a43031e09163b6a1df28d539b3608136

Sharing

Copy URL Twitter E-mail

General

Target

a43031e09163b6a1df28d539b3608136
Size

220KB
MD5

a43031e09163b6a1df28d539b3608136
SHA1

2a0a7f197ea710fca9bffc29d27b1dac162e891d
SHA256

ba94ee641ac3459e05dba3825b658605c0f326a2c5df9f6da4a68adfea2b3992
SHA512

ddd5a1a564c533972e1152105c86fcb8df82a1d47803eeccb43e65e4366bcb45e2173606805ada4378e75eb48e2cbf12e3062d0d736eea6706daa2d6e3277e4d
SSDEEP

3072:wKSI+LSIjjWZrwcrx0duYcsA/8R3t4Nj6QhdEVRyEla+BYpWZJcT3n1TGvr7cjcP:7JZrwcrCdJcf/ktYMzWGJcTXMfscik1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a43031e09163b6a1df28d539b3608136

Files

a43031e09163b6a1df28d539b3608136
.exe windows:4 windows x86 arch:x86

113e3b0d9dff1ee9c0345e89a9f0fad5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\BestClick\Release\BestClick.pdb

Imports

kernel32

FindAtomA
ExitProcess
SystemTimeToFileTime
GetSystemTime
ReadFile
GetFileSize
CreateFileA
GetSystemDirectoryA
WriteFile
DeleteFileA
CreateProcessA
GetProcAddress
LoadLibraryA
MoveFileA
GetTempFileNameA
SetPriorityClass
OpenProcess
GetCurrentProcessId
SetThreadPriority
GetCurrentThread
CopyFileA
MoveFileExA
ReleaseMutex
CreateMutexA
WriteProcessMemory
ReadProcessMemory
GetStdHandle
SetWaitableTimer
CreateWaitableTimerA
GetTickCount
OutputDebugStringA
GetBinaryTypeA
GetLocalTime
SetFilePointer
CreateEventA
ResetEvent
SetEvent
TerminateThread
TerminateProcess
LockResource
FindResourceExA
GetTempPathA
Sleep
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCommandLineA
GetStartupInfoA
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
GetCurrentThreadId
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
lstrcmpA
FlushInstructionCache
HeapAlloc
MulDiv
GetLastError
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcess
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateThread
SetThreadAffinityMask
EraseTape
WaitForSingleObject
CloseHandle
EndUpdateResourceA
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

SetWindowTextA
GetWindowTextLengthA
RegisterClassExA
LoadCursorA
GetClassInfoExA
DefWindowProcA
UnregisterClassA
GetWindowLongA
SetWindowLongA
MessageBoxA
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjects
FindWindowExA
PostMessageA
ClientToScreen
GetWindowRect
CharLowerBuffA
SetRect
IsWindowVisible
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
EnumDesktopWindows
GetWindowTextA
RegisterWindowMessageA
GetSysColor
ReleaseCapture
SetCapture
FillRect
GetClientRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
GetDesktopWindow
CallWindowProcA
EndPaint
BeginPaint
SetFocus
GetWindow
IsChild
GetFocus
DestroyAcceleratorTable
SendMessageA
IsWindow
GetDlgItem
RedrawWindow
DestroyWindow
SetWindowPos
GetClassNameA
GetParent
CharNextA
CreateAcceleratorTableA
CreateWindowExA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageA
CreateDesktopA
SetThreadDesktop
GetKeyState
wsprintfA

gdi32

DeleteDC
SelectObject
DeleteObject
AddFontResourceA
GetCurrentObject
CreateRectRgn
RestoreDC
Chord
SetMetaRgn
TextOutA
CreateCompatibleBitmap
SetLayout
GetPixel
SetPixel
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject
CreateSolidBrush
GetBkColor
CreateDiscardableBitmap
GetGraphicsMode
GetMetaFileA
GetFontLanguageInfo
BeginPath
CreateDIBSection

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

ole32

CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
SafeArrayRedim
VariantCopyInd
SafeArrayCreate
SafeArrayDestroy
VarBstrCmp
SafeArrayLock
SafeArrayUnlock
DispCallFunc
SysAllocStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysStringLen
SysAllocStringLen

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage

winmm

waveOutOpen

wininet

FindCloseUrlCache
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

ws2_32

send
recv
connect
WSAStartup
WSACleanup
htons
gethostbyname
socket
select
ioctlsocket
closesocket

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

113e3b0d9dff1ee9c0345e89a9f0fad5

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

gdiplus

winmm

wininet

ws2_32

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 16B

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 16B