b71dc1189e77edad0e8262f40f4a8141

Sharing

Copy URL Twitter E-mail

General

Target

b71dc1189e77edad0e8262f40f4a8141
Size

9.7MB
MD5

b71dc1189e77edad0e8262f40f4a8141
SHA1

619125e77a4c84f7d57727ce4ef6f49909a35c5a
SHA256

e9ca9f0ba6d46054a58d6433c578b5cc061064bd730a17f23825422792ea297e
SHA512

57f7b7e59c065c360169eb3e7d7ea9f0b2287f93750f697511744de87ad3d756c07caa87724a75a12af9543e4420351d1abcd9f68152f9864961f40f55f48660
SSDEEP

98304:kzusnTXUk4or6WN2IFVPIIGiiyeiZyeiqEoZ:IEZor6WMIFVPIubede5EoZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b71dc1189e77edad0e8262f40f4a8141

Files

b71dc1189e77edad0e8262f40f4a8141
.exe windows:4 windows x86 arch:x86

c58b5623cdf4ed8e999d5ba183d95055

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FillRect
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetCursorPos
PtInRect
GetKeyState
SetForegroundWindow
BeginPaint
EndPaint
GetDesktopWindow
InvalidateRgn
SetCursor
GetDC
ReleaseDC
SetRect
HideCaret
ShowCaret
SetCaretPos
SetTimer
KillTimer
GetKeyboardState
GetKeyboardLayoutList
ToUnicodeEx
ActivateKeyboardLayout
GetKeyboardLayout
MessageBoxA
ShowWindow
SetFocus
GetSystemMetrics
DestroyWindow
TranslateMessage
GetQueueStatus
FrameRect
GetSysColor
UpdateWindow
SetScrollPos
GetUpdateRect
GetFocus
PostQuitMessage
SetScrollInfo
ShowScrollBar
CreateCaret
wsprintfA
GetClientRect
InvalidateRect

rpcrt4

UuidFromStringW

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW
InternetCreateUrlW
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetAttemptConnect
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExA
HttpOpenRequestW
InternetSetStatusCallbackW
InternetWriteFile
InternetConnectW
InternetOpenW
InternetSetOptionW
HttpSendRequestW
InternetQueryDataAvailable
InternetQueryOptionW
InternetSetFilePointer
FtpOpenFileW
HttpSendRequestExW

wsock32

send
recv
ntohs
closesocket
WSACleanup
gethostname
WSAAsyncSelect
gethostbyaddr
getsockname
ntohl
WSACancelBlockingCall
connect
setsockopt
listen
socket
bind
htonl
htons
inet_addr
accept
WSAGetLastError
WSASetLastError
ioctlsocket
gethostbyname
WSAStartup
shutdown

ole32

CoUninitialize
CoTaskMemFree
CLSIDFromProgID
CoCreateInstance
CoCreateGuid
CoInitialize

oleaut32

GetErrorInfo
SysFreeString
VariantInit
SysAllocString
VariantClear

kernel32

GetLocaleInfoA
SetEndOfFile
ReadFile
RtlUnwind
Sleep
SetEvent
FreeLibrary
WaitForSingleObject
ResetEvent
GetLocalTime
OpenMutexA
CreateMutexA
IsValidLocale
SetUnhandledExceptionFilter
FindClose
GetFileSize
Beep
GetCommandLineW
IsBadReadPtr
MulDiv
GetUserDefaultLCID
InterlockedDecrement
MapViewOfFile
UnmapViewOfFile
SetErrorMode
GlobalMemoryStatus
GetLogicalDrives
GetCurrentProcessId
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
LockResource
CreateFileA
FindFirstFileA
GetWindowsDirectoryA
GetComputerNameA
GetVolumeInformationA
DeleteFileA
GetSystemDirectoryA
CopyFileA
GetExitCodeProcess
CreateProcessA
SetFileAttributesA
GetFileAttributesA
GetVersion
GetSystemDefaultLCID
GetSystemDefaultLangID
GetTimeZoneInformation
GetDriveTypeA
FindNextFileA
DeviceIoControl
DefineDosDeviceA
QueryDosDeviceA
LocalFree
CompareStringA
InterlockedExchange
FlushInstructionCache
SetLastError
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetOEMCP
GetACP
LoadLibraryA
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringA
FlushFileBuffers
SetStdHandle
GetStringTypeA
SetFilePointer
GetFileType
SetHandleCount
GetEnvironmentStrings
LocalUnlock
LocalLock
LocalAlloc
MoveFileExA
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
CloseHandle
GetLastError
HeapSize
HeapReAlloc
VirtualAlloc
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
TerminateProcess
GetModuleHandleA
ExitProcess
GetSystemTimeAsFileTime
HeapAlloc
FlushConsoleInputBuffer
FileTimeToSystemTime
FileTimeToLocalFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
IsBadCodePtr
SetEnvironmentVariableA
SetConsoleCtrlHandler
RaiseException
GetFullPathNameA
GetCurrentDirectoryA
GlobalFree

netapi32

Netbios

comctl32

CreateStatusWindowW

winspool.drv

EndDocPrinter
StartPagePrinter
WritePrinter
EndPagePrinter
ClosePrinter

gdi32

CreateSolidBrush
SelectClipRgn
SetBkMode
PatBlt
StretchBlt
SetStretchBltMode
SetTextCharacterExtra
CreateRectRgn
MoveToEx
LineTo
StartPage
EndPage
GetEnhMetaFileBits
DeleteEnhMetaFile
CloseEnhMetaFile
AbortDoc
CreatePen
PtInRegion
CreateHalftonePalette
GetDIBColorTable
SelectPalette
RealizePalette
CreatePalette
SetTextJustification
PaintRgn
CreateCompatibleBitmap
SetEnhMetaFileBits
GetEnhMetaFileHeader
PlayEnhMetaFile
GetDIBits
CombineRgn
GetStockObject
SetRectRgn
EndDoc
FrameRgn
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateBitmap
SetTextColor
GetDeviceCaps
SetBkColor
Escape
GetRgnBox
BitBlt

odbc32

ord136
ord4
ord127
ord15
ord24
ord16
ord13
ord18
ord111
ord141
ord75
ord14

advapi32

RegCloseKey
CryptReleaseContext
CryptAcquireContextW
CryptAcquireContextA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExA
RegEnumValueA
CryptGenRandom

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 304KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.4MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c58b5623cdf4ed8e999d5ba183d95055

Headers

File Characteristics

Imports

user32

rpcrt4

wininet

wsock32

ole32

oleaut32

kernel32

netapi32

comctl32

winspool.drv

gdi32

odbc32

advapi32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 244KB - Virtual size: 240KB

.data Size: 304KB - Virtual size: 1.2MB

.data1 Size: 88KB - Virtual size: 86KB

.rsrc Size: 6.4MB - Virtual size: 6.3MB

.reloc Size: 220KB - Virtual size: 220KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 244KB - Virtual size: 240KB

.data
Size: 304KB - Virtual size: 1.2MB

.data1
Size: 88KB - Virtual size: 86KB

.rsrc
Size: 6.4MB - Virtual size: 6.3MB

.reloc
Size: 220KB - Virtual size: 220KB