1[.]jpg | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

1.jpg
Size

1.3MB
MD5

65d67bf0ca6d16df1eda6b9dd92cf354
SHA1

fb7bab2d0563f90fbd93f630e0a07405c9705f8f
SHA256

2c376c69255d3445a86e8e1966c75e69a95ba95ab2fe15cca3f0c0ae1d18a797
SHA512

4469c3bc5ece1c28d6cc69c2f68ae2c8b64ea11e2574db65cce742dda386e0ac86ab5e702a5198a5d764357631dc8db1836bd4b9ba4d945d15d496b7eb3728c7
SSDEEP

24576:Kp5Im3s642K88NromMZHAPgBFfozRV/zA/+CD/+l1FHrXXBdS7zGe:Kwm3s64t8iMmMePgBFAzvk/n/+lDddqJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AutoHotkey.exe

Files

1.jpg
.zip
AutoHotkey
AutoHotkey.exe
.exe windows:5 windows x86 arch:x86

04bf5855f4755593dc2ed9be3fc3f1b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ntohs
inet_addr
htonl
getservbyname
htons
WSAGetLastError
gethostbyname
ioctlsocket
WSASetLastError
getservbyport
gethostname
shutdown
WSACleanup
closesocket
connect
socket
WSAStartup
send
recv
WSAAsyncSelect
inet_ntoa
gethostbyaddr

winmm

mixerClose
mixerGetLineControlsA
mixerGetLineInfoA
mixerSetControlDetails
waveOutGetVolume
waveOutSetVolume
mixerGetDevCapsA
mixerOpen
mixerGetControlDetailsA
mciSendStringA
joyGetDevCapsA
joyGetPosEx

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

comctl32

ImageList_Destroy
ImageList_Create
ImageList_GetIconSize
InitCommonControlsEx
ImageList_ReplaceIcon
ord6
ImageList_AddMasked

psapi

GetModuleBaseNameA
GetModuleFileNameExA

kernel32

GetProcAddress
FreeLibrary
WideCharToMultiByte
OutputDebugStringA
GetCurrentThreadId
GetEnvironmentVariableA
lstrcmpiA
CreateThread
SetThreadPriority
GetExitCodeThread
CloseHandle
CreateMutexA
GetLastError
GetModuleHandleA
GetVersionExW
DeleteCriticalSection
GetModuleFileNameA
GetFileAttributesA
GetFullPathNameA
GetSystemTimeAsFileTime
FindFirstFileA
FindNextFileA
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableA
Beep
MoveFileA
CreateProcessA
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetLocalTime
GetDateFormatA
GetTimeFormatA
GetDiskFreeSpaceA
SetVolumeLabelA
CreateFileA
DeviceIoControl
GetDriveTypeA
GetVolumeInformationA
LoadLibraryA
ReadFile
GetACP
WriteFile
DeleteFileA
CopyFileA
SetFileAttributesA
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameA
GetWindowsDirectoryA
GetTempPathA
GetShortPathNameA
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceA
CompareStringA
RemoveDirectoryA
GetCurrentProcess
FormatMessageA
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
WritePrivateProfileSectionA
SetEndOfFile
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalSize
ExitProcess
HeapSize
HeapQueryInformation
GetCommandLineA
HeapSetInformation
GetStartupInfoW
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetSystemDirectoryA
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetCurrentDirectoryA
SetErrorMode
InitializeCriticalSection
GetCPInfo
SetCurrentDirectoryA
Sleep
GetTickCount
MulDiv
GetModuleHandleW
HeapFree
HeapAlloc
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
LoadLibraryW
RaiseException
SetHandleCount
GetStringTypeW
IsProcessorFeaturePresent
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapReAlloc
QueryPerformanceCounter
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetProcessHeap
CreateFileW
CreateDirectoryA
VirtualQuery

