97d44e419b450e915e31d404e93a7fe7138534c627428c4438479b58698ccb3d

Sharing

Copy URL

Twitter E-mail

General

Target

97d44e419b450e915e31d404e93a7fe7138534c627428c4438479b58698ccb3d
Size

24.9MB
MD5

ceaffefd82d292bfc5d3d2c0c6e69e63
SHA1

5a839abc794b23f0eef3e3ba9f71d8876910c5cb
SHA256

97d44e419b450e915e31d404e93a7fe7138534c627428c4438479b58698ccb3d
SHA512

507f69da8cecb1d65bb9646631b0630f2517ee927a3e8b5adbdd5bdd838051dfd0c414de0550e9e4464f037ece113d66a1cabdffc9370a267a153f3a8616b389
SSDEEP

786432:MtDCSjulG3JSNF/+g70/wYS91oZb+goPm:YeSKlG342gYoYS9M1oe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Install_01234.exe

Files

97d44e419b450e915e31d404e93a7fe7138534c627428c4438479b58698ccb3d
.zip
Install_01234.exe
.exe windows:6 windows x86 arch:x86

fabb8ba9aebfc0ce54e565b7b38d8b74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerifyVersionInfoW
FlushFileBuffers
CreateDirectoryA
GetThreadPriority
PeekNamedPipe
FreeEnvironmentStringsW
FindNextFileA
GetFileSizeEx
SetPriorityClass
LeaveCriticalSection
GetSystemInfo
SetThreadPriority
GetProcessHeap
InterlockedPushEntrySList
DeleteTimerQueueTimer
OutputDebugStringW
InitializeCriticalSection
EnumSystemLocalesW
DuplicateHandle
AcquireSRWLockExclusive
SetLastError
GetSystemDirectoryW
InterlockedPopEntrySList
GetLogicalDriveStringsW
SwitchToThread
WriteFile
TlsGetValue
LCMapStringW
RegisterWaitForSingleObject
RemoveDirectoryA
GetSystemTimeAsFileTime
GetTickCount
CreateFileA
SignalObjectAndWait
lstrlenA
GetVersionExW
Sleep
FindNextFileW
SetFileAttributesA
GetFileAttributesExW
GetLastError
InitializeCriticalSectionEx
LocalFree
GetTickCount64
HeapAlloc
GetCurrentThreadId
SetFilePointer
SetFileTime
GetFileType
FindFirstFileExW
ExitProcess
SetFileAttributesW
GetModuleHandleExW
GetThreadTimes
IsValidLocale
GetEnvironmentVariableA
HeapSize
GetTimeFormatW
InterlockedDecrement
InterlockedExchange
UnregisterWait
LoadLibraryA
GetProcessAffinityMask
GlobalUnlock
VerSetConditionMask
CreateDirectoryW
TlsAlloc
GetFileAttributesA
QueryPerformanceCounter
RaiseException
MoveFileExW
InitializeSListHead
RemoveDirectoryW
GlobalFree
ReadFile
FreeLibraryAndExitThread
GetNumaHighestNodeNumber
GetModuleHandleA
lstrcatA
InterlockedIncrement
FormatMessageA
ReleaseSRWLockExclusive
SetFilePointerEx
DeleteFileA
TlsFree
GetFileInformationByHandle
GetCommandLineW
GetModuleFileNameW
CreateTimerQueue
GetCurrentProcess
GetFileSize
GetCurrentDirectoryW
GetCPInfo
GlobalAlloc
QueryDepthSList
GetFileAttributesW
GlobalMemoryStatus
IsDebuggerPresent
SetThreadAffinityMask
CompareStringW
HeapReAlloc
GetModuleFileNameA
VirtualFree
GetVersionExA
TlsSetValue
LoadLibraryW
InitializeCriticalSectionAndSpinCount
CreateEventW
SetUnhandledExceptionFilter
RtlUnwind
LoadLibraryExW
WaitForSingleObjectEx
AreFileApisANSI
FreeLibrary
GetModuleHandleW
TerminateProcess
SleepEx
SetEvent
GetConsoleCP
ChangeTimerQueueTimer
GetProcAddress
InterlockedFlushSList
MoveFileA
MoveFileW
GetFullPathNameW
ReadConsoleW
GetStringTypeW
GetStdHandle
GetDriveTypeW
FindClose
CreateFileW
GetACP
CreateSemaphoreA
WaitForMultipleObjects
GetOEMCP
FileTimeToSystemTime
GetLogicalDriveStringsA
MultiByteToWideChar
ExitThread
UnregisterWaitEx
GetStartupInfoW
CompareFileTime
GetUserDefaultLCID
GetTimeZoneInformation
GlobalLock
GetDateFormatW
WriteConsoleW
SetEnvironmentVariableA
ResetEvent
GetCurrentDirectoryA
IsValidCodePage
FindFirstFileW
SetEndOfFile
CreateEventA
EncodePointer
GetCommandLineA
GetCurrentProcessId
GetEnvironmentStringsW
SetStdHandle
HeapFree
CreateThread
VirtualAlloc
GetVersion
ReleaseSemaphore
GetCurrentThread
CloseHandle
IsProcessorFeaturePresent
UnhandledExceptionFilter
DeleteFileW
FileTimeToLocalFileTime
WideCharToMultiByte
EnterCriticalSection
DeleteCriticalSection
CreateTimerQueueTimer
FindFirstFileA
WaitForSingleObject
VirtualProtect
QueryPerformanceFrequency
DecodePointer
FormatMessageW
CreateSemaphoreW
GetLocaleInfoW
GetConsoleMode

