4575e9810eb141032f5d72c52be516b6b9b6a3f0fec156b275e1c3f7e3a809ae

Sharing

Copy URL

Twitter E-mail

General

Target

4575e9810eb141032f5d72c52be516b6b9b6a3f0fec156b275e1c3f7e3a809ae
Size

17.6MB
MD5

877f13e261798136c55a900853b52a92
SHA1

e8c537367cf0ca6450d976a68ae5dd61e26cb291
SHA256

4575e9810eb141032f5d72c52be516b6b9b6a3f0fec156b275e1c3f7e3a809ae
SHA512

189adb0721868e55986866e846072a6f1010b89026c2a07225c6c9a4e110fd164fac7d5f3d7166f7dc99276ab1a2d1d14d3878935436ce218a6f6982b53af517
SSDEEP

393216:lPBB6K2VOKkbs/zu2Av1eAsInDii83fr4zbA4mMA1L80tYr2aDqy1UUgB:lL2n/a2Av1egnmiQTqu1L80tYpDx4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setups_02028.exe

Files

4575e9810eb141032f5d72c52be516b6b9b6a3f0fec156b275e1c3f7e3a809ae
.zip
Setups_02028.exe
.exe windows:6 windows x86 arch:x86

fc878db738af0f08b5b27c1719e57726

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
SetUnhandledExceptionFilter
TerminateProcess
GetDateFormatW
GetUserDefaultLCID
TlsSetValue
EnumSystemLocalesW
ChangeTimerQueueTimer
CreateEventW
SignalObjectAndWait
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
GetNumaHighestNodeNumber
WriteConsoleW
WaitForSingleObject
GetACP
SetEnvironmentVariableW
GetConsoleOutputCP
TryEnterCriticalSection
CreateDirectoryW
GetVersionExW
GetLocaleInfoW
TlsFree
CreateTimerQueueTimer
FormatMessageW
VerSetConditionMask
GetCurrentDirectoryW
CreateFileW
SetFilePointerEx
SetFileTime
HeapSize
SetStdHandle
CreateTimerQueue
GetProcessHeap
TlsAlloc
GetConsoleMode
GetFileAttributesW
GlobalLock
ReadConsoleW
GetFileSizeEx
CloseHandle
FindClose
PeekNamedPipe
IsValidLocale
InitializeSListHead
InitializeCriticalSection
GetLogicalDriveStringsW
GetCommandLineA
FileTimeToSystemTime
SetEndOfFile
LoadLibraryExW
VirtualProtect
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
HeapReAlloc
GetStartupInfoW
HeapFree
SetEvent
GetModuleFileNameW
LCMapStringW
ExitProcess
GetProcAddress
GetTimeZoneInformation
WaitForMultipleObjects
GetEnvironmentStringsW
CompareFileTime
lstrlenA
Sleep
QueryPerformanceFrequency
DeleteFileW
CreateSemaphoreW
InterlockedFlushSList
HeapAlloc
LeaveCriticalSection
IsValidCodePage
IsProcessorFeaturePresent
GetCommandLineW
InterlockedPushEntrySList
GlobalAlloc
InterlockedPopEntrySList
MoveFileExW
EncodePointer
DeleteCriticalSection
FileTimeToLocalFileTime
ResetEvent
SwitchToThread
GetCurrentProcessId
RemoveDirectoryW
GetStdHandle
MoveFileW
GetThreadTimes
GetThreadPriority
GetSystemDirectoryW
GetDriveTypeW
ReleaseSemaphore
GetVersion
IsDebuggerPresent
CreateThread
SleepEx
GetEnvironmentVariableA
GetFileType
ReadFile
FreeLibrary
CompareStringW
UnregisterWaitEx
SetPriorityClass
LocalFree
SetFileAttributesW
DuplicateHandle
GetStringTypeW
SetThreadPriority
GetLogicalProcessorInformation
GetCurrentThread
TlsGetValue
GlobalFree
ExitThread
UnregisterWait
GetFullPathNameW
LoadLibraryW
GetModuleHandleExW
GetTickCount
FindNextFileW
WaitForSingleObjectEx
GetCurrentProcess
GetLastError
GlobalUnlock
GetTimeFormatW
SetLastError
lstrcatA
FindFirstFileExW
QueryDepthSList
GetSystemInfo
VirtualFree
FindFirstFileW
GetProcessAffinityMask
MultiByteToWideChar
GetModuleHandleA
RtlUnwind
GetOEMCP
DeleteTimerQueueTimer
AcquireSRWLockExclusive
WideCharToMultiByte
VerifyVersionInfoW
SetThreadAffinityMask
GlobalMemoryStatus
WriteFile
SetFilePointer
GetFileAttributesExW
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount64
ReleaseSRWLockExclusive
RaiseException
SystemTimeToTzSpecificLocalTime
GetFileSize
FlushFileBuffers
DecodePointer
VirtualAlloc
RegisterWaitForSingleObject
FreeLibraryAndExitThread
GetModuleHandleW
EnterCriticalSection
GetCurrentThreadId
GetFileInformationByHandle

user32

OpenClipboard
ScreenToClient
LoadCursorW
DialogBoxParamW
LoadStringW
GetFocus
GetParent
wsprintfA
SetDlgItemTextW
MessageBoxA
SetFocus
IsDlgButtonChecked
EndDialog
MapDialogRect
MoveWindow
ShowWindow
GetWindowRect
CloseClipboard
KillTimer
SetWindowTextW
LoadIconW
EnableWindow
SystemParametersInfoW
GetMonitorInfoA
CharUpperW
PostMessageW
SendMessageW
GetWindowLongW
GetWindowTextLengthW
GetDlgItem
SetWindowLongW
GetKeyState
SetTimer
MonitorFromWindow
SetCursor
InvalidateRect
EmptyClipboard
GetWindowTextW
CheckDlgButton
SetClipboardData
MessageBoxW

advapi32

CryptHashData
CryptCreateHash
CloseServiceHandle
CryptAcquireContextW
CryptEncrypt
CryptReleaseContext
CryptImportKey
CryptDestroyHash
CryptDestroyKey
CryptGetHashParam

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

crypt32

CryptStringToBinaryW
CertEnumCertificatesInStore
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CertGetCertificateChain
CryptQueryObject
CertFreeCertificateContext
CertGetNameStringW
CryptDecodeObjectEx
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CertFindExtension
PFXImportCertStore
CertCreateCertificateChainEngine

wldap32

ord73
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27

ws2_32

recvfrom
sendto
getpeername
ioctlsocket
gethostname
WSAWaitForMultipleEvents
freeaddrinfo
getsockopt
send
WSACreateEvent
WSACloseEvent
WSAIoctl
socket
WSAResetEvent
WSAEventSelect
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
getaddrinfo
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
WSAEnumNetworkEvents

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc878db738af0f08b5b27c1719e57726

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 275KB - Virtual size: 274KB

.data Size: 13KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 95KB - Virtual size: 95KB

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 275KB - Virtual size: 274KB

.data
Size: 13KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 95KB - Virtual size: 95KB