da1de6b09748ad71c709871dff204c0dd42980fbf77e75a29cfdf58c0d578e35

Sharing

Copy URL

Twitter E-mail

General

Target

da1de6b09748ad71c709871dff204c0dd42980fbf77e75a29cfdf58c0d578e35
Size

296KB
MD5

9595981085adf014884016adda19791f
SHA1

326b3277da78710c5f0948dad248f5ce14d70c9b
SHA256

da1de6b09748ad71c709871dff204c0dd42980fbf77e75a29cfdf58c0d578e35
SHA512

eb4c4bdac09c876b89f0d69b42f4dd5d7209cc249f6f3faa9ab42b2ca4f9ef7c99b21c81f1848c250aff9a80687fea0a4d0c547ccdd5f14fca5ae7cc2114b594
SSDEEP

6144:zq23+DjV2KxCDJ70z3Ui8ElDwh4LNGwzX/Ez1:j+92OCDJoz3U/EXHzX/Ez1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da1de6b09748ad71c709871dff204c0dd42980fbf77e75a29cfdf58c0d578e35

Files

da1de6b09748ad71c709871dff204c0dd42980fbf77e75a29cfdf58c0d578e35
.exe windows:4 windows x86 arch:x86

1e44d9f3b8eef3e85cdee1ccb1e5ffa5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapCreate
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
HeapDestroy
LCMapStringW
LCMapStringA
HeapSize
CloseHandle
HeapReAlloc
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
IsBadReadPtr
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapAlloc
RtlUnwind
HeapFree
SetErrorMode
GetOEMCP
GetCPInfo
FindResourceExA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFlags
InterlockedIncrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
VirtualProtect
InterlockedDecrement
SetLastError
GlobalUnlock
FormatMessageA
LocalFree
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
GetWindowsDirectoryA
WinExec
MulDiv
lstrcpyA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
OpenProcess
GlobalAlloc
GlobalReAlloc
lstrcpynA
GlobalFree
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetShortPathNameA
lstrcatA
GetFileAttributesA
DeleteFileA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
OpenMutexA
CreateMutexA
GetModuleFileNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetUnhandledExceptionFilter

user32

EndPaint
BeginPaint
GrayStringA
DrawTextExA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
GetDlgItemTextA
CheckRadioButton
CheckDlgButton
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetWindowTextLengthA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetDesktopWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
MapDialogRect
GetCapture
SetActiveWindow
GetAsyncKeyState
SetFocus
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
GetCursorPos
ValidateRect
GetLastActivePopup
IsWindowEnabled
GetKeyState
GetSystemMenu
EnableMenuItem
DeleteMenu
GetWindow
CopyIcon
SetWindowLongA
RedrawWindow
UpdateWindow
GetSysColorBrush
IsWindow
PtInRect
DrawTextA
DrawEdge
LoadBitmapA
GetSysColor
GetSubMenu
TrackPopupMenuEx
DestroyMenu
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
DrawFocusRect
FrameRect
FillRect
InflateRect
CopyRect
GetIconInfo
DrawStateA
OffsetRect
SetWindowPlacement
BringWindowToTop
GetWindowPlacement
GetClassNameA
GetWindowThreadProcessId
DestroyCursor
GetWindowLongA
GetDC
ReleaseDC
MessageBeep
EnumWindows
InvalidateRect
IntersectRect
IsRectEmpty
IsWindowVisible
LoadIconA
LoadCursorA
SetCursor
PostQuitMessage
MessageBoxA
PostMessageA
wsprintfA
FindWindowExA
GetDlgItem
RegisterWindowMessageA
EnumChildWindows
LoadImageA
GetClientRect
SendMessageA
GetWindowRect
GetParent
ScreenToClient
SetWindowPos
EnableWindow
DestroyIcon
GetWindowTextA
FindWindowA
ShowWindow
SetForegroundWindow
EndDialog

gdi32

EnumFontFamiliesExA
MoveToEx
LineTo
CreatePen
CreatePatternBrush
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SelectClipRgn
DeleteObject
SetMapMode
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
GetBkColor
SetBkMode
GetDeviceCaps
CreateFontIndirectA
CreateSolidBrush
CreateBitmap
SetBkColor
BitBlt
SetTextColor
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
SelectObject
SetPixel
GetPixel
DeleteDC
GetClipBox
GetStockObject

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA

shell32

ExtractIconExA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHLoadInProc
ShellExecuteA
ShellExecuteExA
SHGetMalloc

comctl32

_TrackMouseEvent
ImageList_AddMasked
ImageList_Draw
ImageList_SetBkColor
ImageList_ReplaceIcon
ord14
ord13
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Remove
ImageList_GetIcon
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Destroy
ImageList_Create
ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
VariantInit

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

btnhook

_DLL_DisableButtonBoogie@4
_DLL_SetCallBackWindow@12
_DLL_GetButtonHwnd@4
_DLL_GetButtonCount@0
_DLL_ApplyOrder@0
_DLL_RefreshGrouping@0

winmm

PlaySoundA

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e44d9f3b8eef3e85cdee1ccb1e5ffa5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

version

btnhook

winmm

Sections

.text Size: 156KB - Virtual size: 152KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 80KB - Virtual size: 77KB

.text
Size: 156KB - Virtual size: 152KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 80KB - Virtual size: 77KB