9ec909dc3dc04f77480b4424405c3fda14baf6d2a8593a18f6f9ce481ce52921

Sharing

Copy URL Twitter E-mail

General

Target

9ec909dc3dc04f77480b4424405c3fda14baf6d2a8593a18f6f9ce481ce52921
Size

1.8MB
MD5

e5e94b268f6bc46d40087e1e0393b912
SHA1

521c9acad3d30d056cec9bd94e077bd6a5d03776
SHA256

9ec909dc3dc04f77480b4424405c3fda14baf6d2a8593a18f6f9ce481ce52921
SHA512

5bd6b9f21dc1767f67f51bc73553c66505857e8e2766150c4143fea34d24900c0d694e164a730165cab7625a267a4dfe9acc601ddae76ef80947b1fdb6e43556
SSDEEP

49152:56qQYt+O98Kiatw17dsvcIfiP0+3lx+defV:FQ6W9Ew1JshfmTV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ec909dc3dc04f77480b4424405c3fda14baf6d2a8593a18f6f9ce481ce52921

Files

9ec909dc3dc04f77480b4424405c3fda14baf6d2a8593a18f6f9ce481ce52921
.exe windows:4 windows x86 arch:x86

99e7b7f6b7088e787723f67ec0d03125

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
ReadProcessMemory
VirtualFree
VirtualQueryEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
CopyFileW
SetFilePointerEx
SetEndOfFile
GetSystemTime
CreateFileW
MultiByteToWideChar
GetLastError
OutputDebugStringW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
ReadFile
UnmapViewOfFile
CloseHandle
HeapAlloc
WideCharToMultiByte
DecodePointer
HeapSize
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
Sleep
SetStdHandle
GetConsoleCP
FlushFileBuffers
LCMapStringW
CompareStringW
GetStringTypeW
GetACP
SetConsoleCtrlHandler
GetModuleHandleExW
GetCommandLineA
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
ResetEvent
FormatMessageW
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlUnwind
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetConsoleMode
TerminateProcess
GetLongPathNameW
GetVersionExA
ExpandEnvironmentStringsA
GetComputerNameA
GetCurrentThreadId
ExitProcess
InterlockedIncrement
IsDebuggerPresent
HeapReAlloc
GetSystemInfo
MoveFileExW
DeleteFileW
SetFileAttributesW
CreateProcessW
SizeofResource
LockResource
LoadResource
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
GetFullPathNameW
GetCurrentThread
GetVersionExW
GetProcessHeap
GetCurrentProcessId
GetCurrentProcess
DuplicateHandle
OpenProcess
OpenFileMappingW
LeaveCriticalSection
EnterCriticalSection
GetComputerNameW
GetDriveTypeW
GetLogicalDrives
GetProcAddress
LoadLibraryW
GetTickCount
MapViewOfFile
CreateFileMappingW
SystemTimeToFileTime
GetFileSize
GetLocalTime
GetFileInformationByHandle
CompareFileTime
GetFileSizeEx
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
GetFileAttributesW
SetLastError
HeapFree
WriteFile
DeleteCriticalSection
ReadConsoleW
ReadConsoleA
GetConsoleMode
GetEnvironmentVariableW
ConvertFiberToThread
GlobalMemoryStatus
QueryPerformanceCounter
DeleteFiber
GetFileType
GetStdHandle
FindResourceW
GetDateFormatW
GetModuleHandleW
CreateEventW
InterlockedCompareExchange64
WaitForMultipleObjects
CreateThread
TlsAlloc
SetEvent
InitializeCriticalSection
TlsGetValue
GetExitCodeProcess
GetModuleFileNameW

user32

GetWindowTextW
GetWindowThreadProcessId
EnumWindows
CharUpperBuffW
CharUpperA
GetDesktopWindow
SendMessageW
GetDlgItem
GetClassNameW
CharLowerBuffW
MessageBoxW
GetProcessWindowStation
EndDialog
DialogBoxParamW
GetWindowRect
GetClientRect
LoadImageW
GetDC
SystemParametersInfoW
ReleaseDC
GetParent
SetWindowLongW
LoadIconW
SetClassLongW
GetUserObjectInformationW
SetWindowPos
GetWindowLongW
SetWindowTextW
KillTimer
PostMessageW
SetDlgItemTextW
CheckDlgButton
GetDlgItemTextW
IsWindowVisible
LoadStringW
DeferWindowPos
SetCursor
GetDlgCtrlID
DestroyIcon
MoveWindow
IsCharAlphaW
CreateCursor
LoadCursorW
FillRect
GetWindow
EndDeferWindowPos
FindWindowW
BeginDeferWindowPos
IsWindow
GetAsyncKeyState
GetSystemMetrics
ClientToScreen
EnableWindow
SetTimer
ShowWindow
SetFocus
GetWindowTextLengthW
IsDlgButtonChecked
InvalidateRect
CallWindowProcW

gdi32

TextOutW
GetTextExtentPoint32W
DeleteObject
GetStockObject
SetBkMode
SetTextColor
SelectObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenProcessToken
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CloseEventLog
ReadEventLogW
OpenEventLogW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
GetCurrentHwProfileW
RegQueryValueExA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegDeleteValueW
GetTokenInformation
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
CryptEnumProvidersW
OpenThreadToken
RegQueryValueExW
RegQueryInfoKeyW
GetUserNameW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
DragAcceptFiles
SHGetFileInfoW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathA
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteW
DragQueryFileW

ole32

CLSIDFromProgID
CoInitialize
CoCreateInstance
CoGetClassObject

oleaut32

SysAllocString
SysFreeString

ntdll

NtSetInformationFile
NtEnumerateValueKey

comctl32

ord17
PropertySheetW
CreatePropertySheetPageW

shlwapi

PathFileExistsW
PathFindFileNameW
StrStrIW

crypt32

CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore

ws2_32

recv
WSAGetLastError
WSASetLastError
send
WSACleanup
closesocket

mpr

WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW

wininet

InternetCheckConnectionW
InternetReadFile
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetGetConnectedState

Sections

.text
Size: 947KB - Virtual size: 947KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gcode
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99e7b7f6b7088e787723f67ec0d03125

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ntdll

comctl32

shlwapi

crypt32

ws2_32

mpr

version

psapi

wininet

Sections

.text Size: 947KB - Virtual size: 947KB

.gcode Size: 5KB - Virtual size: 4KB

.rdata Size: 435KB - Virtual size: 435KB

.data Size: 160KB - Virtual size: 172KB

.gdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 287KB - Virtual size: 286KB

.text
Size: 947KB - Virtual size: 947KB

.gcode
Size: 5KB - Virtual size: 4KB

.rdata
Size: 435KB - Virtual size: 435KB

.data
Size: 160KB - Virtual size: 172KB

.gdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 287KB - Virtual size: 286KB