a2372cad306d9da9e05e438896dc9354

Sharing

Copy URL

Twitter E-mail

General

Target

a2372cad306d9da9e05e438896dc9354
Size

608KB
MD5

a2372cad306d9da9e05e438896dc9354
SHA1

fd169449231d9416412c2a5bc4f6144957deac43
SHA256

e2a0577af96a8ed25fe3d2aea0e5081ae6139e032fd0e4f9cd65d772e5f3a538
SHA512

a70fde66700793631d4f5815809d7e8cffbddfe2e634e95cd31c15f15a9a7c6a4ef8b842a655eb84874fa9b133287bb5e6b687f9c1e0cdbb4dd4eac38291905f
SSDEEP

12288:G5r6T85fuQbv55+PUkvj8QaUsgI5aMcfpF1E829TXGe/kteNLkcTxTQ6jrjw2FQR:wbJcfpXS9zGe/n7TpjYP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2372cad306d9da9e05e438896dc9354

Files

a2372cad306d9da9e05e438896dc9354
.exe windows:4 windows x86 arch:x86

50ca4fb947a70d6438927d48308b886a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenUrlA
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA
InternetReadFile
InternetSetFilePointer
InternetOpenA

ws2_32

WSACloseEvent
WSARecvFrom
WSAResetEvent
inet_addr
gethostbyname
inet_ntoa
shutdown
closesocket
WSACreateEvent
WSASocketA
setsockopt
WSAGetLastError
WSASendTo
WSASetEvent
WSAWaitForMultipleEvents

kernel32

lstrlenA
Sleep
CloseHandle
GetCurrentThreadId
CreateThread
SetEvent
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
LockResource
LoadResource
FindResourceA
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpA
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
GetModuleFileNameA
EnterCriticalSection
ReadFile
GetFileSize
CreateFileA
WriteFile
CreateDirectoryA
GetSystemTime
GetCurrentProcessId
OutputDebugStringA
SetFilePointer
GetTickCount
CreateEventA
WaitForMultipleObjectsEx
TerminateThread
WaitForSingleObject
GlobalFree
GlobalHandle
ResetEvent
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
ResumeThread
FreeResource
FindResourceExA
SetFileAttributesA
DeleteFileA
OpenEventA
FindClose
FindNextFileA
GetFileAttributesA
RemoveDirectoryA
FindFirstFileA
CreateProcessA
SetEndOfFile
GetDriveTypeA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
CopyFileA
GetCommandLineA
GetModuleHandleA
FreeLibrary
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
lstrcpynW
GetTempFileNameA
GetTempPathA
LocalFree
FlushFileBuffers
SetErrorMode
SetUnhandledExceptionFilter
ExitProcess
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
lstrcmpiA
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
ExitThread
GetStartupInfoA
HeapCreate
VirtualFree
IsBadWritePtr
GetProcAddress
TerminateProcess
QueryPerformanceCounter
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
LCMapStringA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTimeAsFileTime
LCMapStringW
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA
DebugBreak
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
SizeofResource

user32

DispatchMessageA
EnableWindow
PostThreadMessageA
TranslateAcceleratorA
GetWindowTextLengthA
GetWindowTextA
GetClassInfoExA
wsprintfA
RegisterClassExA
CreateAcceleratorTableA
CharNextA
GetClassNameA
RedrawWindow
SetFocus
GetFocus
IsChild
InvalidateRgn
FillRect
SetCapture
ReleaseCapture
GetDesktopWindow
DestroyAcceleratorTable
CreateWindowExA
MapDialogRect
SetWindowContextHelpId
RegisterWindowMessageA
LoadStringA
GetWindowThreadProcessId
ReleaseDC
GetDC
DrawFocusRect
TranslateMessage
GetMessageA
SetCursor
InvalidateRect
LoadCursorA
GetSysColor
DefWindowProcA
PostMessageA
PtInRect
LoadIconA
PostQuitMessage
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
AttachThreadInput
SetWindowRgn
RemoveMenu
CreatePopupMenu
GetMenuItemCount
AppendMenuA
DestroyMenu
MessageBeep
LoadStringW
TrackPopupMenuEx
SetMenuDefaultItem
GetMenuItemInfoA
SetMenuItemInfoA
LoadMenuA
LoadAcceleratorsA
LoadImageA
GetWindowDC
ValidateRect
DrawTextA
GetActiveWindow
DialogBoxIndirectParamA
IsDialogMessageA
SetForegroundWindow
KillTimer
MoveWindow
SetTimer
CallWindowProcA
GetForegroundWindow
MapWindowPoints
SendDlgItemMessageA
IsWindowEnabled
ShowWindow
ScreenToClient
SetWindowPos
SetWindowTextA
GetWindowLongA
SetWindowLongA
DestroyWindow
EndDialog
CreateDialogIndirectParamA
GetDlgItem
PeekMessageA
BeginPaint
EndPaint
IsWindow
SendMessageA
UnregisterClassA
LoadBitmapA

gdi32

SetBkMode
CreatePen
MoveToEx
LineTo
CombineRgn
CreateRectRgn
GetClipRgn
SelectClipRgn
SetBkColor
SetTextColor
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetStockObject
GetObjectA
GetDeviceCaps
GetDIBits
CreateFontA
DeleteDC
DeleteObject

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SafeArrayLock
VarUI4FromStr
SysAllocStringByteLen
DispCallFunc
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
SysFreeString
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
OleLoadPicture
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysAllocString
SysStringLen
SysAllocStringLen

shlwapi

PathFileExistsA

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_DrawEx
ImageList_Add
ImageList_Create
ImageList_GetIconSize
ImageList_Draw
ImageList_AddMasked
InitCommonControlsEx

msimg32

TransparentBlt

setupapi

SetupInstallFileA

Sections

.text
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50ca4fb947a70d6438927d48308b886a

Headers

File Characteristics

Imports

wininet

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

setupapi

Sections

.text Size: 300KB - Virtual size: 296KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 220KB - Virtual size: 216KB

.text
Size: 300KB - Virtual size: 296KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 220KB - Virtual size: 216KB