b57f3bb607a30999c0c80d0c6dda3a84

Sharing

Copy URL Twitter E-mail

General

Target

b57f3bb607a30999c0c80d0c6dda3a84
Size

298KB
MD5

b57f3bb607a30999c0c80d0c6dda3a84
SHA1

7cbe3186560892f5fdbb40de612083d01241a8c3
SHA256

bdcbd57e88e6d0a35a4a9557d10653533cae90bfd726af783dac5299af8443e9
SHA512

32b23c41c7e8b20dbd7d5190d12b52f0def0a7199486c243585b421d40465d227cebe6976fce9607b1f9e8f95e24c4dc14aaeb4a527bd02735ab2b3b09216c9c
SSDEEP

6144:H1Wwk6yF56wGp7C7ChvkgZbEmzaMuNNpBGGdl7qQXgDS:H8lpSwGpungJr3uTlr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b57f3bb607a30999c0c80d0c6dda3a84

Files

b57f3bb607a30999c0c80d0c6dda3a84
.exe windows:4 windows x86 arch:x86

dc1354074110228140d27270ef8ad0b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

UpdateColors

kernel32

FindResourceExW
SuspendThread
WritePrivateProfileStringA
SetNamedPipeHandleState
ReadConsoleOutputA
GetProcessHeap
GetFileAttributesA
GetACP
GlobalFindAtomW
ReleaseMutex
WriteConsoleOutputCharacterA
LocalAlloc
FindCloseChangeNotification
GetPrivateProfileStringW
ReadFile
GetModuleFileNameW
ExitThread
SetConsoleTitleA
SetupComm
GetSystemDefaultLangID
GetProcessTimes
SetStdHandle
SetThreadLocale
EnumResourceNamesA
GlobalGetAtomNameW
_lclose
CreatePipe
SetCurrentDirectoryA
PrepareTape
VirtualQuery
GetCommandLineW
WriteConsoleOutputW
LocalLock
SetCommTimeouts
VirtualLock
lstrcmpA
FindFirstFileExW
SetConsoleWindowInfo
MoveFileExA
FreeLibrary
CloseHandle
GetLocaleInfoW
SetEndOfFile
SetConsoleMode
GetTapeStatus
TryEnterCriticalSection
EraseTape
lstrcatW
VirtualQueryEx
FatalAppExitA
GetDriveTypeA
SetConsoleCursorPosition
CreateDirectoryExA
RemoveDirectoryA
WaitNamedPipeA
GetTimeZoneInformation
IsValidLocale
GlobalUnlock
UnmapViewOfFile
ClearCommBreak
GetVersion
FormatMessageA
EnumTimeFormatsW
GetAtomNameA
lstrcmpiA
ConnectNamedPipe
IsBadReadPtr
GetFileType
IsBadStringPtrA
lstrcpyA
GetDiskFreeSpaceExA
GetCommModemStatus
LoadLibraryExA
SearchPathW
VirtualAlloc
GetLogicalDriveStringsA
GetModuleHandleA
GetStartupInfoA

advapi32

GetSecurityDescriptorLength
UnlockServiceDatabase
GetSecurityDescriptorSacl
SetServiceObjectSecurity
CryptReleaseContext
RegQueryValueW
GetSecurityInfo
CloseEventLog
RegGetKeySecurity
SetNamedSecurityInfoA
RegOpenKeyExA
CryptExportKey
FreeSid
RegOpenKeyW
AllocateAndInitializeSid
CryptGetHashParam
CryptDecrypt
BuildTrusteeWithNameW
RegDeleteKeyA
InitializeSecurityDescriptor
EnumServicesStatusW
OpenServiceA
GetSidLengthRequired
RegCreateKeyExW
ImpersonateSelf
QueryServiceStatus
OpenServiceW
ReportEventW
DuplicateTokenEx
ObjectDeleteAuditAlarmW
IsTextUnicode
LookupAccountSidA

shell32

SHGetDesktopFolder
FindExecutableW
SHAddToRecentDocs
ExtractIconA
SHLoadInProc
DragFinish
ShellExecuteA
SHGetPathFromIDListA
SHFileOperationW

user32

UnhookWindowsHook
GetMenuCheckMarkDimensions
OpenIcon
GetKeyState
GetTabbedTextExtentA
CheckRadioButton
MsgWaitForMultipleObjectsEx
LoadBitmapW
SetCapture
DefDlgProcW
GetUserObjectInformationW
GetQueueStatus
SetWindowTextW
GetIconInfo
OemToCharBuffA
SetWindowsHookExA
GetDCEx
SetFocus
DeferWindowPos
SetKeyboardState
SetDlgItemInt
RegisterClassW
InflateRect
MessageBoxIndirectW
SetActiveWindow
AppendMenuW
GetUpdateRgn
ClientToScreen
GetMenuItemInfoW
PtInRect
SetWindowsHookW
SetUserObjectInformationW
GetClassInfoExW
GetDC
GetKeyboardLayout
GetNextDlgTabItem
InsertMenuItemW
IsCharLowerA
LoadCursorA
SetClassLongA
GetClipboardFormatNameW
IntersectRect
CharUpperBuffW
SetMenuItemBitmaps
TileWindows
SetClipboardData
CreateWindowExW

ws2_32

WSARecvFrom
accept
getprotobyname
WSACleanup
getservbyname
WSAGetQOSByName
shutdown
WSARecv
WSAIsBlocking
gethostname
WSALookupServiceBeginA
select
WSAHtons
inet_addr
WSASetLastError

version

VerQueryValueA

ole32

OleQueryLinkFromData
GetRunningObjectTable
StgSetTimes
CoDisconnectObject
CoRegisterMallocSpy
GetClassFile
OleIsRunning
OleFlushClipboard
CoCreateInstanceEx

oleaut32

SysStringLen
SysAllocStringLen
LoadTypeLi

msvcrt

exit
_strnicmp
_splitpath
_close
ctime
_wmakepath
_wcsnicmp
_strupr
strchr
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_stat
_XcptFilter
_exit
mbtowc
abort
wcscpy
_wsplitpath
_chdrive
_unlink
remove

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dc1354074110228140d27270ef8ad0b7

Headers

File Characteristics

Imports

gdi32

kernel32

advapi32

shell32

user32

ws2_32

version

ole32

oleaut32

msvcrt

Sections

.text Size: 197KB - Virtual size: 197KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 93KB - Virtual size: 93KB

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 93KB - Virtual size: 93KB