8efc7504e573393ce7ac5415c62dc655

Sharing

Copy URL Twitter E-mail

General

Target

8efc7504e573393ce7ac5415c62dc655
Size

388KB
MD5

8efc7504e573393ce7ac5415c62dc655
SHA1

e22f37a077a3e6c5b5a2c76c2340e4d52c0d4380
SHA256

f12de1e5dae8598941d3913d39f5b5b5f89a8a96bdc80cbaa83e045201be901a
SHA512

3b9722224a8e5fb74746b93cef6b0c59cdabc72a846c5ec2bf882da454f38c71e7e992bbfccd7936fc99e4438459bc53490dcc14404af3660296789d40e0dbfa
SSDEEP

6144:26jMHGMC4fwIMmbfy17wF1MfymvQk4f3GhaEYoT9PeMpa+:26jNMC4ZMQlMfKoT9Per+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8efc7504e573393ce7ac5415c62dc655

Files

8efc7504e573393ce7ac5415c62dc655
.exe windows:4 windows x86 arch:x86

9c2dec15a99035ee204c71e7b90ab72d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
CopyFileA
CreateProcessA
Sleep
RemoveDirectoryA
DeleteFileA
OpenProcess
GetCurrentProcessId
GetTempFileNameA
GetTempPathA
LoadLibraryA
GetVersionExA
CreateEventA
FreeLibrary
lstrcatA
GetWindowsDirectoryA
FormatMessageA
FindResourceExA
GetComputerNameA
MulDiv
lstrlenW
lstrcmpiW
GetStartupInfoA
GetModuleHandleA
CreateThread
WaitForSingleObject
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
LoadResource
LockResource
lstrcmpiA
OutputDebugStringA
WideCharToMultiByte
GetDriveTypeA
GetVolumeInformationA
DeviceIoControl
lstrcpyA
CompareStringA
SetEndOfFile
lstrcpynA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LeaveCriticalSection
InterlockedExchange
InitializeCriticalSection
GetLastError
EnterCriticalSection
SetFilePointer
CloseHandle
WriteFile
ReadFile
CreateFileA
lstrlenA
MultiByteToWideChar
SetLastError
GetProcAddress

user32

PostThreadMessageA
GetMessageA
PeekMessageA
CreateWindowExA
wvsprintfA
InvalidateRect
wsprintfW
DispatchMessageA
CopyRect
RegisterClassA
wsprintfA
LoadIconA
ReleaseCapture
PostMessageA
SetCapture
DestroyWindow
MessageBoxW
UpdateWindow
CreateDialogParamA
SetWindowTextA
GetWindowTextA
CreateDialogIndirectParamA
CharUpperA
EndPaint
SetFocus
TranslateMessage
FillRect
GetClientRect
BeginPaint
SetWindowPos
GetSystemMetrics
AdjustWindowRect
ReleaseDC
GetDC
GetDlgItem
GetDlgCtrlID
EndDialog
SetWindowLongA
ScreenToClient
GetWindowRect
SendMessageA
DialogBoxParamA
ShowWindow
MapWindowPoints
SetCursor
LoadCursorA
DrawFocusRect
ChildWindowFromPoint
DefWindowProcA
OffsetRect
GetWindowDC
IsDialogMessageA
EnableWindow
GetWindowLongA

gdi32

SelectClipRgn
SetTextColor
CreateFontA
GetDeviceCaps
StretchDIBits
CreateBrushIndirect
SetBkMode
CreateCompatibleBitmap
LineTo
MoveToEx
CreatePen
GetTextColor
GetTextMetricsA
CreateDIBPatternBrushPt
CreateDIBSection
GetDIBits
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
DeleteDC
CreateRectRgn
GetTextExtentPoint32W
DeleteObject

advapi32

RegQueryValueExA
RegSetValueA
GetUserNameA
RegQueryValueW
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CoRegisterClassObject
CoRevokeClassObject
OleUninitialize
OleInitialize
CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromProgID
OleCreate
StringFromIID
CoTaskMemFree

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear

shlwapi

SHDeleteKeyA

msvcrt

_itoa
_stricmp
_strnicmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_itow
memmove
wcsncmp
_wcsicmp
_ftol
wcscpy
__p___argv
atoi
wcslen
wcsncpy
strncpy
_purecall
strrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler

wininet

InternetGetConnectedState
InternetCombineUrlA

wsock32

WSAStartup
WSACleanup
select
socket
htons
connect
inet_ntoa
closesocket
ioctlsocket
gethostbyname
send
recv

sensapi

IsNetworkAlive

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

comctl32

ord17

usp10

ScriptItemize
ScriptGetProperties
ScriptPlace
ScriptShape
ScriptGetFontProperties
ScriptFreeCache
ScriptTextOut
ScriptGetLogicalWidths
ScriptBreak
ScriptJustify

Exports

Exports

_miCryptBlobClear@4
_miCryptBlobCopy@8
_miCryptBlobInit@8
_miCryptHashBuffer@12
_miCryptUUDecode@12
_miCryptUUEncode@12
_miCryptVerifySignature@20

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c2dec15a99035ee204c71e7b90ab72d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcrt

wininet

wsock32

sensapi

version

comctl32

usp10

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 146KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 148KB - Virtual size: 146KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 20KB - Virtual size: 16KB