be38ca4a36820a95926fcaf12616774e

Sharing

Copy URL Twitter E-mail

General

Target

be38ca4a36820a95926fcaf12616774e
Size

672KB
MD5

be38ca4a36820a95926fcaf12616774e
SHA1

0ac2a824ba7d7e4fbc8a908c9731dcca08fece84
SHA256

a71b6d4087c48a58137fda37d1b401d2930db0e0efb5767b6e74bc94e77aaa01
SHA512

2ba35a165e1486b2094e29652ddef4ad0c68173ce3448933d6ee64ba02c52c3defbfc7b5e82ee2a3025c69b015b113490677beeac1a2406d1b2c35aa5577b4f8
SSDEEP

12288:Tj4bmIufGPtQQHs7m+gtYZRBiY0E+xIyr5Sj/zEPCE7:ohufgQQ208RBiZ/r52/zEPCm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be38ca4a36820a95926fcaf12616774e

Files

be38ca4a36820a95926fcaf12616774e
.exe windows:4 windows x86 arch:x86

7d88e5b39755b2e16afa4892c132c9ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\sionfto\opbeoeot.pdb

Imports

wininet

InternetQueryOptionA
HttpSendRequestExW
FtpFindFirstFileW

shell32

SHFileOperation
ExtractIconW
SHFileOperationW
SHUpdateRecycleBinIcon
DragQueryFileW

user32

EnumDisplayDevicesW
PtInRect
EnumDesktopsA
RegisterClassExA
MapVirtualKeyExA
EnumWindowStationsW
SetWindowPlacement
VkKeyScanA
SetMenuItemInfoW
GetClassNameA
CheckDlgButton
GetMessagePos
DdeCmpStringHandles
GetKeyState
InflateRect
GetWindow
WinHelpA
DrawFrame
GetClipboardOwner
GetKeyboardLayoutNameA
RegisterWindowMessageA
VkKeyScanExW
AnyPopup
CreateDialogIndirectParamA
ShowOwnedPopups
RegisterClassA
IsDlgButtonChecked
ShowScrollBar
SetScrollInfo
SendIMEMessageExA
ReleaseCapture
FrameRect
TranslateMDISysAccel
PostMessageW
DlgDirListComboBoxW
LoadBitmapW
BeginPaint
DdeNameService
ChangeDisplaySettingsExA
IsCharUpperW
GetCursorInfo
TranslateAcceleratorA
DrawFrameControl
EnumThreadWindows
RegisterDeviceNotificationW
GetMenuItemCount
SetMenu
DdeCreateStringHandleA
ToAscii
MsgWaitForMultipleObjectsEx
IsZoomed
CharLowerBuffW
BroadcastSystemMessage
SetClipboardData
DefFrameProcA
EnumDisplaySettingsExA
PackDDElParam
ToUnicode
CreateIcon
DefDlgProcW
DestroyMenu
ArrangeIconicWindows
IsRectEmpty
InSendMessage
LoadAcceleratorsA
SystemParametersInfoA
MessageBoxW
BeginDeferWindowPos
DrawStateA
GetNextDlgGroupItem
GetDlgItem
InvertRect
CharLowerW
SetCaretBlinkTime
GetWindowRgn
CreateWindowStationA
GetWindowRect
GetWindowThreadProcessId
ReplyMessage
IsDialogMessageW
DefMDIChildProcW
GetClipboardFormatNameW
TranslateAccelerator
DefFrameProcW
GetDlgCtrlID
SetScrollRange
GetSysColorBrush
EnumDisplaySettingsExW
VkKeyScanExA
CreateCursor
RemovePropA
DdeFreeDataHandle
GetDlgItemTextW
DlgDirSelectComboBoxExA
GetKeyNameTextW

