82d89e3fab978e9f67268fb11d055d9908d364d3b608dd351220383a1ee5f6f6

Sharing

Copy URL

Twitter E-mail

General

Target

82d89e3fab978e9f67268fb11d055d9908d364d3b608dd351220383a1ee5f6f6
Size

1.1MB
MD5

602faf2b2861a0daaa40542abf823102
SHA1

da12ddc68e3e679be0ca0874e01003ea8fa354ef
SHA256

82d89e3fab978e9f67268fb11d055d9908d364d3b608dd351220383a1ee5f6f6
SHA512

e027f8b63f9ded1ef561005fac56ff01d11e12a41f2dff7353d67ffffa3d3e401c2c78686ddbb6faa77085c473dc4dd5dca1d0595affbd91afe0545510c85450
SSDEEP

24576:WxWVeyRYEwzYDteYIpLU4O8b8ITDnlieqiG:W8YBU4O8b8ITDnlieqv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82d89e3fab978e9f67268fb11d055d9908d364d3b608dd351220383a1ee5f6f6

Files

82d89e3fab978e9f67268fb11d055d9908d364d3b608dd351220383a1ee5f6f6
.exe windows:5 windows x86 arch:x86

d3eafac78b2f94eb6a014af9c2a27809

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToCacheFileA

psapi

GetModuleBaseNameA
GetModuleFileNameExA
EnumProcessModules
EnumProcesses

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

DeleteFileA
GetTempFileNameA
CreateFileA
lstrcpyA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetVolumeInformationA
GetDriveTypeA
WaitForSingleObject
CreateMutexA
Thread32Next
SuspendThread
ResumeThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
CreateDirectoryA
GetTempPathA
CreateThread
FreeResource
UpdateResourceA
LockResource
LoadResource
SizeofResource
FindResourceExA
EnumResourceLanguagesA
EnumResourceNamesA
SetFileTime
GetFileTime
FreeLibrary
FindResourceA
LoadLibraryExA
GetCurrentProcess
SetEvent
OpenEventA
Process32Next
Process32First
FindClose
FindNextFileA
FindFirstFileA
EndUpdateResourceA
EnumResourceTypesA
BeginUpdateResourceA
GetTickCount
CopyFileA
ReleaseMutex
lstrlenA
lstrcatA
WriteFile
GetModuleFileNameA
CreateProcessA
CloseHandle
Sleep
GetLastError
HeapSize
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
FlushFileBuffers
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
ReadFile
HeapReAlloc
lstrcmpA
SetFilePointer
GetSystemTimeAsFileTime
GetLocalTime
GetCurrentThreadId
GetVersionExA
GetCurrentProcessId
GetFullPathNameA
GetCurrentThread
WideCharToMultiByte
GetModuleHandleA
HeapAlloc
HeapFree
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
GetStartupInfoA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
VirtualAlloc

user32

wvsprintfA
wsprintfA

advapi32

OpenProcessToken
FreeSid
OpenThreadToken
GetTokenInformation
EqualSid
AllocateAndInitializeSid
RegEnumKeyExA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

SHRegCloseUSKey
SHRegCreateUSKeyA

wininet

InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
HttpQueryInfoA
InternetOpenUrlA
InternetSetFilePointer
InternetConnectA