user32

GetSysColorBrush
DrawIconEx
FillRect
DefWindowProcA
SetForegroundWindow
DialogBoxParamA
SendDlgItemMessageA
GetDlgItem
SetDlgItemTextA
IsWindowEnabled
MessageBeep
ClientToScreen
GetCursor
GetLastInputInfo
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringA
ExitWindowsEx
SetMenu
FlashWindow
MapWindowPoints
RedrawWindow
SetParent
GetClassInfoExA
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongA
DefDlgProcA
CallWindowProcA
CheckRadioButton
IntersectRect
PtInRect
CreateAcceleratorTableA
DestroyAcceleratorTable
InsertMenuItemA
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoA
IsMenu
GetMenuItemInfoA
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuA
DestroyMenu
TrackPopupMenuEx
CreateIconIndirect
GetDesktopWindow
CopyImage
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetTopWindow
GetSysColor
DestroyWindow
IsCharAlphaA
MapVirtualKeyA
MapVirtualKeyExA
SetActiveWindow
GetWindowTextA
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
PostMessageW
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutA
UnhookWindowsHookEx
SetWindowsHookExA
PostThreadMessageA
IsCharUpperA
IsCharLowerA
IsCharAlphaNumericA
ToAsciiEx
GetKeyboardLayout
CallNextHookEx
CharLowerA
ReleaseDC
GetDC
MessageBoxA
OpenClipboard
GetClipboardData
GetClipboardFormatNameA
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageA
FindWindowA
EndDialog
IsWindow
DispatchMessageA
TranslateMessage
ShowWindow
CountClipboardFormats
SetWindowLongA
ScreenToClient
IsDialogMessageA
SendMessageA
GetWindowLongA
GetKeyState
TranslateAcceleratorA
KillTimer
PeekMessageA
GetFocus
RegisterWindowMessageA
IsIconic
IsZoomed
EnumWindows
GetWindowTextLengthA
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
SetFocus
GetGUIThreadInfo
GetClassNameA
GetWindowThreadProcessId
GetForegroundWindow
GetMessageA
SetTimer
GetParent
GetDlgCtrlID
CharUpperA
IsClipboardFormatAvailable
EnumChildWindows
MoveWindow
GetQueueStatus
GetWindowRect
GetClientRect
SystemParametersInfoA
AdjustWindowRectEx
DrawTextA
SetRect
GetIconInfo
SetWindowTextA
IsWindowVisible
GetMenu
CheckMenuItem
LoadImageA
ChangeClipboardChain
SetClipboardViewer
LoadAcceleratorsA
CreateWindowExA
RegisterClassExA
LoadCursorA
VkKeyScanExA
DestroyIcon
GetCursorPos

gdi32

GdiFlush
CreateDIBSection
EnumFontFamiliesExA
SetBkMode
GetCharABCWidthsA
GetClipBox
FillRgn
GetClipRgn
ExcludeClipRect
SetTextColor
SetBkColor
GetPixel
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectA
GetTextMetricsA
GetTextFaceA
SelectObject
GetStockObject
CreateDCA
CreateSolidBrush
CreateFontA
GetDeviceCaps
DeleteObject

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerA
GetUserNameA
RegEnumKeyExA
RegEnumValueA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegConnectRegistryA

shell32

DragQueryPoint
SHFileOperationA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathA
ShellExecuteExA
Shell_NotifyIconA
DragFinish
DragQueryFileA
ExtractIconA

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayGetUBound
OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayDestroy
VariantCopyInd
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString
SysStringLen
GetActiveObject

Sections

.text
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Execute.txt
Gettype.txt
Invoke.txt
NewPE2.txt
SMOSA.vbs
.vbs
getMethod.txt
load.txt
msg.txt
node.bat
.bat .vbs
run.js
.js .ps1
runpe.txt

Sharing

General

Malware Config

Signatures

Files

04bf5855f4755593dc2ed9be3fc3f1b6

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 656KB - Virtual size: 656KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 13KB - Virtual size: 38KB

.rsrc Size: 37KB - Virtual size: 37KB

.text
Size: 656KB - Virtual size: 656KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 13KB - Virtual size: 38KB

.rsrc
Size: 37KB - Virtual size: 37KB