f32789a3b393e7606bc25bb3b048c2ee9407981dcb89f923dc7829b2c28b88b8

Sharing

Copy URL

Twitter E-mail

General

Target

f32789a3b393e7606bc25bb3b048c2ee9407981dcb89f923dc7829b2c28b88b8
Size

17.4MB
MD5

a8bc3c86fa0ba769007ec88fae6c3053
SHA1

ae47e7cc9d169079b0929e324e0e52eb12aba52e
SHA256

f32789a3b393e7606bc25bb3b048c2ee9407981dcb89f923dc7829b2c28b88b8
SHA512

9e56c9d61a05a27152ed6b16d9917301d1730fab952432ec411af07d33a83b7adeca879aefb18b1a9004825cbf41c7107113c9962dd4b0dd27fe706b57c52a1d
SSDEEP

393216:M+SptnRnp2ydNW42CoG16hOg+AcqnmenAW2DKdE:Mpptuyn2E1eORYmenA/DKE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setups_02028.exe

Files

f32789a3b393e7606bc25bb3b048c2ee9407981dcb89f923dc7829b2c28b88b8
.zip
Setups_02028.exe
.exe windows:6 windows x86 arch:x86

560aeeaeaf81297372a101df71c486bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetFileType
GetFileAttributesW
FileTimeToLocalFileTime
SetEnvironmentVariableW
HeapSize
GetModuleHandleA
SetLastError
GetThreadTimes
InterlockedPushEntrySList
MoveFileExW
GetStdHandle
ChangeTimerQueueTimer
InitializeCriticalSection
GetACP
WriteConsoleW
RaiseException
AcquireSRWLockExclusive
FreeLibraryAndExitThread
TlsFree
RegisterWaitForSingleObject
CreateTimerQueue
FormatMessageW
GetFileInformationByHandle
TlsAlloc
DeleteTimerQueueTimer
GetVersionExW
DeleteCriticalSection
RemoveDirectoryW
GetModuleHandleExW
EncodePointer
GetFileSizeEx
CreateThread
GetLogicalProcessorInformation
GetTickCount
CreateFileW
GetCommandLineA
SwitchToThread
HeapAlloc
VirtualProtect
IsValidLocale
CreateEventW
SleepEx
GetCPInfo
SetThreadPriority
IsValidCodePage
SetFileAttributesW
SetFilePointerEx
GetModuleHandleW
TryEnterCriticalSection
ReadConsoleW
GetLastError
FindFirstFileW
GetTimeZoneInformation
VirtualFree
ResetEvent
Sleep
LocalFree
SetUnhandledExceptionFilter
GetStartupInfoW
GetTimeFormatW
GlobalAlloc
QueryPerformanceCounter
GetFileAttributesExW
TerminateProcess
ReadFile
GetSystemTimeAsFileTime
GlobalFree
GetSystemInfo
GetFileSize
FindClose
SignalObjectAndWait
EnumSystemLocalesW
MoveFileW
DeleteFileW
UnregisterWait
GlobalUnlock
FindFirstFileExW
HeapReAlloc
IsDebuggerPresent
CompareFileTime
LoadLibraryW
InitializeCriticalSectionEx
SetEndOfFile
SetEvent
QueryPerformanceFrequency
GetProcessHeap
EnterCriticalSection
VirtualAlloc
GetProcAddress
GlobalLock
GetLogicalDriveStringsW
GetCurrentThread
WaitForSingleObject
PeekNamedPipe
WaitForSingleObjectEx
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
CreateTimerQueueTimer
UnhandledExceptionFilter
CloseHandle
SetThreadAffinityMask
SetFilePointer
lstrcatA
TlsGetValue
SetFileTime
GetConsoleOutputCP
GetEnvironmentStringsW
lstrlenA
FileTimeToSystemTime
GetCurrentProcess
ReleaseSemaphore
FlushFileBuffers
GetCommandLineW
DuplicateHandle
GetCurrentDirectoryW
QueryDepthSList
UnregisterWaitEx
GetOEMCP
GetUserDefaultLCID
GetThreadPriority
WriteFile
LCMapStringW
FindNextFileW
ReleaseSRWLockExclusive
GetEnvironmentVariableA
GetVersion
GetFullPathNameW
CompareStringW
LeaveCriticalSection
HeapFree
InitializeCriticalSectionAndSpinCount
SetPriorityClass
GetStringTypeW
GlobalMemoryStatus
RtlUnwind
CreateDirectoryW
InitializeSListHead
IsProcessorFeaturePresent
ExitThread
VerifyVersionInfoW
GetProcessAffinityMask
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetSystemDirectoryW
InterlockedFlushSList
TlsSetValue
FreeEnvironmentStringsW
InterlockedPopEntrySList
VerSetConditionMask
FreeLibrary
GetLocaleInfoW
LoadLibraryExW
WaitForMultipleObjects
GetNumaHighestNodeNumber
SetStdHandle
GetConsoleMode
GetCurrentThreadId
GetTickCount64
GetDriveTypeW
CreateSemaphoreW
GetModuleFileNameW
DecodePointer

user32

GetMonitorInfoA
InvalidateRect
EnableWindow
SetDlgItemTextW
ShowWindow
GetWindowTextLengthW
SetClipboardData
MessageBoxW
SetFocus
CloseClipboard
GetFocus
MessageBoxA
MonitorFromWindow
CheckDlgButton
MapDialogRect
SetTimer
LoadStringW
LoadIconW
EndDialog
SetWindowLongW
SendMessageW
GetKeyState
GetWindowTextW
SystemParametersInfoW
GetWindowLongW
KillTimer
OpenClipboard
CharUpperW
PostMessageW
SetCursor
EmptyClipboard
MoveWindow
SetWindowTextW
DialogBoxParamW
wsprintfA
LoadCursorW
GetDlgItem
GetParent
IsDlgButtonChecked
GetWindowRect
ScreenToClient

advapi32

CryptReleaseContext
CryptHashData
CryptEncrypt
CloseServiceHandle
CryptDestroyKey
CryptCreateHash
CryptAcquireContextW
CryptDestroyHash
CryptImportKey
CryptGetHashParam

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetFileInfoW
SHBrowseForFolderW

ole32

OleInitialize
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

crypt32

CryptQueryObject
CertFreeCertificateChain
CertFreeCertificateContext
CertEnumCertificatesInStore
CryptStringToBinaryW
CertCloseStore
CertFreeCertificateChainEngine
CertGetNameStringW
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CertFindCertificateInStore
PFXImportCertStore
CertOpenStore
CertGetCertificateChain
CertFindExtension
CryptDecodeObjectEx

wldap32

ord73
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27

ws2_32

recvfrom
sendto
getpeername
ioctlsocket
gethostname
getaddrinfo
WSAIoctl
getsockopt
send
WSAEnumNetworkEvents
WSACreateEvent
WSAWaitForMultipleEvents
socket
WSAResetEvent
WSAEventSelect
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
freeaddrinfo
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
WSACloseEvent

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

560aeeaeaf81297372a101df71c486bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 275KB - Virtual size: 274KB

.data Size: 13KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 96KB - Virtual size: 95KB

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 275KB - Virtual size: 274KB

.data
Size: 13KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 96KB - Virtual size: 95KB