHashParam
RegOpenKeyExA
CryptHashData
RegCreateKeyExA
RegEnumValueA
RegQueryValueExA
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
RegDeleteKeyA

winmm

timeGetTime
timeSetEvent

gdiplus

GdipCreateBitmapFromFile
GdipFree
GdipAlloc
GdipGetImagePixelFormat
GdipCreateBitmapFromFileICM
GdipDisposeImage
GdipCloneImage

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

kernel32

Sleep
CreateFileW
GetShortPathNameW
UnmapViewOfFile
WriteFile
GetProcessId
GlobalFree
GetTickCount
GetFileSize
DisableThreadLibraryCalls
EnumResourceTypesA
CreateFileA
WideCharToMultiByte
GlobalAlloc
MapViewOfFile
GetFileAttributesA
CreateFileMappingA
SetFilePointer
LocalAlloc
LocalFree
ReadFile
GlobalSize
CloseHandle

gdi32

DeleteObject
GetDeviceCaps
GetStockObject
GetObjectA
StretchDIBits
SelectPalette
DeleteDC
GetDIBits
CreateCompatibleBitmap
SetStretchBltMode
CreateFontA
CreateSolidBrush
SelectObject
CreateDIBSection
BitBlt
CreateCompatibleDC
ExtEscape
RealizePalette
CreateDIBitmap
SetBkMode

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

ole32

StringFromGUID2
OleLockRunning
CoCreateInstance
StgCreateDocfile
CoUninitialize
CreateItemMoniker
CreateBindCtx
OleUninitialize
StgOpenStorage
BindMoniker
OleInitialize
StgIsStorageFile
CoTaskMemFree
CoTaskMemRealloc
CoInitialize
CoInitializeSecurity
CLSIDFromProgID
CreateStreamOnHGlobal
GetRunningObjectTable
CoTaskMemAlloc
CoSetProxyBlanket
CoGetClassObject
CLSIDFromString

shlwapi

PathFileExistsW
PathCombineW

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55515f69b63a4d6a95d2ef9712629446

Headers

File Characteristics

Imports

user32

advapi32

winmm

gdiplus

shell32

kernel32

gdi32

version

setupapi

ole32

shlwapi

wininet

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 5KB - Virtual size: 4KB

.bss Size: 70KB - Virtual size: 70KB

.tls Size: 1024B - Virtual size: 92KB

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 5KB - Virtual size: 4KB

.bss
Size: 70KB - Virtual size: 70KB

.tls
Size: 1024B - Virtual size: 92KB