b79688dbbefc8a392878a52e5574dd2f

Sharing

Copy URL Twitter E-mail

General

Target

b79688dbbefc8a392878a52e5574dd2f
Size

2.3MB
MD5

b79688dbbefc8a392878a52e5574dd2f
SHA1

2b397ef1ed53048f1527f8f821e67f6b0ba6111c
SHA256

e747da87eeb4a12351c4a4721af7da3cdcb37d81f4d396db406e811a92b60f33
SHA512

1a6472214b0661283aa56e9780774dacbbded13b0574ddf5d890610b0f8d0ffdefe971096c8700b6db17df4001ec1a9b9d0f9702a01050eb7a0b6443d8378f6c
SSDEEP

49152:4jZWLl9wPJt3J/7aUTuRsyQJmTwDYbxtWj+LOrxN9TXqir5:4jMLl9wPJBJ/7aUT8FCiwD+a0OdN9zd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b79688dbbefc8a392878a52e5574dd2f

Files

b79688dbbefc8a392878a52e5574dd2f
.exe windows:4 windows x86 arch:x86

01ccedd9596b99cab70355d0dbeb3755

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
InterlockedIncrement
CloseHandle
SetCurrentDirectoryA
CreateDirectoryA
GetSystemDirectoryA
GetCommandLineA
GetCurrentProcessId
SetLastError
GetCurrentThread
DuplicateHandle
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
RaiseException
UnhandledExceptionFilter
DeleteCriticalSection
GetACP
GetCPInfo
IsBadWritePtr
HeapCreate
HeapDestroy
SetEndOfFile
SetFilePointer
GetStdHandle
SetHandleCount
SetStdHandle
HeapSize
HeapReAlloc
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetVersion
GetStartupInfoA
TerminateProcess
InterlockedDecrement
GetModuleFileNameA
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
FreeLibrary
InitializeCriticalSection
GetCurrentProcess
ReadProcessMemory
VirtualQuery
GlobalFree
GetModuleHandleA
GlobalAlloc
SetFileAttributesA
CopyFileA
OutputDebugStringA
GetLastError
GetLocalTime
ExitProcess
FindNextFileA
MoveFileA
GetSystemTime
GetTimeZoneInformation
ExitThread
TlsSetValue
CreateThread
ResumeThread
FlushFileBuffers
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetFileType
RtlUnwind
HeapFree
GetProcessHeap
HeapAlloc
GetFullPathNameA
GetCurrentDirectoryA
FindResourceA
lstrlenA
LoadResource
SizeofResource
LockResource
Sleep
DeleteFileA
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
lstrcpyA
lstrcatA
GetVersionExA
GetOEMCP
ReadFile
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetSystemInfo
UnmapViewOfFile
CreateFileW
CreateFileA
WriteFile

user32

CallNextHookEx
FillRect
GetAsyncKeyState
SetWindowsHookExA
UnhookWindowsHookEx
MessageBoxA
GetWindowRect
GetWindowLongA
GetClientRect
SetWindowPos
GetMenu
CharNextA
SetWindowLongA
SendMessageA
ShowWindow
ChangeDisplaySettingsA
EnumDisplaySettingsA
ReleaseDC
GetDC
wsprintfA
PostMessageA
PtInRect
SetFocus
GetWindowTextA
GetKeyState
IntersectRect
SetRect
CreateWindowExA
AdjustWindowRect
RegisterClassA
LoadIconA
SetCursor
LoadCursorA
DestroyAcceleratorTable
UpdateWindow
CharPrevA
SetMenu
FindWindowA
LoadBitmapA
DefWindowProcA
GetKeyboardLayoutNameA
GetFocus
DestroyWindow
PostQuitMessage
LoadAcceleratorsA
PeekMessageA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA

gdi32

SetTextColor
GetTextExtentPoint32A
SetBkMode
TextOutA
DeleteDC
GetDeviceCaps
StretchBlt
GetStockObject
DeleteObject
CreateDCA
CreateDIBSection
CreateFontA
SelectObject
CreateCompatibleDC
SetBkColor
RemoveFontResourceA
SetDeviceGammaRamp

shell32

ShellExecuteA

ole32

OleSetContainedObject
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
CoCreateInstance
OleCreate

d3d9

Direct3DCreate9

winmm

mmioClose
mmioOpenA
timeGetTime
mmioRead
mmioDescend
mmioGetInfo
mmioCreateChunk
mmioSeek
mmioSetInfo
mmioAdvance
mmioWrite
mmioAscend

imm32

ImmSetOpenStatus
ImmGetDefaultIMEWnd
ImmReleaseContext
ImmCreateContext
ImmDestroyContext
ImmGetConversionStatus
ImmAssociateContext
ImmGetContext
ImmSetConversionStatus
ImmGetCompositionStringA
ImmGetCandidateListA
ImmGetOpenStatus

dinput8

DirectInput8Create

dsound

ord11

wsock32

WSAStartup
WSAAsyncSelect
closesocket
bind
htons
gethostname
socket
send
WSAGetLastError
connect
ioctlsocket
recv
listen

iphlpapi

GetAdaptersInfo

msvfw32

MCIWndCreateA

wininet

FindCloseUrlCache
FindNextUrlCacheEntryA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA

shlwapi

PathIsDirectoryA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

oleaut32

VariantInit
SysAllocString
VariantClear

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 25.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ultra
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01ccedd9596b99cab70355d0dbeb3755

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

d3d9

winmm

imm32

dinput8

dsound

wsock32

iphlpapi

msvfw32

wininet

shlwapi

advapi32

oleaut32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 100KB - Virtual size: 97KB

.data Size: 132KB - Virtual size: 25.5MB

.rsrc Size: 24KB - Virtual size: 20KB

.ultra Size: 8KB - Virtual size: 8KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 132KB - Virtual size: 25.5MB

.rsrc
Size: 24KB - Virtual size: 20KB

.ultra
Size: 8KB - Virtual size: 8KB