ws2_32

WSAStartup
gethostbyname

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 932KB - Virtual size: 931KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.rsrc/0/HTML/-1015781088.GIF
.gif
.rsrc/0/HTML/-109826395.GIF
.gif
.rsrc/0/HTML/-1226745883.GIF
.gif
.rsrc/0/HTML/-1334111800.GIF
.gif
.rsrc/0/HTML/-1346976970.GIF
.gif
.rsrc/0/HTML/-1357514755.GIF
.gif
.rsrc/0/HTML/-1421567750.GIF
.gif
.rsrc/0/HTML/-1639984690.GIF
.gif
.rsrc/0/HTML/-1664787225.GIF
.gif
.rsrc/0/HTML/-1676586516.GIF
.gif
.rsrc/0/HTML/-1714607780.GIF
.gif
.rsrc/0/HTML/-1782835989.GIF
.gif
.rsrc/0/HTML/-1787182217.GIF
.gif
.rsrc/0/HTML/-184571083.GIF
.gif
.rsrc/0/HTML/-1907694866.GIF
.gif
.rsrc/0/HTML/-1927329628.GIF
.gif
.rsrc/0/HTML/-196018722.GIF
.gif
.rsrc/0/HTML/-198977343.GIF
.gif
.rsrc/0/HTML/-2003928754.GIF
.gif
.rsrc/0/HTML/-2065835958.GIF
.gif
.rsrc/0/HTML/-2107997900.GIF
.gif
.rsrc/0/HTML/-334193266.GIF
.gif
.rsrc/0/HTML/-545318253.GIF
.gif
.rsrc/0/HTML/-56369284.GIF
.gif
.rsrc/0/HTML/-564567012.GIF
.gif
.rsrc/0/HTML/-68869726.GIF
.gif
.rsrc/0/HTML/-711665837.GIF
.gif
.rsrc/0/HTML/-725384962.GIF
.gif
.rsrc/0/HTML/-840298283.GIF
.gif
.rsrc/0/HTML/-951737863.GIF
.gif
.rsrc/0/HTML/102534145.GIF
.gif
.rsrc/0/HTML/1071633492.GIF
.gif
.rsrc/0/HTML/1113453139.GIF
.gif
.rsrc/0/HTML/1145252297.GIF
.gif
.rsrc/0/HTML/1227129763.GIF
.gif
.rsrc/0/HTML/127293683.GIF
.gif
.rsrc/0/HTML/1335978796.GIF
.gif
.rsrc/0/HTML/1396796310.GIF
.gif
.rsrc/0/HTML/142280526.GIF
.gif
.rsrc/0/HTML/1562627624.GIF
.gif
.rsrc/0/HTML/1683156389.GIF
.gif
.rsrc/0/HTML/1749536428.GIF
.gif
.rsrc/0/HTML/1766119365.GIF
.gif
.rsrc/0/HTML/1848256332.GIF
.gif
.rsrc/0/HTML/1941367608.GIF
.gif
.rsrc/0/HTML/1997131943.GIF
.gif
.rsrc/0/HTML/2019820514.GIF
.gif
.rsrc/0/HTML/2061980696.GIF
.gif
.rsrc/0/HTML/2062595809.GIF
.gif
.rsrc/0/HTML/267575346.GIF
.gif
.rsrc/0/HTML/349947219.GIF
.gif
.rsrc/0/HTML/74172920.GIF
.gif
.rsrc/0/HTML/773763327.GIF
.gif
.rsrc/0/HTML/812726036.GIF
.gif
.rsrc/0/HTML/957420285.GIF
.gif
.rsrc/1033/240/113
.rsrc/1033/AVI/1
.rsrc/1033/AVI/2
.rsrc/1033/CURSOR/9
.rsrc/1033/DIALOG/101
.rsrc/1033/DIALOG/103
.rsrc/1033/DIALOG/104
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/107
.rsrc/1033/DIALOG/108
.rsrc/1033/DIALOG/109
.rsrc/1033/DIALOG/111
.rsrc/1033/DIALOG/113
.rsrc/1033/DIALOG/118
.rsrc/1033/DIALOG/120
