dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c

Sharing

Copy URL Twitter E-mail

General

Target

dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c
Size

2.2MB
MD5

40e9952d6086854aeae86431ca387a1c
SHA1

f9b0087ec6e2531d0483aacaea893f90a06b1357
SHA256

dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c
SHA512

18d8b9cc4598a71ac200d1a307eadf46869fa6480723dc14f5127b06bfefeb29b02328995dec9ac21ac5f3f5158b55a8e53a08b74fc378b20cbbaf51f8e34dea
SSDEEP

24576:YP3h/JPd0bJ60h7xyGWHPApPK0aTvYrbtpnSk763jc+Sd/1UuN3XzPQVwqU:YPhr0bvh7xyGmJTYbOk763jc+0NTn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c

Files

dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c
.exe windows:4 windows x86 arch:x86

7d4ea1d5b6b6381bc0bffc37c4e4c0f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__p__fmode
_except_handler3
__getmainargs
_acmdln
exit
_XcptFilter
_exit

imm32

ImmUnregisterWordW
ImmUnregisterWordA

mpr

WNetCloseEnum

comctl32

InitializeFlatSB

version

VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
GetFileVersionInfoW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

kernel32

Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WritePrivateProfileStringW
WriteFile
WriteConsoleW
WriteConsoleA
WideCharToMultiByte
WaitForSingleObject
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryA
LeaveCriticalSection
ExitProcess
EnterCriticalSection
InitializeCriticalSection
GetCommandLineA
IsValidCodePage
CreatePipe
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileW
EnumSystemLocalesA
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeResource
GetACP
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetDiskFreeSpaceExW
GetDriveTypeA
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetPrivateProfileIntW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetThreadLocale
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsProcessorFeaturePresent
IsValidLocale
LCMapStringA
LCMapStringW
LoadLibraryW
LoadResource
LocalFree
LockResource
lstrlenA
lstrlenW
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventW
OpenProcess
OutputDebugStringW
QueryDosDeviceW
QueryPerformanceCounter
RaiseException
ReadFile
RemoveDirectoryW
ResetEvent
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesW
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
WaitForMultipleObjects

user32

SetTimer
SetWindowLongW
SetWindowPos
SetRectEmpty
SystemParametersInfoW
TranslateMessage
UnregisterClassA
SetRect
SetForegroundWindow
SetCursor
SetCapture
SetActiveWindow
ShowWindow

winspool.drv

XcvDataW
SetPortA
SetPortW
SetFormW
SetFormA
WaitForPrinterChange
SetPrinterDataExW
SetPrinterDataExA
SetPrinterDataW
ScheduleJob
WritePrinter
StartPagePrinter
StartDocPrinterW
SetPrinterW
SetPrinterA
SetJobW
SetJobA
OpenPrinterW
StartDocPrinterA

advapi32

StartServiceW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
OpenServiceW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CloseServiceHandle

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 872KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.csm61
Size: 999KB - Virtual size: 999KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7d4ea1d5b6b6381bc0bffc37c4e4c0f8

Headers

File Characteristics

Imports

msvcrt

imm32

mpr

comctl32

version

kernel32

user32

winspool.drv

advapi32

Sections

.text Size: 412KB - Virtual size: 411KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 14.0MB

.tls Size: 4KB - Virtual size: 16B

.rsrc Size: 872KB - Virtual size: 872KB

.csm61 Size: 999KB - Virtual size: 999KB

.text
Size: 412KB - Virtual size: 411KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 14.0MB

.tls
Size: 4KB - Virtual size: 16B

.rsrc
Size: 872KB - Virtual size: 872KB

.csm61
Size: 999KB - Virtual size: 999KB