e27de8d9df821f298b80b9df36a35613efb20482c56b29507a364ec2c7a84c28

Sharing

Copy URL Twitter E-mail

General

Target

e27de8d9df821f298b80b9df36a35613efb20482c56b29507a364ec2c7a84c28
Size

4.4MB
MD5

4d404cd74721c477c3852b59b103f4e5
SHA1

1dc01c1d180f19e1a1f9bba6606e1bcdf038485c
SHA256

e27de8d9df821f298b80b9df36a35613efb20482c56b29507a364ec2c7a84c28
SHA512

8a180df37d12e4fb9fff42a04186e06db0486023fcda4ae8bb71e970d971e3da8ccc532282eaaf7fab6dd16f054f8589e7a28207801d21b28075a222201ecd38
SSDEEP

98304:h6CcEwTVmycL5knirjGx4QstmC8C+MIRR:h6rNEytGjGx4Qsr8CSRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e27de8d9df821f298b80b9df36a35613efb20482c56b29507a364ec2c7a84c28

Files

e27de8d9df821f298b80b9df36a35613efb20482c56b29507a364ec2c7a84c28
.exe windows:6 windows x64 arch:x64

5fc6e7c70b549ec3c9cc129df4c0f0bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
IIDFromString
StringFromGUID2
CoCreateGuid
OleRun
OleSetContainedObject
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFolderLocation
SHGetFolderPathA
FindExecutableA
SHGetFolderPathW
CommandLineToArgvW

wininet

InternetCrackUrlA
HttpQueryInfoA
HttpOpenRequestA
InternetErrorDlg
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetReadFile
InternetConnectA

user32

EnumWindows
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA
TranslateMessage
GetWindowLongPtrA
PostQuitMessage
PostMessageA
IsWindowUnicode
PeekMessageA
MsgWaitForMultipleObjectsEx
DispatchMessageW
GetMessageW
MessageBoxA
LoadStringA
CharNextA
wsprintfA
ReleaseDC
GetParent
GetClassInfoExW
EnableMenuItem
GetDesktopWindow
GetClientRect
SendMessageA
ShowWindow
RegisterClassExW
GetWindowLongPtrW
SetWindowLongPtrA
RegisterClassExA
GetAncestor
GetWindowThreadProcessId
GetFocus
IsChild
SetFocus
SetRect
DefWindowProcW
GetSystemMenu
AdjustWindowRectEx
GetWindowRect
LoadCursorA
DestroyWindow
GetDC
SetWindowPos
SetWindowLongPtrW
CreateWindowExW
SetWindowTextW

comctl32

InitCommonControlsEx

kernel32

VirtualAlloc
GetSystemInfo
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetFileType
GetCPInfo
GetLocaleInfoW
VirtualQuery
FreeLibraryAndExitThread
EncodePointer
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
GetModuleFileNameW
WriteConsoleW
GetConsoleCP
GetConsoleMode
CreateThread
VirtualProtect
LCMapStringW
GetStdHandle
ExitThread
RtlCaptureContext
CreateDirectoryW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
SetStdHandle
CompareStringW
DeleteFileW
IsValidLocale
GetModuleFileNameA
SizeofResource
GetCommandLineW
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
FindResourceA
lstrcmpA
GetModuleHandleA
GetCommandLineA
MultiByteToWideChar
GetLastError
SetDllDirectoryA
RaiseException
IsDBCSLeadByte
LoadResource
DecodePointer
GetProcAddress
DeleteCriticalSection
FreeLibrary
EnumSystemLocalesW
lstrcmpiA
Process32First
WriteFile
lstrlenA
lstrcatA
CreateToolhelp32Snapshot
GetTempPathA
CreateFileA
GetSystemDirectoryA
LockResource
DeleteFileA
Process32Next
lstrcpyA
CloseHandle
FindResourceW
lstrcpynA
CreateDirectoryA
LocalFree
ReadFile
MulDiv
LocalAlloc
GetCurrentThreadId
FormatMessageA
Sleep
GetUserDefaultLCID
SetEvent
CreateEventA
FileTimeToSystemTime
SetEndOfFile
SetFilePointerEx
FindFirstFileA
SetLastError
GetDriveTypeA
FindNextFileA
FindClose
GetFileAttributesA
MoveFileExA
SetFileAttributesA
RemoveDirectoryA
GetTickCount
WaitForSingleObject
OpenMutexA
LoadLibraryExW
TerminateProcess
GetLocaleInfoA
OpenProcess
GetWindowsDirectoryA
ExitProcess
GetCurrentProcess
GetModuleHandleExW
GetNativeSystemInfo
GetSystemWow64DirectoryA
FormatMessageW
GetLocalTime
GetCurrentProcessId
GetSystemDefaultUILanguage
GetThreadLocale
GetUserDefaultUILanguage
QueryPerformanceFrequency
QueryPerformanceCounter
RtlUnwind
FlushViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
GetExitCodeThread
OpenThread
SetHandleInformation
CreatePipe
PeekNamedPipe
CreateProcessA
GetExitCodeProcess
GetModuleHandleExA
LoadLibraryW
CreateMutexA
ReleaseMutex
CreateFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
IsDebuggerPresent
OutputDebugStringW
HeapAlloc
HeapSize
HeapReAlloc
HeapFree
GetFileSizeEx
FlushFileBuffers
ReadConsoleW
GetCurrentDirectoryW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WideCharToMultiByte
UnmapViewOfFile

advapi32

GetTokenInformation
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
OpenProcessToken
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidA
ConvertStringSecurityDescriptorToSecurityDescriptorW

oleaut32

GetErrorInfo
SysStringByteLen
VariantInit
SysAllocString
VariantCopy
VariantChangeType
VariantClear
VarUI4FromStr
SysFreeString
SysAllocStringLen

shlwapi

PathIsDirectoryEmptyA
SHDeleteKeyA
ord12
PathAppendA

gdi32

GetDeviceCaps

iphlpapi

GetAdaptersAddresses

crypt32

CryptProtectData
CryptStringToBinaryA
CryptBinaryToStringA
CryptUnprotectData

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA

msi

ord91
ord160
ord31
ord168
ord117
ord137
ord189
ord67
ord8
ord158
ord159
ord115
ord141
ord44
ord204
ord87

Sections

.text
Size: 849KB - Virtual size: 849KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79.5MB - Virtual size: 79.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fc6e7c70b549ec3c9cc129df4c0f0bb

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

wininet

user32

comctl32

kernel32

advapi32

oleaut32

shlwapi

gdi32

iphlpapi

crypt32

version

msi

Sections

.text Size: 849KB - Virtual size: 849KB

.rdata Size: 359KB - Virtual size: 358KB

.data Size: 16KB - Virtual size: 25KB

.pdata Size: 36KB - Virtual size: 35KB

.rsrc Size: 79.5MB - Virtual size: 79.5MB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 849KB - Virtual size: 849KB

.rdata
Size: 359KB - Virtual size: 358KB

.data
Size: 16KB - Virtual size: 25KB

.pdata
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 79.5MB - Virtual size: 79.5MB

.reloc
Size: 6KB - Virtual size: 5KB