MedisForWin171028[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

MedisForWin171028.exe
Size

69.2MB
MD5

4f4d2d13cfc2a948356df361201b0a27
SHA1

27cfa7cea8ea881d999fc8edefae35a3c1c30132
SHA256

62e32909f9dda866b07ff32e90c02dd12c06c247cbcbd4185d80a6d8d2756706
SHA512

cbfce9e76216dd7da0d81655fd17fcd0020068533c5b635892ba3dd80265ea9038e23871aeb512be7f9d42a5e924252ed4f4f92eeb05fb3f46edf1dac95bd349
SSDEEP

1572864:b6uMbgeRdf8XouXejUCxfu9SZyzQllHo4QzgLyJcP4oh7Ma38:bJeg4df848GblHo4QzgGwR7R8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MedisForWin171028.exe

Files

MedisForWin171028.exe
.exe windows:5 windows x86 arch:x86

6bfca56b9053ce670ef0d91576fb0f7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\GitHub\ebook\win-downloader\apps\bin\OutPut\Downloader.pdb

Imports

kernel32

GetTickCount
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
WaitForSingleObject
GetCurrentProcessId
CreateThread
MoveFileExW
InitializeCriticalSection
DeleteCriticalSection
GetFileType
DuplicateHandle
DosDateTimeToFileTime
SetFileTime
CreateEventW
SetEvent
LoadLibraryExW
GetCommandLineW
GetSystemDefaultLangID
lstrcmpW
DebugBreak
OutputDebugStringW
GetUserDefaultLCID
PostQueuedCompletionStatus
QueueUserWorkItem
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetModuleHandleExA
InterlockedExchange
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedExchangeAdd
GetLocalTime
CreateDirectoryA
DeleteFileA
SetFileAttributesA
CompareFileTime
GetFileTime
CreateFileA
GetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
HeapCreate
GetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
LCMapStringA
CompareStringW
GetCPInfo
GetStartupInfoA
GetCommandLineA
ExitThread
GetFileAttributesW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
GetSystemTimeAsFileTime
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
lstrlenA
GetLastError
ReadFile
GetTempPathW
GetTempFileNameW
InterlockedIncrement
InterlockedDecrement
GetCurrentDirectoryW
SetCurrentDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
WriteFile
FreeResource
lstrcpyW
lstrlenW
lstrcmpiW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
SystemTimeToFileTime
GetVersionExW
Sleep
ExitProcess
RaiseException
GetModuleHandleW
GetModuleFileNameW
CreateProcessW
CreateFileW
SetFilePointer
SetEndOfFile
CloseHandle
DeleteFileW
LoadLibraryW
GetProcAddress
SetLastError
FreeLibrary
GetSystemInfo
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA

user32

UnregisterClassA
PostMessageW
IsWindow
ShowWindow
SetWindowLongW
GetWindowLongW
SetWindowPos
FindWindowW
CharNextW
RegisterWindowMessageW
TrackMouseEvent
SetWindowTextW
RegisterClipboardFormatW
GetWindowTextW
GetWindowTextLengthW
DrawIcon
DrawIconEx
DrawTextW
GetKeyState
wvsprintfW
GetFocus
UpdateWindow
EnableWindow
WaitMessage
GetQueueStatus
MsgWaitForMultipleObjectsEx
GetClientRect
SetTimer
KillTimer
SetFocus
DestroyWindow
CallWindowProcW
DefWindowProcW
GetWindowRect
IsIconic
IsZoomed
ScreenToClient
GetDC
IsWindowEnabled
GetClassInfoExW
LoadCursorW
EnumDisplaySettingsW
ReleaseDC
PeekMessageW
RegisterClassExW
CreateWindowExW
InvalidateRect
SendMessageW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
SystemParametersInfoW
SetClassLongW
LoadImageW
GetSystemMetrics
OffsetRect
SetWindowRgn
GetMessagePos
PostQuitMessage
BeginPaint
EndPaint
SetForegroundWindow
DispatchMessageW
TranslateMessage
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
LoadStringW
FillRect
CopyRect
UnregisterClassW

gdi32

LineTo
MoveToEx
Rectangle
RoundRect
SetTextColor
CreateSolidBrush
SetBkColor
SetViewportOrgEx
SetWindowOrgEx
GetObjectW
DeleteObject
DeleteDC
StretchBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CombineRgn
CreateRectRgn
CreateRoundRectRgn
BitBlt
CreateFontW
GetTextExtentPoint32W
SetBkMode
GetObjectA
CreatePen

advapi32

RegEnumKeyExW
OpenProcessToken
DuplicateTokenEx
AllocateAndInitializeSid
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
FreeSid
RegCloseKey
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

shell32

CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
SHBrowseForFolderW
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteA

ole32

CoInitializeEx
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString

shlwapi

PathIsRootW
PathFileExistsA
PathFindFileNameA
PathRemoveFileSpecA
PathAppendA
PathCombineA
PathIsDirectoryA
PathFileExistsW
PathIsDirectoryW

comctl32

InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipClonePath
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipSetTextRenderingHint
GdipReleaseDC
GdipAddPathArcI
GdipAddPathLineI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCreateTexture2I
GdipCreateSolidFill
GdipSetImageAttributesColorKeys
GdipDeleteFont
GdipDeletePath
GdipCreatePath
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdipTranslateTextureTransform

netapi32

Netbios

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetOpenA
InternetSetOptionW
InternetCloseHandle
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetOpenUrlA
HttpSendRequestA
HttpOpenRequestW

winmm

timeGetTime

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68.8MB - Virtual size: 68.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bfca56b9053ce670ef0d91576fb0f7c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

netapi32

version

wininet

winmm

Sections

.text Size: 371KB - Virtual size: 371KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 17KB - Virtual size: 30KB

.rsrc Size: 68.8MB - Virtual size: 68.8MB

.text
Size: 371KB - Virtual size: 371KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 17KB - Virtual size: 30KB

.rsrc
Size: 68.8MB - Virtual size: 68.8MB