21e3cf1cca69f8e7f7fa8150f593e1442d0bb30c39cb2cbf3025d7b260a7ac62

Sharing

Copy URL Twitter E-mail

General

Target

21e3cf1cca69f8e7f7fa8150f593e1442d0bb30c39cb2cbf3025d7b260a7ac62
Size

1.4MB
MD5

cb0037ca79eacefd08dcdce1d5a49857
SHA1

50db50c6c66531022c2d91acf932903cecd1fb6f
SHA256

21e3cf1cca69f8e7f7fa8150f593e1442d0bb30c39cb2cbf3025d7b260a7ac62
SHA512

76aef1c41ee7578d831ec404538578de68056b19ffbcc51ac37f89b48f39e90833c254c22c3ede8060b463eb0a6d57fc2069ba28c424d7a63cd38c7e851347bd
SSDEEP

24576:h8I4/NBXVpmrGn4rHUkXg3PEZXItQVIKi6siLNb0KNhSmnJ3:G/bXHmanLPEZYtQVIKi6siLNb0KNhSmV

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21e3cf1cca69f8e7f7fa8150f593e1442d0bb30c39cb2cbf3025d7b260a7ac62

Files

21e3cf1cca69f8e7f7fa8150f593e1442d0bb30c39cb2cbf3025d7b260a7ac62
.exe windows:5 windows x86 arch:x86

63126984daaf53d4294cdfec8ddf246d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LCMapStringW
OutputDebugStringA
SetEndOfFile
GetStringTypeW
CreateFileW
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CreateFileA
WriteConsoleW
GetVersionExA
GetTempPathA
GetProcAddress
LoadLibraryA
FreeLibrary
CreateToolhelp32Snapshot
Process32First
Process32Next
GetProcessHeap
CloseHandle
FlushFileBuffers
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
RaiseException
GetLastError
HeapFree
HeapAlloc
RtlUnwind
GetModuleHandleW
ExitProcess
DecodePointer
EncodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetModuleFileNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
DeleteCriticalSection
LoadLibraryW
Sleep
HeapSize
MultiByteToWideChar
ReadFile
SetFilePointer
SetHandleCount
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount

user32

IsWindow
FillRect
DialogBoxParamA
SetTimer
EndDialog
DestroyWindow
GetWindowThreadProcessId
GetDlgItemInt
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextA
ShowWindow
MessageBoxA
EnumWindows

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetDIBits
DeleteDC
SetPixel
CreateSolidBrush
DeleteObject
CreateDCA

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63126984daaf53d4294cdfec8ddf246d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

Sections

.text Size: 133KB - Virtual size: 133KB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 243KB - Virtual size: 242KB

.text
Size: 133KB - Virtual size: 133KB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 243KB - Virtual size: 242KB