MischaV2[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

MischaV2.exe
Size

279KB
MD5

c8623aaa00f82b941122edef3b1852e3
SHA1

1785230107633bf908034ef0d5403367765bcafb
SHA256

ecc5cc62c8200954079191e586123522f88aa1414ae98908380176d75d2e7eab
SHA512

4223cdb0734ba3d9055503b73e1c69a94299c345c19aca52ef85d5eefcb7715756b8ebb92c9c462030d503af47653cd6182e1e14d04cc32309c6200db458b3d6
SSDEEP

6144:13hghT/p3pFlD0r5RZQa0cWhkt5yfx2NFreU6:lhgprDY7MhkQsh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MischaV2.exe

Files

MischaV2.exe
.exe windows:6 windows x86 arch:x86

f49f0205185750caf2c9a1ab85519307

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ScriptedSandbox32.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
LoadLibraryExW
GetProcAddress
SizeofResource
LockResource
LoadResource
FindResourceW
FlushInstructionCache
CompareStringOrdinal
RaiseFailFastException
CloseHandle
ReadFile
WriteFile
CreatePipe
CreateThread
OpenProcess
GetModuleHandleW
DecodePointer
SetEvent
GetTempPathW
GetTempFileNameW
ReadProcessMemory
CreateEventW
WaitForSingleObject
WaitForMultipleObjects
ExitProcess
GetCurrentProcessId
GetVersion
GetCurrentProcess
SetLastError
GetCurrentThreadId
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
RaiseException
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
FindResourceExW
FindAtomW
AddAtomW
LoadLibraryW
GetFileAttributesW
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReadConsoleW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileW
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
GetFileType
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetCommandLineW

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps

user32

CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
UnregisterClassW
IsWindow
IsChild
GetFocus
SetFocus
GetWindow
PostMessageW
AttachThreadInput
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
SetTimer
KillTimer
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetParent
GetAsyncKeyState
GetGUIThreadInfo
GetWindowThreadProcessId
SetProcessDPIAware
PostThreadMessageW
DispatchMessageW
TranslateMessage
PostQuitMessage
GetMessageW
GetDoubleClickTime
AllowSetForegroundWindow
GetMonitorInfoW
MonitorFromPoint
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
GetDlgItem
SendMessageW
GetClassNameW
GetSysColor
CharNextW
SetWindowPos
RedrawWindow

ole32

OleLockRunning
CoTaskMemFree
CoCreateInstance
CoGetClassObject
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CoInitializeEx
CoReleaseServerProcess
CoAddRefServerProcess
CoUninitialize
CoInitialize
IIDFromString
CreateBindCtx
CLSIDFromString
CLSIDFromProgID
CoGetMalloc

oleaut32

SysStringLen
SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
DispCallFunc
VariantChangeType
VarBstrCat
SysAllocStringLen
VariantInit
LoadTypeLi
LoadRegTypeLi
VariantClear

shlwapi

PathFindFileNameW
StrStrW
ord12

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wer

WerReportAddFile
WerReportCloseHandle
WerReportSubmit
WerReportSetParameter
WerReportCreate

urlmon

CreateUri

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 829B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xxxx
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f49f0205185750caf2c9a1ab85519307

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

ole32

oleaut32

shlwapi

version

wer

urlmon

Sections

.text Size: 249KB - Virtual size: 249KB

.data Size: 7KB - Virtual size: 16KB

.idata Size: 6KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 829B

.reloc Size: 14KB - Virtual size: 13KB

.xxxx Size: 512B - Virtual size: 4KB

.text
Size: 249KB - Virtual size: 249KB

.data
Size: 7KB - Virtual size: 16KB

.idata
Size: 6KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 829B

.reloc
Size: 14KB - Virtual size: 13KB

.xxxx
Size: 512B - Virtual size: 4KB