bde7e986edfa0fc377ceecedf7493c36

Sharing

Copy URL Twitter E-mail

General

Target

bde7e986edfa0fc377ceecedf7493c36
Size

680KB
MD5

bde7e986edfa0fc377ceecedf7493c36
SHA1

8d9a87f775fb7d13aaea598cae0eeee440352ccf
SHA256

83f74b0742fa79fffebc90121f031da76c6f16de3b873f64e93bec9fcdedd45e
SHA512

a2f69de80536399b916d9f16a222e9519bd935ef1e7913d9bb18efeccd879a86a78d57d8bc3938260e7b0fd4cee02396ee1dcfe88f1e2a0e244baac0a2021e51
SSDEEP

12288:c8936YIy/KFdofx0f/OeLjmhrPm1aKcmRnUBhzSPcEH/+C:c8yy/KofU/OiXainUBsxf+C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bde7e986edfa0fc377ceecedf7493c36

Files

bde7e986edfa0fc377ceecedf7493c36
.exe windows:4 windows x86 arch:x86

7b746e6aa718be8be375812fe98b2a19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\msazbvqg\oxai\petnweg\judueywvg.pdb

Imports

advapi32

LookupPrivilegeNameW
CryptGetHashParam
RegSetValueW
GetUserNameW
CryptSetProviderExW
RegRestoreKeyW
CryptSetHashParam

gdi32

DeleteObject
DescribePixelFormat
DrawEscape
EnumICMProfilesA
CreateEnhMetaFileA

kernel32

InitializeCriticalSection
GetLocaleInfoA
HeapReAlloc
SetLastError
FlushFileBuffers
HeapValidate
VirtualFree
DeleteCriticalSection
GetStdHandle
CompareStringW
DebugBreak
IsBadReadPtr
OpenProcess
TerminateProcess
WriteFile
TlsFree
GetTimeFormatA
GetCPInfo
GetLocaleInfoW
GetCurrentProcess
GetSystemTime
VirtualUnlock
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
HeapAlloc
UnmapViewOfFile
InterlockedIncrement
OpenMutexA
InterlockedDecrement
ExitProcess
GetCalendarInfoW
GetTickCount
AddAtomA
VirtualAlloc
GetDriveTypeA
OutputDebugStringW
GetLocalTime
OutputDebugStringA
LeaveCriticalSection
CreateMutexA
FileTimeToSystemTime
HeapCreate
VirtualQuery
HeapDestroy
LCMapStringW
GetCurrentThread
CopyFileExA
CreateWaitableTimerA
GlobalDeleteAtom
EnumCalendarInfoExA
MoveFileW
FlushInstructionCache
FormatMessageW
WriteConsoleA
GetFileType
DeleteFiber
SetStdHandle
GetFullPathNameW
CloseHandle
lstrcpyA
InterlockedExchange
GetAtomNameA
IsBadWritePtr
SetHandleCount
FindFirstFileExA
RtlUnwind
GetProfileSectionW
GetProfileStringA
UnhandledExceptionFilter
SetEnvironmentVariableA
FreeLibrary
MultiByteToWideChar
GetTimeZoneInformation
GetCurrentThreadId
WriteConsoleOutputCharacterA
WritePrivateProfileStructW
GetStringTypeW
QueryPerformanceCounter
TlsGetValue
EnumDateFormatsA
lstrcatA
FreeEnvironmentStringsA
VirtualLock
SetConsoleCtrlHandler
GetEnvironmentStringsW
GetStartupInfoA
GetOEMCP
SetFilePointer
GetModuleHandleA
GetVersion
lstrcpynW
TlsSetValue
HeapSize
GetModuleFileNameA
lstrcmpiA
GetPrivateProfileIntW
GetCurrentProcessId
GetLastError
GetCommandLineA
EnumSystemLocalesW
GetACP
LoadLibraryA
WriteProfileSectionW
ReadFile
WideCharToMultiByte
VirtualQueryEx
LCMapStringA
GetNamedPipeInfo
FindNextFileW
GetEnvironmentStrings
GetStringTypeA
TlsAlloc
lstrlen
EnterCriticalSection
GlobalSize
GetProcAddress
HeapFree
OpenSemaphoreA
CompareStringA

wininet

InternetAutodial
InternetAlgIdToStringA
InternetSetCookieA
GopherGetAttributeW
FtpOpenFileA
SetUrlCacheGroupAttributeA
InternetConnectA
FtpRemoveDirectoryW
InternetReadFileExA

comctl32

ImageList_AddMasked
ImageList_SetFilter
CreateStatusWindowA
ImageList_AddIcon
ImageList_GetIcon
GetEffectiveClientRect
ImageList_Copy
ImageList_DragShowNolock
ImageList_Destroy
ImageList_ReplaceIcon
InitCommonControlsEx

user32

CreatePopupMenu
MessageBoxA
CreateDialogIndirectParamA
SendNotifyMessageW
DestroyWindow
GetMessageA
ReleaseCapture
ModifyMenuW
CharToOemBuffW
SendDlgItemMessageW
WINNLSEnableIME
GetKeyboardType
ShowWindowAsync
RegisterWindowMessageA
GetScrollRange
OpenInputDesktop
CreateWindowExW
CreateAcceleratorTableW
ShowWindow
VkKeyScanA
OpenDesktopW
DdeFreeDataHandle
DdeUnaccessData
LoadKeyboardLayoutW
InflateRect
DefWindowProcA
GetScrollPos
RegisterClassExA
SetMessageExtraInfo
IsDialogMessageW
ChangeDisplaySettingsExA
RegisterClassA
DrawTextW
IsCharLowerW
CheckMenuItem
GetDesktopWindow
DefMDIChildProcA
CharNextW
DdeImpersonateClient
DrawTextExA

comdlg32

PageSetupDlgW
PageSetupDlgA
GetOpenFileNameA

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b746e6aa718be8be375812fe98b2a19

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

wininet

comctl32

user32

comdlg32

Sections

.text Size: 220KB - Virtual size: 218KB

.rdata Size: 248KB - Virtual size: 245KB

.data Size: 116KB - Virtual size: 139KB

.rsrc Size: 92KB - Virtual size: 89KB

.text
Size: 220KB - Virtual size: 218KB

.rdata
Size: 248KB - Virtual size: 245KB

.data
Size: 116KB - Virtual size: 139KB

.rsrc
Size: 92KB - Virtual size: 89KB