f9c767c81a18d598e3b24c17f89b1ad8979377e2fa0e3cbc5b9bcb30344b6b93

Sharing

Copy URL Twitter E-mail

General

Target

f9c767c81a18d598e3b24c17f89b1ad8979377e2fa0e3cbc5b9bcb30344b6b93
Size

92KB
MD5

396cb7afdca15eaccc289649fd857cb4
SHA1

56d9357f70e94712139ffa645ca092abf6ee0c3c
SHA256

f9c767c81a18d598e3b24c17f89b1ad8979377e2fa0e3cbc5b9bcb30344b6b93
SHA512

bda82808ec274ce37d89af9cde527bbf0ba21f27f1aa8cfde41f0c3006eb121498b214b39989f245db12847810b37170b0c83303e183cb2c3e0ee87543b90452
SSDEEP

1536:5DhunkXqhIjsm9NY3fvu+6frSj9ZkRyX9UvB9WEpyEuGi/Sj2yYrPaDJx0TaCZT2:lhunNIjh3Y3uVfCUvmEa1/v9Ica

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9c767c81a18d598e3b24c17f89b1ad8979377e2fa0e3cbc5b9bcb30344b6b93

Files

f9c767c81a18d598e3b24c17f89b1ad8979377e2fa0e3cbc5b9bcb30344b6b93
.exe windows:5 windows x86 arch:x86

244683b1694e52d06d621f1e23fb1f0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsQuery_A
DnsFree

secur32

ApplyControlToken
InitializeSecurityContextA
DecryptMessage
EncryptMessage
AcquireCredentialsHandleW
FreeContextBuffer
QueryContextAttributesA
DeleteSecurityContext
FreeCredentialsHandle
InitializeSecurityContextW

shell32

SHGetFileInfoA
ShellExecuteA
SHGetSpecialFolderPathW

wininet

InternetQueryDataAvailable
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
HttpQueryInfoW
InternetQueryOptionW
InternetCloseHandle
InternetReadFile

shlwapi

PathAppendW
StrStrIA
PathAppendA
PathFindExtensionA

ws2_32

closesocket
connect
htons
send
WSAStartup
WSACleanup
inet_addr
inet_ntoa
WSAGetLastError
recv
setsockopt
ioctlsocket
select
ntohs
gethostbyname
sendto
getpeername
socket

msvcrt

strncat
isalnum
vsprintf
strrchr
toupper
_stricmp
strncmp
memmove
isxdigit
_strnicmp
??2@YAPAXI@Z
_snwprintf
strchr
strtok
_vsnprintf
_wcsnicmp
_memicmp
strncpy
sprintf
_snprintf
printf
_strcmpi
sscanf
atoi
??3@YAXPAX@Z
wcsrchr
strstr
wcsstr
memset

kernel32

GetModuleFileNameA
GetWindowsDirectoryA
OpenMutexA
GetLogicalDriveStringsA
CreateDirectoryA
GetFileSize
LockFile
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
CopyFileW
FlushFileBuffers
GetLocaleInfoA
GetVolumeInformationW
lstrcatA
CreateProcessW
VirtualAlloc
DeviceIoControl
SetFilePointer
lstrcpynA
LocalAlloc
LocalFree
lstrcpyW
ExitProcess
SetFileAttributesA
DeleteFileA
lstrcpynW
lstrcatW
GetTempFileNameW
DeleteFileW
GetWindowsDirectoryW
CreateThread
InterlockedCompareExchange
GetModuleFileNameW
GetVersionExA
CreateMutexA
UnmapViewOfFile
InterlockedIncrement
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
ReleaseMutex
WaitForSingleObject
OpenProcess
CreateRemoteThread
IsWow64Process
VirtualAllocEx
VirtualFreeEx
CreateFileA
WaitForMultipleObjects
GetOverlappedResult
DisconnectNamedPipe
lstrcpyA
MoveFileExA
lstrcmpA
WideCharToMultiByte
MoveFileExW
lstrcmpW
ExitThread
MultiByteToWideChar
GetFileAttributesA
SetFileAttributesW
GetFileAttributesW
CloseHandle
SetFileTime
CreateFileW
GetFileTime
GetSystemTimeAsFileTime
WriteFile
GetModuleHandleW
GetLastError
ReadFile
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
HeapSize
HeapReAlloc
lstrlenA
Sleep
WriteProcessMemory
ReadProcessMemory
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
ConnectNamedPipe
CreateNamedPipeA
CreateEventA

user32

RegisterClassExA
CreateWindowExA
RegisterDeviceNotificationA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
wsprintfW
wvsprintfA
MessageBoxA

advapi32

RegSetValueExW
CryptDestroyHash
CryptHashData
RegOpenKeyExA
RegSetValueExA
RegNotifyChangeKeyValue
RegCreateKeyExW
CryptGetHashParam
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext

ole32

CoInitialize
CoCreateInstance

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

244683b1694e52d06d621f1e23fb1f0c

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

secur32

shell32

wininet

shlwapi

ws2_32

msvcrt

kernel32

user32

advapi32

ole32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 7KB - Virtual size: 218KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 7KB - Virtual size: 218KB

.reloc
Size: 7KB - Virtual size: 6KB