7f873b175b5050bc9c7ac8ca9c5dd029f09e29a8096e6e418318d482365f6ccc

Sharing

Copy URL

Twitter E-mail

General

Target

7f873b175b5050bc9c7ac8ca9c5dd029f09e29a8096e6e418318d482365f6ccc
Size

433KB
MD5

63c14ad98efd7d302395b3316faaac67
SHA1

efe41d48180f5ebf2f3069e34becae696dc297d1
SHA256

7f873b175b5050bc9c7ac8ca9c5dd029f09e29a8096e6e418318d482365f6ccc
SHA512

6510a438c8fc068325be5b421c396b6ddfc34843467f6e34e0ccf8efabcc30d4a47702fd53b1d58f6f64f75860182598f8a184f5c4279c4bfa912b1c672f4f3c
SSDEEP

12288:TpT7XP/efWnZyhNrQfCs8wvPvRACqOlrobCWoPzTsiBRJsc7nDLqnuFN:TpfXoQP22lMbC5PzT7LLnDL+uFN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f873b175b5050bc9c7ac8ca9c5dd029f09e29a8096e6e418318d482365f6ccc

Files

7f873b175b5050bc9c7ac8ca9c5dd029f09e29a8096e6e418318d482365f6ccc
.exe windows:5 windows x86 arch:x86

55736c5625bbe902380ace1a2b7bf421

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_vsnprintf
strtoul
_snprintf
sscanf
sprintf
_strnicmp
tolower
_wcsicmp
strrchr
abs
strncmp
atol
isprint
memcpy
memmove
isspace
strlen
strchr
atoi
strncpy
strcpy
_chkstk
strstr
isalnum
wcschr
strcmp
wcslen
memcmp
wcsstr
_stricmp
_wcsnicmp
memset

ws2_32

sendto
recvfrom
connect
accept
getsockname
inet_ntoa
ntohs
closesocket
htonl
htons
socket
gethostbyname
listen
freeaddrinfo
getaddrinfo
ioctlsocket
select
WSAStartup
send
recv
__WSAFDIsSet
inet_pton
getsockopt
gethostname
shutdown
inet_addr
getpeername
WSAGetLastError
setsockopt
bind

kernel32

OpenProcess
GetProcessTimes
QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
GetNativeSystemInfo
UnregisterWait
GetSystemTime
IsWow64Process
Sleep
CreateThread
CloseHandle
TerminateThread
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GlobalUnlock
WriteFile
CreateFileW
GlobalLock
GlobalAlloc
FindClose
DeleteFileW
FindNextFileW
lstrcmpW
FindFirstFileW
lstrcatW
lstrcpyW
ExitThread
GetLocalTime
InitializeCriticalSection
WaitForSingleObject
lstrcpyA
DeleteCriticalSection
GetCurrentThread
GetTickCount
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
LocalFree
CopyFileA
DeleteFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
GetPrivateProfileStringA
ExpandEnvironmentStringsA
TerminateProcess
CreateProcessA
lstrlenW
ExpandEnvironmentStringsW
WideCharToMultiByte
CreateFileA
SetCurrentDirectoryW
GetCurrentDirectoryW
ExitProcess
GetLastError
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcatA
GetWindowsDirectoryA
lstrcmpA
GetModuleHandleA
CreateProcessW
SetLastError
lstrcpynW
CreateEventW
SetEvent
TryEnterCriticalSection
GetModuleHandleW
ResetEvent
ResumeThread
CreateDirectoryW
FindNextFileA
FindFirstFileA
SetEndOfFile
ReadFile
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetComputerNameA
GetCurrentProcess
ReadProcessMemory
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
VirtualQuery
VirtualFreeEx
VirtualAllocEx
Process32Next
Process32First
DeviceIoControl
GetVersionExW
ReleaseMutex
OpenMutexW
CreateMutexW
LocalAlloc
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
MultiByteToWideChar
LoadLibraryW
CreateEventA
RegisterWaitForSingleObject
OpenEventA
lstrcmpiW
CreateMutexA
QueryPerformanceFrequency
GetVersionExA
WriteProcessMemory
GlobalFindAtomW
VirtualFree
CreateRemoteThread
VirtualQueryEx
GetProcessHandleCount
VirtualAlloc
VirtualProtectEx
SetFilePointer
DuplicateHandle

crypt32

CryptUnprotectData

user32

GetWindowPlacement
PostMessageA
SendMessageA
WindowFromPoint
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
CreateDesktopA
OpenDesktopA
CharNextA
PostThreadMessageW
CallNextHookEx
ToAscii
MapVirtualKeyW
GetWindowThreadProcessId
UnhookWindowsHookEx
DispatchMessageW
TranslateMessage
GetMessageW
RealGetWindowClassA
FindWindowA
GetIconInfo
GetCursorInfo
MessageBoxA
PostMessageW
EnumWindows
IsWindow
IsWindowVisible
GetWindowLongA
SetWindowLongA
MenuItemFromPoint
GetWindow
GetWindowRect
PrintWindow
GetSystemMetrics
GetDesktopWindow
GetDC
ReleaseDC
GetForegroundWindow
GetWindowTextA
VkKeyScanA
SetCursorPos
SendInput
DrawIconEx
PtInRect
GetMenuItemID
MoveWindow
ScreenToClient
ChildWindowFromPoint
SetWindowsHookExA
SetThreadDesktop
GetTopWindow

gdi32

GetDIBits
SelectPalette
GetStockObject
GetObjectW
DeleteDC
GetDeviceCaps
CreateDCW
DeleteObject
StretchBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SetStretchBltMode
CreateDIBSection
SetDIBColorTable
RealizePalette

advapi32

GetSidSubAuthorityCount
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegNotifyChangeKeyValue
GetTokenInformation
ConvertSidToStringSidA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

shell32

SHFileOperationW
SHGetFolderPathA
SHGetSpecialFolderPathA
SHGetFolderPathAndSubDirW

ole32

StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid

shlwapi

PathCombineA

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55736c5625bbe902380ace1a2b7bf421

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ws2_32

kernel32

crypt32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 250KB - Virtual size: 249KB

.rdata Size: 142KB - Virtual size: 142KB

.data Size: 27KB - Virtual size: 218KB

.reloc Size: 12KB - Virtual size: 12KB

We care about your privacy.

.text
Size: 250KB - Virtual size: 249KB

.rdata
Size: 142KB - Virtual size: 142KB

.data
Size: 27KB - Virtual size: 218KB

.reloc
Size: 12KB - Virtual size: 12KB