d7b314cc4e7b79a52903de466cf5da65

Sharing

Copy URL Twitter E-mail

General

Target

d7b314cc4e7b79a52903de466cf5da65
Size

151KB
MD5

d7b314cc4e7b79a52903de466cf5da65
SHA1

15d10867d2d7beeee8b60875438282089b553352
SHA256

b4f636830b2d8d5563b6d9fbfca6770032718463fc0b9aa2b2812edfc490d07f
SHA512

1ef67e6f76ce05c41c3cc9653a3b44d571b6e8ff4c83ea8ca8f5a9622033ec12a97c2f0851f0bafa27781c1a06258fd43bdc9b5d64774df8c6a8cce8f1d46143
SSDEEP

3072:pJPnqeAH2m6aoe5WOz1HhKHASBXrfIhHrU6rxtb+zxF:pJPWMaQOz5QTIhHrU6rnA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7b314cc4e7b79a52903de466cf5da65

Files

d7b314cc4e7b79a52903de466cf5da65
.exe windows:4 windows x86 arch:x86

1fdd31456640b408d6476235458e5a05

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetProcessWindowStation
GetProcessWindowStation
PeekMessageW
MsgWaitForMultipleObjectsEx
WaitMessage
CharLowerBuffW
GetWindowLongA
wsprintfA
ClientThreadSetup
DispatchMessageA
TranslateAcceleratorW
GetWindowLongW
GetCapture
ClientThreadSetup
TranslateMessageEx
GetSystemMetrics
RegisterClassW
SetTimer
PostMessageW
GetThreadDesktop
GetDCEx
FindWindowA
PeekMessageW
GetDC
GetMessageW
CharLowerBuffW
CharUpperW
GetWindowLongW
GetWindowLongA
IsChild

kernel32

GetSystemTime
WriteProcessMemory
SleepEx
ReadFile
WriteProcessMemory
WriteProcessMemory
GetStartupInfoW
ReadProcessMemory
LoadLibraryExW
WaitForSingleObjectEx
TerminateProcess
CreateFileA
DeviceIoControl
DeviceIoControl
TerminateProcess
WriteProcessMemory
WaitForSingleObjectEx
WaitForSingleObjectEx
GetSystemTime
Sleep
CreateProcessW
CreateProcessA
ReadProcessMemory
WaitForSingleObject
WriteProcessMemory
LoadLibraryA
GetStartupInfoA
SleepEx
WaitForSingleObject
GetStartupInfoA
VirtualProtectEx
GetProcAddress
Sleep
GetLastError
LoadLibraryA
GetCommandLineA
SetHandleInformation
lstrcmpiA
TlsGetValue
FindAtomA
GetCurrentDirectoryA
GetCurrentThread
GetCurrentThreadId
ReadProcessMemory
VirtualProtectEx
TerminateProcess
GetStartupInfoA
GetSystemTimeAsFileTime
LoadLibraryExW
GetStartupInfoW
WriteProcessMemory
SleepEx
LoadLibraryExW
GetSystemTime
VirtualProtect
ReadProcessMemory
GetStartupInfoW
LoadLibraryExW
WaitForSingleObject
ReadProcessMemory
ReleaseMutex
ReadProcessMemory
CreateProcessW
ReadFile
GetStartupInfoW
LoadLibraryExW
Sleep
LoadLibraryA
GetStartupInfoA
ReadProcessMemory
GetStartupInfoW
GetStartupInfoW
TerminateProcess
GetSystemTimeAsFileTime
WriteProcessMemory
CreateProcessW
GetStartupInfoW
GetSystemTimeAsFileTime
CreateProcessW
LoadLibraryA
LoadLibraryExW
VirtualProtect
VirtualProtect
Sleep
VirtualProtectEx
DeviceIoControl
LoadLibraryA
WaitForSingleObjectEx
LoadLibraryA
CreateProcessA
LoadLibraryExW
GetStartupInfoW
WaitForSingleObjectEx
DeviceIoControl
CreateProcessA
VirtualProtectEx
TerminateProcess
GetSystemTimeAsFileTime
GetSystemTimeAsFileTime
LoadLibraryA
Sleep
CreateProcessW
GetStartupInfoW
ReadProcessMemory
ReadFile
TerminateProcess
Sleep
WaitForSingleObjectEx
TerminateProcess
WaitForSingleObjectEx
GetStartupInfoW
GetStartupInfoA
TerminateProcess
GetStartupInfoA
GetSystemTime
CreateProcessA
VirtualProtect
SleepEx
LoadLibraryExW
GetSystemTime
CreateFileA
ReadFile
SleepEx
WaitForSingleObject
ReadFile
VirtualProtectEx
GetStartupInfoW
WriteProcessMemory
LoadLibraryA
ReadProcessMemory
ReleaseMutex
CreateFileA
SleepEx
GetSystemTimeAsFileTime
CreateProcessW
GetStartupInfoA
VirtualProtectEx
VirtualProtect
GetStartupInfoA
WaitForSingleObjectEx
WriteProcessMemory
ReadFile
Sleep
WriteProcessMemory
VirtualProtect
GetStartupInfoW
ReleaseMutex
SleepEx
VirtualProtectEx
GetStartupInfoA
LoadLibraryExA
CreateProcessA
ReadProcessMemory
TerminateProcess
VirtualProtectEx
GetSystemTimeAsFileTime
LoadLibraryExW
DeviceIoControl
WaitForSingleObject
TerminateProcess
VirtualProtect
DeviceIoControl
DeviceIoControl
GetStartupInfoA
LoadLibraryA
LoadLibraryExW
VirtualProtectEx
ReadFile
GetStartupInfoA
VirtualProtectEx
LoadLibraryExA
VirtualProtect
ReleaseMutex
TerminateProcess

