dfc9688f5499b86a1a3227f43e29e3f7

Sharing

Copy URL

Twitter E-mail

General

Target

dfc9688f5499b86a1a3227f43e29e3f7
Size

640KB
MD5

dfc9688f5499b86a1a3227f43e29e3f7
SHA1

6c5aaf01e95b15abbd48dcf821dd7050cbc6be4f
SHA256

69e32286bc7a629b1a20eeb7501504404b4b21edbedac8e179c58d391a39beaa
SHA512

b31a7decd242e29fc68bb97d68740567269a0d5d72c6dd81ba3acb7075d7bfd5399216fd7ed0f59dcb0ba0e3814c4978d7d4a3afe151d51516b65be24838c984
SSDEEP

12288:UfixBDfum1msk85gFSfXzh8X0lNF6FpWGzUzPfoMgA5C:PPDp0FSh8X0lf6FYDlgA4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfc9688f5499b86a1a3227f43e29e3f7

Files

dfc9688f5499b86a1a3227f43e29e3f7
.exe windows:4 windows x86 arch:x86

c96a679d55b792d55154dbf63dbffec4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\tghes\nqdte.pdb

Imports

wininet

GopherGetLocatorTypeA
RetrieveUrlCacheEntryFileA
DeleteUrlCacheEntryW
FtpPutFileEx
FtpSetCurrentDirectoryA
InternetSetCookieA
HttpSendRequestExW

comctl32

DrawInsert
DestroyPropertySheetPage
MakeDragList
ImageList_DragEnter
ImageList_Create
CreateStatusWindow
ImageList_LoadImageA
ImageList_EndDrag
ImageList_SetFlags
ImageList_SetIconSize
ImageList_BeginDrag
ImageList_DragMove
CreateUpDownControl
CreateStatusWindowW
ImageList_Merge
_TrackMouseEvent
ImageList_GetBkColor
InitCommonControlsEx
CreateMappedBitmap
CreatePropertySheetPageA
ImageList_GetFlags
ImageList_LoadImage
ImageList_SetOverlayImage
ImageList_Write
ImageList_Destroy

kernel32

SetThreadLocale
TlsSetValue
VirtualAlloc
VirtualQuery
SetLastError
CloseHandle
InterlockedExchange
DeleteCriticalSection
HeapAlloc
SetHandleCount
TransmitCommChar
EnterCriticalSection
EnumSystemLocalesA
WritePrivateProfileSectionW
TerminateProcess
SetLocalTime
GetSystemTimeAsFileTime
CopyFileA
GetCompressedFileSizeA
GetCurrentProcessId
SetConsoleTitleA
GetModuleFileNameW
SetStdHandle
TlsGetValue
ResumeThread
IsValidLocale
EnumDateFormatsW
WriteProfileStringA
FillConsoleOutputAttribute
SetConsoleMode
GetProcAddress
HeapCreate
LoadLibraryA
OpenMutexA
IsValidCodePage
GetCPInfo
SetPriorityClass
CompareStringA
GetTimeFormatA
GetOEMCP
ReadConsoleInputW
EnumCalendarInfoA
RtlUnwind
SetEndOfFile
VirtualAllocEx
FindNextFileA
CommConfigDialogA
CreateDirectoryA
InitializeCriticalSection
GetTimeZoneInformation
GetDateFormatA
GetUserDefaultLCID
GetMailslotInfo
CreateThread
ReadConsoleW
LocalCompact
HeapLock
GetStdHandle
GetFileSize
GetFileType
HeapFree
TerminateThread
GetVersionExA
SetThreadContext
GetCurrencyFormatA
GetCurrentThread
MultiByteToWideChar
GetLocaleInfoW
ReadConsoleOutputCharacterW
WriteProfileStringW
GetThreadTimes
WideCharToMultiByte
GetEnvironmentStringsW
GetCurrentThreadId
CreatePipe
FreeEnvironmentStringsW
CreateMutexA
GetEnvironmentStringsA
OpenEventW
SetEnvironmentVariableA
GetStringTypeA
GetTickCount
CommConfigDialogW
ReadFile
GetACP
GetFullPathNameA
VirtualFree
FlushFileBuffers
SetFilePointer
UnmapViewOfFile
GetPrivateProfileStringA
GetWindowsDirectoryW
WriteConsoleInputW
EnumResourceLanguagesW
GetCommandLineA
WriteFile
GetEnvironmentStrings
HeapSize
WriteConsoleOutputW
HeapDestroy
TlsAlloc
ReadFileEx
MapViewOfFile
GetLastError
SetThreadAffinityMask
GlobalFree
LCMapStringA
GetConsoleCursorInfo
GetThreadPriority
RtlFillMemory
HeapReAlloc
GetCommandLineW
GetComputerNameA
QueryPerformanceCounter
GetModuleHandleA
GetLocaleInfoA
GetCurrentProcess
FreeEnvironmentStringsA
GetDateFormatW
FormatMessageW
LocalFlags
UnhandledExceptionFilter
OpenSemaphoreA
GetStartupInfoW
IsBadWritePtr
GetSystemInfo
VirtualProtect
LeaveCriticalSection
WaitCommEvent
LoadModule
GetStringTypeW
lstrcmp
MoveFileW
LCMapStringW
GetCalendarInfoW
TlsFree
EnumDateFormatsA
ExitProcess
GetModuleFileNameA
GetFullPathNameW
GetStartupInfoA
GetLogicalDriveStringsW
CompareStringW
DebugActiveProcess

user32

ChangeMenuW
MessageBoxA
DdeQueryStringA
RegisterClassExA
LoadMenuW
DdeConnectList
SetPropW
CreateWindowExA
SetForegroundWindow
ShowWindow
GetWindowRgn
ShowWindowAsync
CreateDialogParamA
DestroyWindow
IsRectEmpty
RealGetWindowClass
EnumDisplaySettingsW
CharToOemW
LoadStringA
DefWindowProcA
RegisterWindowMessageA
DefFrameProcA
CopyAcceleratorTableW
VkKeyScanExA
WinHelpW
RegisterClassA
ChangeDisplaySettingsExW
LoadBitmapA

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c96a679d55b792d55154dbf63dbffec4

Headers

File Characteristics

PDB Paths

Imports

wininet

comctl32

kernel32

user32

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 268KB - Virtual size: 265KB

.data Size: 112KB - Virtual size: 126KB

.rsrc Size: 84KB - Virtual size: 80KB

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 268KB - Virtual size: 265KB

.data
Size: 112KB - Virtual size: 126KB

.rsrc
Size: 84KB - Virtual size: 80KB