8fc972be38d7e48c71050d75afb17764

Sharing

Copy URL Twitter E-mail

General

Target

8fc972be38d7e48c71050d75afb17764
Size

40KB
MD5

8fc972be38d7e48c71050d75afb17764
SHA1

42a8c1f804068465f9a402b8d9c4150ce3e4b5ce
SHA256

ca85594dd482aa687be7f53082a151b56138e4a783a48c6f7bc624d05e575425
SHA512

222fbb190ae7207a052ca6b21b35e3db0f03d467b8684261d898d8326e329b3796271507fe56f090ea5a0d2e6a6b8b81b20231c0d70c051163866995f9542713
SSDEEP

768:R3Kr7sbd0gMhiZJiMZs5O69GKtedB2PwzUSw:R6r7sB2mkM569GKteLrz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8fc972be38d7e48c71050d75afb17764

Files

8fc972be38d7e48c71050d75afb17764
.exe windows:4 windows x86 arch:x86

1da482078bb6f44549a0911ae1a01a0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fgets
_mbsncmp
_wfindfirst
_wexecl
_endthreadex
_fputchar
vsprintf
_pctype
_stricoll
puts
__p__winminor
_wcsset
_CxxThrowException
gets
strstr
iswgraph
_chmod
_wtoi
_mbccpy
_getdiskfree
_lfind
atof
_spawnl
_lsearch
_wremove
_adj_fdivr_m32i
_beep
iswxdigit
__argv
_waccess
_fsopen
_safe_fprem
_mkdir
isalpha
_dup
_ismbslead
_yn
_CIpow
isgraph
feof
_CIcos
_timezone
fread
_mbctohira
_mbsnbicmp
_heapmin
_strnicoll
_getpid
_atoldbl
_fileno
sprintf
strftime
_ismbcdigit
__p__acmdln
iswdigit
log
_wspawnvp
_mbsrchr
wcsstr

user32

OpenWindowStationW
DrawCaption
UserClientDllInitialize
DrawTextExW
FlashWindow
RegisterClassExA
GetWindowLongW
DestroyCaret
GetThreadDesktop
DrawFrame
GetMonitorInfoW
ReplyMessage
GetClipboardFormatNameW
CtxInitUser32
GetMenuItemRect
SetScrollRange
MenuWindowProcA
GetClipboardViewer
LoadLocalFonts
SetWindowStationUser
SendMessageCallbackA
CreateDialogParamA
PrivateExtractIconExW
GetInputDesktop
ShowCursor
SetDeskWallpaper
DefFrameProcA
GetAltTabInfo
SetClassWord
GetWindowTextLengthW
DdeNameService
SendDlgItemMessageA
InsertMenuA
RegisterLogonProcess
ModifyMenuA
DdeCreateStringHandleW
ShowStartGlass
SetMenuItemInfoW
TranslateAccelerator
IsCharAlphaA
BroadcastSystemMessageW
CopyImage
GetKeyNameTextW
SetPropW
GetSubMenu
IsWindow
DialogBoxIndirectParamW
LoadKeyboardLayoutA
CascadeWindows
EnumWindows

kernel32

GetFileAttributesExW
EraseTape
GlobalHandle
MultiByteToWideChar
SetCalendarInfoW
GetVersionExW
ExitProcess
OpenFileMappingA
CreateMutexA
HeapFree
GetProcessHeap
HeapAlloc
Process32First
TryEnterCriticalSection
VirtualAlloc
GetCommandLineA
GetEnvironmentStringsA
GlobalCompact
GetLogicalDriveStringsA
VirtualFree
ReleaseSemaphore
GetPrivateProfileStructA
FreeEnvironmentStringsW
LocalAlloc
InterlockedIncrement
GetStartupInfoA
GetSystemTimeAsFileTime
LockResource
GetDateFormatA
CreateDirectoryA
GetProcessShutdownParameters
GetStringTypeExW
GetThreadPriorityBoost
OpenMutexW
EnumCalendarInfoW
GetCalendarInfoW
DeleteFileA
GetACP
WriteTapemark
_hwrite
FindFirstFileExA
BackupSeek
FileTimeToLocalFileTime
LocalSize
GetModuleHandleA
FlushViewOfFile
LocalFileTimeToFileTime
EnumSystemCodePagesA
GetCurrentProcess
HeapWalk
CompareFileTime

ole32

CoGetCallerTID
STGMEDIUM_UserUnmarshal
OleTranslateAccelerator
CoTaskMemFree
GetDocumentBitStg
StgIsStorageILockBytes
OleDraw
SNB_UserSize
CoRevokeClassObject
HBRUSH_UserMarshal
HMENU_UserSize
OpenOrCreateStream
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserSize
CoGetInterfaceAndReleaseStream
OleCreateDefaultHandler
OleRegEnumVerbs
CoQueryProxyBlanket
IIDFromString
HENHMETAFILE_UserSize
OleCreateLinkEx
CreateDataCache
CoInitializeEx
HACCEL_UserSize
PropSysFreeString
CoUnmarshalHresult
WriteFmtUserTypeStg
OleIsCurrentClipboard
HMETAFILE_UserMarshal

comctl32

DrawStatusText
ImageList_GetIconSize
FlatSB_SetScrollProp
PropertySheetA

ntdll

RtlAddActionToRXact
ZwAssignProcessToJobObject
cos
ZwConnectPort
NtWriteVirtualMemory
NtCreateThread
ZwSetVolumeInformationFile
ZwQueryTimerResolution
RtlEnterCriticalSection
NtQuerySemaphore
NtFsControlFile
ZwCreateProfile
RtlUpperChar
ZwSetHighEventPair
NtStartProfile
NtSetInformationKey
CsrIdentifyAlertableThread
RtlpNtCreateKey
RtlCharToInteger
RtlSetTimer
RtlGetLongestNtPathLength
RtlCompareString
RtlLengthSecurityDescriptor
RtlOemStringToUnicodeSize
RtlRemoteCall
ZwQueryDirectoryFile
NtTerminateThread
RtlCreateAndSetSD
NtReplaceKey
ZwMapUserPhysicalPagesScatter
ZwFlushKey
NtPrivilegedServiceAuditAlarm
NtLoadKey2
RtlDeleteCriticalSection
_allshr
RtlpNtOpenKey
RtlApplyRXact
RtlTimeToSecondsSince1980
RtlSecondsSince1970ToTime
RtlInitializeBitMap
KiUserExceptionDispatcher
RtlFindLongestRunClear
NtAreMappedFilesTheSame
RtlEnableEarlyCriticalSectionEventCreation
NtAlertThread
ZwSetContextThread

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

gdi32

GetMetaFileA
GdiEndPageEMF
GdiProcessSetup
EngLockSurface
GdiSetLastError
PolyDraw
SetROP2
CreatePatternBrush
FrameRgn
EngLoadModule

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1da482078bb6f44549a0911ae1a01a0f

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

ole32

comctl32

ntdll

version

gdi32

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 7KB - Virtual size: 32KB

.rdata Size: 11KB - Virtual size: 33KB

.tls Size: 7KB - Virtual size: 7KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 7KB - Virtual size: 32KB

.rdata
Size: 11KB - Virtual size: 33KB

.tls
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 3KB - Virtual size: 3KB