620c95345d21142e1f2941eea8a398d66357b856554132d985e50e945a461c8c

Sharing

Copy URL

Twitter E-mail

General

Target

620c95345d21142e1f2941eea8a398d66357b856554132d985e50e945a461c8c
Size

629KB
MD5

8baf624e9c813927d217c1bc949bca98
SHA1

c5d409928b57ab79eb8a0e9de139d1d755e5e01d
SHA256

620c95345d21142e1f2941eea8a398d66357b856554132d985e50e945a461c8c
SHA512

394a56d752ad027edbe81e20bbb7161cff4be664b0f24b91060acc7168e4a849bd9f9e0fb4c85edc9cc206ffa2840d00aaeff5a1c289cd8881114f39bdc8a74e
SSDEEP

12288:QYW3jRKDVF5jz7yAhwDYtmaF0TjklTP7C3fZM4LrCoUdvifnfv:Q1jRy+AhwDYtma4gTP7C3fZM4vClwfnH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
620c95345d21142e1f2941eea8a398d66357b856554132d985e50e945a461c8c

Files

620c95345d21142e1f2941eea8a398d66357b856554132d985e50e945a461c8c
.exe windows:5 windows x86 arch:x86

a10272f036ffac7fbe5f688e2c281ee2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidToStringW
RpcStringFreeW

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

shlwapi

PathFindFileNameW
SHEnumValueW
SHDeleteKeyW
SHGetValueW
SHSetValueW
SHDeleteValueW

kernel32

CreateEventA
CloseHandle
SetEvent
GetProcessHeap
HeapAlloc
HeapFree
CreateFileW
FindFirstFileW
GetModuleFileNameW
GetTempPathW
GetLastError
FindClose
RemoveDirectoryW
FindNextFileW
GetCommandLineW
CopyFileW
ReleaseSemaphore
CreateSemaphoreA
Sleep
GetVersionExW
InterlockedIncrement
InterlockedDecrement
CreateDirectoryW
OutputDebugStringA
CreateMutexW
CreateProcessW
GetCurrentThread
OpenProcess
GetCurrentProcess
TerminateProcess
SetLastError
GetProcAddress
Process32FirstW
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
GetCurrentProcessId
FreeResource
FindResourceW
LoadResource
SizeofResource
LockResource
CreateFileA
WaitForSingleObject
WriteFile
ReadFile
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
InitializeCriticalSection
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
InterlockedExchange
FreeLibrary
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
LoadLibraryW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStringTypeW
LCMapStringW
FlushFileBuffers
HeapCreate
GetTimeZoneInformation
GetLocaleInfoW
ExitProcess
HeapSize
GetCurrentThreadId
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
ResetEvent
OpenEventA
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
FormatMessageA
CreateThread
GetTimeFormatA
GetDateFormatA
ExitThread
SetFilePointer
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
GetConsoleMode
GetConsoleCP
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetFileType
WriteConsoleW
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
DeleteFileW
DecodePointer
EncodePointer

user32

GetSystemMetrics
DefWindowProcW
DispatchMessageW
SetWindowLongW
GetWindowRect
SetForegroundWindow
RegisterClassExW
LoadIconW
BringWindowToTop
SetWindowPos
ShowWindow
CreateWindowExW
SwitchToThisWindow
DestroyIcon
GetWindowThreadProcessId
GetShellWindow
DestroyWindow
SendDlgItemMessageW
CreateDialogParamW
IsWindow
SetWindowTextW
ReleaseCapture
SendMessageW
GetClientRect
GetMessageW
PostQuitMessage
PostMessageW
TranslateMessage
GetWindowLongW

gdi32

GetStockObject

advapi32

DuplicateTokenEx
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
GetSidSubAuthority
OpenProcessToken

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize
OleSetContainedObject
CoCreateGuid
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

wininet

InternetConnectW
InternetReadFile
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
InternetOpenW
InternetCrackUrlW

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a10272f036ffac7fbe5f688e2c281ee2

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

imagehlp

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

Sections

.text Size: 369KB - Virtual size: 368KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 15KB - Virtual size: 24KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 152KB - Virtual size: 152KB

.text
Size: 369KB - Virtual size: 368KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 15KB - Virtual size: 24KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 152KB - Virtual size: 152KB