99bda42c5dfa3d7c4f471a0cff260489

Sharing

Copy URL Twitter E-mail

General

Target

99bda42c5dfa3d7c4f471a0cff260489
Size

170KB
MD5

99bda42c5dfa3d7c4f471a0cff260489
SHA1

c223c642300d405b261f6b4860da30505fff131c
SHA256

e5dab43b2851cd3e66ce208b3f4a9be152f576e05a5783aa96ba931491f7454f
SHA512

e2ea57e4b1eb3ec5dc291060cd2ecb1936d4ddddf265a1e30cc84fcbf00932e13c8c8870d279752416a15c7ee56e0304a7f1a60429277dfb38f627e532093eca
SSDEEP

3072:4pVKiFfUBJZT2NHOLW+FoMgLBqX7CxuxR46C5VbuMAO1kNfJwXU4KsMd6:0ZFfIJZiNHOLWYopqLhKrPhk0k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99bda42c5dfa3d7c4f471a0cff260489

Files

99bda42c5dfa3d7c4f471a0cff260489
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

8c65afcaa489cf30ae8ed6736173e48a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW
PathCombineW

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

user32

MoveWindow
CharNextA
GetClientRect
SendNotifyMessageA
GetDesktopWindow
FillRect
DestroyAcceleratorTable
DrawTextA
SetWindowLongA
wvsprintfA
DestroyWindow
CopyRect
InvalidateRgn
SendMessageA
GetWindowRect
ShowWindow
SendMessageTimeoutA
GetWindow
GetParent
RedrawWindow
SetFocus
RegisterWindowMessageA
CallWindowProcA
GetActiveWindow
InvalidateRect
SetRect
DispatchMessageA
PeekMessageA
KillTimer
BeginPaint
ReleaseDC
CreateDialogParamA
GetFocus
GetWindowTextLengthA
MsgWaitForMultipleObjects
wsprintfA
CreateWindowExA
ReleaseCapture
CreateAcceleratorTableA
FindWindowA
EqualRect
GetWindowLongA
UnregisterClassA
LoadCursorA
GetClassNameA
GetDC
DefWindowProcA
GetWindowTextA
IsWindow
RegisterClassExA
SetParent
GetSysColor
GetClassInfoExA
EnumDisplayDevicesA
SetCapture
SetWindowTextA
GetQueueStatus
SetTimer
PostThreadMessageA
GetDlgItem
PostMessageA
IsChild
EndPaint
SetWindowPos

winmm

timeGetTime
timeSetEvent

gdiplus

GdipDisposeImage
GdipGetImagePixelFormat
GdipCreateBitmapFromFileICM
GdipAlloc
GdipCreateBitmapFromFile
GdipFree
GdipCloneImage

gdi32

ExtEscape
BitBlt
GetDeviceCaps
SelectPalette
StretchDIBits
CreateDIBSection
CreateCompatibleBitmap
RealizePalette
CreateFontA
DeleteObject
CreateDIBitmap
SetStretchBltMode
GetObjectA
CreateSolidBrush
CreateCompatibleDC
SelectObject
GetStockObject
DeleteDC
GetDIBits
SetBkMode

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

StringFromGUID2
CoGetClassObject
OleInitialize
CreateItemMoniker
CoUninitialize
CoSetProxyBlanket
GetRunningObjectTable
StgCreateDocfile
OleUninitialize
CoTaskMemRealloc
CreateBindCtx
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
StgIsStorageFile
StgOpenStorage
CoCreateInstance
CoInitializeSecurity
CreateStreamOnHGlobal
OleLockRunning
CoInitialize
BindMoniker
CLSIDFromString

advapi32

CryptCreateHash
RegQueryInfoKeyA
RegCloseKey
CryptEncrypt
CryptHashData
CryptReleaseContext
RegEnumKeyExA
CryptAcquireContextA
RegSetValueExA
CryptDestroyKey
RegCreateKeyExA
RegEnumValueA
CryptDestroyHash
RegQueryValueExA
CryptGetHashParam
CryptImportKey
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA

kernel32

GetShortPathNameW
GetFileSize
GetTickCount
GlobalSize
ReadFile
WriteFile
UnmapViewOfFile
GetProcessAffinityMask
GlobalAlloc
CreateFileMappingA
EnumResourceTypesW
LocalAlloc
LocalFree
Sleep
GlobalFree
DisableThreadLibraryCalls
WideCharToMultiByte
GetFileAttributesA
SetFilePointer
MapViewOfFile
CreateFileW
CreateFileA
CloseHandle

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c65afcaa489cf30ae8ed6736173e48a

Headers

File Characteristics

Imports

shlwapi

wininet

user32

winmm

gdiplus

gdi32

shell32

ole32

advapi32

kernel32

setupapi

version

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 5KB - Virtual size: 4KB

.bss Size: 63KB - Virtual size: 62KB

.tls Size: 1024B - Virtual size: 100KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 5KB - Virtual size: 4KB

.bss
Size: 63KB - Virtual size: 62KB

.tls
Size: 1024B - Virtual size: 100KB