ddf61994508a7f2edecfa629c5e3b63a

Sharing

Copy URL Twitter E-mail

General

Target

ddf61994508a7f2edecfa629c5e3b63a
Size

557KB
MD5

ddf61994508a7f2edecfa629c5e3b63a
SHA1

d84f1ecf08fae2b6e8955c1faad879f484e1c1cc
SHA256

d6d28b3f760fec3ee3a3086cee87e2ecf1774d196302db17373355d98979b957
SHA512

e719d00cd1960fe187c5b9de3d4571c43bfbe67cf4357edfdda752b9636833231784244117cb65d1e69d213276e844fceb5ea19a8c5fdaf5302a55464b5a3e82
SSDEEP

12288:9mVo4QJPaORr7cXgboTWs9ZJglUKWblEkn95pOYhB7Wmq/:U/8zrwXiw7glUrbld93NhBy3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SpkrWorkrus.exe

Files

ddf61994508a7f2edecfa629c5e3b63a
.zip
SpkrWorkrus.exe
.exe windows:4 windows x86 arch:x86

8576b40e073f60d2a23b63ac7df57a47

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutClose
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInClose
waveInReset
waveOutOpen
waveInOpen
waveInGetDevCapsA
waveInGetNumDevs
waveOutGetDevCapsA
waveOutGetNumDevs
mixerGetDevCapsA
mixerGetID
mixerGetNumDevs
waveOutUnprepareHeader
waveOutReset
waveInUnprepareHeader
mmioClose
mmioAscend
mmioWrite
mmioCreateChunk
mmioOpenA
mmioRead
mmioDescend
waveOutWrite
waveOutPrepareHeader
waveOutSetVolume
waveOutGetPosition

kernel32

IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
HeapSize
GetFileType
SetStdHandle
HeapReAlloc
GlobalLock
TerminateProcess
GetACP
RaiseException
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
Sleep
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
FindResourceExA
SetErrorMode
GetOEMCP
GetCPInfo
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
GlobalMemoryStatus
GlobalFree
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
CopyFileA
GlobalFlags
GetProcessVersion
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
GlobalReAlloc
GlobalSize
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProfileIntA
MulDiv
SetLastError
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
GetCurrentThread
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalUnlock
lstrcpyA
FormatMessageA
LocalFree
GetCurrentThreadId
CloseHandle
lstrcmpiA
GetLastError
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
lstrcpynA
GetFileAttributesA
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
InterlockedDecrement
lstrcmpA
InterlockedIncrement
FindResourceA
LoadResource
SizeofResource
LockResource
GetLocaleInfoA
GetTickCount
GlobalAlloc
GetStdHandle

user32

EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetTabbedTextExtentA
wvsprintfA
PostThreadMessageA
CopyAcceleratorTableA
CreateMenu
WaitMessage
GetWindowThreadProcessId
ClipCursor
AppendMenuA
GetSystemMenu
IsZoomed
GetClassNameA
RemoveMenu
DestroyIcon
CharNextA
GetNextDlgGroupItem
MessageBeep
FindWindowA
LockWindowUpdate
InvertRect
GetAsyncKeyState
GetMenuStringA
DeleteMenu
InsertMenuA
DestroyMenu
LoadAcceleratorsA
MapDialogRect
SetWindowContextHelpId
ShowWindow
MoveWindow
SetWindowTextA
UnregisterClassA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckRadioButton
CheckDlgButton
ShowOwnedPopups
PostQuitMessage
RedrawWindow
DefMDIChildProcA
DrawMenuBar
TranslateAcceleratorA
TranslateMDISysAccel
DefFrameProcA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
BeginPaint
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
GetWindow
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMessageA
TranslateMessage
DispatchMessageA
CallNextHookEx
ValidateRect
PeekMessageA
SetWindowsHookExA
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
LoadStringA
SetParent
SetFocus
SetScrollRange
WindowFromDC
GetLastActivePopup
SetForegroundWindow
SetActiveWindow
InSendMessage
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
ChildWindowFromPoint
GetSystemMetrics
GetKeyState
GetSysColorBrush
ModifyMenuA
ShowCursor
SetCursor
ReleaseCapture
SetCapture
GetDC
ReleaseDC
GetDesktopWindow
LoadCursorA
IntersectRect
EqualRect
UnionRect
GetCursorPos
WindowFromPoint
EnumClipboardFormats
DrawFocusRect
IsWindow
LoadIconA
GetWindowDC
GetDCEx
GetWindowRect
IsWindowVisible
LoadBitmapA
GetFocus
KillTimer
SetTimer
BringWindowToTop
FrameRect
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
RegisterClipboardFormatA
PtInRect
OffsetRect
FillRect
InflateRect
PostMessageA
ScreenToClient
SetRect
UnpackDDElParam
ReuseDDElParam
SetMenu
DestroyCursor
SetPropA
CharUpperA
GetClientRect
CopyRect
IsRectEmpty
SetRectEmpty
LoadMenuA
GetSubMenu
ClientToScreen
InvalidateRect
EnableWindow
UpdateWindow
GetParent
SendMessageA
TrackPopupMenu
SetWindowLongA
IsDialogMessageA

