71fd02f4c99304a3308087baf500fff484645413d633afdb74380de7aac564f3

Sharing

Copy URL

Twitter E-mail

General

Target

71fd02f4c99304a3308087baf500fff484645413d633afdb74380de7aac564f3
Size

29KB
MD5

17918fb06d51823743387d4d7a1c7e33
SHA1

b5e38e285f983ed6b6065525f67b60c9e671517b
SHA256

71fd02f4c99304a3308087baf500fff484645413d633afdb74380de7aac564f3
SHA512

1aefd4dcd8cbe4e7b456bb516c93e9fd2f6f1d98383eb01658c9a8a3937568e68e1da55335ba4e1086a3e1f8cb51b5807cf717c1303fabbc178b54b33f04d0e4
SSDEEP

768:e/fZc2ezniCkQea79oh4UZbJrbC2Uw8xMtKs8+a5V:e/fZc2ebh9oikbRbLGMKdH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1f210c60f90fd8403099482455f3220b56b2864bc4d2b6af0abda4a2c3854d40

Files

71fd02f4c99304a3308087baf500fff484645413d633afdb74380de7aac564f3
.zip

Password: infected
1f210c60f90fd8403099482455f3220b56b2864bc4d2b6af0abda4a2c3854d40
.exe windows:5 windows x86 arch:x86

f9fd9fd22788b7616e4ebf40a1b7a50c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Y:\SpIIzQyTUrNmlt\awhlngjfneWu\FwCckdYml\fuvhBzN\YwghkOow.pdb

Imports

user32

SetWindowLongW
GetLastActivePopup
RemoveMenu
OemToCharA
wsprintfW
SetWindowRgn
RegisterHotKey
DrawMenuBar
MoveWindow
IsCharUpperA
SetSysColors
IsIconic
CreateAcceleratorTableW
BeginDeferWindowPos
ShowScrollBar
CreateDialogParamW
wsprintfA
ReleaseDC
DefFrameProcW
SetDlgItemInt
AllowSetForegroundWindow
VkKeyScanW
MessageBoxA
InSendMessageEx
InsertMenuItemW
ChildWindowFromPointEx
CreateIconIndirect
GetClassInfoExW
wvsprintfA
DrawFrameControl
GetKeyboardLayoutNameW
DeferWindowPos
GetDC
GetDlgItemInt
EnableWindow
DestroyCaret
MapVirtualKeyExW
InflateRect
SetDlgItemTextW
SendInput
ShowWindowAsync
CharToOemA
DestroyCursor
GetIconInfo
DefFrameProcA
IsCharAlphaNumericW
RegisterWindowMessageA
InSendMessage
CharToOemW
GetDlgItemTextW
OpenInputDesktop
CharNextW
LoadIconA
SendMessageTimeoutA
DestroyIcon
CopyAcceleratorTableW
GetKeyNameTextW
SetWindowTextA
PostThreadMessageA
MessageBoxW
FindWindowExW
GetDlgItemTextA
GetMenuCheckMarkDimensions
GetWindow
FindWindowW
MapVirtualKeyW
EnumChildWindows
GetShellWindow
CopyImage
UnloadKeyboardLayout
LoadBitmapW
GetMonitorInfoW
SendMessageW
MessageBoxExA
CharUpperW
AdjustWindowRect
CascadeWindows
ShowWindow
PostMessageA
LoadMenuA
TrackPopupMenu
ScreenToClient
CloseDesktop
GetScrollRange
ShowCaret
InvertRect
DefWindowProcA
DrawTextA
DestroyMenu
GetDCEx
DrawFocusRect
CharNextExA
GetSysColor
PostThreadMessageW
GetWindowLongW
GetCursorPos
EnumThreadWindows
SetWindowLongA
CharUpperBuffW
IsMenu
ScrollWindowEx
InvalidateRect
DispatchMessageW
SendMessageTimeoutW
GetMenuItemID
GetMenuStringA
IsDialogMessageW
ModifyMenuW
EnumWindows
CheckMenuRadioItem
GetNextDlgGroupItem
ExitWindowsEx
CheckRadioButton
OffsetRect
SetWindowPlacement
GetWindowDC
CreateDialogIndirectParamW
CreatePopupMenu
LoadCursorA
ShowCursor

kernel32

GlobalFlags
GetLocaleInfoW
CreateRemoteThread
SuspendThread
MoveFileA
GetVersionExW
GlobalCompact
GetSystemWindowsDirectoryA
OpenEventW
HeapWalk
DeviceIoControl
GlobalFindAtomW
CreateFileMappingW
GetCurrentDirectoryW
GetStringTypeExW
GlobalAddAtomA
GlobalAddAtomW
IsValidLanguageGroup
SetErrorMode
SetFileTime
GetTempPathA
CreateSemaphoreA
lstrcatW
lstrcpyA
LoadLibraryExA
FormatMessageW
GetModuleHandleW
HeapAlloc
AreFileApisANSI
GetUserDefaultLangID
CreateEventW
LeaveCriticalSection
VerSetConditionMask
OpenSemaphoreW
MulDiv
CreateSemaphoreW
GlobalReAlloc
VirtualAlloc
CompareFileTime
CreateNamedPipeA
RaiseException
LocalLock
SetCurrentDirectoryA
GetModuleFileNameA
RemoveDirectoryA
IsValidLocale
GetStartupInfoA
IsBadReadPtr
SetTimerQueueTimer
FormatMessageA
GlobalMemoryStatus
ClearCommBreak
GetCommTimeouts
GetLongPathNameW
HeapCreate

msvcrt

wcstoul
_controlfp
iswxdigit
iswdigit
calloc
strtol
wcscmp
isupper
fprintf
wcscat
system
wcstod
fseek
__set_app_type
malloc
perror
wcsstr
mbtowc
strncpy
rand
__p__fmode
__p__commode
sprintf
isalpha
atoi
swscanf
strspn
strerror
_amsg_exit
wcslen
clearerr
islower
_initterm
_ismbblead
vswprintf
_XcptFilter
srand
_exit
fwrite
_cexit
__setusermatherr
memset
free
towlower
floor
time
__getmainargs
fputs
fputc

shlwapi

PathIsUNCA

Exports

Exports

?ForwardControlItem@@YGK_KK:O

Sections

.itext
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ips1
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ips2
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.read
Size: 1024B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ips3
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ips4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

f9fd9fd22788b7616e4ebf40a1b7a50c

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

msvcrt

shlwapi

Exports

Exports

Sections

.itext Size: 21KB - Virtual size: 21KB

.ips1 Size: 6KB - Virtual size: 5KB

.ips2 Size: 512B - Virtual size: 88B

.read Size: 1024B - Virtual size: 16KB

.ips3 Size: 512B - Virtual size: 192B

.data Size: 3KB - Virtual size: 2KB

.ips4 Size: 2KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

.itext
Size: 21KB - Virtual size: 21KB

.ips1
Size: 6KB - Virtual size: 5KB

.ips2
Size: 512B - Virtual size: 88B

.read
Size: 1024B - Virtual size: 16KB

.ips3
Size: 512B - Virtual size: 192B

.data
Size: 3KB - Virtual size: 2KB

.ips4
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB