82659385a3faa68194726148a3654109[.]exe

Resubmissions

13/02/2024, 06:25

240213-g6svtscg55 8

31/01/2024, 10:35

240131-mm661acagn 10

Sharing

Copy URL Twitter E-mail

General

Target

82659385a3faa68194726148a3654109.exe
Size

2.7MB
MD5

82659385a3faa68194726148a3654109
SHA1

3360abcf463d310a115c940cb186ded4f7e6a216
SHA256

0eb169839dc6a46f957ae2c3dd1c31574a90d10cb3e883ceb764e2cbee332c9a
SHA512

171f1b318d4c5429e6b122284a87fd1623c9df4d150f07f12d91f83731496abc5b766950e6b50f7b242c50636405c7bfe17881c56406df25625e8fb72ec1410c
SSDEEP

49152:l5lOgmBuV7YyqlRYAxqyAjtxCsvVpSKkBG01eiFKwL0a6Zp2hCkHp5E:ZmMV7YVlRYlvCdLGLixLkpYs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82659385a3faa68194726148a3654109.exe

Files

82659385a3faa68194726148a3654109.exe
.exe windows:6 windows x64 arch:x64

8ce33933ad4d67656fc05f8f5cea2055

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CheckMenuRadioItem
GetMessageA
GetSystemMenu
DispatchMessageA
GetWindowRect
GetMenu
EnableWindow
GetCursorPos
ChildWindowFromPoint
DefDlgProcA
InvalidateRect
InsertMenuItemA
FindWindowA
SetDlgItemInt
EnableMenuItem
GetSysColorBrush
PostQuitMessage
CheckDlgButton
KillTimer
UnregisterClassA
GetDlgItem
GetClientRect
CheckMenuItem
RemoveMenu
AppendMenuA
CharUpperA
LoadIconA
CreateDialogParamA
SetCursor
SetClipboardData
SendMessageA
SetDlgItemTextA
DestroyMenu
GetClassInfoA
SendDlgItemMessageA
GetClipboardData
TranslateMessage
SetFocus
CharLowerBuffA
RegisterClassA
IsDlgButtonChecked
EnumClipboardFormats
MoveWindow
GetSysColor
MessageBoxA
SetWindowTextA
wvsprintfA
SetWindowPlacement
GetWindowLongA
LoadAcceleratorsA
GetWindowTextA
EmptyClipboard
DestroyAcceleratorTable
CallWindowProcA
CloseClipboard
ClientToScreen
SetWindowLongA
IsMenu
SetMenuItemInfoA
IsDialogMessageA
DestroyIcon
RedrawWindow
SetTimer
GetDlgItemTextA
TranslateAcceleratorA
OpenClipboard
IsWindow
GetActiveWindow
GetSubMenu
wsprintfA
TrackPopupMenu
DestroyCursor
GetWindowPlacement
DialogBoxParamA
CreatePopupMenu
GetSystemMetrics
EndDialog
PostMessageA
SetActiveWindow
CheckRadioButton
SetWindowPos
DestroyWindow
LoadCursorA

comdlg32

GetOpenFileNameA
ChooseFontW
PrintDlgExW
CommDlgExtendedError
PageSetupDlgW
GetSaveFileNameA

shell32

ExtractIconExW
DragFinish
SHGetIconOverlayIndexW
ord24
ord23
ord27
SHGetSettings
ord645
SHBrowseForFolderW
CommandLineToArgvW

ole32

GetClassFile
CoRevertToSelf

advapi32

RegOpenKeyExA
AdjustTokenPrivileges
RegCloseKey
RegSetValueA
RegDeleteKeyA
RegQueryValueExA
LookupPrivilegeValueA
GetUserNameA
GetUserNameW
DecryptFileW
RegCreateKeyA
OpenProcessToken

gdi32

GetStockObject
SetTextColor
SetBkMode
CreateFontIndirectA
DeleteObject
GetObjectA
SelectObject

comctl32

CreateToolbarEx
ImageList_Destroy
ImageList_Create
ImageList_SetBkColor
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Remove

oleaut32

OleIconToCursor

winspool.drv

FindFirstPrinterChangeNotification
FindClosePrinterChangeNotification

kernel32

FindNextFileW
FindClose
HeapFree
HeapAlloc
GetModuleHandleExW
ExitProcess
WriteFile
RtlPcToFileHeader
RaiseException
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetProcAddress
GetModuleHandleW
LocalHandle
GlobalHandle
GlobalFlags
IsValidCodePage
GlobalSize
MapUserPhysicalPagesScatter
GetNamedPipeHandleStateA
AddAtomW
SetMailslotInfo
GetMailslotInfo
MulDiv
GetTapeStatus
CreateTapePartition
EraseTape
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
PrepareTape
TransmitCommChar
GetCommTimeouts
GetCommModemStatus
GetCommMask
EscapeCommFunction
ClearCommError
ClearCommBreak
SetMessageWaitingIndicator
SetHandleCount
DeleteAtom
InitAtomTable
GlobalDeleteAtom
PulseEvent
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LocalSize
GetConsoleOutputCP
GetConsoleMode
CloseHandle
WriteConsoleW
RtlLookupFunctionEntry
GetNamedPipeInfo
ConvertThreadToFiber
CreateFiber
CreateFiberEx
ConvertFiberToThread
GetProcessIoCounters
GetStdHandle
SetStdHandle
CreateFileW
FindFirstFileExW
FindNextChangeNotification
FlushFileBuffers
GetFileAttributesExW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetFileTime
GetLogicalDrives
SetEndOfFile
SetFilePointer
SetFilePointerEx
SetFileValidData
AreFileApisANSI
EncodePointer
DecodePointer
EncodeSystemPointer
DecodeSystemPointer
SetHandleInformation
GetLastError
SetLastError
DisconnectNamedPipe
PeekNamedPipe
GetNamedPipeHandleStateW
QueryPerformanceCounter
QueryPerformanceFrequency
CreateIoCompletionPort
PostQueuedCompletionStatus
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
CancelWaitableTimer
GetProcessTimes
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetThreadPriorityBoost
GetThreadPriority
GetProcessVersion
SetPriorityClass
GetPriorityClass
GetProcessId
GetThreadContext
FlushInstructionCache
GetThreadTimes
OpenProcess
IsProcessorFeaturePresent
GetProcessHandleCount
GetProcessPriorityBoost
SetProcessPriorityBoost
GetThreadIOPendingFlag
GetVersion
GetVersionExW
SetSystemTimeAdjustment
CreateFileMappingW
FlushViewOfFile
SetProcessWorkingSetSize
GetWriteWatch
ResetWriteWatch
CreateMemoryResourceNotification
IsProcessInJob
AssignProcessToJobObject
SetInformationJobObject
IsWow64Process
DisableThreadLibraryCalls
FreeResource
GetModuleFileNameA
GetModuleFileNameW
LockResource
GlobalUnlock
GlobalCompact
GlobalUnfix
GlobalUnWire
LocalUnlock
LocalShrink
LocalCompact
GetProcessAffinityMask

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

8ce33933ad4d67656fc05f8f5cea2055

Headers

DLL Characteristics

File Characteristics

Imports

user32

comdlg32

shell32

ole32

advapi32

gdi32

comctl32

oleaut32

winspool.drv

kernel32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 68KB - Virtual size: 84KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 68KB - Virtual size: 84KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB