b3156c99dfe462073cf973748fd2da6656db0dbabd394c49bb94200ab099b508

Sharing

Copy URL Twitter E-mail

General

Target

b3156c99dfe462073cf973748fd2da6656db0dbabd394c49bb94200ab099b508
Size

640KB
MD5

0fc10ac0755d983651c0b4be0664cfda
SHA1

52a9a352330b34c90ccbd3f75f140bb736e8c4b6
SHA256

b3156c99dfe462073cf973748fd2da6656db0dbabd394c49bb94200ab099b508
SHA512

2c0bf1ff0d1804fd28071713676f4412ea1c269bd341531411792eaa85e038149972ade1751a0fb7c553c60cad93198fdad36ff3d2b96e75941fe2fa366c9d67
SSDEEP

6144:VCaVVMRtgyqnd21ffUtFfNS7FPvV+T2GkWjNqaYKBTNCPYnOp4noUV:oa4gyqO8vS7tv5ZWjH5nOp4oUV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3156c99dfe462073cf973748fd2da6656db0dbabd394c49bb94200ab099b508

Files

b3156c99dfe462073cf973748fd2da6656db0dbabd394c49bb94200ab099b508
.exe windows:4 windows x86 arch:x86

bf098eea73cce6ac802d60dbfa3c8336

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
lstrlenW
GetStartupInfoA
GlobalDeleteAtom
GlobalAddAtomW
GetTempFileNameW
GetVersion
GetVersionExW
GlobalFree
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetSystemTime
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
CreateDirectoryW
SetErrorMode
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
GetExitCodeProcess
GetCommandLineW
SetFilePointer
ReadFile
CreateFileW
WriteFile
CloseHandle
GetCurrentThreadId
RemoveDirectoryW
GetModuleFileNameW
MultiByteToWideChar
FreeLibrary
LoadLibraryW
GetProcAddress

user32

DestroyMenu
LoadMenuIndirectW
GetMenuItemCount
SetWindowPlacement
GetWindowPlacement
GetFocus
RemovePropW
CallWindowProcW
SetPropW
GetPropW
UnionRect
CreateWindowExW
SetScrollRange
SetScrollPos
DestroyWindow
GetParent
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetSysColor
SetFocus
GetDesktopWindow
RedrawWindow
GetInputState
UpdateWindow
MapWindowPoints
LoadStringW
MessageBoxW
DialogBoxParamW
GetTopWindow
GetClassNameW
GetWindow
LoadIconW
RegisterClassW
LoadImageW
RegisterClassExW
OemToCharA
GetAsyncKeyState
GetActiveWindow
ShowCursor
SetCapture
ReleaseCapture
GetKeyState
GetWindowRect
GetSystemMetrics
IsWindowVisible
LockWindowUpdate
SendMessageW
GetWindowLongW
AdjustWindowRectEx
IsZoomed
SetWindowPos
TranslateMDISysAccel
TranslateMessage
MapVirtualKeyW
GetDlgItem
DrawMenuBar
EndPaint
BeginPaint
SetDlgItemTextW
FillRect
GetUpdateRect
IsIconic
DefMDIChildProcW
ModifyMenuW
GetMenuStringW
GetMenuItemID
GetTabbedTextExtentW
DrawTextW
DrawEdge
SystemParametersInfoW
PostQuitMessage
GetKeyboardLayout
IntersectRect
DrawFocusRect
SetRect
InvertRect
SetWindowTextW
IsDialogMessageW
SetTimer
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
wsprintfW
ShowWindow
PostMessageW
CheckMenuItem
EnableMenuItem
GetMenu
InvalidateRect
ClientToScreen
SetCursorPos
GetKeyboardState
GetCursorPos
ScreenToClient
CopyRect
UnhookWindowsHookEx
KillTimer
SetWindowsHookExW
CallNextHookEx
DestroyIcon
GetMenuState
DeleteMenu
GetSubMenu
GetDC
CreateIconIndirect
ReleaseDC
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
EndDialog
SendDlgItemMessageW
PtInRect
GetDlgItemTextW
SetWindowLongW
GetMessageW
GetClientRect

gdi32

CreateCompatibleBitmap
CreateBitmap
CreatePalette
GetDeviceCaps
RealizePalette
SelectPalette
CreateFontIndirectW
GetObjectW
LineTo
MoveToEx
SelectObject
Rectangle
CreatePen
CreateSolidBrush
GetStockObject
SetBkMode
SetDIBits
GetTextExtentPointW
GetCharWidthW
GetTextMetricsW
SetROP2
SetBkColor
GetNearestPaletteIndex
SetTextAlign
DPtoLP
CreateHatchBrush
Polygon
SetPolyFillMode
TextOutW
SelectClipRgn
CreateRectRgn
LPtoDP
SetTextColor
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

