9959472ab02cc4a7bf5ec477a5bfbc64

Sharing

Copy URL

Twitter E-mail

General

Target

9959472ab02cc4a7bf5ec477a5bfbc64
Size

385KB
MD5

9959472ab02cc4a7bf5ec477a5bfbc64
SHA1

0073e94e871284c94724dee94d0fcc8b499cb073
SHA256

e0e98500f5895fa2912655f5030bc0581677d04ac3de4a8175ffa461e4a51560
SHA512

f45f50c8c2f7d2c6f8fa0c1314871cf826ec41db86cd44394b8b898691eb8d29ca3c7c81e9614cf40a0f174e4f328bf5c3840b28d07b35cc64aca121ccb0e79c
SSDEEP

12288:BNnLk2LLBZVDDT3nswSk8H9t7p1YVyNYGLre:LLk2L1ZVTcw/o/x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9959472ab02cc4a7bf5ec477a5bfbc64

Files

9959472ab02cc4a7bf5ec477a5bfbc64
.exe windows:7 windows x86 arch:x86

2a08ac2bc1c5b88ec81cecc2d7b315be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
AllocateAndInitializeSid
RegEnumKeyW
OpenProcessToken
FreeSid
RegQueryValueExW
RegOpenKeyW

msvcrt

wcslen
__lconv_init
wcscat
_except_handler3
__p__fmode
wcsrchr
??3@YAXPAX@Z
_mbsinc
free
wcschr
towlower
setlocale
_ftol
wcsncpy
_wtoi
wcscpy

ole32

OleUninitialize
CoCreateInstance
CoInitialize

user32

GetWindowRect
MessageBoxA
SetForegroundWindow
InvalidateRect
SetWindowLongA
DefWindowProcW
EnumChildWindows
SetTimer
GetClientRect
SetWindowLongW
EnableWindow
LoadStringW
PostMessageW
GetParent
LoadStringA
DispatchMessageW
SystemParametersInfoW
DialogBoxParamW
ShowWindow
SetCursor
GetSysColor
LoadIconW
SetWindowPos

shell32

SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW

kernel32

GetSystemDirectoryW
ResetEvent
FindFirstFileW
GetProcAddress
WaitForMultipleObjects
GetVersionExW
GetStartupInfoA
SetLastError
FindFirstFileA
HeapQueryInformation
CreateDirectoryW
GetProcessHeap
DeleteFileW
FindClose
SetCurrentDirectoryW
ExitProcess
VirtualFree
SetEvent
CreateFileA
QueryPerformanceCounter
VirtualAlloc
CreateThread
GetWindowsDirectoryW
GetCurrentProcessId
GetCommState
IsDBCSLeadByte
GetTickCount
DeleteFileA
GetModuleFileNameW
GetLastError
DeleteCriticalSection
GetVersionExA
WaitForSingleObject
CreateFileW
lstrcpyW
LocalAlloc
LoadLibraryW
GetVersion
CreateMutexW
CreateDirectoryA
FormatMessageA
lstrlenW
LocalFree
FileTimeToDosDateTime
CreateEventW
GetEnvironmentStringsW
GetModuleHandleA
GetDriveTypeW
GetEnvironmentVariableW
GetCurrentProcess
GetSystemTimeAsFileTime
GetTempPathA
LoadLibraryExW
MultiByteToWideChar
SetUnhandledExceptionFilter
HeapCreate
GetTempFileNameA
GetFileAttributesW
CloseHandle

shlwapi

SHGetValueW
StrCmpW
PathAppendW
StrDupW
StrChrIW
StrCpyNW
StrCmpIW

setupapi

SetupGetLineCountW
SetupGetStringFieldW
SetupFindNextLine
SetupCloseInfFile

Sections

.text
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a08ac2bc1c5b88ec81cecc2d7b315be

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msvcrt

ole32

user32

shell32

kernel32

shlwapi

setupapi

Sections

.text Size: 259KB - Virtual size: 259KB

.data Size: 28KB - Virtual size: 27KB

.rsrc Size: 96KB - Virtual size: 756KB

.text
Size: 259KB - Virtual size: 259KB

.data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 96KB - Virtual size: 756KB