.rsrc/1033/DIALOG/125
.rsrc/1033/DIALOG/129
.rsrc/1033/DIALOG/130
.rsrc/1033/DIALOG/133
.rsrc/1033/DIALOG/138
.rsrc/1033/DIALOG/143
.rsrc/1033/DIALOG/144
.rsrc/1033/DIALOG/160
.rsrc/1033/GROUP_CURSOR/119
.rsrc/1033/GROUP_ICON/0
.rsrc/1033/GROUP_ICON/1
.rsrc/1033/GROUP_ICON/10
.rsrc/1033/GROUP_ICON/100
.rsrc/1033/GROUP_ICON/101
.rsrc/1033/GROUP_ICON/102
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/GROUP_ICON/104
.rsrc/1033/GROUP_ICON/105
.rsrc/1033/GROUP_ICON/106
.rsrc/1033/GROUP_ICON/107
.rsrc/1033/GROUP_ICON/11
.rsrc/1033/GROUP_ICON/110
.rsrc/1033/GROUP_ICON/118
.rsrc/1033/GROUP_ICON/12
.rsrc/1033/GROUP_ICON/13
.rsrc/1033/GROUP_ICON/14
.rsrc/1033/GROUP_ICON/15
.rsrc/1033/GROUP_ICON/16
.rsrc/1033/GROUP_ICON/164
.rsrc/1033/GROUP_ICON/166
.rsrc/1033/GROUP_ICON/17
.rsrc/1033/GROUP_ICON/18
.rsrc/1033/GROUP_ICON/19
.rsrc/1033/GROUP_ICON/2
.rsrc/1033/GROUP_ICON/20
.rsrc/1033/GROUP_ICON/21
.rsrc/1033/GROUP_ICON/22
.rsrc/1033/GROUP_ICON/23
.rsrc/1033/GROUP_ICON/24
.rsrc/1033/GROUP_ICON/3
.rsrc/1033/GROUP_ICON/300
.rsrc/1033/GROUP_ICON/301
.rsrc/1033/GROUP_ICON/302
.rsrc/1033/GROUP_ICON/303
.rsrc/1033/GROUP_ICON/304
.rsrc/1033/GROUP_ICON/305
.rsrc/1033/GROUP_ICON/4
.rsrc/1033/GROUP_ICON/5
.rsrc/1033/GROUP_ICON/6
.rsrc/1033/GROUP_ICON/7
.rsrc/1033/GROUP_ICON/8
.rsrc/1033/GROUP_ICON/830
.rsrc/1033/GROUP_ICON/831
.rsrc/1033/GROUP_ICON/832
.rsrc/1033/GROUP_ICON/833
.rsrc/1033/GROUP_ICON/834
.rsrc/1033/GROUP_ICON/842
.rsrc/1033/GROUP_ICON/9
.rsrc/1033/GROUP_ICON/APPICON
.rsrc/1033/HTML/124
.gif
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/10.ico
.rsrc/1033/ICON/11.ico
.rsrc/1033/ICON/12.ico
.rsrc/1033/ICON/13.ico
.rsrc/1033/ICON/14.ico
.rsrc/1033/ICON/15.ico
.rsrc/1033/ICON/16.ico
.rsrc/1033/ICON/17.ico
.rsrc/1033/ICON/18.ico
.rsrc/1033/ICON/19.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/20.ico
.rsrc/1033/ICON/21.ico
.rsrc/1033/ICON/22.ico
.rsrc/1033/ICON/23.ico
.rsrc/1033/ICON/24.ico
.rsrc/1033/ICON/25.ico
.rsrc/1033/ICON/26.ico
.rsrc/1033/ICON/27.ico
.rsrc/1033/ICON/28.ico
.rsrc/1033/ICON/29.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/ICON/30.ico
.rsrc/1033/ICON/31.ico
.rsrc/1033/ICON/32.ico
.rsrc/1033/ICON/33.ico
.rsrc/1033/ICON/34.ico
.rsrc/1033/ICON/35.ico
.rsrc/1033/ICON/36.ico
.rsrc/1033/ICON/37.ico
.rsrc/1033/ICON/38.ico
.rsrc/1033/ICON/39.ico
