c1794c77c62f5cfdc8f2361bb20f30e2

Sharing

Copy URL Twitter E-mail

General

Target

c1794c77c62f5cfdc8f2361bb20f30e2
Size

127KB
MD5

c1794c77c62f5cfdc8f2361bb20f30e2
SHA1

15c2ff30b19771753cdd619e37f158577832814d
SHA256

8d8b30ccf8f11424e918ef8d7aaee61bcf8414975e7b34e81eac912af92e69d3
SHA512

d0421b5f54a51f0de5c4ac6360af74d6d71eecd2c0a2bd87b28dd53a31d9633cdcca2bbab7ced6ff16768d001488af429ed087d971574f909166dcbf06fff3f7
SSDEEP

3072:KiY6sEiE4ITHle297JqNaNgsnmSV2sY1cCHOaOrAUySTQJ:KiQlIj6jYQMdySK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1794c77c62f5cfdc8f2361bb20f30e2

Files

c1794c77c62f5cfdc8f2361bb20f30e2
.exe windows:4 windows x86 arch:x86

0a916ec738fbe81477c21dd125ce42f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

DeleteDC
StretchBlt
GetNearestColor
SetStretchBltMode
GetSystemPaletteEntries
CreateDIBitmap
CreateDIBSection
GdiEntry1
CreateDCA
BitBlt
GetDIBits
CreateCompatibleBitmap
GetDeviceGammaRamp
DeleteObject
CreateCompatibleDC
GetDeviceCaps
GetRandomRgn
GdiEntry13
GetRegionData
SelectObject
CreateRectRgn

winmm

timeEndPeriod
timeBeginPeriod

user32

CreateIconIndirect
DefWindowProcA
ChangeDisplaySettingsA
GetClientRect
IsWindow
IsZoomed
GetThreadDesktop
GetForegroundWindow
ClientToScreen
SetTimer
OffsetRect
KillTimer
SetWindowPos
PostMessageA
SystemParametersInfoA
DestroyIcon
SetCursor
SetRect
IntersectRect
ReleaseDC
CloseDesktop
GetWindowDC
GetSystemMetrics
ShowWindow
GetWindowThreadProcessId
SetWindowLongA
GetDesktopWindow
GetMonitorInfoA
GetWindowLongA
GetDC
SetForegroundWindow
LoadStringA
GetKeyState
OpenInputDesktop
SendMessageA
IsWindowVisible
wsprintfA
GetCursorPos
PtInRect
EnumDisplaySettingsA
GetUserObjectInformationA
mouse_event
IsIconic
SetCursorPos
GetCursor
CallWindowProcA

ws2_32

WSAGetLastError

d3d8thk

OsThunkDdResetVisrgn
OsThunkDdDeleteDirectDrawObject
OsThunkDdQueryMoCompStatus
OsThunkDdCreateMoComp
OsThunkDdUnlockD3D
OsThunkDdCreateSurface
OsThunkDdBlt
OsThunkDdCanCreateSurface
OsThunkDdCreateSurfaceEx
OsThunkDdCanCreateD3DBuffer
OsThunkDdCreateSurfaceObject
OsThunkDdGetBltStatus
OsThunkD3dDrawPrimitives2
OsThunkDdGetFlipStatus
OsThunkDdGetMoCompGuids
OsThunkD3dContextDestroy
OsThunkDdQueryDirectDrawObject
OsThunkDdRenderMoComp
OsThunkDdCreateD3DBuffer
OsThunkDdReleaseDC
OsThunkDdBeginMoCompFrame
OsThunkDdDeleteSurfaceObject
OsThunkDdWaitForVerticalBlank
OsThunkDdGetScanLine
OsThunkDdGetMoCompBuffInfo
OsThunkDdFlip
OsThunkDdSetExclusiveMode
OsThunkDdLockD3D
OsThunkDdAttachSurface
OsThunkD3dContextCreate
OsThunkDdGetMoCompFormats
OsThunkDdFlipToGDISurface
OsThunkDdEndMoCompFrame
OsThunkDdGetAvailDriverMemory
OsThunkD3dContextDestroyAll
OsThunkDdGetInternalMoCompInfo
OsThunkDdSetGammaRamp
OsThunkDdDestroySurface
OsThunkDdDestroyMoComp
OsThunkDdUnlock
OsThunkDdDestroyD3DBuffer
OsThunkDdLock
OsThunkDdGetDriverInfo
OsThunkDdReenableDirectDrawObject
OsThunkD3dValidateTextureStageState
OsThunkDdGetDriverState
OsThunkDdGetDC

kernel32

DeleteCriticalSection
DisableThreadLibraryCalls
DisconnectNamedPipe
SetUnhandledExceptionFilter
lstrcmpA
WaitNamedPipeA
FlushFileBuffers
QueryPerformanceCounter
VirtualAlloc
SetThreadPriority
OpenMutexA
ExitThread
TransactNamedPipe
IsProcessorFeaturePresent
GetCurrentThread
GetPrivateProfileStringA
GetSystemInfo
CreateMutexA
GetTickCount
VerifyVersionInfoA
LocalFree
GetProcAddress
UnhandledExceptionFilter
GetModuleHandleA
ReadFile
lstrcpynA
CreateNamedPipeA
DebugBreak
ConnectNamedPipe
TlsGetValue
GetSystemDirectoryA
WriteFile
OutputDebugStringA
GetProcessAffinityMask
CloseHandle
ReleaseSemaphore
QueryPerformanceFrequency
WaitForSingleObject
GetEnvironmentVariableA
CreateThread
CreateFileA
GetTempPathA
SetErrorMode
GetCurrentThreadId
GetNativeSystemInfo
WideCharToMultiByte
GetCurrentProcessId
CreateSemaphoreA
GetSystemTimeAsFileTime
TerminateProcess
GetVersionExA
VirtualFree
CreateEventA
GetModuleFileNameA
ResumeThread
SetNamedPipeHandleState
InterlockedCompareExchange
VirtualProtect
InterlockedDecrement
LocalAlloc
InterlockedIncrement
InterlockedExchange
ReleaseMutex
SetEvent
LoadLibraryA
GetCurrentProcess
PeekNamedPipe
TlsSetValue
GetFileSize
MoveFileA
Sleep
SetThreadAffinityMask
InitializeCriticalSection
TlsAlloc
GetLastError
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
SetFilePointer
MultiByteToWideChar
VerSetConditionMask
WaitForMultipleObjects

atmlib

ATMGetOutlineA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

crypt32

CertCloseStore

Sections

.textbss
Size: 79KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a916ec738fbe81477c21dd125ce42f3

Headers

File Characteristics

Imports

gdi32

winmm

user32

ws2_32

d3d8thk

kernel32

atmlib

version

crypt32

Sections

.textbss Size: 79KB - Virtual size: 448KB

.text Size: 512B - Virtual size: 440B

.rdata Size: 512B - Virtual size: 32B

.data Size: 512B - Virtual size: 4B

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 39KB - Virtual size: 38KB

.textbss
Size: 79KB - Virtual size: 448KB

.text
Size: 512B - Virtual size: 440B

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 512B - Virtual size: 4B

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 39KB - Virtual size: 38KB