97c69849a9e656ff06bc338a72273a14

Sharing

Copy URL Twitter E-mail

General

Target

97c69849a9e656ff06bc338a72273a14
Size

474KB
MD5

97c69849a9e656ff06bc338a72273a14
SHA1

adb3e80dfa4935acda3eb77e98c1e395b9687fa0
SHA256

c9e6d6b485ca8236a729ef519219287b51bf6dd02ce5369a1a08ad30da2c4021
SHA512

6ed14f5fb17e41db34716159b72a3a04f1a7e4b2a3438eeb8825b6bee2ff32a86ce5f64cd56c2180927bc378c23c1836dc074fa1ff49e62b3738573a9b847867
SSDEEP

12288:U6Ra5lkEJYj6jsjy+ZGe5pvM0J/VUbFyTbk2T:U6Ra5lRS0my+ZxpvnJ/VU4Tg2T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97c69849a9e656ff06bc338a72273a14

Files

97c69849a9e656ff06bc338a72273a14
.exe windows:4 windows x86 arch:x86

632483efefcd02dfbd5c389c48c0fdd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ResetEvent
LockResource
lstrcpynA
FindNextFileW
DosDateTimeToFileTime
EnumResourceLanguagesW
WaitForSingleObject
FileTimeToSystemTime
FlushFileBuffers
GetDiskFreeSpaceW
GetTempFileNameW
OutputDebugStringA
UnlockFile
ExitProcess
GetWindowsDirectoryW
WriteProfileStringW
CreateDirectoryW
GetUserDefaultLCID
QueryPerformanceCounter
DebugBreak
FreeLibrary
LocalFree
GetDateFormatW
GetCurrentProcessId
FreeLibraryAndExitThread
SetEvent
OpenProcess
ExpandEnvironmentStringsW
CreateFileMappingW
GetACP
RaiseException
GetFileAttributesW
RemoveDirectoryW
GlobalLock
FileTimeToDosDateTime
lstrcmpA
MulDiv
GetUserDefaultLangID
OutputDebugStringW
TlsFree
GetExitCodeThread
MoveFileExW
GetFileSizeEx
LoadResource
SetEndOfFile
EnumResourceNamesW
GetFileSize
ReadFile
GetProcAddress
TlsSetValue
ResumeThread
GlobalMemoryStatus
FreeEnvironmentStringsW
CloseHandle
VirtualFree
GetSystemDefaultLangID
SystemTimeToFileTime
LeaveCriticalSection
SetUnhandledExceptionFilter
CompareStringW
lstrcpynW
WideCharToMultiByte
GlobalReAlloc
GetTimeFormatW
GlobalFree
TerminateThread
UnhandledExceptionFilter
GetTempPathW
lstrlenW
GetFileType
WriteFile
VirtualAlloc
InterlockedDecrement
GetSystemDirectoryW
GetCurrentThreadId
DuplicateHandle
GetProfileStringW
GetDiskFreeSpaceExW
SetLastError
GetEnvironmentStringsW
FindClose
LocalFileTimeToFileTime
LocalAlloc
SetEnvironmentVariableW
GetExitCodeProcess
SetFileAttributesW
FileTimeToLocalFileTime
GlobalAlloc
OpenMutexW
LoadLibraryW
WaitForMultipleObjects
GetDriveTypeW
FormatMessageW
lstrcmpW
GetLastError
GetVolumeInformationW
ExitThread
GetSystemTimeAsFileTime
ReleaseMutex
GetTickCount
SetFileTime
GetVersionExW
GetSystemInfo
GetOverlappedResult
InterlockedIncrement
MoveFileW
LockFile
FindFirstFileW
GetModuleHandleW
lstrlenA
DisableThreadLibraryCalls
CreateEventW
DeleteFileW
CreateFileW
lstrcmpiW
TlsGetValue
GetNumberFormatW
GlobalUnlock
GetCurrentDirectoryW
GetShortPathNameW
MapViewOfFile
FormatMessageA
FindResourceExW
WritePrivateProfileStringW
UnmapViewOfFile
GetCurrentThread
InitializeCriticalSection
EnterCriticalSection
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
GetLocaleInfoW
MultiByteToWideChar
GetPrivateProfileStringW
DeleteCriticalSection
GetFileTime
lstrcmpiA
SetFilePointer
IsValidCodePage
SizeofResource
InterlockedExchange
GetLocalTime
LoadLibraryExW
SetErrorMode
TlsAlloc
ExpandEnvironmentStringsA
CreateMutexW
CreateProcessW
GetModuleFileNameW
IsDebuggerPresent
GetEnvironmentVariableW
Sleep
GetComputerNameW

