8737f06d7374ff54a9ad728f53c09f89070beca02a305f11fc1e26c8fb33f049

Sharing

Copy URL Twitter E-mail

General

Target

8737f06d7374ff54a9ad728f53c09f89070beca02a305f11fc1e26c8fb33f049
Size

371KB
MD5

54ebc45137ba5b9f5ece35ca40267100
SHA1

374bb3c084267b11d5fd3663bf925ebfa53e7f45
SHA256

8737f06d7374ff54a9ad728f53c09f89070beca02a305f11fc1e26c8fb33f049
SHA512

e69ce469172293f2cd5c9a0b376ea03c62f4591186d1ed5b050cdbebaba3e0a0d9cee792de86bad2e537281c194a64737e6de758418da8e68c21687b36a89dd9
SSDEEP

6144:nm5aVZRd/DXYWVoTy8/CU00Xse5UjK68vhc49hyHbFiMgXSSue5NRqOWiz:nm5eF7XYWVogIce5UjK685cjZi0Kj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8737f06d7374ff54a9ad728f53c09f89070beca02a305f11fc1e26c8fb33f049

Files

8737f06d7374ff54a9ad728f53c09f89070beca02a305f11fc1e26c8fb33f049
.exe windows:4 windows x86 arch:x86

197eaf589ef44016a7aa9c0df17ac849

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
IsWindowVisible
GetWindowTextW
GetWindowThreadProcessId
SendMessageA
EnumWindows
GetDesktopWindow
wsprintfA
GetSystemMetrics
GetDC
ReleaseDC
CallNextHookEx
CloseClipboard
GetForegroundWindow
GetWindowTextLengthW
GetKeyState
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
wsprintfW
DefWindowProcA
GetWindowTextLengthA
GetWindowTextA
RegisterClassExA
CreateWindowExA
DispatchMessageA
GetMessageA
GetClipboardData

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

kernel32

FlushFileBuffers
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
GetOEMCP
GetFullPathNameW
TlsGetValue
TlsSetValue
TlsFree
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetLocaleInfoA
GetACP
GetVersionExA
MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
CloseHandle
CreateThread
GetModuleFileNameA
LoadLibraryExA
FreeLibrary
CreateFileA
GetFileSize
ReadFile
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FindFirstFileW
FindClose
GetLocalTime
Sleep
OpenProcess
GetCurrentProcessId
FreeEnvironmentStringsA
Process32FirstW
Module32FirstW
Process32NextW
FileTimeToSystemTime
GetFileInformationByHandle
SetFilePointer
CreateFileMappingA
MapViewOfFile
WriteFile
UnmapViewOfFile
SystemTimeToFileTime
GetTickCount
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
CreateDirectoryA
SetFileTime
SetCurrentDirectoryA
DeleteFileA
SetFileAttributesA
GetCompressedFileSizeA
MoveFileA
GlobalLock
GlobalUnlock
FindNextFileW
GetDriveTypeA
GetVolumeInformationA
CreatePipe
CreateProcessA
CreateProcessW
CopyFileA
SetFileAttributesW
WinExec
DeleteFileW
MoveFileW
CopyFileExW
TerminateThread
ExpandEnvironmentStringsA
GetComputerNameA
CreateEventA
LocalFree
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetUnhandledExceptionFilter
EnumSystemLocalesA
GetUserDefaultLCID
IsValidLocale
IsValidCodePage
QueryPerformanceCounter
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
SetStdHandle
GetCurrentDirectoryW
CreateFileW
SetEnvironmentVariableA
SetEndOfFile
GetFullPathNameA
CreateToolhelp32Snapshot
FindFirstFileA
HeapAlloc
HeapFree
GetCPInfo
GetCurrentThreadId
SetLastError
TlsAlloc
HeapSize
ExitProcess
TerminateProcess
GetCurrentProcess
FileTimeToLocalFileTime
GetDriveTypeW
GetTimeFormatA
GetDateFormatA
ExitThread
ResumeThread
CreateDirectoryW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
CompareStringW
CompareStringA
HeapReAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
RemoveDirectoryW
InterlockedIncrement

gdi32

BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject

advapi32

DeleteService
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegQueryInfoKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
StartServiceCtrlDispatcherA

shell32

ShellExecuteA
ShellExecuteW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantChangeType
VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString

shlwapi

StrCpyW
StrCmpW

wininet

DeleteUrlCacheEntry

ws2_32

inet_addr
gethostbyname
WSAGetLastError
WSAStartup
closesocket
setsockopt
send
htons
getservbyname
htonl
inet_ntoa
ntohs
getservbyport
gethostbyaddr
socket
WSACleanup
recv

gdiplus

GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageRectI
GdiplusStartup
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0

Sections

.text
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

197eaf589ef44016a7aa9c0df17ac849

Headers

File Characteristics

Imports

user32

psapi

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

ws2_32

gdiplus

Sections

.text Size: 310KB - Virtual size: 310KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 8KB - Virtual size: 46KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 310KB - Virtual size: 310KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 46KB

.rsrc
Size: 1KB - Virtual size: 1KB