ea36fe98c7943cee3c9ab6da687d8893c10a966acda584a789af497d95ff2cfb

Sharing

Copy URL Twitter E-mail

General

Target

ea36fe98c7943cee3c9ab6da687d8893c10a966acda584a789af497d95ff2cfb
Size

224KB
MD5

5f19ee48a58ff86fbb6f7f0592b90a86
SHA1

b4d5ab3add358e4b5d9842e3b8b6ff584b4b77ae
SHA256

ea36fe98c7943cee3c9ab6da687d8893c10a966acda584a789af497d95ff2cfb
SHA512

d49df89019c52c8dc9be22a6de1aa1f76d90d39a35f460da40347c930bc244a4ee5909fbae61315c3d388320baee32520b641e5d307aae6158f3266ee90fd79e
SSDEEP

1536:s6fOzKNvf1PnSplm3BMWgfZL976k3Cu91ARSyopuWwyLXCWe8Aj6dbk17H8ae:rq2xV4bCurARSfYWXLSWbAe68ae

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea36fe98c7943cee3c9ab6da687d8893c10a966acda584a789af497d95ff2cfb

Files

ea36fe98c7943cee3c9ab6da687d8893c10a966acda584a789af497d95ff2cfb
.exe windows:5 windows x86 arch:x86

734e6a294a617eb981f0adddcc181284

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
GetCurrentProcessId
TlsFree
GetModuleHandleW
GetFileAttributesExA
MapViewOfFile
SetPriorityClass
GetTempPathA
QueryPerformanceCounter
FindResourceA
WideCharToMultiByte
FindResourceExW
LocalLock
InitializeCriticalSectionAndSpinCount
HeapCreate
GlobalAddAtomA
LocalFree
CreateProcessA
GetCurrentDirectoryA
SetStdHandle
IsValidCodePage
FindFirstChangeNotificationA
InitializeCriticalSection
LockResource
GetVolumeInformationA
ExpandEnvironmentStringsA
MulDiv
SetEndOfFile
SearchPathA
UnlockFile
SetEnvironmentVariableA
CloseHandle
InterlockedExchange
EnterCriticalSection
GetCPInfo
TerminateProcess
GlobalFree
GetDriveTypeA
FindResourceExA
CreateFileMappingA
GetFileInformationByHandle
InterlockedDecrement
CreateFileW
GetThreadLocale
CopyFileA
GlobalUnlock
GetUserDefaultUILanguage
GetCommandLineA
GetPrivateProfileStringA
GetProfileIntA
HeapAlloc
lstrlenA
GetLastError
GetFileType
LoadLibraryExA
SetLastError
InterlockedIncrement
WriteFile
LocalUnlock
GetConsoleCP
lstrlenW
GetDiskFreeSpaceA
OpenFile
SetThreadPriority
WritePrivateProfileStringA
GetStdHandle
GetSystemTimeAsFileTime
GlobalSize
GlobalFlags
CreateDirectoryA
SetEvent
WaitForSingleObject
EnumResourceLanguagesA
TlsAlloc
UnhandledExceptionFilter
TlsGetValue
FileTimeToSystemTime
GetFileAttributesA
LocalFileTimeToFileTime
GetDriveTypeW
CreateThread
GetPrivateProfileIntA
LocalAlloc
FindNextChangeNotification
QueryPerformanceFrequency
GetACP
GetFileSizeEx
CompareFileTime
FileTimeToLocalFileTime
FindCloseChangeNotification
FreeResource
LoadLibraryW
GetCurrentThread
HeapFree
GlobalGetAtomNameA
GetOEMCP
GlobalDeleteAtom
SizeofResource
RtlUnwind
ConvertDefaultLocale
GetCurrentProcess
FreeEnvironmentStringsW
lstrcpynA
CompareStringW
GetVersionExA
GetFileSize
IsDebuggerPresent
DosDateTimeToFileTime
GetModuleFileNameA
SystemTimeToFileTime
GlobalFindAtomA
GetTempFileNameA
HeapSize
GlobalHandle
SuspendThread
SetHandleCount
DuplicateHandle
GetCurrentDirectoryW
GetWindowsDirectoryA
GetLocalTime
SetFileAttributesA
SetFileTime
GetProcessHeap
GetSystemDirectoryW
LCMapStringW
GetLocaleInfoA
GetStartupInfoW
SetFilePointer
LoadResource
GetEnvironmentStringsW
GetCurrentThreadId
RaiseException
GlobalLock
SetUnhandledExceptionFilter
GetStringTypeExA
GetFileTime
lstrcmpW
GetStringTypeW
GetSystemDefaultUILanguage
HeapQueryInformation
GetTimeZoneInformation
GetModuleFileNameW
WriteConsoleW
FreeLibrary
MultiByteToWideChar
LoadLibraryA
ResumeThread
SetErrorMode
WinExec
lstrcmpA
FileTimeToDosDateTime
CreateFileA
FlushFileBuffers
FindResourceW
WaitForMultipleObjects
CompareStringA
GetProcAddress
lstrcatA
DeleteFileA
DeleteCriticalSection
GetConsoleMode
TlsSetValue
HeapSetInformation
GetFullPathNameA
Sleep
GetNumberFormatA
lstrcmpiA
GetShortPathNameA
GlobalReAlloc
LeaveCriticalSection
GetUserDefaultLangID
LockFile
lstrcpyA
MoveFileA
VirtualProtect
GetModuleHandleA
GetTickCount
CancelWaitableTimer
ResetEvent

