1ca58b190191a81c920353a72c51524b1c091791b16ba893c5439730e8eade93

Sharing

Copy URL

Twitter E-mail

General

Target

1ca58b190191a81c920353a72c51524b1c091791b16ba893c5439730e8eade93
Size

772KB
MD5

f05c730948f625850cb358fc42d93353
SHA1

cce7f50816edbf66d79b423fba2f9be914a22c58
SHA256

1ca58b190191a81c920353a72c51524b1c091791b16ba893c5439730e8eade93
SHA512

f29d435793aee637651f95c9e111d53bd76bf43ed17fdccabe905ce5b10ec6df2a47023470758b68202d2d7b18381b99bac2c975fc33319afea536be1f6ac76b
SSDEEP

12288:Bxp5S0nPcJkCeBm28RCr2rq39MvZHTUElVOJuYGLqDS:fpUUweY2V2dvhHO4YGmu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ca58b190191a81c920353a72c51524b1c091791b16ba893c5439730e8eade93

Files

1ca58b190191a81c920353a72c51524b1c091791b16ba893c5439730e8eade93
.exe windows:5 windows x86 arch:x86

8d5fc215396e8ef026ed8fd0a7580909

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateProcessW
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
CopyFileW
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetACP
GetStdHandle
GlobalFree
ExitProcess
RtlUnwind
LocalFree
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
EncodePointer
GetStringTypeW
GlobalHandle
LoadLibraryExW
lstrcmpiW
FindNextFileW
GetFullPathNameW
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedDecrement
InterlockedIncrement
WriteFile
GetCurrentProcessId
DecodePointer
FindFirstFileW
CreateDirectoryW
FindClose
GetVersionExW
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetCurrentThreadId
RaiseException
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
FindResourceExW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
lstrlenW
GetTickCount
CloseHandle
ReadFile
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
LockResource
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
FreeLibrary
GetModuleHandleExW

user32

DialogBoxParamW
CheckDlgButton
IsDlgButtonChecked
CharLowerW
IsWindowEnabled
TranslateAcceleratorW
FillRect
DrawFrameControl
SendMessageW
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
GetMenu
SetMenu
GetMenuStringW
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
DeleteMenu
TrackPopupMenuEx
GetMenuItemInfoW
SetMenuItemInfoW
SetMenuDefaultItem
UpdateWindow
GetWindowDC
MessageBeep
WindowFromPoint
GetSysColorBrush
FrameRect
SetRectEmpty
InflateRect
OffsetRect
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CheckMenuRadioItem
LoadBitmapW
LoadStringA
SystemParametersInfoW
PostQuitMessage
CreateDialogIndirectParamW
IsZoomed
IsMenu
GetMessagePos
DrawEdge
LoadStringW
LoadImageW
LoadMenuW
GetSystemMetrics
LoadAcceleratorsW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowPos
IsWindowVisible
SetFocus
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
EnableWindow
GetDC
ReleaseDC
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowRect
MapDialogRect
IsDialogMessageW
GetClassNameW
GetSysColor
ClientToScreen
SetWindowContextHelpId
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
DestroyAcceleratorTable
CreateAcceleratorTableW
CharNextW
SendDlgItemMessageW
GetDlgItem
EndDialog
IsChild
PostMessageW
RegisterWindowMessageW
GetWindowThreadProcessId
MoveWindow
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
MapWindowPoints
MessageBoxW
DrawTextW
ModifyMenuW
SetDlgItemTextW
GetActiveWindow
LoadCursorW
GetDesktopWindow
SetWindowLongW
GetWindowLongW
PtInRect
ScreenToClient
GetCursorPos
SetCursor
MonitorFromPoint

gdi32

SetBrushOrgEx
CreateDIBSection
SetBkMode
SetBkColor
PatBlt
GetCurrentObject
CreatePatternBrush
CreateBitmap
GetObjectW
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
GetTextFaceW
GetTextMetricsW
GetStockObject
GetDeviceCaps
DeleteObject
CreateFontIndirectW
EnumFontsW
GetTextExtentPoint32W
DeleteDC
SetTextColor
CreateCompatibleDC
SelectObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
StringFromGUID2
CoGetClassObject
OleRun
CoTaskMemRealloc
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

GetErrorInfo
SysAllocString
VariantInit
VariantClear
SysAllocStringLen
SysFreeString
VarUI4FromStr
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
LoadTypeLi
SafeArrayDestroy
SysAllocStringByteLen
SysStringLen

shlwapi

PathFileExistsW
StrCpyNW
wnsprintfW
StrCpyW
StrCmpW
StrCatW
PathFindExtensionW
StrCmpNIW

comctl32

ImageList_GetImageCount
ImageList_Draw
ImageList_Create
InitCommonControlsEx
ImageList_AddMasked
ImageList_DrawIndirect
ImageList_LoadImageW
ord8
CreateStatusWindowW
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ImageList_Destroy

Sections

.text
Size: 581KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d5fc215396e8ef026ed8fd0a7580909

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 581KB - Virtual size: 580KB

.rdata Size: 145KB - Virtual size: 144KB

.data Size: 13KB - Virtual size: 17KB

.gfids Size: 512B - Virtual size: 416B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 581KB - Virtual size: 580KB

.rdata
Size: 145KB - Virtual size: 144KB

.data
Size: 13KB - Virtual size: 17KB

.gfids
Size: 512B - Virtual size: 416B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 31KB - Virtual size: 30KB