4369f7addc4af0f6040fe6bef5afbdd4404d7e97b9a59e6a22c0ac79ca37e971

Sharing

Copy URL

Twitter E-mail

General

Target

4369f7addc4af0f6040fe6bef5afbdd4404d7e97b9a59e6a22c0ac79ca37e971
Size

24.6MB
MD5

49114cc2bca2bb4c652116fa7a3acbf3
SHA1

4062c559315ff3dcfe2ddb0e418d92b9cacc7edd
SHA256

4369f7addc4af0f6040fe6bef5afbdd4404d7e97b9a59e6a22c0ac79ca37e971
SHA512

e58b3dd12e7961ac1e0f77490f8d382a0a96c7a0989c69b2314526eb7b69fa680e18b28d7f54ed61b32824c423ceac817a08e70ad4b2762e7c4341a8b874d49c
SSDEEP

393216:jcU247x2I47MM67dV4abweggY2X8zcqDWFOQDFuGCgCTX7FG4lNHnCVZss:Px2NMMQ6aseRqaYgCTX7FGtZT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup_02027.exe

Files

4369f7addc4af0f6040fe6bef5afbdd4404d7e97b9a59e6a22c0ac79ca37e971
.zip
Setup_02027.exe
.exe windows:6 windows x86 arch:x86

7e201b1dee6314ca5ea4f9c1b1df651a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidLocale
ExitThread
GetConsoleCP
LoadLibraryW
GetACP
GetNumaHighestNodeNumber
EncodePointer
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetSystemInfo
GetTimeZoneInformation
VirtualAlloc
SetLastError
CreateEventA
WriteFile
WaitForSingleObjectEx
QueryPerformanceCounter
CreateFileA
DeleteTimerQueueTimer
FormatMessageW
ChangeTimerQueueTimer
UnregisterWait
GetUserDefaultLCID
GetConsoleMode
SetFilePointerEx
GetVersionExA
SetEvent
OutputDebugStringW
InterlockedPushEntrySList
GetLogicalDriveStringsA
LCMapStringW
SetEndOfFile
GetFullPathNameW
IsProcessorFeaturePresent
RemoveDirectoryW
SetThreadPriority
GetModuleFileNameW
FindFirstFileW
GetFileAttributesW
GetStringTypeW
WaitForSingleObject
GetStdHandle
GetProcessAffinityMask
LoadLibraryExW
MoveFileExW
GetLogicalDriveStringsW
InterlockedDecrement
ReleaseSemaphore
VirtualProtect
FreeLibrary
InterlockedExchange
GetCurrentDirectoryW
GetCurrentProcessId
GetVersionExW
GetDriveTypeW
InitializeSListHead
GetFileType
QueryPerformanceFrequency
CreateTimerQueue
GetTickCount
HeapAlloc
MultiByteToWideChar
GetTimeFormatW
SetPriorityClass
CreateFileW
GlobalMemoryStatus
FileTimeToLocalFileTime
HeapFree
IsValidCodePage
CreateSemaphoreA
GetProcessHeap
lstrlenA
FindNextFileA
GlobalAlloc
GetLocaleInfoW
ResetEvent
LoadLibraryA
UnregisterWaitEx
InterlockedPopEntrySList
PeekNamedPipe
ReadConsoleW
CreateDirectoryW
FreeLibraryAndExitThread
MoveFileA
GetModuleHandleA
GetLastError
EnterCriticalSection
SetUnhandledExceptionFilter
SetFileAttributesA
GlobalFree
VirtualFree
TlsGetValue
HeapSize
FindClose
ReleaseSRWLockExclusive
SetEnvironmentVariableA
GetTickCount64
VerSetConditionMask
InitializeCriticalSection
RegisterWaitForSingleObject
GetFileInformationByHandle
GetThreadPriority
FreeEnvironmentStringsW
AcquireSRWLockExclusive
GetModuleHandleW
QueryDepthSList
GetCurrentThreadId
CreateTimerQueueTimer
RaiseException
GetFileAttributesA
FindFirstFileA
CreateEventW
FindFirstFileExW
SetFileAttributesW
IsDebuggerPresent
DeleteFileA
WriteConsoleW
GetEnvironmentStringsW
GetModuleFileNameA
InitializeCriticalSectionEx
EnumSystemLocalesW
SetFilePointer
GetSystemDirectoryW
GetFileAttributesExW
WideCharToMultiByte
GlobalLock
GetModuleHandleExW
CloseHandle
TlsAlloc
FileTimeToSystemTime
SleepEx
DecodePointer
FlushFileBuffers
Sleep
GetCommandLineA
InterlockedFlushSList
GetDateFormatW
CompareStringW
GetProcAddress
UnhandledExceptionFilter
RtlUnwind
DeleteFileW
FindNextFileW
GetCurrentDirectoryA
GlobalUnlock
TerminateProcess
VerifyVersionInfoW
DuplicateHandle
LocalFree
GetVersion
GetOEMCP
GetCPInfo
SignalObjectAndWait
ExitProcess
GetCommandLineW
InterlockedIncrement
SetStdHandle
CreateDirectoryA
CompareFileTime
WaitForMultipleObjects
SwitchToThread
GetSystemTimeAsFileTime
TlsSetValue
GetEnvironmentVariableA
GetFileSize
SetThreadAffinityMask
AreFileApisANSI
HeapReAlloc
GetCurrentProcess
GetThreadTimes
GetCurrentThread
lstrcatA
DeleteCriticalSection
GetFileSizeEx
GetStartupInfoW
ReadFile
RemoveDirectoryA
TlsFree
CreateThread
SetFileTime
MoveFileW
CreateSemaphoreW
FormatMessageA