advapi32

MakeSelfRelativeSD
RegQueryValueExW
GetTokenInformation
AccessCheck
ImpersonateNamedPipeClient
AccessCheck
AccessCheck
ImpersonateNamedPipeClient
RegOpenKeyExW
RegOpenKeyExW
ImpersonateNamedPipeClient
RevertToSelf
RegQueryValueExW
RegQueryValueExW
AccessCheck
AccessCheck
OpenThreadToken
OpenThreadToken
GetSecurityDescriptorDacl
ImpersonateNamedPipeClient

gdi32

GdiDrawStream
DeleteObject
GdiValidateHandle
SetBkMode
GdiProcessSetup
GetDeviceCaps
CreateSolidBrush
GetTextExtentPoint32W
DeleteDC
SetBkColor
SetBkMode
SetBkColor
GetClipBox
TextOutW
SelectClipRgn
GetStockObject
GetTextCharsetInfo
GetTextExtentPointW
SetBkMode
GetTextMetricsW

comdlg32

GetFileTitleW
GetFileTitleA
GetFileTitleA
GetFileTitleA
GetFileTitleW
GetFileTitleW
GetFileTitleW
GetFileTitleW
GetFileTitleW
GetFileTitleA
GetFileTitleA
GetFileTitleA
GetFileTitleA
GetFileTitleA
GetFileTitleW
GetFileTitleA
GetFileTitleA
GetFileTitleW
GetFileTitleW
GetFileTitleA

Sections

.text
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 113KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fdd31456640b408d6476235458e5a05

Headers

File Characteristics

Imports

user32

kernel32

advapi32

gdi32

comdlg32

Sections

.text Size: 17KB - Virtual size: 20KB

.rdata Size: 113KB - Virtual size: 132KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 12KB

.rsrc Size: 5KB - Virtual size: 8KB

.text
Size: 17KB - Virtual size: 20KB

.rdata
Size: 113KB - Virtual size: 132KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 5KB - Virtual size: 8KB