81d230b8c498da889f6e061eec5011920679f6b758ca7c0683e2b2a2a28d6778

Sharing

Copy URL Twitter E-mail

General

Target

81d230b8c498da889f6e061eec5011920679f6b758ca7c0683e2b2a2a28d6778
Size

2.5MB
MD5

bd1b6d61516a32fe77a7b3459c3b990a
SHA1

5f11d64be68abce492fb261835c5b1c71d0b7450
SHA256

81d230b8c498da889f6e061eec5011920679f6b758ca7c0683e2b2a2a28d6778
SHA512

6990f5cebe105852c6ee5dfa613a4a794b9e69c7e38fdb818a589458d954a9201f8008bd54099b17439be3c76eb593e5458c71127a155c574b973d41c3518abb
SSDEEP

49152:xyfVRTW4fm6o8PDqMtvmgvI6xBqFgw6sFnLUVB8S7QEHXnrJbb:8f7TW4fm6jzvRxEFgw6sFnLUV3kEHXt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81d230b8c498da889f6e061eec5011920679f6b758ca7c0683e2b2a2a28d6778

Files

81d230b8c498da889f6e061eec5011920679f6b758ca7c0683e2b2a2a28d6778
.exe windows:4 windows x86 arch:x86

1e2bab0daef0571fb5981398d31a4f9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

nslms324

ord4
ord6
ord10
ord18
ord23

advapi32

GetUserNameA
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetSecurityDescriptorDacl

kernel32

AllocConsole
Beep
CloseHandle
CompareFileTime
CompareStringA
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreatePipe
CreateProcessA
CreateThread
DebugBreak
DefineDosDeviceA
DeleteCriticalSection
DeleteFileA
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FindResourceExA
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FreeConsole
FreeEnvironmentStringsA
FreeLibrary
FreeLibraryAndExitThread
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetLargestConsoleWindowSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDriveStringsA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetNumberOfConsoleMouseButtons
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetProcessWorkingSetSize
GetProfileStringA
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedExchange
IsProcessorFeaturePresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalHandle
LockFile
LockFileEx
LockResource
MapViewOfFile
MoveFileA
MulDiv
MultiByteToWideChar
OpenEventA
OpenFile
OpenFileMappingA
OpenMutexA
OutputDebugStringA
QueryDosDeviceA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleInputA
ReadConsoleOutputA
ReadFile
ReleaseMutex
RemoveDirectoryA
ResetEvent
RtlUnwind
SearchPathA
SetComputerNameA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleScreenBufferSize
SetConsoleTitleA
SetConsoleWindowInfo
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetLocalTime
SetProcessWorkingSetSize
SetStdHandle
SetThreadLocale
SetTimeZoneInformation
SetUnhandledExceptionFilter
SetVolumeLabelA
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualLock
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteConsoleOutputA
WriteFile
_lclose
_lopen
lstrcmpA
lstrcpyA
lstrlenA
lstrlenW

wsock32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getpeername
getsockname
htons
ioctlsocket
inet_addr
inet_ntoa
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket
bind

winspool.drv

ClosePrinter
EndDocPrinter
EndPagePrinter
EnumPrintersA
GetPrinterA
OpenPrinterA
StartDocPrinterA
StartPagePrinter
WritePrinter

comctl32

ord17
InitCommonControlsEx

comdlg32

ChooseColorA
ChooseFontA

gdi32

Arc
BitBlt
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreatePen
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
ExtTextOutA
FloodFill
GetDeviceCaps
GetStockObject
GetTextExtentPoint32A
GetTextMetricsA
GetViewportOrgEx
LineTo
MoveToEx
Polygon
Rectangle
RoundRect
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetTextAlign
SetTextCharacterExtra
SetTextColor
StretchBlt
TextOutA

shell32

ShellExecuteA

user32

AppendMenuA
ArrangeIconicWindows
BeginPaint
CallNextHookEx
CharToOemA
CharToOemBuffA
CheckDlgButton
CheckRadioButton
ClientToScreen
CloseClipboard
CreateCaret
CreateDialogIndirectParamA
CreateDialogParamA
CreateMenu
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DeleteMenu
DestroyCaret
DestroyMenu
DestroyWindow
DispatchMessageA
DrawFocusRect
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EndPaint
EnumClipboardFormats
EnumThreadWindows
ExitWindowsEx
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetClassInfoA
GetClassInfoExA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgItem
GetDlgItemTextA
GetKeyState
GetMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetUpdateRect
GetWindowRect
GetWindowTextA
HideCaret
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageA
IsDlgButtonChecked
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadStringA
MessageBeep
MessageBoxA
OemToCharA
OemToCharBuffA
OpenClipboard
PeekMessageA
PostMessageA
RegisterClassA
RegisterHotKey
ReleaseDC
ScrollWindowEx
SendDlgItemMessageA
SendMessageA
SetCaretPos
SetClassLongA
SetClipboardData
SetCursor
SetCursorPos
SetDebugErrorLevel
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetLastErrorEx
SetMenu
SetRect
SetTimer
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCaret
ShowCursor
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UnregisterHotKey
UpdateWindow
ValidateRect
WinHelpA
wsprintfA
GetSystemMenu

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2

oleaut32

GetActiveObject
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPutElement
SysAllocString
SysFreeString
SysStringLen
VarR8FromCy
VarR8FromDec
VariantClear
VariantInit

olepro32

OleLoadPicture

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e2bab0daef0571fb5981398d31a4f9f

Headers

File Characteristics

Imports

nslms324

advapi32

kernel32

wsock32

winspool.drv

comctl32

comdlg32

gdi32

shell32

user32

ole32

oleaut32

olepro32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 1.3MB - Virtual size: 1.5MB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 12KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 7KB - Virtual size: 8KB

.reloc Size: 95KB - Virtual size: 96KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 1.3MB - Virtual size: 1.5MB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 7KB - Virtual size: 8KB

.reloc
Size: 95KB - Virtual size: 96KB