.rsrc/1033/ICON/4.ico
.rsrc/1033/ICON/40.ico
.rsrc/1033/ICON/41.ico
.rsrc/1033/ICON/42.ico
.rsrc/1033/ICON/43.ico
.rsrc/1033/ICON/44.ico
.rsrc/1033/ICON/45.ico
.rsrc/1033/ICON/46.ico
.rsrc/1033/ICON/47.ico
.rsrc/1033/ICON/48.ico
.rsrc/1033/ICON/49.ico
.rsrc/1033/ICON/5.ico
.rsrc/1033/ICON/50.ico
.rsrc/1033/ICON/51.ico
.rsrc/1033/ICON/52.ico
.rsrc/1033/ICON/53.ico
.rsrc/1033/ICON/54.ico
.rsrc/1033/ICON/55.ico
.rsrc/1033/ICON/56.ico
.rsrc/1033/ICON/57.ico
.rsrc/1033/ICON/58.ico
.rsrc/1033/ICON/59.ico
.rsrc/1033/ICON/6.ico
.rsrc/1033/ICON/60.ico
.rsrc/1033/ICON/61.ico
.rsrc/1033/ICON/62.ico
.rsrc/1033/ICON/63.ico
.rsrc/1033/ICON/64
.png
.rsrc/1033/ICON/65.ico
.rsrc/1033/ICON/66.ico
.rsrc/1033/ICON/67.ico
.rsrc/1033/ICON/68.ico
.rsrc/1033/ICON/69.ico
.rsrc/1033/ICON/7.ico
.rsrc/1033/ICON/70.ico
.rsrc/1033/ICON/71.ico
.rsrc/1033/ICON/72.ico
.rsrc/1033/ICON/73.ico
.rsrc/1033/ICON/74.ico
.rsrc/1033/ICON/75.ico
.rsrc/1033/ICON/76.ico
.rsrc/1033/ICON/8.ico
.rsrc/1033/ICON/9.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/1033/MANIFEST/2
.xml
.rsrc/1033/MESSAGETABLE/1
.rsrc/1033/OFS/1001
.rsrc/1033/OFS/1002
.rsrc/1033/OFS/1003
.rsrc/1033/OFS/1004
.rsrc/1033/OFS/1006
.rsrc/1033/OFS/1007
.rsrc/1033/OFS/1008
.rsrc/1033/OFS/1009
.rsrc/1033/OFS/1010
.rsrc/1033/PNG/121
.png
.rsrc/1033/PNG/122
.png
.rsrc/1033/PNG/320
.png
.rsrc/1033/PNG/841
.png
.rsrc/1033/RCDATA/API_ADOBE_PUBLIC_KEY
.rsrc/1033/RCDATA/T405_ADOBE_PUBLIC_KEY
.rsrc/1033/REGISTRY/102
.rsrc/1033/REGISTRY/103
.rsrc/1033/REGISTRY/104
.rsrc/1033/REGISTRY/105
.rsrc/1033/REGISTRY/107
.rsrc/1033/REGISTRY/110
.rsrc/1033/REGISTRY/60003
.rsrc/1033/REGISTRY/60004
.rsrc/1033/REGISTRY/IDR_INSPECTORCONTEXT
.rsrc/1033/TYPELIB/1
.rsrc/1033/string.txt
.rsrc/1033/version.txt
.rsrc/16393/BITMAP/116.bmp
.rsrc/16393/BITMAP/117.bmp
.rsrc/16393/BITMAP/118.bmp
.rsrc/16393/TYPELIB/1
.rsrc_1
.text

Sharing

General

Malware Config

Signatures

Files

d3eafac78b2f94eb6a014af9c2a27809

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

psapi

version

kernel32

user32

advapi32

shell32

shlwapi

wininet

ws2_32

Sections

.text Size: 145KB - Virtual size: 145KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 932KB - Virtual size: 931KB

.text
Size: 145KB - Virtual size: 145KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 932KB - Virtual size: 931KB