fb5f3e5d536b2f4c67de597823b0d20b0920b17de550bf5961c5a2cb84a309fa

Sharing

Copy URL Twitter E-mail

General

Target

fb5f3e5d536b2f4c67de597823b0d20b0920b17de550bf5961c5a2cb84a309fa
Size

2.4MB
MD5

3814ac255a2e85975ff05ef1d2b8e949
SHA1

85aa5f1bcd42905ff58a61e3452d094c747d4341
SHA256

fb5f3e5d536b2f4c67de597823b0d20b0920b17de550bf5961c5a2cb84a309fa
SHA512

eaaac3b941098be05843dbab622819c99cde9378f5d3b9e9739d82940389825eaad7b7e5426de9dda46f1a5cb707fd015bfb7b41d7aa7c5a32446c3e4ae4f0fb
SSDEEP

49152:39xUimZJTc3rTO/cS9tyoF9iWDEynqneLl8hKbYZZ5l3N30bby:NxUiLW/c8b7DEyq4g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb5f3e5d536b2f4c67de597823b0d20b0920b17de550bf5961c5a2cb84a309fa

Files

fb5f3e5d536b2f4c67de597823b0d20b0920b17de550bf5961c5a2cb84a309fa
.exe windows:5 windows x86 arch:x86

9ca27f0141464082ea63af4f4335606d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\phoenix\CPP\zipk\Release\phoenix.pdb

Imports

kernel32

InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
lstrcmpA
FormatMessageW
FlushFileBuffers
TlsAlloc
GetVersionExA
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
CompareStringA
TlsSetValue
LocalReAlloc
TlsFree
CompareStringW
GlobalFlags
SuspendThread
GlobalAddAtomW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
GetFileAttributesExW
lstrcatW
GetFileSizeEx
ReplaceFileW
lstrcpynW
SetFileTime
SetEndOfFile
MoveFileWithProgressW
GetExitCodeProcess
GetTempFileNameW
CreateEventW
ResetEvent
SetEvent
FileTimeToLocalFileTime
GetFileTime
GetCurrentDirectoryW
FileTimeToSystemTime
FindFirstFileW
GetCurrentThreadId
lstrcmpW
GetFileAttributesW
SetUnhandledExceptionFilter
SetErrorMode
GetComputerNameW
QueryDosDeviceW
OutputDebugStringW
MulDiv
ReleaseMutex
CreateMutexW
FindNextFileW
RemoveDirectoryW
FindClose
GetSystemDefaultLCID
FindFirstFileExW
lstrcpyA
lstrcmpiW
MultiByteToWideChar
lstrlenA
GetProcessTimes
LocalFree
DuplicateHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
SetLastError
OpenProcess
GetWindowsDirectoryW
LockResource
TerminateProcess
GetSystemTimeAsFileTime
CreateDirectoryW
ExitProcess
LoadLibraryW
FreeLibrary
SetFilePointerEx
ResumeThread
WriteProcessMemory
GetTempPathA
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
GetCurrentThread
WaitForSingleObject
CreateProcessW
LocalAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
HeapAlloc
InterlockedIncrement
OutputDebugStringA
DeviceIoControl
lstrlenW
GetVolumeInformationA
WideCharToMultiByte
InterlockedDecrement
CreateFileA
LocalFileTimeToFileTime
GetSystemTime
DeleteFileW
GetLocalTime
GetLongPathNameW
GetTempPathW
ReadFile
CompareFileTime
SystemTimeToFileTime
CreateFileW
WriteFile
SetFilePointer
GetFileSize
GetCurrentProcessId
CloseHandle
CreateFileMappingW
GetProcAddress
GetLastError
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetVersionExW
GetSystemDirectoryW
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
GlobalFree
GlobalUnlock
GetModuleFileNameW
SizeofResource
GlobalAlloc
GlobalLock
LoadResource
FindResourceW
Sleep
GetTickCount
GetModuleHandleA
GetThreadContext
SetThreadContext
FlushInstructionCache
InterlockedCompareExchange
VirtualQueryEx
ReadProcessMemory
VirtualProtectEx
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStartupInfoA
SetHandleCount
LCMapStringA
GetModuleFileNameA
GetStdHandle
VirtualFree
HeapCreate
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
VirtualQuery
VirtualAlloc
VirtualProtect
RaiseException
RtlUnwind
GetStartupInfoW
GetFileType
SetCurrentDirectoryW
SetEnvironmentVariableW
HeapReAlloc
CreateThread
ExitThread

