34477ec7a210a4e0454c435e02d64d861388e6248b09995d8403e921af93b467

Sharing

Copy URL

Twitter E-mail

General

Target

34477ec7a210a4e0454c435e02d64d861388e6248b09995d8403e921af93b467
Size

1.1MB
MD5

9f66709f29d76526b1211a3a067199fa
SHA1

e89a7e8a26fd248ce17604971bb75174b0affe8f
SHA256

34477ec7a210a4e0454c435e02d64d861388e6248b09995d8403e921af93b467
SHA512

b6c6ac7f9a0c726a0736548eaf967fcfba026777eff3150bf682f75c855adf4eaf35fc25a292e1719cc797738927b50de0404039be657d5a901b572ddbfce8cd
SSDEEP

24576:VIJ9IY3qBss7xaiWEkL9QcjmXE+6o0aooA9waRW55iVBQWp0x:AuD7siWEkL90E+6p6h558Wz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
34477ec7a210a4e0454c435e02d64d861388e6248b09995d8403e921af93b467

Files

34477ec7a210a4e0454c435e02d64d861388e6248b09995d8403e921af93b467
.exe windows:5 windows x86 arch:x86

18847fd5ec2a4fec862eea659987da37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetModuleHandleW
GetLastError
CreateMutexW
GetProcAddress
LoadLibraryW
GetSystemDefaultLangID
GetCommandLineW
WriteConsoleW
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
CreateEventA
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetFileType
SetConsoleCtrlHandler
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
InterlockedPushEntrySList
RtlUnwind
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
WritePrivateProfileStringW
GetPrivateProfileStringW
MulDiv
GlobalFree
CloseHandle
GlobalAlloc
FindFirstFileExW
SetEvent
OutputDebugStringW
CreateProcessW
lstrlenA
InitializeCriticalSection
DebugBreak
CreateThread
GetExitCodeProcess
InterlockedIncrement
lstrlenW
RaiseException
InterlockedDecrement
GetStartupInfoW
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObjectEx
GetFileAttributesW
SetLastError
GetShortPathNameW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
LocalFree
FormatMessageW
FormatMessageA
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
GetSystemInfo
GlobalMemoryStatus
GetCurrentProcess
WaitForSingleObject
GetModuleFileNameW
GetTempPathW
GetTempFileNameW
ReleaseSemaphore
CreateFileW
ReadFile
WriteFile
FlushFileBuffers
SetFilePointer
SetEndOfFile
GetFileSize
GetFileInformationByHandle
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualAlloc
VirtualFree
GetCurrentThread
SetThreadPriority
Sleep
TerminateProcess
IsDebuggerPresent
GetModuleHandleA
GetCurrentProcessId
GetStringTypeW
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
CreateDirectoryW
DeleteFileW
GetFileAttributesExW
RemoveDirectoryW
SetFilePointerEx
DeviceIoControl
FindClose
FindNextFileW
AreFileApisANSI
ResetEvent
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
ResumeThread
CreateWaitableTimerA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead

user32

MessageBoxW
RegisterWindowMessageW
PostMessageW
MessageBoxExW
KillTimer
SetWindowLongW
GetWindowLongW
MapWindowPoints
GetWindowRect
GetClientRect
SetTimer
GetWindow
MoveWindow
PostQuitMessage
DestroyMenu
TrackPopupMenu
GetMessagePos
SetForegroundWindow
AppendMenuW
CreatePopupMenu
UnhookWindowsHookEx
SetWindowsHookExW
SendMessageW
CallNextHookEx
DefWindowProcW
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
DispatchMessageW
TranslateMessage
DestroyWindow
GetMessageW
LoadIconW
GetDC
LoadStringW
CharNextW
GetActiveWindow

shell32

SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteExW
Shell_NotifyIconW

urlmon

ObtainUserAgentString

wininet

HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA

winmm

timeGetTime

gdi32

GetDeviceCaps
SetLayout

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

rpcrt4

UuidToStringA
RpcStringFreeA

advapi32

RegOpenKeyExW
AdjustTokenPrivileges
RegQueryValueExW
OpenProcessToken
RegCloseKey

ole32

CoCreateGuid

Sections

.text
Size: 521KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18847fd5ec2a4fec862eea659987da37

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

urlmon

wininet

winmm

gdi32

version

rpcrt4

advapi32

ole32

Sections

.text Size: 521KB - Virtual size: 521KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 14KB - Virtual size: 19KB

.rsrc Size: 424KB - Virtual size: 620KB

.text
Size: 521KB - Virtual size: 521KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 14KB - Virtual size: 19KB

.rsrc
Size: 424KB - Virtual size: 620KB