b91dfb7da3636dcf0276afafce10040a

Sharing

Copy URL Twitter E-mail

General

Target

b91dfb7da3636dcf0276afafce10040a
Size

668KB
MD5

b91dfb7da3636dcf0276afafce10040a
SHA1

440ba2e061a428b44cbf1664bdb7fd7437f7cab5
SHA256

e8af73841f7d652cbe2c46ed89fd039867db1a975469ca5fe703dd0e6b359ef5
SHA512

a2ba136bc16813395368c94cf3b8251fe43bf42657ab5a0569f38a32a6a23f150603b18486646328cf35c6542f7f5e3a95b53c27fcb669a540e4612ef9d5acb3
SSDEEP

12288:Qa41910YVf8DklCdETaYVOSp835NA4vEIhFZwUt3XZULBfHioeN1Q:Qa+vY4CeTRVOS05NAGEIh8UFp+v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b91dfb7da3636dcf0276afafce10040a

Files

b91dfb7da3636dcf0276afafce10040a
.exe windows:4 windows x86 arch:x86

93b6f7b01f583dd9fdd52f5158c68195

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
HeapCreate
GetTimeZoneInformation
GetCurrentProcessId
IsValidCodePage
HeapReAlloc
DebugBreak
GetModuleHandleA
ReadFile
GetEnvironmentStrings
GetStdHandle
FreeEnvironmentStringsW
GetLocaleInfoA
GetConsoleMode
MultiByteToWideChar
GetTimeFormatA
SetConsoleCtrlHandler
RtlUnwind
GetSystemTimeAsFileTime
WideCharToMultiByte
WriteConsoleW
GetConsoleCP
WriteFile
TlsGetValue
SetLastError
SetStdHandle
InitializeCriticalSection
GetCPInfo
TlsAlloc
InterlockedIncrement
InterlockedDecrement
TerminateProcess
SetUnhandledExceptionFilter
GetVersionExA
HeapDestroy
TlsFree
GetEnvironmentStringsW
VirtualAlloc
GetCommandLineA
HeapFree
GetStringTypeA
CompareStringA
InterlockedExchange
UnhandledExceptionFilter
LeaveCriticalSection
GetDateFormatA
GetModuleFileNameW
VirtualQuery
GetStartupInfoA
GetOEMCP
OutputDebugStringW
LCMapStringA
SetEnvironmentVariableA
GetACP
GetStringTypeW
CloseHandle
GetModuleFileNameA
TlsSetValue
GetFileType
DeleteCriticalSection
GetTickCount
GetProcessHeap
RaiseException
EnterCriticalSection
IsBadReadPtr
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
ExitProcess
CompareStringW
GetLastError
HeapAlloc
CreateMutexA
OutputDebugStringA
GetCurrentProcess
IsDebuggerPresent
FreeEnvironmentStringsA
LoadLibraryA
HeapValidate
QueryPerformanceCounter
LoadLibraryW
CreateFileA
SetHandleCount
SetFilePointer
GetCurrentThreadId
VirtualFree
FlushFileBuffers

winspool.drv

OpenPrinterA
ord204

gdi32

CreateEnhMetaFileA
RectVisible
SetPixel
LPtoDP
ExtSelectClipRgn
OffsetRgn
BitBlt
RealizePalette
CreateDIBSection
SetTextAlign
TextOutA
CreatePen
BeginPath
SetWindowOrgEx
CreatePalette
ExtCreateRegion
Ellipse
GetViewportOrgEx
CreateFontA
StrokeAndFillPath
CloseEnhMetaFile
GetTextMetricsA
GetDIBits
GetGlyphOutlineA
OffsetClipRgn
CreateDIBitmap
GetObjectType
MoveToEx
DeleteObject
SetPolyFillMode
SetAbortProc
SetMapMode
PlayEnhMetaFile
Pie
EndPath

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegDeleteValueA
RegQueryInfoKeyA
RegCreateKeyExA
RegQueryValueExA
DeleteService
RegEnumKeyExA
StartServiceA
RegQueryValueA
QueryServiceConfigA
RegOpenKeyExA
GetUserNameA
RegCreateKeyA
RegSetValueA
RegOpenKeyA
RegDeleteKeyA

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ImageList_BeginDrag
ImageList_GetImageInfo
ImageList_DrawEx
ImageList_Remove
ImageList_LoadImageA
ImageList_Destroy
ImageList_DragMove
ImageList_SetBkColor
ImageList_Add
ord17
InitCommonControlsEx
ImageList_GetImageCount
DestroyPropertySheetPage
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_EndDrag
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetIcon
ImageList_Create
CreatePropertySheetPageA
PropertySheetA
ImageList_ReplaceIcon

comdlg32

CommDlgExtendedError
ChooseFontA
PrintDlgA
ChooseColorA
GetSaveFileNameA
GetOpenFileNameA

shell32

DragFinish
DragQueryFileA
SHGetFileInfoA
ord155

shlwapi

PathIsUNCServerShareA
PathFindFileNameA
PathBuildRootA
PathGetDriveNumberA
PathIsUNCServerA
PathRemoveBackslashA
PathIsRootA
PathIsURLA
PathIsUNCA

user32

LoadIconA
GetWindowTextLengthA
SendMessageA
CopyRect
GetSysColorBrush
RegisterWindowMessageA
DeleteMenu
LoadAcceleratorsA
TabbedTextOutA
GetClassInfoExA
DefWindowProcA
GetMenuState
MessageBoxA
CreatePopupMenu
LoadCursorA
DestroyAcceleratorTable
ClientToScreen
GetLastActivePopup
GetWindowRect
UnregisterClassA
GetWindow
FindWindowA
RegisterClassExA
DestroyIcon
DrawStateA
RegisterClassA
SetCapture
PeekMessageA
GetSysColor
SetScrollPos
GetSystemMenu
CreateWindowExA
DestroyWindow
CallNextHookEx
LoadStringA
CharNextA
PostMessageA
DrawTextA
ShowWindow
GetMessageA
GetMenuItemCount
IsIconic
SetCursor
InvalidateRect
GetCapture
GetActiveWindow
CreateAcceleratorTableA
MapWindowPoints

ole32

StgOpenStorage
WriteClassStg
OleCreateMenuDescriptor
OleUninitialize
OleLoad
OleGetIconOfClass
IsAccelerator
OleCreateLinkToFile
CLSIDFromProgID
OleSetMenuDescriptor
OleCreateFromFile
OleCreateLinkFromData
CoFreeUnusedLibraries
CoGetClassObject
CoRegisterMessageFilter
CoTaskMemFree
OleCreate
OleSave
OleDestroyMenuDescriptor
OleTranslateAccelerator
OleFlushClipboard
OleDuplicateData
OleSaveToStream
StringFromCLSID
CoRevokeClassObject

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93b6f7b01f583dd9fdd52f5158c68195

Headers

File Characteristics

Imports

kernel32

winspool.drv

gdi32

advapi32

comctl32

comdlg32

shell32

shlwapi

user32

ole32

Sections

.text Size: 220KB - Virtual size: 218KB

.rdata Size: 292KB - Virtual size: 289KB

.data Size: 84KB - Virtual size: 86KB

.rsrc Size: 68KB - Virtual size: 65KB

.text
Size: 220KB - Virtual size: 218KB

.rdata
Size: 292KB - Virtual size: 289KB

.data
Size: 84KB - Virtual size: 86KB

.rsrc
Size: 68KB - Virtual size: 65KB