b7c7225c1e82a97d10e46d50e5517a17

Sharing

Copy URL Twitter E-mail

General

Target

b7c7225c1e82a97d10e46d50e5517a17
Size

576KB
MD5

b7c7225c1e82a97d10e46d50e5517a17
SHA1

5aae77aa5701945a3849f0e4921bb6db878e2064
SHA256

79b773a775886ccc10e6d3c8bd1ada4b36b42a8b000b329f769dc2053a12176b
SHA512

16e97acad921ff9087ae602c300fd8b27b9354c0e363df98139878e0ef208c4a3d09dad6cbd7411be21079cfc09417e41cfac611cd0928e047ce955ac9bcafae
SSDEEP

12288:eKvnTmv7uLmlUDPxop6hw5Pb+3EvGYp7OkrP02Vk5Zj:eknTmv7uL3x60uPagXpSkb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7c7225c1e82a97d10e46d50e5517a17

Files

b7c7225c1e82a97d10e46d50e5517a17
.exe windows:4 windows x86 arch:x86

8510488195ebd5973a04345dc9ab3e80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\kledftosz\med\mvdevdxxyk\mkqyywgml\xbjsois\cvex.pdb

Imports

kernel32

GetProfileIntW
HeapFree
FlushFileBuffers
InterlockedExchange
ReleaseSemaphore
InterlockedDecrement
UnhandledExceptionFilter
CreateMutexA
SetConsoleCursorInfo
RaiseException
CreateFileMappingW
GlobalGetAtomNameA
SetLastError
InitializeCriticalSection
IsDebuggerPresent
FoldStringW
GetModuleHandleA
WriteConsoleA
ReadFile
HeapAlloc
GetStringTypeW
RtlUnwind
SetEnvironmentVariableA
IsValidLocale
CloseHandle
WriteConsoleW
OpenMutexA
GetConsoleMode
GetStartupInfoA
GetLogicalDriveStringsA
HeapSize
LCMapStringA
VirtualFree
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
WideCharToMultiByte
LocalFree
FreeLibrary
GetStringTypeA
GetCurrentThreadId
GetProcessHeap
GetProfileIntA
GetTimeFormatA
GetSystemTimeAsFileTime
GlobalUnlock
GetCurrentThread
GetUserDefaultLCID
SetEvent
GetThreadLocale
TlsFree
SetFilePointer
GetCurrentProcessId
Sleep
GetModuleHandleW
EnumResourceTypesA
GetLocaleInfoA
VirtualAlloc
ReadConsoleW
DeleteCriticalSection
LCMapStringW
EnumSystemLocalesA
GetTickCount
GetProcAddress
GetEnvironmentStrings
PulseEvent
SetConsoleCtrlHandler
TerminateProcess
VirtualQuery
MoveFileW
SetConsoleMode
FreeEnvironmentStringsA
FindNextChangeNotification
CompareStringW
SetUnhandledExceptionFilter
FindResourceA
GetStdHandle
ExpandEnvironmentStringsW
GetEnvironmentStringsW
GetLastError
WriteFile
CompareStringA
EnterCriticalSection
GetCurrentProcess
GlobalAddAtomA
GetACP
HeapCreate
HeapDestroy
VirtualFreeEx
IsValidCodePage
HeapReAlloc
CreateFileA
InterlockedIncrement
TlsAlloc
QueryPerformanceCounter
MultiByteToWideChar
GetDateFormatA
SetComputerNameW
SetStdHandle
GetPrivateProfileStringA
GlobalLock
TlsGetValue
GetVersion
EnumResourceNamesA
GetCPInfo
EnumSystemCodePagesW
SetEnvironmentVariableW
GetConsoleCP
GetConsoleOutputCP
lstrcatA
LeaveCriticalSection
OpenWaitableTimerA
GetLocaleInfoW
GetVersionExA
GetModuleFileNameA
GetFileType
GetOEMCP
GetDiskFreeSpaceExW
GetTimeZoneInformation
ExitProcess
GetCommandLineA
SetHandleCount
CreatePipe
TlsSetValue
LoadLibraryA

advapi32

CryptReleaseContext
CryptEnumProviderTypesA
AbortSystemShutdownW
LookupPrivilegeDisplayNameA
CryptSetHashParam
CryptVerifySignatureA
CryptGenKey
RegCreateKeyA
RegRestoreKeyW
RegQueryValueA
RegCreateKeyExA
LookupAccountSidW
RegSetValueExA
StartServiceA
RegQueryValueExA
CryptImportKey
ReportEventA
CryptSetProviderExA
RegSetValueA
LookupAccountNameA
RegSetValueW
LookupPrivilegeValueA
ReportEventW
CryptDuplicateKey
LogonUserA

user32

GetUserObjectInformationA
GetSysColor
FindWindowExW
CreateWindowExW
GetThreadDesktop
DdeFreeStringHandle
SendMessageW
RegisterClassA
GetMenuInfo
PackDDElParam
SetParent
DefDlgProcA
ReleaseCapture
MsgWaitForMultipleObjectsEx
DestroyAcceleratorTable
GetFocus
CharLowerBuffA
InvalidateRect
InsertMenuItemA
GetSystemMetrics
MessageBoxW
LoadKeyboardLayoutA
SendInput
GetClassInfoA
ShowWindow
DrawFrame
CreatePopupMenu
MapVirtualKeyW
MessageBoxA
DdeGetData
ReleaseDC
MoveWindow
PeekMessageW
ArrangeIconicWindows
DdeNameService
DdeInitializeA
GetWindowRect
InsertMenuW
SetCapture
TranslateMessage
DestroyWindow
RegisterClassExA
SetActiveWindow
SetDlgItemTextW
SetClassWord
DdeUninitialize
DefWindowProcW
DlgDirListA
GetDlgCtrlID
GetOpenClipboardWindow

comctl32

DrawInsert
GetEffectiveClientRect
InitCommonControlsEx
ImageList_GetIconSize
CreatePropertySheetPageA
ImageList_SetOverlayImage
ImageList_DragEnter
ImageList_Merge
CreateToolbar
ImageList_DrawIndirect
ImageList_EndDrag

wininet

UnlockUrlCacheEntryFileW
InternetFortezzaCommand
RetrieveUrlCacheEntryStreamA
GopherGetAttributeW
FindNextUrlCacheContainerA
HttpQueryInfoA

gdi32

GetDeviceCaps
CreateDCW
SetDeviceGammaRamp
SelectObject
DeleteDC
GetObjectW

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8510488195ebd5973a04345dc9ab3e80

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

comctl32

wininet

gdi32

Sections

.text Size: 176KB - Virtual size: 175KB

.rdata Size: 264KB - Virtual size: 260KB

.data Size: 112KB - Virtual size: 134KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 176KB - Virtual size: 175KB

.rdata
Size: 264KB - Virtual size: 260KB

.data
Size: 112KB - Virtual size: 134KB

.rsrc
Size: 20KB - Virtual size: 16KB