ntdll

RtlUshortByteSwap
LdrGetDllHandle
NtAllocateVirtualMemory

user32

PeekMessageW
LoadStringW
GetSystemMetrics
GetClientRect
IsWindowVisible
GetWindowTextLengthW
ExitWindowsEx
GetWindowLongW
IsDialogMessageW
SetWindowTextW
PostQuitMessage
GetWindow
MessageBoxW
SetForegroundWindow
TranslateMessage
MsgWaitForMultipleObjects
CopyRect
SetUserObjectSecurity
GetWindowThreadProcessId
IsCharLowerW
MapWindowPoints
CharNextA
DialogBoxParamW
SetWindowPos
SendDlgItemMessageW
IsWindowEnabled
GetWindowTextW
RegisterWindowMessageW
DefWindowProcW
GetDC
ReleaseDC
PostThreadMessageW
EndDialog
SetWindowLongW
RemoveMenu
GetSystemMenu
CharLowerW
CharPrevW
GetActiveWindow
SetFocus
RegisterClassW
GetDlgItemTextW
LoadIconW
GetDlgItem
EnableWindow
CharUpperW
GetUserObjectInformationW
DestroyWindow
CharUpperBuffW
CreateWindowExW
EnumWindows
CharNextW
UnregisterClassW
GetProcessWindowStation
DispatchMessageW
DrawTextW
SendMessageTimeoutW
SetDlgItemTextW
CharPrevA
InvalidateRect
CreateDialogParamW
PostMessageW
GetFocus
MoveWindow
SetCursor
SendMessageW
SystemParametersInfoW
ShowWindow
LoadCursorW
GetWindowRect

rpcrt4

CStdStubBuffer_Connect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_QueryInterface
NdrDllUnregisterProxy
NdrOleFree
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_CountRefs
NdrOleAllocate
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrClientCall2
NdrCStdStubBuffer_Release
NdrDllGetClassObject
NdrDllRegisterProxy

advapi32

RegEnumKeyExA
GetAce
QueryServiceConfigW
OpenServiceW
CreateServiceW
SetFileSecurityW
MakeAbsoluteSD
GetTokenInformation
RegDeleteKeyW
RegCloseKey
CloseServiceHandle
LookupAccountNameW
RegFlushKey
OpenThreadToken
RegConnectRegistryW
DuplicateToken
CopySid
EqualSid
OpenSCManagerW
IsValidSecurityDescriptor
RegEnumValueW
OpenProcessToken
GetUserNameW
MakeSelfRelativeSD
RegSetKeySecurity
RegEnumValueA
GetLengthSid
DeregisterEventSource
SetSecurityDescriptorOwner
RegEnumKeyW
SetSecurityDescriptorDacl
GetFileSecurityW
AdjustTokenPrivileges
QueryServiceStatus
RegQueryInfoKeyW
StartServiceW
SetSecurityDescriptorGroup
RegDeleteValueW
InitializeAcl
AllocateAndInitializeSid
DeleteService
AddAccessDeniedAce
AddAccessAllowedAce
GetServiceDisplayNameW
GetSecurityDescriptorOwner
RegSetValueExW
LookupPrivilegeValueW
SetThreadToken
RegCreateKeyExW
PrivilegeCheck
ReportEventW
RegQueryValueExA
GetSidSubAuthorityCount
InitializeSecurityDescriptor
RegQueryValueExW
RegisterEventSourceW
GetSecurityDescriptorLength
ConvertSidToStringSidW
EnumDependentServicesW
RegEnumKeyExW
SetTokenInformation
GetSecurityDescriptorGroup
RegGetKeySecurity
RegOpenKeyExW
RegSetValueExA
ControlService
ChangeServiceConfigW
GetSidLengthRequired
FreeSid
GetSecurityDescriptorControl

gdi32

EnumFontFamiliesExW
GetTextExtentPoint32W
DeleteObject
RemoveFontResourceW
AddFontResourceW
CreateFontIndirectW
SelectObject
GetTextMetricsW
CreateFontW
GetTextFaceW
GetDeviceCaps

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 91KB - Virtual size: 1000KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

632483efefcd02dfbd5c389c48c0fdd5

Headers

File Characteristics

Imports

kernel32

ntdll

user32

rpcrt4

advapi32

gdi32

Sections

.text Size: 23KB - Virtual size: 23KB

.reloc Size: 512B - Virtual size: 24B

.rsrc Size: 284KB - Virtual size: 283KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 91KB - Virtual size: 1000KB

.text
Size: 23KB - Virtual size: 23KB

.reloc
Size: 512B - Virtual size: 24B

.rsrc
Size: 284KB - Virtual size: 283KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 91KB - Virtual size: 1000KB