c7e9540be14ebc7c4920b29c400ac53f

Sharing

Copy URL

Twitter E-mail

General

Target

c7e9540be14ebc7c4920b29c400ac53f
Size

45KB
MD5

c7e9540be14ebc7c4920b29c400ac53f
SHA1

2ddfa41de7d2121261688b4e1a09b5fc1c3b27ce
SHA256

0eb503d2def4bfd7191c5326c16ab75777dbf872a94235ccf00048c6167681c4
SHA512

3b7a52e37b8ab403f7e8cdb3c818ffe85b771c91b945932af21f202d45d76b2a42c59cd33c1b9e61f820c44642a40c315a07d88078bd9ef20741c6d735acdb4a
SSDEEP

768:CWDb4rPh21vkUpVKO1qq3uuCdRTG5XQ/jn1VhibbZ1EZVgmXDbphibbZ1EZVgmXZ:rX4rGMnqPCdRC2/4/Zk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7e9540be14ebc7c4920b29c400ac53f

Files

c7e9540be14ebc7c4920b29c400ac53f
.exe windows:4 windows x86 arch:x86

570263bf1b94ff1adbe6bb44a57f2f3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
CloseHandle
WriteFile
SetFilePointer
CreateFileW
CreateProcessW
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetModuleHandleW
WriteProcessMemory
VirtualAllocEx
LoadResource
LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrcmpiA
CreateMutexW
OpenMutexW
GetVersionExW
GetVolumeInformationA
GetComputerNameA
MoveFileExW
LockResource
SizeofResource
GetStartupInfoA
GlobalAlloc
GlobalLock
GlobalUnlock
VirtualAlloc
lstrlenA
ExitProcess
LoadLibraryW
GetProcAddress
GetCurrentThreadId
GetLocaleInfoW
GetTickCount
GetTempFileNameW
GetShortPathNameW
Sleep
FindFirstFileW
FindClose
GetModuleFileNameW
GetTempPathW
CopyFileW
GetModuleHandleA
OpenProcess
lstrlenW

user32

GetClientRect
LoadCursorW
SendMessageW
SetWindowsHookExW
SystemParametersInfoW
SendMessageA
UnhookWindowsHookEx
GetWindowRect
SetWindowPos
CallNextHookEx
DialogBoxParamA
MessageBoxW
GetDlgItem
EnableWindow
EndDialog
PostMessageA
LoadBitmapA

gdi32

GetObjectW
SetBkMode
GetStockObject

advapi32

RegCloseKey
RegCreateKeyW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegSetValueExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CreateStreamOnHGlobal

imagehlp

MapFileAndCheckSumW

wininet

InternetSetOptionW
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
InternetReadFile

shlwapi

wnsprintfW
StrStrIW
StrCatW
StrCpyW
StrCpyNW
StrStrW
wnsprintfA
PathAddBackslashW

gdiplus

GdipDeleteRegion
GdipCreateRegion
GdipMeasureCharacterRanges
GdipMeasureString
GdipDrawString
GdipDrawLineI
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipCreateFontFamilyFromName
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFont
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateStringFormat
GdipSetStringFormatMeasurableCharacterRanges
GdipGetRegionBoundsI
GdipDeleteStringFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipDrawLine
GdipCreateSolidFill
GdipCloneBrush
GdipAlloc
GdipFree
GdipCreatePen1
GdipCreateFromHDC
GdipCreateLineBrushFromRectWithAngle
GdipFillRectangleI
GdipLoadImageFromStream
GdipDisposeImage
GdipDeleteBrush
GdipDeleteGraphics
GdipDeletePen
GdiplusStartup

msvcp60

?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z

comctl32

InitCommonControlsEx

msvcrt

_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
free
__CxxFrameHandler
_EH_prolog
memcpy
memset
ceil
_ftol
_wtoi
wcslen
??2@YAPAXI@Z
atol
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

psapi

EnumProcesses
GetModuleFileNameExA

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 676KB - Virtual size: 675KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

570263bf1b94ff1adbe6bb44a57f2f3c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

imagehlp

wininet

shlwapi

gdiplus

msvcp60

comctl32

msvcrt

psapi

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 17KB - Virtual size: 19KB

.rsrc Size: 676KB - Virtual size: 675KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 17KB - Virtual size: 19KB

.rsrc
Size: 676KB - Virtual size: 675KB