660f1f4f3f550ae6fda8643201bb2809750ba7da8decb26a1565230893f68797

Sharing

Copy URL Twitter E-mail

General

Target

660f1f4f3f550ae6fda8643201bb2809750ba7da8decb26a1565230893f68797
Size

305KB
MD5

60f7824690465415385c0ed1086f52a8
SHA1

2f340a4363e0313e411d38e1ba4cd842e7820889
SHA256

660f1f4f3f550ae6fda8643201bb2809750ba7da8decb26a1565230893f68797
SHA512

9a74f127b129b904187cb235589a0803d14a8f1b85c1dfd94ae2f2c50b9e1d7b819f95abe5599601a6a8c739260ff40bfbe8311ca09ea8fc3099c177b103da14
SSDEEP

6144:MHdGePIxqI3EG67p6hfRQotO5oB59MS370Q50xGtdtTf:M9GePIUI3roQhfPOet370RW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
660f1f4f3f550ae6fda8643201bb2809750ba7da8decb26a1565230893f68797

Files

660f1f4f3f550ae6fda8643201bb2809750ba7da8decb26a1565230893f68797
.exe windows:5 windows x86 arch:x86

8f43939df116aa94b7a22f41cb9fc54b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\ext\inheritance\introver\folder.pdb

Imports

kernel32

SetEndOfFile
CreateFileW
CreateFileA
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
GetLocaleInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
CloseHandle
LoadLibraryW
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointer
ReadFile
ExitProcess
SetLastError
GetModuleHandleW
GetProcAddress
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
GetFileType
GetStdHandle
SetHandleCount
IsProcessorFeaturePresent
GetSystemTime
LocalFree
GetVersionExA
GetCurrentThreadId
GetModuleHandleA
FindNextFileA
GetModuleFileNameA
LocalAlloc
FindClose
GetLastError
FindFirstFileA
Sleep
SetEvent
HeapAlloc
GetNativeSystemInfo
WriteFile
GetFullPathNameA
InitializeCriticalSectionAndSpinCount
GetCPInfo
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetProcessHeap
GetCommandLineA
GetModuleFileNameW
IsBadReadPtr
HeapValidate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
EncodePointer
InterlockedIncrement
InterlockedDecrement

user32

SetWindowPos
GetDesktopWindow
DefWindowProcA
GetCursorPos
IsWindowUnicode
ChangeClipboardChain
ReleaseDC
GetClassNameW
FrameRect
GetSysColorBrush
IsWindow
PostMessageA
GetCursor
GetLayeredWindowAttributes
GetDlgItem
GetSubMenu
GetWindowThreadProcessId
CopyRect
EndPaint
ClientToScreen
DestroyWindow
GetClassNameA
GetDlgItemInt
SetTimer
GetWindowRect
IsMenu
PostQuitMessage
GetMenuItemID
KillTimer
GetDCEx
GetFocus
GetParent
AttachThreadInput
FindWindowExA
WindowFromPoint
GetClientRect
SetRectEmpty
BeginPaint
CreateIconIndirect
GetDC
InflateRect
GetForegroundWindow
OffsetRect
MapVirtualKeyA
OemToCharA
InvalidateRect
GetWindowLongA
GetWindowTextW
GetDlgItemTextA

gdi32

DeleteDC
GdiFlush
DeleteObject
SelectObject
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
SelectPalette
BitBlt

advapi32

RegCloseKey
LsaNtStatusToWinError
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
LsaQueryInformationPolicy
LsaFreeMemory

ole32

CoTaskMemAlloc

oleaut32

OleCreateFontIndirect

netapi32

NetLocalGroupEnum
NetApiBufferFree

shlwapi

StrRChrA

gdiplus

GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipLoadImageFromFile
GdipGraphicsClear
GdipAlloc
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC
GdipCloneImage
GdipGetImageWidth
GdipFree

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f43939df116aa94b7a22f41cb9fc54b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

netapi32

shlwapi

gdiplus

Sections

.text Size: 216KB - Virtual size: 215KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 39KB

.text
Size: 216KB - Virtual size: 215KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 39KB