c895a9fb4ded9be4e785bbd8ef05c03c

Sharing

Copy URL Twitter E-mail

General

Target

c895a9fb4ded9be4e785bbd8ef05c03c
Size

160KB
MD5

c895a9fb4ded9be4e785bbd8ef05c03c
SHA1

d844d10489ab19cd60ea6a9799076f7fda5108d9
SHA256

ca1c433eabb7a281d92336eddab0dd66cb31aa365a2c88d445288927d409ff97
SHA512

0e37c5abfa5885ea2c35957f5259c24431f8d660a47323ec3c44c2a1e9be749ecd4c3b6de54279b6a795fb736eed17e1be84831053c9d206d7418915690ddcb8
SSDEEP

3072:rAB0+OxNLpz7kX9irtc0LwyQPtTBfrktbHq:retOxNLpve9QK0LwyItTBjqK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c895a9fb4ded9be4e785bbd8ef05c03c

Files

c895a9fb4ded9be4e785bbd8ef05c03c
.exe windows:4 windows x86 arch:x86

6e2d08cb05b2fbc8e01933898985c78d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetDiskFreeSpaceExW
GetDriveTypeW
OpenProcess
GlobalMemoryStatusEx
TerminateProcess
HeapFree
GetProcessHeap
HeapAlloc
CreateEventW
SetEvent
WideCharToMultiByte
GetEnvironmentVariableW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetComputerNameW
GetVersionExW
GlobalMemoryStatus
lstrcpyW
GetSystemDirectoryW
GetFileSize
ReadFile
SetFileAttributesW
CreateThread
WaitForSingleObject
GetWindowsDirectoryW
SetFilePointer
CreateFileA
GetShortPathNameW
lstrcatW
SetPriorityClass
SetThreadPriority
CreateProcessW
ResumeThread
CreateMutexW
Sleep
lstrlenW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetTempPathW
GetTickCount
CreateFileW
WriteFile
CloseHandle
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameW
InterlockedDecrement
GetCurrentThread
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapReAlloc
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetVersionExA
GetThreadLocale
InterlockedExchange
GetACP
GetLocaleInfoA

user32

SetCursorPos
mouse_event
BlockInput
wsprintfW
GetWindowRect
FindWindowW
SetThreadDesktop
OpenDesktopW
keybd_event
OpenWindowStationW
GetThreadDesktop
GetProcessWindowStation
CloseDesktop
GetUserObjectInformationW
OpenInputDesktop
CloseWindowStation
GetSystemMetrics
GetLastInputInfo
ShowWindow
PostMessageW
SetProcessWindowStation
EnumWindows
IsWindowVisible
GetWindowTextW
GetWindowThreadProcessId

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
BitBlt
GetDIBits
DeleteObject
CreateDCW
DeleteDC

advapi32

DeleteService
EnumServicesStatusW
QueryServiceConfigW
StartServiceW
ControlService
OpenSCManagerW
LockServiceDatabase
CloseServiceHandle
OpenServiceW
UnlockServiceDatabase
ChangeServiceConfigW
GetUserNameW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegDeleteValueW
RegCloseKey

shell32

ShellExecuteW

ole32

CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CoInitialize

oleaut32

VariantClear
SysFreeString
SysAllocString
GetErrorInfo

ws2_32

ntohs
gethostbyname
getpeername
socket
htons
htonl
recv
send
WSACleanup
WSAStartup
inet_ntoa
ntohl
inet_addr
select
closesocket
connect

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW
GetModuleBaseNameW

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e2d08cb05b2fbc8e01933898985c78d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

psapi

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 1KB