79f974fb9b5276f1e28ca482864beccb4379187fbfc0a0fe7b288e947f928d0c

Sharing

Copy URL Twitter E-mail

General

Target

79f974fb9b5276f1e28ca482864beccb4379187fbfc0a0fe7b288e947f928d0c
Size

1.4MB
MD5

bf80d4557e1b365935ed2abffa7efad3
SHA1

a878e86b3e8a0fdec5f2adeefef0ffc4022579f9
SHA256

79f974fb9b5276f1e28ca482864beccb4379187fbfc0a0fe7b288e947f928d0c
SHA512

6b6ba9abbc98aabd2759220a145f2e7d9bf66fe75f6e28e30ae80ac97f0143e4d053c0ed1e960baf03fadaa9779af2b82257565a6575fb9c6bf31d5f8b7c97b4
SSDEEP

24576:BtVREbstnmxTpgmLJ4mFDf6VbpYeT6Fb6PRy0UOg:3nKdtcVJuWy0U/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79f974fb9b5276f1e28ca482864beccb4379187fbfc0a0fe7b288e947f928d0c

Files

79f974fb9b5276f1e28ca482864beccb4379187fbfc0a0fe7b288e947f928d0c
.exe windows:4 windows x86 arch:x86

2aa02b07b954b04c6c9f1fb0692aa00a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
SetConsoleCtrlHandler
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
ReleaseSemaphore
HeapReAlloc
GetTimeZoneInformation
HeapFree
HeapAlloc
ExitThread
CreateThread
QueryPerformanceCounter
CreateSemaphoreW
SetEvent
WaitForMultipleObjects
CreateEventW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetModuleFileNameW
GetLocalTime
CreateFileW
LoadLibraryW
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
GetModuleHandleA
FormatMessageW
LocalFree
GetCurrentThread
SetUnhandledExceptionFilter
CreateMutexW
OpenMutexW
CopyFileW
GetLastError
SetCurrentDirectoryW
SetEnvironmentVariableW
DefineDosDeviceW
GetDiskFreeSpaceExW
QueryDosDeviceA
QueryDosDeviceW
RtlUnwind
PulseEvent
SleepEx
GetFileInformationByHandle
SetVolumeLabelW
GetDiskFreeSpaceW
GetDriveTypeW
VirtualQueryEx
InterlockedExchangeAdd
CreateProcessA
ReadProcessMemory
GetThreadPriority
GetPriorityClass
SetPriorityClass
OpenProcess
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
MoveFileExW
MoveFileExA
FindFirstFileA
FindNextFileA
RemoveDirectoryA
CopyFileA
CreateDirectoryA
MoveFileA
DeleteFileA
SetFileAttributesA
GetEnvironmentVariableW
GetTempPathW
GetTempPathA
ExpandEnvironmentStringsW
GetSystemDirectoryA
ExpandEnvironmentStringsA
AllocConsole
WriteConsoleW
FreeConsole
OpenSemaphoreW
OpenEventW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DisconnectNamedPipe
CreateIoCompletionPort
CancelIo
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
InterlockedExchange
InterlockedCompareExchange
GetExitCodeThread
TerminateThread
ResetEvent
GetThreadContext
SetThreadLocale
GetComputerNameW
OutputDebugStringA
LoadLibraryExW
LoadLibraryExA
EnumResourceLanguagesW
SizeofResource
UnmapViewOfFile
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
FindResourceExW
FormatMessageA
GetStartupInfoW
GlobalGetAtomNameW
CreatePipe
SetHandleInformation
CreateProcessW
ResumeThread
TerminateProcess
GetExitCodeProcess
DeleteFileW
OutputDebugStringW
CreateFileA
GetFileTime
GetFileSize
ReadFile
CloseHandle
GetFileAttributesA
GetSystemTime
FileTimeToSystemTime
DeleteCriticalSection
InitializeCriticalSection
Sleep
WaitForSingleObject
RaiseException
ExitProcess
GetSystemInfo
InterlockedIncrement
SetThreadAffinityMask
EnterCriticalSection
SetErrorMode
GetProcessVersion
GlobalFlags
GlobalSize
SetFileAttributesW
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
MulDiv
LoadLibraryA
LeaveCriticalSection
FindResourceW
LoadResource
LockResource
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
GetModuleHandleW
GetShortPathNameW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetFullPathNameW
GetVolumeInformationW
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
DuplicateHandle
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalFree
TlsAlloc
LocalAlloc
lstrcpynW
SuspendThread
SetThreadPriority
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
lstrcmpiA
FindNextFileW
lstrcpyW
FindFirstFileW
FindClose
ReleaseMutex
lstrcmpA
GlobalLock
GlobalUnlock
SetLastError
FileTimeToLocalFileTime
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
InterlockedDecrement
GetProfileStringW
GetTickCount
GetVersion
GetUserDefaultLangID
GetSystemDefaultLangID
GetLogicalDrives
GetCurrentDirectoryW

