569333a26209c778798958b98d72912a3fd9e2f2ff9a8a65d5df041c0cddf994

Sharing

Copy URL Twitter E-mail

General

Target

569333a26209c778798958b98d72912a3fd9e2f2ff9a8a65d5df041c0cddf994
Size

371KB
MD5

a955b45e14d082f71e01ebc52cf13db8
SHA1

df46ae824807c81ee96450bdb5b8a4b50a4600ee
SHA256

569333a26209c778798958b98d72912a3fd9e2f2ff9a8a65d5df041c0cddf994
SHA512

0fde6833e5f1d86ea0527b32410cb3060f7acea9e36e534f62d47228a0252d33ea233a313a974a01fa568292e6f7c55fd6887ccbbd4ac8d603a9456faab0ec98
SSDEEP

6144:nm5aVZRd/DXYWVoTy8/CU00Xse5UjK68vhc49hyHbFiMgXSSue5NRqOWisp:nm5eF7XYWVogIce5UjK685cjZi0Kcp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
569333a26209c778798958b98d72912a3fd9e2f2ff9a8a65d5df041c0cddf994

Files

569333a26209c778798958b98d72912a3fd9e2f2ff9a8a65d5df041c0cddf994
.exe windows:4 windows x86 arch:x86

197eaf589ef44016a7aa9c0df17ac849

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
IsWindowVisible
GetWindowTextW
GetWindowThreadProcessId
SendMessageA
EnumWindows
GetDesktopWindow
wsprintfA
GetSystemMetrics
GetDC
ReleaseDC
CallNextHookEx
CloseClipboard
GetForegroundWindow
GetWindowTextLengthW
GetKeyState
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
wsprintfW
DefWindowProcA
GetWindowTextLengthA
GetWindowTextA
RegisterClassExA
CreateWindowExA
DispatchMessageA
GetMessageA
GetClipboardData

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

kernel32

FlushFileBuffers
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
GetOEMCP
GetFullPathNameW
TlsGetValue
TlsSetValue
TlsFree
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetLocaleInfoA
GetACP
GetVersionExA
MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
CloseHandle
CreateThread
GetModuleFileNameA
LoadLibraryExA
FreeLibrary
CreateFileA
GetFileSize
ReadFile
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FindFirstFileW
FindClose
GetLocalTime
Sleep
OpenProcess
GetCurrentProcessId
FreeEnvironmentStringsA
Process32FirstW
Module32FirstW
Process32NextW
FileTimeToSystemTime
GetFileInformationByHandle
SetFilePointer
CreateFileMappingA
MapViewOfFile
WriteFile
UnmapViewOfFile
SystemTimeToFileTime
GetTickCount
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
CreateDirectoryA
SetFileTime
SetCurrentDirectoryA
DeleteFileA
SetFileAttributesA
GetCompressedFileSizeA
MoveFileA
GlobalLock
GlobalUnlock
FindNextFileW
GetDriveTypeA
GetVolumeInformationA
CreatePipe
CreateProcessA
CreateProcessW
CopyFileA
SetFileAttributesW
WinExec
DeleteFileW
MoveFileW
CopyFileExW
TerminateThread
ExpandEnvironmentStringsA
GetComputerNameA
CreateEventA
LocalFree
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetUnhandledExceptionFilter
EnumSystemLocalesA
GetUserDefaultLCID
IsValidLocale
IsValidCodePage
QueryPerformanceCounter
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
SetStdHandle
GetCurrentDirectoryW
CreateFileW
SetEnvironmentVariableA
SetEndOfFile
GetFullPathNameA
CreateToolhelp32Snapshot
FindFirstFileA
HeapAlloc
HeapFree
GetCPInfo
GetCurrentThreadId
SetLastError
TlsAlloc
HeapSize
ExitProcess
TerminateProcess
GetCurrentProcess
FileTimeToLocalFileTime
GetDriveTypeW
GetTimeFormatA
GetDateFormatA
ExitThread
ResumeThread
CreateDirectoryW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
CompareStringW
CompareStringA
HeapReAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
RemoveDirectoryW
InterlockedIncrement

gdi32

BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject

advapi32

DeleteService
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegQueryInfoKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
StartServiceCtrlDispatcherA

shell32

ShellExecuteA
ShellExecuteW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantChangeType
VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString

shlwapi

StrCpyW
StrCmpW

wininet

DeleteUrlCacheEntry

ws2_32

inet_addr
gethostbyname
WSAGetLastError
WSAStartup
closesocket
setsockopt
send
htons
getservbyname
htonl
inet_ntoa
ntohs
getservbyport
gethostbyaddr
socket
WSACleanup
recv

gdiplus

GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageRectI
GdiplusStartup
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0

Sections

.text
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

197eaf589ef44016a7aa9c0df17ac849

Headers

File Characteristics

Imports

user32

psapi

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

ws2_32

gdiplus

Sections

.text Size: 310KB - Virtual size: 310KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 8KB - Virtual size: 46KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 310KB - Virtual size: 310KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 46KB

.rsrc
Size: 1KB - Virtual size: 1KB