602eddad49d904e6f4b0ef67d9408dd52e30d6d042d9f39572c6ca5187bb2c9b

Sharing

Copy URL Twitter E-mail

General

Target

602eddad49d904e6f4b0ef67d9408dd52e30d6d042d9f39572c6ca5187bb2c9b
Size

578KB
MD5

4360935360f52cc7198e9394eeedd2bd
SHA1

366436132a918dd1ad3a98e3144381d1eea35566
SHA256

602eddad49d904e6f4b0ef67d9408dd52e30d6d042d9f39572c6ca5187bb2c9b
SHA512

aba1ce77947374a34b432362caf6c0e5027df252f60e8a63b709d008d2b9c6554f5a090e33ffd564f369584ce67cdeaf3de2a4cc35c188f6781ded64007cdf4b
SSDEEP

12288:PwKfOVRo9yRYvnQ7T4O8b8ITDnleU4Di+nwe3:PxWVeyRYvnQ7T4O8b8ITDnlK3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
602eddad49d904e6f4b0ef67d9408dd52e30d6d042d9f39572c6ca5187bb2c9b

Files

602eddad49d904e6f4b0ef67d9408dd52e30d6d042d9f39572c6ca5187bb2c9b
.exe windows:5 windows x86 arch:x86

d3eafac78b2f94eb6a014af9c2a27809

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToCacheFileA

psapi

GetModuleBaseNameA
GetModuleFileNameExA
EnumProcessModules
EnumProcesses

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

DeleteFileA
GetTempFileNameA
CreateFileA
lstrcpyA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetVolumeInformationA
GetDriveTypeA
WaitForSingleObject
CreateMutexA
Thread32Next
SuspendThread
ResumeThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
CreateDirectoryA
GetTempPathA
CreateThread
FreeResource
UpdateResourceA
LockResource
LoadResource
SizeofResource
FindResourceExA
EnumResourceLanguagesA
EnumResourceNamesA
SetFileTime
GetFileTime
FreeLibrary
FindResourceA
LoadLibraryExA
GetCurrentProcess
SetEvent
OpenEventA
Process32Next
Process32First
FindClose
FindNextFileA
FindFirstFileA
EndUpdateResourceA
EnumResourceTypesA
BeginUpdateResourceA
GetTickCount
CopyFileA
ReleaseMutex
lstrlenA
lstrcatA
WriteFile
GetModuleFileNameA
CreateProcessA
CloseHandle
Sleep
GetLastError
HeapSize
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
FlushFileBuffers
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
ReadFile
HeapReAlloc
lstrcmpA
SetFilePointer
GetSystemTimeAsFileTime
GetLocalTime
GetCurrentThreadId
GetVersionExA
GetCurrentProcessId
GetFullPathNameA
GetCurrentThread
WideCharToMultiByte
GetModuleHandleA
HeapAlloc
HeapFree
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
GetStartupInfoA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
VirtualAlloc

user32

wvsprintfA
wsprintfA

advapi32

OpenProcessToken
FreeSid
OpenThreadToken
GetTokenInformation
EqualSid
AllocateAndInitializeSid
RegEnumKeyExA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

SHRegCloseUSKey
SHRegCreateUSKeyA

wininet

InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
HttpQueryInfoA
InternetOpenUrlA
InternetSetFilePointer
InternetConnectA