gdi32

GetTextExtentPoint32A
StartPage
StartDocA
SetAbortProc
CreateDCA
DeleteDC
CreatePatternBrush
UnrealizeObject
SaveDC
RestoreDC
SelectObject
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
EndDoc
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetBkColor
GetNearestColor
GetTextColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetTextMetricsA
GetTextFaceA
GetCharWidthA
GetWindowOrgEx
CreateRectRgnIndirect
BitBlt
CreateCompatibleDC
SetBrushOrgEx
CreateCompatibleBitmap
CreateFontA
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
GetMapMode
SetRectRgn
CombineRgn
CopyMetaFileA
LPtoDP
EnumFontFamiliesExA
AbortDoc
DPtoLP
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetStockObject
Arc
CreateEnhMetaFileA
CloseEnhMetaFile
DeleteEnhMetaFile
GetObjectA
GetWindowExtEx
CreateFontIndirectA
DeleteObject
CreatePalette
SelectPalette
RealizePalette
SetStretchBltMode
SetDIBitsToDevice
StretchDIBits
GetViewportOrgEx
CreateRectRgn
CreatePen
SetBoundsRect
PatBlt
CreateSolidBrush
Rectangle
Ellipse
Polyline
Polygon
GetBoundsRect
GetDeviceCaps
EndPage

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetFileTitleA
ChooseColorA
ChooseFontA
PrintDlgA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
RegEnumKeyExA
SetFileSecurityA
GetFileSecurityA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegSetValueExA
RegSetValueA

shell32

SHGetFileInfoA
DragAcceptFiles
DragFinish
DragQueryFileA
ExtractIconA

comctl32

ImageList_BeginDrag
ImageList_GetImageInfo
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_EndDrag
ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Destroy
ImageList_LoadImageA

oledlg

ord8

ole32

OleLockRunning
StringFromCLSID
StgOpenStorageOnILockBytes
RevokeDragDrop
CoTaskMemAlloc
CreateDataAdviseHolder
CoRegisterMessageFilter
CoGetClassObject
OleFlushClipboard
OleIsCurrentClipboard
CreateOleAdviseHolder
CreateGenericComposite
CreateStreamOnHGlobal
OleSaveToStream
WriteClassStm
ReleaseStgMedium
CreateILockBytesOnHGlobal
CreateBindCtx
StgCreateDocfileOnILockBytes
RegisterDragDrop
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoRevokeClassObject
CoRegisterClassObject
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
CoTaskMemFree
OleIsRunning
OleRun
CreateItemMoniker
CoLockObjectExternal
WriteClassStg
GetRunningObjectTable
CreateFileMoniker
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CoDisconnectObject
OleDuplicateData

olepro32

ord253

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
VariantChangeType
VariantClear
VariantCopy
SysStringByteLen
SysStringLen
SysAllocStringByteLen
LoadTypeLi
VariantTimeToSystemTime

Sections

.text
Size: 800KB - Virtual size: 799KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8576b40e073f60d2a23b63ac7df57a47

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 800KB - Virtual size: 799KB

.rdata Size: 208KB - Virtual size: 204KB

.data Size: 32KB - Virtual size: 48KB

.rsrc Size: 584KB - Virtual size: 584KB

.text
Size: 800KB - Virtual size: 799KB

.rdata
Size: 208KB - Virtual size: 204KB

.data
Size: 32KB - Virtual size: 48KB

.rsrc
Size: 584KB - Virtual size: 584KB