user32

wsprintfA
InvalidateRect
GetKeyState
ShowWindow
GetWindowRect
SetWindowTextA
MessageBoxA
GetDlgItem
EnableWindow
GetFocus
GetWindowTextW
MapDialogRect
EndDialog
SetWindowLongA
EmptyClipboard
GetWindowTextLengthW
MonitorFromWindow
MessageBoxW
OpenClipboard
SendMessageA
LoadStringW
SystemParametersInfoA
DialogBoxParamW
CloseClipboard
ScreenToClient
GetWindowTextA
LoadIconA
GetWindowTextLengthA
IsDlgButtonChecked
SendMessageW
LoadCursorA
SetTimer
KillTimer
CharUpperA
SetClipboardData
SetCursor
LoadStringA
GetParent
GetWindowLongA
SetFocus
SetWindowTextW
CheckDlgButton
PostMessageA
MoveWindow
CharUpperW
GetMonitorInfoA
DialogBoxParamA

advapi32

CryptDestroyHash
CryptCreateHash
CryptAcquireContextW
CryptImportKey
CryptEncrypt
CryptHashData
CryptGetHashParam
CryptReleaseContext
CloseServiceHandle
CryptDestroyKey

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
VariantClear
SysAllocString
SysAllocStringLen

bcrypt

BCryptGenRandom

crypt32

CertFreeCertificateChain
CryptDecodeObjectEx
CryptStringToBinaryW
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertGetNameStringW
CertOpenStore
CertFindExtension
CertFreeCertificateChainEngine
CertFindCertificateInStore
CertGetCertificateChain
CertFreeCertificateContext
CryptQueryObject
PFXImportCertStore

wldap32

ord26
ord145
ord219
ord46
ord14
ord216
ord73
ord208
ord41
ord117
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301

ws2_32

WSASetLastError
getsockopt
send
WSAIoctl
freeaddrinfo
WSAEventSelect
WSACloseEvent
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
ntohs
gethostname
WSAStartup
WSACleanup
setsockopt
getaddrinfo
htons
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
socket
WSAEnumNetworkEvents
WSACreateEvent
recvfrom
sendto
getpeername
ioctlsocket

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fabb8ba9aebfc0ce54e565b7b38d8b74

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.5MB - Virtual size: 6.5MB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 15KB - Virtual size: 49KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 117KB - Virtual size: 116KB

.text
Size: 6.5MB - Virtual size: 6.5MB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 15KB - Virtual size: 49KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 117KB - Virtual size: 116KB