8a865d51488809042ddc14e5fd2b9cab6818c2567c5b1b6c540bc9bf082f3646

Sharing

Copy URL Twitter E-mail

General

Target

8a865d51488809042ddc14e5fd2b9cab6818c2567c5b1b6c540bc9bf082f3646
Size

736KB
MD5

9dd9a1ea0c813cee0deaa0afdff87ec7
SHA1

b6dc7dd8986a166230bfff5477d15e081fed8bac
SHA256

8a865d51488809042ddc14e5fd2b9cab6818c2567c5b1b6c540bc9bf082f3646
SHA512

868c333b7200c2f37b0be135b0a658300ef085a224e8137101fab30b671de3e593bf0efab57887df3ab0faa06c94ece8539f8e88e209b14b1f12206cf6de1218
SSDEEP

12288:x4UJCAa2FoKwHmUvPge6lm8HOqE1MU1i41XXJfTdOQTXbAA42GcbAgPXpy7ZNu83:VNa42GhgPXw7ZN/sF70/uzXW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a865d51488809042ddc14e5fd2b9cab6818c2567c5b1b6c540bc9bf082f3646

Files

8a865d51488809042ddc14e5fd2b9cab6818c2567c5b1b6c540bc9bf082f3646
.dll windows:4 windows x86 arch:x86

ef082c50d92e494490910688c5c4343b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileA
CopyFileA
SetFileAttributesW
lstrcmpW
RemoveDirectoryW
DeleteFileW
GetFileAttributesA
SetFileAttributesA
OpenMutexA
OpenFileMappingA
SetEndOfFile
HeapSize
GetSystemTime
GetExitCodeThread
SuspendThread
SetThreadPriority
ResumeThread
TerminateThread
WaitForMultipleObjects
ResetEvent
PulseEvent
SetEvent
CreateEventA
ReleaseMutex
lstrcmpA
RemoveDirectoryA
DeleteFileA
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
GetLastError
LoadLibraryA
LocalFree
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
InterlockedExchange
InterlockedDecrement
lstrlenA
InterlockedIncrement
FormatMessageA
LoadResource
FindResourceExA
GetACP
lstrlenW
FormatMessageW
GetVersionExA
GetModuleHandleW
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
HeapAlloc
HeapFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OpenProcess
FatalAppExitA
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
GetCPInfo
GetOEMCP
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
UnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetFilePointer
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetTempPathA
GetTempPathW
GetEnvironmentVariableW
GetFileAttributesW
MoveFileW
CreateDirectoryW
CopyFileW
MoveFileExW
GetFileSize
FreeLibrary
FreeResource
LoadLibraryExA
VirtualQuery
LockResource
SizeofResource
EnumResourceNamesA
EnumResourceTypesA
EnumResourceLanguagesA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
VirtualProtect
GetLocalTime
OutputDebugStringW
FreeConsole
WriteConsoleA
AllocConsole
QueryPerformanceCounter
LoadLibraryW
GetDriveTypeA
GetDriveTypeW
GetLogicalDrives
QueryDosDeviceA
QueryDosDeviceW
GetVolumeInformationA
SetVolumeLabelA
GetDiskFreeSpaceExA
DefineDosDeviceA
LocalAlloc
SleepEx
GetCurrentProcess
GetPrivateProfileStringA
GetProfileStringA
CreateFileW
GetBinaryTypeA
CreateDirectoryA
GetFileAttributesExW
ReadFile
MoveFileExA
GetTickCount
FreeEnvironmentStringsW
Sleep
CreateThread
CreateFileA
GetFileInformationByHandle
CloseHandle
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetWindowsDirectoryW
GetWindowsDirectoryA
GetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentDirectoryA
GetModuleFileNameA
ExitProcess
GetSystemDirectoryA

user32

GetUserObjectInformationW
GetSystemMetrics
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
GetWindowTextW
GetWindowTextA
GetDesktopWindow
EnumChildWindows
EnumWindows
IsWindowVisible
GetParent
GetWindowLongA
GetWindowThreadProcessId
EnumDesktopWindows
SendMessageTimeoutA
MessageBoxW
MessageBoxA
OpenWindowStationA
SetProcessWindowStation
MsgWaitForMultipleObjects
CloseWindowStation
GetProcessWindowStation
GetUserObjectInformationA
OpenInputDesktop

advapi32

OpenServiceA
QueryServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyW
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegSetValueExW
RegQueryValueExW
RegCreateKeyExA
RegOpenKeyExA
RegConnectRegistryA
OpenSCManagerA
CloseServiceHandle
RegSetValueExA
RegOpenKeyA
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegCloseKey
LookupAccountNameW
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
LookupAccountSidW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateDCA

ole32

CoInitializeEx
CoInitialize

Exports

Exports

GetSoftwareIdentify
GetSoftwareIdentify2

Sections

.text
Size: 552KB - Virtual size: 551KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef082c50d92e494490910688c5c4343b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

gdi32

ole32

Exports

Exports

Sections

.text Size: 552KB - Virtual size: 551KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 68KB - Virtual size: 93KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 40KB - Virtual size: 37KB

.text
Size: 552KB - Virtual size: 551KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 68KB - Virtual size: 93KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 37KB