be73ab01f3d734b87fe9db2b7211d6f4

Sharing

Copy URL Twitter E-mail

General

Target

be73ab01f3d734b87fe9db2b7211d6f4
Size

60KB
MD5

be73ab01f3d734b87fe9db2b7211d6f4
SHA1

cc845d23c2116d7a7e2904b5498756b938dbcd28
SHA256

35b419c40a856f3d6d52e72eb370332b5c95ced5228ae9297f55ecddacd4e4e3
SHA512

374866e6f4ccfc0ca9d53000e5a3e458dabcae1146a2b8166b85657d4cd3bf6a663d4677934f131863a8acbcfea8881efd89a436c0480c907b904ebebf9f47e7
SSDEEP

1536:YS7xToPcwZUd39Vds65hUzpVoVTyUxfOL:ekjdtrN5mz7oVT3m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be73ab01f3d734b87fe9db2b7211d6f4

Files

be73ab01f3d734b87fe9db2b7211d6f4
.exe windows:5 windows x86 arch:x86

69f02f1b9d5fafaabb6d86ea3006bdf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowRect
DdeGetQualityOfService
GetKeyState
GetDlgItemTextA
DefDlgProcA
LockSetForegroundWindow
DialogBoxIndirectParamA
GetProgmanWindow
CallMsgFilterA
ExitWindowsEx
OemToCharBuffW
LoadBitmapW
MenuItemFromPoint
WINNLSGetIMEHotkey
IsRectEmpty
CharUpperBuffA
PostThreadMessageA
SetWindowLongA
ToUnicodeEx
MsgWaitForMultipleObjectsEx
keybd_event
DdeQueryStringW
GetDlgItemTextW
CreateWindowExW
CreateCursor
DrawCaptionTempW

crtdll

__iscsymf
_sopen
_mbsstr
_mkdir
_mbsinc
_fstat
fmod
_XcptFilter
iswalnum
ldexp
iswalpha
strncat
_mbslwr
_mbctohira
wcstok
_beginthread
ldiv
_kbhit
wcstol
__argc_dll
_endthread
wcsncat
fputwc
tolower
_spawnve
signal
_amsg_exit
_wcsnset
_ultow
iswdigit
_getche
frexp
floor
rand

cmpbk32

PhoneBookGetCountryId
PhoneBookGetPhoneDescA
PhoneBookGetPhoneDUNA
PhoneBookUnload
PhoneBookGetPhoneCanonicalA
PhoneBookGetCountryNameW
PhoneBookMatchFilter
PhoneBookEnumNumbers
PhoneBookGetCurrentCountryId
PhoneBookGetRegionNameA
PhoneBookGetPhoneNonCanonicalA
PhoneBookMergeChanges
PhoneBookGetCountryNameA
PhoneBookHasPhoneType
PhoneBookGetPhoneDispA
PhoneBookParseInfoA
PhoneBookGetPhoneType
PhoneBookFreeFilter
PhoneBookEnumNumbersWithRegionsZero
PhoneBookCopyFilter
PhoneBookLoad
PhoneBookEnumRegions
PhoneBookEnumCountries

kernel32

WritePrivateProfileSectionW
GetSystemTimeAsFileTime
CreateEventW
GlobalMemoryStatus
GetConsoleCP
ResumeThread
CreateFileA
lstrcmp
SetLastError
GetACP
SetConsoleWindowInfo
SetComputerNameExA
EnumResourceNamesW
BaseInitAppcompatCacheSupport
GetSystemDirectoryA
ClearCommError
SetMessageWaitingIndicator
GetCommMask
MapUserPhysicalPagesScatter
CreateJobObjectA
GetLastError
LoadLibraryA
OpenFile
GetFullPathNameA
GetModuleFileNameA
SetConsoleMenuClose
PurgeComm
VirtualAlloc
GetProcessAffinityMask
SetLocaleInfoA

sqlunirl

_VkKeyScan_@4
_CommDlg_OpenSave_GetFilePath@12
_EnumResourceLanguages_@20
_FindFirstFileEx_@24
_CreateDialogParam_@20
_CharPrev_@8
_LookupPrivilegeName_@16
_LoadCursor@8
_GetCurrentHwProfile_@4
_GetClassName_@12
_GetClassLong_@8
_CopyFile_@12
_GetCharWidth32_@16
_GetFileAttributes_@4
_RegReplaceKey_@16
_GetFullPathName_@16
_RegEnumValue_@32
_SetDlgItemText@12
_DialogBoxIndirectParam_@20
_GetLogColorSpace_@12
_CreateWaitableTimer_@12
_GetICMProfile_@12
_CreateDesktop_@24
_AppendMenu_@16
_GetTimeFormat_@24
_CommDlg_OpenSave_GetSpec@12
_OpenFile_@12
_IsCharAlpha_@4
_LookupPrivilegeValue_@12
_OpenService_@12

msdart

?GetSpinCount@CSpinLock@@QBEGXZ
?MpHeapCompact@@YAKPAX@Z
?IsWriteUnlocked@CSmallSpinLock@@QBE_NXZ
?IsUsable@CLKRHashTable@@QBE_NXZ
?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
?_SegIndex@CLKRLinearHashTable@@ABEKK@Z
?IsUsable@CLKRLinearHashTable@@QBE_NXZ
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?sm_wDefaultSpinCount@CSmallSpinLock@@1GA
?_Clear@CLKRLinearHashTable@@AAEX_N@Z
?ReadLock@CReaderWriterLock@@QAEXXZ
?IsEmpty@CSingleList@@QBE_NXZ
?GetSpinCount@CCritSec@@QBEGXZ
?_Lock@CSpinLock@@AAEXXZ
?WriteLock@CCritSec@@QAEXXZ
??4CDoubleList@@QAEAAV0@ABV0@@Z
??0CLKRHashTableStats@@QAE@XZ
?ReadLock@CReaderWriterLock2@@QAEXXZ
MpHeapAlloc
?SetDefaultSpinAdjustmentFactor@CFakeLock@@SGXN@Z
?MaxSize@CLKRLinearHashTable@@QBEKXZ
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
?IsReadLocked@CCritSec@@QBE_NXZ
?SetDefaultSpinCount@CReaderWriterLock2@@SGXG@Z
?_BucketAddress@CLKRLinearHashTable@@ABEKK@Z
MpHeapFree
mpMalloc
?ReadOrWriteUnlock@CFakeLock@@QAEX_N@Z
?IsValid@CLKRLinearHashTable@@QBE_NXZ
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ
?SetDefaultSpinCount@CSpinLock@@SGXG@Z

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69f02f1b9d5fafaabb6d86ea3006bdf5

Headers

DLL Characteristics

File Characteristics

Imports

user32

crtdll

cmpbk32

kernel32

sqlunirl

msdart

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 956B

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 956B

.rsrc
Size: 7KB - Virtual size: 6KB