user32

TrackMouseEvent
SetWindowLongW
GetMenuItemCount
ShowWindow
MessageBeep
PtInRect
MonitorFromPoint
CharNextW
GetWindowTextW
GetClassNameW
LoadCursorW
GetWindowRect
ScreenToClient
GetFocus
TranslateAcceleratorW
PeekMessageW
CreatePopupMenu
GetMonitorInfoW
SendMessageW
DispatchMessageW
SetFocus
LoadStringW
TrackPopupMenuEx
DestroyMenu
IsWindow
DrawTextW
LoadMenuW
TranslateMessage
SetTimer
SetWindowTextW
UnregisterClassA
GetMessageW
CallWindowProcW
GetMenuItemInfoW
GetCursorPos
GetWindowThreadProcessId
UpdateLayeredWindow
EnumWindows
SetCursor
GetWindowLongW
DestroyCursor
KillTimer
PostQuitMessage
GetWindow
GetWindowDC
DefWindowProcW
AppendMenuW
DestroyWindow
LoadStringA
LoadIconA
IsWindowEnabled
SendMessageA
CharLowerW
MonitorFromWindow
EnumChildWindows
LoadImageW
InvalidateRect
SetWindowPos
GetParent
PostMessageW
GetClientRect
RemoveMenu
ReleaseDC
MapWindowPoints

gdi32

ColorCorrectPalette
AbortPath
AddFontMemResourceEx
AngleArc

advapi32

QueryServiceStatusEx
CloseServiceHandle
EnumDependentServicesW
RegisterServiceCtrlHandlerExW
StartServiceW
ChangeServiceConfigW
RegOpenKeyA
StartServiceCtrlDispatcherW
RegEnumKeyW
GetNamedSecurityInfoW
CreateProcessAsUserW
BuildExplicitAccessWithNameW
DeleteService
ReportEventW
OpenServiceW
SetNamedSecurityInfoW
RevertToSelf
RegCloseKey
RegSetValueExW
RegCreateKeyExW
OpenProcessToken
SetEntriesInAclW
OpenSCManagerW
DuplicateTokenEx
CreateServiceW
ControlService
SetServiceStatus
GetTokenInformation
RegisterEventSourceW
RegCreateKeyW
RegOpenKeyExW
DeregisterEventSource
RegQueryValueExW
SetTokenInformation

shell32

SHEmptyRecycleBinW
SHGetSpecialFolderPathW

shlwapi

PathCombineW
PathFileExistsW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
PathQuoteSpacesW
StrStrIW

version

VerQueryValueW

oledlg

OleUIBusyW
ord8

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

msvcrt

_CIsin
_CIcos
free
calloc
__set_app_type
exit
_except_handler3

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata5
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.htext
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

734e6a294a617eb981f0adddcc181284

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

version

oledlg

wtsapi32

msvcrt

Sections

.text Size: 66KB - Virtual size: 66KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 24KB - Virtual size: 68KB

.xdata5 Size: 512B - Virtual size: 4B

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 7KB - Virtual size: 6KB

.htext Size: 76KB - Virtual size: 76KB

.text
Size: 66KB - Virtual size: 66KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 24KB - Virtual size: 68KB

.xdata5
Size: 512B - Virtual size: 4B

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 7KB - Virtual size: 6KB

.htext
Size: 76KB - Virtual size: 76KB