user32

DialogBoxParamA
GetFocus
GetWindowTextA
EndDialog
GetMonitorInfoA
IsDlgButtonChecked
SetWindowLongA
CloseClipboard
MessageBoxW
DialogBoxParamW
GetDlgItem
SetWindowTextW
MonitorFromWindow
CharUpperW
SystemParametersInfoA
GetKeyState
LoadIconA
LoadStringW
SendMessageW
SetTimer
LoadCursorA
MoveWindow
SendMessageA
SetFocus
MessageBoxA
KillTimer
GetWindowTextW
MapDialogRect
LoadStringA
GetWindowRect
CharUpperA
InvalidateRect
GetParent
SetWindowTextA
CheckDlgButton
GetWindowLongA
PostMessageA
GetWindowTextLengthW
ShowWindow
EnableWindow
SetClipboardData
ScreenToClient
GetWindowTextLengthA
EmptyClipboard
SetCursor
wsprintfA
OpenClipboard

advapi32

CryptHashData
CryptReleaseContext
CryptDestroyHash
CloseServiceHandle
CryptImportKey
CryptGetHashParam
CryptAcquireContextW
CryptEncrypt
CryptDestroyKey
CryptCreateHash

shell32

SHGetFileInfoA
SHGetSpecialFolderPathW
SHGetPathFromIDListA
SHBrowseForFolderA

ole32

CoTaskMemFree
OleInitialize
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysStringLen
SysFreeString
VariantClear
SysAllocString
SysAllocStringLen

bcrypt

BCryptGenRandom

crypt32

CertAddCertificateContextToStore
CryptQueryObject
CryptStringToBinaryW
CertGetNameStringW
PFXImportCertStore
CertEnumCertificatesInStore
CertFreeCertificateChainEngine
CertCloseStore
CertFreeCertificateChain
CertFreeCertificateContext
CertFindExtension
CertOpenStore
CertCreateCertificateChainEngine
CryptDecodeObjectEx
CertGetCertificateChain
CertFindCertificateInStore

wldap32

ord26
ord145
ord219
ord46
ord14
ord216
ord73
ord208
ord41
ord117
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301

ws2_32

WSASetLastError
getsockopt
send
freeaddrinfo
WSAIoctl
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
closesocket
WSAGetLastError
ntohs
gethostname
WSAStartup
WSACleanup
setsockopt
WSAResetEvent
htons
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
socket
getaddrinfo
WSAWaitForMultipleEvents
recvfrom
sendto
getpeername
ioctlsocket

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e201b1dee6314ca5ea4f9c1b1df651a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 244KB - Virtual size: 243KB

.data Size: 15KB - Virtual size: 49KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 118KB - Virtual size: 118KB

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 244KB - Virtual size: 243KB

.data
Size: 15KB - Virtual size: 49KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 118KB - Virtual size: 118KB