kernel32

GetProcAddress
WideCharToMultiByte
GetCurrentThreadId
HeapValidate
GetTickCount
InterlockedIncrement
InitializeCriticalSection
GetThreadSelectorEntry
RtlZeroMemory
LeaveCriticalSection
GetCommandLineW
LoadLibraryExA
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
DeleteCriticalSection
CloseHandle
GetStartupInfoW
GlobalFix
GetStartupInfoA
GetFileType
TerminateProcess
GetSystemTimeAdjustment
CreateMutexA
RtlFillMemory
IsDebuggerPresent
SetEndOfFile
HeapFree
GetLastError
InterlockedDecrement
GetFileSize
CompareStringW
SetFilePointer
GetCalendarInfoW
LCMapStringW
GetTimeZoneInformation
GetShortPathNameW
GlobalGetAtomNameW
GetTimeFormatA
GetStringTypeA
DebugActiveProcess
SetHandleCount
FreeEnvironmentStringsA
FlushFileBuffers
MoveFileExW
HeapAlloc
LoadLibraryA
MultiByteToWideChar
GetOEMCP
LoadLibraryW
TlsGetValue
SetLastError
InterlockedExchangeAdd
GetCPInfo
SetComputerNameW
EnterCriticalSection
GetModuleHandleA
UnhandledExceptionFilter
CreateDirectoryExA
GetVersion
GetSystemTime
RtlUnwind
GetCurrentProcess
GetEnvironmentStrings
SetStdHandle
GetLocalTime
VirtualFree
FreeEnvironmentStringsW
VirtualQuery
WriteConsoleOutputA
HeapDestroy
ExitThread
OpenProcess
GetStringTypeW
lstrcpyn
LCMapStringA
OpenMutexA
GetACP
CompareStringA
GetCurrentProcessId
GlobalDeleteAtom
VirtualLock
SetEnvironmentVariableA
EnumSystemCodePagesA
TlsFree
GetCommandLineA
MoveFileW
HeapCreate
FlushConsoleInputBuffer
TlsAlloc
WriteFile
IsBadWritePtr
GetCurrencyFormatA
PulseEvent
HeapReAlloc
GetDiskFreeSpaceExW
GetModuleFileNameA
ExitProcess
CreateFileW
ReadFile
GetCurrentThread
GetEnvironmentStringsW
GetStdHandle
TlsSetValue
InterlockedExchange

advapi32

RevertToSelf
RegConnectRegistryW
LogonUserW
RegOpenKeyExA
RegRestoreKeyW
RegLoadKeyA
InitiateSystemShutdownA
RegFlushKey
RegReplaceKeyW
CryptSetKeyParam
StartServiceW
RegOpenKeyW
CryptSetProvParam

gdi32

DescribePixelFormat
GetEnhMetaFileBits
GetBoundsRect
GetColorSpace
CreateEllipticRgnIndirect
CreateICA
FlattenPath
PatBlt
CreateCompatibleDC

comctl32

ImageList_GetIcon
DrawInsert
ImageList_SetImageCount
ImageList_DragShowNolock
ImageList_GetFlags
ImageList_DragEnter
ImageList_Merge
InitCommonControlsEx
ImageList_DragMove
ImageList_Duplicate
CreatePropertySheetPageW
ImageList_EndDrag
CreatePropertySheetPageA
ImageList_LoadImage
CreatePropertySheetPage
ImageList_GetDragImage
CreateUpDownControl
ImageList_SetFlags
ImageList_DrawEx
DrawStatusText

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d88e5b39755b2e16afa4892c132c9ac

Headers

File Characteristics

PDB Paths

Imports

wininet

shell32

user32

kernel32

advapi32

gdi32

comctl32

Sections

.text Size: 200KB - Virtual size: 198KB

.rdata Size: 252KB - Virtual size: 249KB

.data Size: 112KB - Virtual size: 120KB

.rsrc Size: 104KB - Virtual size: 102KB

.text
Size: 200KB - Virtual size: 198KB

.rdata
Size: 252KB - Virtual size: 249KB

.data
Size: 112KB - Virtual size: 120KB

.rsrc
Size: 104KB - Virtual size: 102KB