c296b163d3a2fedb2bcf24a796b2ded7

Sharing

Copy URL Twitter E-mail

General

Target

c296b163d3a2fedb2bcf24a796b2ded7
Size

824KB
MD5

c296b163d3a2fedb2bcf24a796b2ded7
SHA1

5194f787d89d68a81a848e8e2e57dec1e47655c6
SHA256

d4b6aa070bb19e74e840e8f5917d24ce29e84290cef7636f1d6beb5e5e61d4e7
SHA512

1b9e125729202f1d0dfd3f1c001c973717d0d6292a38628b157f8c30cf51f993bc6745ca626200777e303783e0edcf7827d0fcfa90c68394e2a56b8afb97ba09
SSDEEP

12288:+twIQjOglFJhp2CbfMMpu6mcS5q8e70ZASjZW3fTsYzFY3DMKRiP+H:+txQagxL20cAStcT3zqTMI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c296b163d3a2fedb2bcf24a796b2ded7

Files

c296b163d3a2fedb2bcf24a796b2ded7
.exe windows:4 windows x86 arch:x86

0fd4da83ef4b12e9d8853555ca1be597

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
WaitForSingleObject
SetEndOfFile
CloseHandle
DeleteFileA
DuplicateHandle
GetCurrentProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleA
ReadProcessMemory
HeapAlloc
GetWindowsDirectoryA
lstrcatA
SetEvent
OutputDebugStringA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetTickCount
GlobalFree
GlobalAlloc
OpenProcess
GetCurrentProcessId
TerminateThread
GlobalUnlock
GlobalLock
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
SetLastError
HeapFree
CreateThread
CreateProcessA
GetTempPathA
GetUserDefaultLCID
Sleep
CreateEventA
GetCurrentThreadId
LoadLibraryExA
lstrcpyA
GetProcessHeap
lstrcmpA
MulDiv
FlushInstructionCache
ResetEvent
GetLocalTime
GetShortPathNameA
CopyFileA
GetCommandLineA
OpenEventA
MultiByteToWideChar
ReleaseMutex
SetEnvironmentVariableA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetTimeZoneInformation
LCMapStringW
LCMapStringA
HeapSize
IsBadWritePtr
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
QueryPerformanceCounter
GetStartupInfoA
GetSystemTimeAsFileTime
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
ExitProcess
CreateRemoteThread
VirtualFree
VirtualAlloc
GetPriorityClass
ResumeThread
LocalFree
ReadFile
CreateMutexA
CreateDirectoryA
CreateFileA
SetFilePointer
WriteFile
WriteProcessMemory
GetSystemDirectoryA
GetVolumeInformationA
GetComputerNameA
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
GetVersion
GetLastError
lstrlenA
lstrcmpiA
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

wsprintfA
ReleaseDC
GetDC
GetSysColor
SendMessageA
DrawIconEx
UnregisterClassA
GetIconInfo
CallWindowProcA
GetParent
DefWindowProcA
SetFocus
MessageBoxA
CharUpperA
CharLowerA
SetRect
CharNextA
PostMessageA
UpdateWindow
SetActiveWindow
IsWindowVisible
FindWindowA
InvalidateRgn
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
FillRect
IsChild
GetFocus
DestroyAcceleratorTable
MapDialogRect
GetWindowTextLengthA
GetClassInfoExA
CreateDialogIndirectParamA
SetWindowContextHelpId
SetForegroundWindow
GetWindow
MapWindowPoints
LoadImageA
GetSystemMetrics
IsWindow
EndDialog
GetMessageA
SetWindowTextA
TrackPopupMenu
InsertMenuItemA
CreatePopupMenu
EndPaint
DrawTextA
SetWindowPos
BeginPaint
MoveWindow
ShowWindow
InvalidateRect
GetWindowRect
KillTimer
SetTimer
SetWindowLongA
GetWindowLongA
TranslateMessage
DispatchMessageA
PostThreadMessageA
CopyIcon
SetSystemCursor
GetDlgItem
SendDlgItemMessageA
RegisterWindowMessageA
SendMessageTimeoutA
DestroyWindow
LoadCursorA
FindWindowExA
GetWindowTextA
SystemParametersInfoA
RegisterClassExA
CreateWindowExA
EnumWindows
GetWindowThreadProcessId
GetClassNameA
EnumChildWindows
PostQuitMessage
GetClientRect

advapi32

RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
RegSetValueExA
RegDeleteValueA
RegOpenKeyA

ole32

CoInitialize
OleLockRunning
CoTaskMemAlloc
CoMarshalInterface
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromProgID
CoUnmarshalInterface
CoUninitialize
CoInitializeEx
OleUninitialize
OleInitialize
CoGetClassObject
CLSIDFromString
StringFromGUID2

oleaut32

OleCreateFontIndirect
SysStringByteLen
SafeArrayCreate
DispCallFunc
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantChangeType
SysAllocStringLen
VariantClear
VariantInit
SysAllocString
SysStringLen
LoadTypeLi
SysFreeString
LoadRegTypeLi

urlmon

URLDownloadToFileA
UrlMkSetSessionOption

shell32

SHGetSpecialFolderPathA

shlwapi

StrToIntExW
StrToIntExA
SHGetValueA

gdi32

CreatePalette
SetDIBits
GetDIBits
SetPixel
GetPixel
DeleteDC
CreateBitmap
GetObjectA
SelectObject
CreateCompatibleDC
CreateFontIndirectA
SelectPalette
CreateDIBSection
SetTextColor
SetBkMode
SetBkColor
GetStockObject
StretchBlt
SetStretchBltMode
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
GetDeviceCaps
RealizePalette
DeleteObject
CreateDIBitmap

comctl32

_TrackMouseEvent

wsock32

WSAStartup
gethostname
WSACleanup
ioctlsocket
htonl
gethostbyname

wininet

InternetOpenA
InternetConnectA
InternetSetOptionA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile

Sections

.text
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0fd4da83ef4b12e9d8853555ca1be597

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

urlmon

shell32

shlwapi

gdi32

comctl32

wsock32

wininet

Sections

.text Size: 356KB - Virtual size: 356KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 388KB - Virtual size: 388KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 356KB - Virtual size: 356KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 388KB - Virtual size: 388KB

.reloc
Size: 32KB - Virtual size: 32KB