user32

SetWindowPlacement
CheckMenuItem
CreateDialogParamW
SetWindowPos
EnableMenuItem
GetParent
LoadAcceleratorsW
DrawTextW
PostMessageW
CloseWindow
SetLayeredWindowAttributes
DrawTextExW
GetMenu
RegisterClassExW
DestroyWindow
DispatchMessageW
SetMenuItemInfoW
GetCursorPos
LoadMenuW
TranslateMessage
LoadIconW
GetWindowPlacement
AdjustWindowRectEx
UpdateWindow
EnableWindow
CloseClipboard
GetWindowRect
GetSubMenu
TrackPopupMenu
PostQuitMessage
GetMessageW
IsZoomed
FindWindowW
GetWindowTextW
EmptyClipboard
OpenClipboard
EndPaint
wsprintfW
GetWindowThreadProcessId
SetDlgItemTextA
SetWindowTextW
GetDlgItemTextA
SetDlgItemTextW
MessageBoxW
EndDialog
GetDlgItem
GetForegroundWindow
GetMenuItemCount
GetMenuItemID
GetMenuState
IsWindowEnabled
GetLastActivePopup
UnhookWindowsHookEx
GetSysColorBrush
GetSysColor
ReleaseDC
GetClassNameW
GetDlgCtrlID
ClientToScreen
SetFocus
GetFocus
IsWindow
ValidateRect
PeekMessageW
GetKeyState
CallNextHookEx
SetWindowsHookExW
TabbedTextOutW
GrayStringW
IsIconic
SystemParametersInfoA
CopyRect
RegisterClassW
GetClassInfoW
GetClassInfoExW
SetMenu
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
WinHelpW
RegisterWindowMessageW
ModifyMenuW
WaitForInputIdle
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
DestroyMenu
IsWindowVisible
SendMessageW
GetWindow
FindWindowExW
GetSystemMetrics
SetTimer
KillTimer
SetForegroundWindow
ShowWindow
MoveWindow
DefWindowProcW
CallWindowProcW
ReleaseCapture
CreateWindowExW
SetWindowLongW
GetWindowLongW
InvalidateRect
GetDC
PtInRect
BeginPaint
GetClientRect
LoadCursorW
SetCapture
SetCursor
LoadBitmapW
DialogBoxParamW

gdi32

GetClipBox
SetMapMode
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateFontW
StretchBlt
EndPage
StartPage
GetDeviceCaps
CreateDCW
StartDocW
EndDoc
SetTextColor
CreateFontIndirectW
SetBkMode
Rectangle
GetStockObject
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
SetBkColor
RestoreDC
SaveDC
CreateSolidBrush

winspool.drv

ord203
ClosePrinter
DocumentPropertiesW
EnumPrintersW
DeviceCapabilitiesW
OpenPrinterW

comdlg32

GetOpenFileNameW

advapi32

RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
GetTokenInformation
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
AllocateAndInitializeSid
AddAccessAllowedAce
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclW
IsValidSid
FreeSid
GetSecurityDescriptorSacl
GetLengthSid
SetSecurityDescriptorSacl
LookupPrivilegeValueW
SetSecurityInfo
AdjustTokenPrivileges
GetUserNameW

shell32

DragFinish
DragQueryFileW
ShellExecuteW
SHGetFileInfoW
SHFileOperationW
ord74
ShellExecuteExW
SHGetFolderPathW

ole32

CLSIDFromString
OleRun
CoUninitialize
CLSIDFromProgID
CoInitializeEx
CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance
ReleaseStgMedium
OleDuplicateData
CoInitialize
StringFromCLSID
OleInitialize
OleUninitialize
DoDragDrop
CoTaskMemFree

oleaut32

GetActiveObject
VariantClear
SysStringLen
VariantChangeType
SysAllocString
VariantInit
SysFreeString
SysAllocStringLen

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
CreateToolbarEx
ImageList_Add
ord17

shlwapi

PathUnquoteSpacesW
PathAddExtensionW
PathRemoveFileSpecW
PathRemoveExtensionW
ord219
PathQuoteSpacesW

wininet

HttpSendRequestW
InternetSetOptionW
HttpOpenRequestA
InternetCloseHandle
InternetOpenUrlW
InternetConnectA
InternetReadFile
InternetQueryOptionW
InternetOpenW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

setupapi

CM_Get_Device_IDW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
CM_Get_Parent

ws2_32

WSACleanup
WSAStartup
inet_ntoa
gethostname
gethostbyname

secur32

GetUserNameExW

gdiplus

GdipLoadImageFromStream
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipDeleteGraphics
GdipDrawImageRectI
GdipLoadImageFromFile
GdipCreateSolidFill
GdipAlloc
GdipDisposeImage
GdipDrawString
GdipCreateFromHDC
GdipFillRectangleI
GdipCloneImage
GdipGetImageHeight
GdipImageRotateFlip
GdipGetImageWidth
GdipDeletePen
GdipDrawPath
GdipSetSmoothingMode
GdipClosePathFigure
GdipAddPathArcI
GdipDeletePath
GdipFillPath
GdipCreatePath
GdipCreatePen1
GdipGetDpiY
GdipGetDpiX
GdipSetPageUnit
GdipDrawImageRect
GdipDrawLineI
GdipDrawRectangleI
GdiplusShutdown
GdipGetFontStyle
GdipGetPathWorldBoundsI
GdipGetFamily
GdipGetImageThumbnail
GdipDeleteFontFamily
GdipCreateFont
GdipAddPathStringI
GdipGetFontSize
GdipCreateHBITMAPFromBitmap
GdipCreateFontFamilyFromName
GdiplusStartup
GdipSetSolidFillColor

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 445KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ca27f0141464082ea63af4f4335606d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

wininet

version

setupapi

ws2_32

secur32

gdiplus

oleacc

Sections

.text Size: 445KB - Virtual size: 444KB

.rdata Size: 105KB - Virtual size: 104KB

.data Size: 32KB - Virtual size: 60KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 445KB - Virtual size: 444KB

.rdata
Size: 105KB - Virtual size: 104KB

.data
Size: 32KB - Virtual size: 60KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 54KB - Virtual size: 53KB