DragAcceptFiles
ShellExecuteExW
DragQueryFileW

mmfs2

ord201
ord72
ord48
ord27
ord39
ord1081
ord37
ord45
ord29
ord1029
ord1055
ord2
ord4
ord373
ord756
ord1070
ord58
ord57
ord23
ord695
ord418
ord750
ord493
ord573
ord1048
ord484
ord122
ord118
ord682
ord30
ord28
ord820
ord819
ord68
ord14
ord1080
ord18
ord35
ord794
ord1053
ord1037
ord84
ord787
ord92
ord788
ord117
ord90
ord110
ord71
ord116
ord109
ord73
ord108
ord254
ord785
ord722
ord329
ord115
ord241
ord272
ord245
ord363
ord645
ord584
ord519
ord356
ord739
ord713
ord137
ord571
ord753
ord155
ord274
ord691
ord46
ord111
ord42
ord113
ord114
ord104
ord171
ord789
ord790
ord93
ord9
ord75
ord412
ord677
ord611
ord234
ord413
ord678
ord612
ord414
ord679
ord443
ord680
ord681
ord232
ord415
ord416
ord476
ord620
ord762
ord236
ord309
ord268
ord267
ord269
ord185
ord1069
ord162
ord175
ord163
ord189
ord1073
ord183
ord158
ord177
ord186
ord43
ord64
ord65
ord66
ord81
ord97
ord83
ord74
ord79
ord80
ord187
ord82
ord76
ord78
ord172
ord19
ord31
ord121
ord431
ord333
ord423
ord419
ord425
ord430
ord1033
ord255
ord3
ord688
ord281
ord192
ord120
ord765
ord276
ord366
ord249
ord411
ord34
ord153
ord176
ord50
ord168
ord1072
ord1068
ord77
ord70
ord101
ord102
ord103
ord47
ord105
ord107
ord106
ord786
ord94
ord95
ord286
ord170
ord554
ord169
ord264
ord98
ord91
ord1036
ord1049
ord433
ord1031
ord536
ord422
ord280
ord265
ord468
ord125
ord6
ord11
ord174
ord51
ord344
ord343
ord568
ord372
ord173
ord587
ord448
ord342
ord445
ord610
ord520
ord585
ord32
ord355
ord361
ord740
ord546
ord487
ord62
ord17
ord16
ord742
ord63
ord124
ord123
ord60
ord61
ord59
ord389
ord755
ord191
ord1054
ord795
ord1077
ord67
ord195
ord196
ord198
ord199
ord184
ord204
ord205
ord203
ord1071
ord813
ord808
ord805
ord799
ord801
ord797
ord811
ord814
ord809
ord803
ord806
ord800
ord810
ord812
ord807
ord802
ord804
ord798
ord826
ord828
ord827
ord830
ord829
ord69
ord825
ord7

comctl32

ord17

winmm

timeEndPeriod
timeBeginPeriod
joyGetPosEx
joyGetDevCapsW
timeGetTime

msvcrt

_initterm
_acmdln
exit
_XcptFilter
_exit
_onexit
_controlfp
__dllonexit
_strupr
_stricmp
isalnum
_strnicmp
_wmakepath
strncpy
isalpha
isdigit
tolower
isspace
_msize
_heapmin
_wrmdir
_wsplitpath
_chdrive
_wchdir
_wcsnicmp
wcsrchr
wcschr
wcscat
_CIpow
_CIfmod
wcscmp
wcsstr
_wcsupr
_wcslwr
_CIacos
_CIasin
floor
ceil
wcstod
modf
toupper
_wcsicmp
wcsncpy
sprintf
_ltoa
swprintf
_fcvt
_gcvt
__CxxFrameHandler
realloc
memmove
??2@YAPAXI@Z
_wremove
??3@YAXPAX@Z
calloc
_ftol
free
malloc
wcslen
wcscpy
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__getmainargs

Sections

.text
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf098eea73cce6ac802d60dbfa3c8336

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

mmfs2

comctl32

winmm

msvcrt

Sections

.text Size: 312KB - Virtual size: 308KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 14KB

.rsrc Size: 296KB - Virtual size: 295KB

.text
Size: 312KB - Virtual size: 308KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 296KB - Virtual size: 295KB