c1c2a67b4c79c36f4deb5b942e5adba899e5420ac9700215bb98b9ebe6a712f1

Sharing

Copy URL Twitter E-mail

General

Target

c1c2a67b4c79c36f4deb5b942e5adba899e5420ac9700215bb98b9ebe6a712f1
Size

1.8MB
MD5

6b83a2f7860ff08a8ec90f44c1e546da
SHA1

b3b941e6d381815cdc309182603f9176428b4a92
SHA256

c1c2a67b4c79c36f4deb5b942e5adba899e5420ac9700215bb98b9ebe6a712f1
SHA512

9d9c0512c6b88dd499a98429f8c0abd1d2c936e58a0e9c3a84a11bff18624351cac142c9c4644509eb8f0282a5e24c8152bc7469faeee069fd88c0e7a17ad543
SSDEEP

49152:1OahBUWCZRuiU2LKyquBNioV6NBlU+defV:xU33RZ4iV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1c2a67b4c79c36f4deb5b942e5adba899e5420ac9700215bb98b9ebe6a712f1

Files

c1c2a67b4c79c36f4deb5b942e5adba899e5420ac9700215bb98b9ebe6a712f1
.exe windows:4 windows x86 arch:x86

99e7b7f6b7088e787723f67ec0d03125

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
ReadProcessMemory
VirtualFree
VirtualQueryEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
CopyFileW
SetFilePointerEx
SetEndOfFile
GetSystemTime
CreateFileW
MultiByteToWideChar
GetLastError
OutputDebugStringW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
ReadFile
UnmapViewOfFile
CloseHandle
HeapAlloc
WideCharToMultiByte
DecodePointer
HeapSize
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
Sleep
SetStdHandle
GetConsoleCP
FlushFileBuffers
LCMapStringW
CompareStringW
GetStringTypeW
GetACP
SetConsoleCtrlHandler
GetModuleHandleExW
GetCommandLineA
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
ResetEvent
FormatMessageW
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlUnwind
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetConsoleMode
TerminateProcess
GetLongPathNameW
GetVersionExA
ExpandEnvironmentStringsA
GetComputerNameA
GetCurrentThreadId
ExitProcess
InterlockedIncrement
IsDebuggerPresent
HeapReAlloc
GetSystemInfo
MoveFileExW
DeleteFileW
SetFileAttributesW
CreateProcessW
SizeofResource
LockResource
LoadResource
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
GetFullPathNameW
GetCurrentThread
GetVersionExW
GetProcessHeap
GetCurrentProcessId
GetCurrentProcess
DuplicateHandle
OpenProcess
OpenFileMappingW
LeaveCriticalSection
EnterCriticalSection
GetComputerNameW
GetDriveTypeW
GetLogicalDrives
GetProcAddress
LoadLibraryW
GetTickCount
MapViewOfFile
CreateFileMappingW
SystemTimeToFileTime
GetFileSize
GetLocalTime
GetFileInformationByHandle
CompareFileTime
GetFileSizeEx
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
GetFileAttributesW
SetLastError
HeapFree
WriteFile
DeleteCriticalSection
ReadConsoleW
ReadConsoleA
GetConsoleMode
GetEnvironmentVariableW
ConvertFiberToThread
GlobalMemoryStatus
QueryPerformanceCounter
DeleteFiber
GetFileType
GetStdHandle
FindResourceW
GetDateFormatW
GetModuleHandleW
CreateEventW
InterlockedCompareExchange64
WaitForMultipleObjects
CreateThread
TlsAlloc
SetEvent
InitializeCriticalSection
TlsGetValue
GetExitCodeProcess
GetModuleFileNameW

user32

GetWindowTextW
GetWindowThreadProcessId
EnumWindows
CharUpperBuffW
CharUpperA
GetDesktopWindow
SendMessageW
GetDlgItem
GetClassNameW
CharLowerBuffW
MessageBoxW
GetProcessWindowStation
EndDialog
DialogBoxParamW
GetWindowRect
GetClientRect
LoadImageW
GetDC
SystemParametersInfoW
ReleaseDC
GetParent
SetWindowLongW
LoadIconW
SetClassLongW
GetUserObjectInformationW
SetWindowPos
GetWindowLongW
SetWindowTextW
KillTimer
PostMessageW
SetDlgItemTextW
CheckDlgButton
GetDlgItemTextW
IsWindowVisible
LoadStringW
DeferWindowPos
SetCursor
GetDlgCtrlID
DestroyIcon
MoveWindow
IsCharAlphaW
CreateCursor
LoadCursorW
FillRect
GetWindow
EndDeferWindowPos
FindWindowW
BeginDeferWindowPos
IsWindow
GetAsyncKeyState
GetSystemMetrics
ClientToScreen
EnableWindow
SetTimer
ShowWindow
SetFocus
GetWindowTextLengthW
IsDlgButtonChecked
InvalidateRect
CallWindowProcW

gdi32

TextOutW
GetTextExtentPoint32W
DeleteObject
GetStockObject
SetBkMode
SetTextColor
SelectObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenProcessToken
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CloseEventLog
ReadEventLogW
OpenEventLogW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
GetCurrentHwProfileW
RegQueryValueExA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegDeleteValueW
GetTokenInformation
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
CryptEnumProvidersW
OpenThreadToken
RegQueryValueExW
RegQueryInfoKeyW
GetUserNameW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
DragAcceptFiles
SHGetFileInfoW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathA
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteW
DragQueryFileW

ole32

CLSIDFromProgID
CoInitialize
CoCreateInstance
CoGetClassObject

oleaut32

SysAllocString
SysFreeString

ntdll

NtSetInformationFile
NtEnumerateValueKey

comctl32

ord17
PropertySheetW
CreatePropertySheetPageW

shlwapi

PathFileExistsW
PathFindFileNameW
StrStrIW

crypt32

CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore

ws2_32

recv
WSAGetLastError
WSASetLastError
send
WSACleanup
closesocket

mpr

WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW

wininet

InternetCheckConnectionW
InternetReadFile
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetGetConnectedState

Sections

.text
Size: 947KB - Virtual size: 947KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gcode
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99e7b7f6b7088e787723f67ec0d03125

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ntdll

comctl32

shlwapi

crypt32

ws2_32

mpr

version

psapi

wininet

Sections

.text Size: 947KB - Virtual size: 947KB

.gcode Size: 5KB - Virtual size: 4KB

.rdata Size: 435KB - Virtual size: 435KB

.data Size: 160KB - Virtual size: 172KB

.gdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 287KB - Virtual size: 286KB

.text
Size: 947KB - Virtual size: 947KB

.gcode
Size: 5KB - Virtual size: 4KB

.rdata
Size: 435KB - Virtual size: 435KB

.data
Size: 160KB - Virtual size: 172KB

.gdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 287KB - Virtual size: 286KB