user32

GetProcessWindowStation
GetUserObjectInformationW
KillTimer
MessageBoxA
WaitMessage
GrayStringW
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetTimer
EnableWindow
GetWindowTextW
GetWindowTextLengthW
MsgWaitForMultipleObjects
PostQuitMessage
SetDlgItemTextW
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageW
SetWindowTextW
MoveWindow
ShowWindow
InsertMenuW
AppendMenuW
GetMenuStringW
RemoveMenu
GetClassNameW
PtInRect
GetDesktopWindow
wvsprintfW
LoadCursorW
SetCapture
ReleaseCapture
GetWindowThreadProcessId
WindowFromPoint
DeleteMenu
GetSysColorBrush
PeekMessageW
PostMessageW
CheckDlgButton
GetMessageW
DispatchMessageW
TranslateMessage
DestroyMenu
SetRectEmpty
SendMessageW
ShowOwnedPopups
SetCursor
MessageBoxW
GetWindowLongW
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExW
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
UnregisterClassW
CharToOemBuffA
OemToCharBuffA
LoadBitmapW
GetMenuCheckMarkDimensions
UnhookWindowsHookEx
LoadStringW
CharUpperW
GetSystemMetrics
GetWindowRect
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
SetMenu
BringWindowToTop
ReuseDDElParam
UnpackDDElParam
InvalidateRect
wsprintfW
GetWindowPlacement
IsIconic
SystemParametersInfoW
IntersectRect
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
LoadIconW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetDlgItem
GetDlgCtrlID
DestroyWindow
CreateWindowExW
SetPropW
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
OffsetRect

gdi32

CreatePen
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
DeleteObject
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ExtCreatePen
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocW
DeleteDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CopyMetaFileW
CreateDCW
OffsetWindowOrgEx
CreateHatchBrush
CreateSolidBrush
GetBitmapBits
BitBlt
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegisterEventSourceA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CopySid
GetLengthSid
LookupAccountSidW
GetTokenInformation
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetFileSecurityW
GetFileSecurityW
RegQueryValueExW
RegOpenKeyW
RegSetValueW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
OpenSCManagerW
CloseServiceHandle
GetUserNameW
SetServiceStatus
UnlockServiceDatabase
RegCreateKeyW
CreateServiceW
LockServiceDatabase
DeleteService
OpenServiceW
QueryServiceStatus
StartServiceW
ControlService
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
LookupAccountNameW
GetAce
AddAccessAllowedAce
InitializeAcl
RegCreateKeyA
RegCreateKeyExA
RegConnectRegistryW
RegSetValueExA
RegEnumKeyW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyA
RegSetKeySecurity
ReportEventA

shell32

DragQueryFileW
SHGetFileInfoW
DragAcceptFiles
DragFinish

comctl32

ord17

ole32

OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateBindCtx
CoTaskMemAlloc
ReadFmtUserTypeStg
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTreatAsClass
ReleaseStgMedium
CoDisconnectObject
ReadClassStg
OleDuplicateData
StringFromCLSID

oleaut32

SysFreeString
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SafeArrayGetUBound
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SysAllocString
VariantCopy
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SysReAllocStringLen
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantInit

wsock32

inet_ntoa
WSAAsyncSelect
send
recv
closesocket
htonl
htons
bind
socket
accept
getsockname
getpeername
ntohs
inet_addr
WSASetLastError
gethostname
recvfrom
WSACleanup
listen
WSAStartup
shutdown
WSAGetLastError
sendto
connect
ioctlsocket
gethostbyname

ws2_32

setsockopt
WSAIoctl
ntohl
getsockopt

mpr

WNetCancelConnection2W
WNetAddConnection2W

rpcrt4

UuidToStringW
RpcStringFreeA
UuidToStringA
UuidCreate
RpcStringFreeW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2aa02b07b954b04c6c9f1fb0692aa00a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

wsock32

ws2_32

mpr

rpcrt4

version

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 168KB - Virtual size: 167KB

.data Size: 92KB - Virtual size: 136KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 168KB - Virtual size: 167KB

.data
Size: 92KB - Virtual size: 136KB

.rsrc
Size: 12KB - Virtual size: 10KB