b79be77cce418e56128325585f12aea9

Sharing

Copy URL Twitter E-mail

General

Target

b79be77cce418e56128325585f12aea9
Size

600KB
MD5

b79be77cce418e56128325585f12aea9
SHA1

4788adb54c32c21c812fa7be0c66e8be08bc5ce5
SHA256

522d9114f6fdd23ff02a562a7a9fa20af5d27625def6a066dfd8b37b59d48857
SHA512

63326308b9cf6d0c4315c9f42d4ccf4e2c335edc0838aef06849657e8d6974f75b867f822a36fde4460f15a19b34ad21544225fbc1e4afd6ee98526150eb226d
SSDEEP

12288:NYjogoDF7u05HpUELWlIEGVeAtIR/LrHN0yM3qiAeg:NYj/o57V4EXhftIRjrHN1SqiAe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b79be77cce418e56128325585f12aea9

Files

b79be77cce418e56128325585f12aea9
.exe windows:4 windows x86 arch:x86

73630eeb8b9220bd54c4cd4f9adf3e8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\optram\aeyeeyex\ttepxuqxzz\eovxie\snv.pdb

Imports

shell32

SHFileOperationW
SHGetSpecialFolderPathW
DuplicateIcon
SHGetSettings

comdlg32

ChooseColorA

user32

EnumDisplayDevicesA
DrawMenuBar
RegisterClassExA
RegisterClassA
PostQuitMessage
RealChildWindowFromPoint
GetInputDesktop
SetParent
DdeInitializeA
CreateIconFromResourceEx
DdeUnaccessData
DestroyWindow
UnloadKeyboardLayout
DispatchMessageW
DdeCreateDataHandle
ToUnicodeEx
GetMessageA
DefWindowProcW
CallMsgFilterW
ScreenToClient
MessageBoxW
ShowOwnedPopups
CreateWindowExA
ShowWindow
LoadKeyboardLayoutA
DrawTextExW
SendMessageTimeoutA
LoadStringW
DdeInitializeW
ImpersonateDdeClientWindow
GetWindowDC

comctl32

DrawStatusText
ImageList_EndDrag
ImageList_Remove
CreatePropertySheetPage
ImageList_DrawIndirect
ImageList_GetFlags
ImageList_Draw
ImageList_GetIcon
ImageList_Copy
ImageList_SetFlags
InitCommonControlsEx
ImageList_DragEnter
GetEffectiveClientRect
CreatePropertySheetPageA
ImageList_Read
ImageList_SetImageCount
ImageList_LoadImageW
ImageList_AddMasked
MakeDragList

kernel32

WaitForSingleObjectEx
SetStdHandle
FindClose
TerminateProcess
InterlockedExchange
Sleep
IsDebuggerPresent
GlobalCompact
CreateFileA
TlsAlloc
SetUnhandledExceptionFilter
GetVersion
OpenMutexW
WriteFile
GetModuleFileNameW
VirtualQuery
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
InterlockedIncrement
GetWindowsDirectoryA
WaitForDebugEvent
ReadFile
GetEnvironmentStringsW
MultiByteToWideChar
VirtualAllocEx
WriteConsoleA
WriteConsoleW
UnhandledExceptionFilter
GetStringTypeA
GetDiskFreeSpaceA
FreeEnvironmentStringsW
RemoveDirectoryA
GetTickCount
VirtualFree
GetProcessHeap
EnterCriticalSection
RtlUnwind
GetDateFormatA
GetTimeZoneInformation
InterlockedDecrement
SetThreadContext
LocalShrink
GetOEMCP
lstrcpynA
GetProcAddress
ConvertDefaultLocale
GetCurrentDirectoryA
CreateSemaphoreW
GetStartupInfoA
SetVolumeLabelA
EnumResourceLanguagesA
FillConsoleOutputCharacterA
EnumSystemLocalesA
GlobalHandle
IsBadWritePtr
GetThreadPriorityBoost
FileTimeToSystemTime
LCMapStringA
HeapAlloc
WriteConsoleOutputA
CreateMutexW
GetNamedPipeHandleStateA
lstrcat
EnumCalendarInfoW
GetConsoleTitleA
WriteConsoleInputW
SetConsoleScreenBufferSize
GetConsoleOutputCP
GetEnvironmentStrings
SetConsoleWindowInfo
OpenSemaphoreW
CreateMailslotW
CompareStringW
GetTimeFormatA
VirtualAlloc
GetLastError
GetACP
SetConsoleCP
QueryPerformanceCounter
GetLocaleInfoW
OpenEventA
GetModuleFileNameA
GlobalFindAtomW
GetCurrentThread
GetCurrentThreadId
SetEnvironmentVariableA
TlsGetValue
VirtualProtectEx
TlsSetValue
GetProcAddress
HeapReAlloc
ReleaseSemaphore
GetFileType
TlsFree
HeapFree
GetStartupInfoW
GetStringTypeW
WriteProfileSectionW
InitializeCriticalSection
GetFileAttributesExW
LocalHandle
HeapCreate
HeapSize
GetUserDefaultLCID
DeleteCriticalSection
VirtualLock
HeapDestroy
CloseHandle
ExitProcess
GetModuleHandleA
SetHandleCount
LoadLibraryA
WritePrivateProfileStructA
CreateWaitableTimerA
ReadFileEx
GetCommandLineW
GetLocaleInfoA
GetCommandLineA
GetProcessAffinityMask
WideCharToMultiByte
OpenMutexA
GetConsoleMode
FreeLibrary
FreeEnvironmentStringsA
FlushViewOfFile
GetStdHandle
GetCPInfo
UnlockFile
IsValidLocale
ReadConsoleOutputW
InitializeCriticalSectionAndSpinCount
CompareStringA
SetConsoleCtrlHandler
SetConsoleCursorInfo
IsValidCodePage
LCMapStringW
SetLastError
GetCurrentProcess
WaitForSingleObject
LeaveCriticalSection
GetVolumeInformationW
GetCurrentProcessId
SetFilePointer
HeapLock
OpenWaitableTimerA
CreateMutexA
FlushFileBuffers
GetConsoleCP
GetVersionExA

advapi32

RegSaveKeyW
CryptGenRandom
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyA
ReportEventA
RegEnumValueW
StartServiceA
GetUserNameA
CryptGetUserKey
LookupPrivilegeDisplayNameA
DuplicateTokenEx
CryptAcquireContextW

wininet

InternetCheckConnectionA
CreateUrlCacheEntryW
FindFirstUrlCacheContainerW
RetrieveUrlCacheEntryStreamW
InternetDialA
FindNextUrlCacheEntryW
InternetAutodialHangup
FtpRemoveDirectoryW

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73630eeb8b9220bd54c4cd4f9adf3e8c

Headers

File Characteristics

PDB Paths

Imports

shell32

comdlg32

user32

comctl32

kernel32

advapi32

wininet

Sections

.text Size: 196KB - Virtual size: 193KB

.rdata Size: 252KB - Virtual size: 250KB

.data Size: 116KB - Virtual size: 118KB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 196KB - Virtual size: 193KB

.rdata
Size: 252KB - Virtual size: 250KB

.data
Size: 116KB - Virtual size: 118KB

.rsrc
Size: 32KB - Virtual size: 31KB