ws2_32

WSAStartup
gethostbyname

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.rsrc/0/CURSOR/1
.rsrc/0/CURSOR/10
.rsrc/0/CURSOR/11
.rsrc/0/CURSOR/12
.rsrc/0/CURSOR/13
.rsrc/0/CURSOR/14
.rsrc/0/CURSOR/15
.rsrc/0/CURSOR/16
.rsrc/0/CURSOR/17
.rsrc/0/CURSOR/18
.rsrc/0/CURSOR/19
.rsrc/0/CURSOR/2
.rsrc/0/CURSOR/20
.rsrc/0/CURSOR/21
.rsrc/0/CURSOR/22
.rsrc/0/CURSOR/3
.rsrc/0/CURSOR/4
.rsrc/0/CURSOR/5
.rsrc/0/CURSOR/6
.rsrc/0/CURSOR/7
.rsrc/0/CURSOR/8
.rsrc/0/CURSOR/9
.rsrc/0/GROUP_CURSOR/27250
.rsrc/0/GROUP_CURSOR/27251
.rsrc/0/GROUP_CURSOR/27252
.rsrc/0/GROUP_CURSOR/27253
.rsrc/0/GROUP_CURSOR/27254
.rsrc/0/GROUP_CURSOR/27255
.rsrc/0/GROUP_CURSOR/27256
.rsrc/0/GROUP_CURSOR/27257
.rsrc/0/GROUP_CURSOR/27258
.rsrc/0/GROUP_CURSOR/27259
.rsrc/0/GROUP_CURSOR/27260
.rsrc/0/GROUP_CURSOR/27261
.rsrc/0/GROUP_CURSOR/27262
.rsrc/0/GROUP_CURSOR/27263
.rsrc/0/GROUP_CURSOR/27264
.rsrc/0/GROUP_CURSOR/27265
.rsrc/0/GROUP_CURSOR/27266
.rsrc/0/GROUP_CURSOR/27267
.rsrc/0/GROUP_CURSOR/27268
.rsrc/0/GROUP_CURSOR/27269
.rsrc/0/GROUP_ICON/IDI_JAVAWS_ICON
.rsrc/0/HTML/-1015781088.GIF
.gif
.rsrc/0/HTML/-1089499460.GIF
.gif
.rsrc/0/HTML/-1214713290.GIF
.gif
.rsrc/0/HTML/-1222847491.GIF
.gif
.rsrc/0/HTML/-1255898798.GIF
.gif
.rsrc/0/HTML/-1287091570.GIF
.gif
.rsrc/0/HTML/-1378040570.GIF
.gif
.rsrc/0/HTML/-1496259163.GIF
.gif
.rsrc/0/HTML/-1512608536.GIF
.gif
.rsrc/0/HTML/-1565577977.GIF
.gif
.rsrc/0/HTML/-1714607780.GIF
.gif
.rsrc/0/HTML/-1715088641.GIF
.gif
.rsrc/0/HTML/-1801039342.GIF
.gif
.rsrc/0/HTML/-227799309.GIF
.gif
.rsrc/0/HTML/-408112774.GIF
.gif
.rsrc/0/HTML/-584622863.GIF
.gif
.rsrc/0/HTML/-615806725.GIF
.gif
.rsrc/0/HTML/-653747727.GIF
.gif
.rsrc/0/HTML/-691646494.GIF
.gif
.rsrc/0/HTML/-694814971.GIF
.gif
.rsrc/0/HTML/-887930258.GIF
.gif
.rsrc/0/HTML/1106220912.GIF
.gif
.rsrc/0/HTML/1143506201.GIF
.gif
.rsrc/0/HTML/1146726285.GIF
.gif
.rsrc/0/HTML/1253887290.GIF
.gif
.rsrc/0/HTML/1259699599.GIF
.gif
.rsrc/0/HTML/1385426296.GIF
.gif
.rsrc/0/HTML/1792391712.GIF
.gif
.rsrc/0/HTML/1848256332.GIF
.gif
.rsrc/0/HTML/1884775509.GIF
.gif
.rsrc/0/HTML/537614440.GIF
.gif
.rsrc/0/HTML/567135770.GIF
.gif
.rsrc/0/HTML/737384919.GIF
.gif
.rsrc/0/HTML/816033632.GIF
.gif
.rsrc/0/HTML/861437087.GIF
.gif
.rsrc/0/HTML/869177537.GIF
.gif
.rsrc/0/IBC/PROFILE_DATA
.rsrc/0/ICON/1.ico
.rsrc/0/ICON/10.ico
.rsrc/0/ICON/11.ico
.rsrc/0/ICON/12.ico
.rsrc/0/ICON/2.ico
.rsrc/0/ICON/3.ico
.rsrc/0/ICON/4.ico
.rsrc/0/ICON/5.ico
.rsrc/0/ICON/6.ico
.rsrc/0/ICON/7.ico
.rsrc/0/ICON/8.ico
.rsrc/0/ICON/9.ico
.rsrc/0/version.txt
.rsrc/1033/240/113
.rsrc/1033/ACCELERATOR/101
.rsrc/1033/DIALOG/101
.rsrc/1033/DIALOG/103
.rsrc/1033/DIALOG/104
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/107
.rsrc/1033/DIALOG/108
.rsrc/1033/DIALOG/109
.rsrc/1033/DIALOG/111
.rsrc/1033/DIALOG/113
.rsrc/1033/DIALOG/120
.rsrc/1033/DIALOG/125
.rsrc/1033/DIALOG/130
.rsrc/1033/DIALOG/131
.rsrc/1033/DIALOG/132
.rsrc/1033/GROUP_ICON/0
.rsrc/1033/GROUP_ICON/1
.rsrc/1033/GROUP_ICON/101
.rsrc/1033/GROUP_ICON/102
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/GROUP_ICON/104
.rsrc/1033/GROUP_ICON/105
.rsrc/1033/GROUP_ICON/106
.rsrc/1033/GROUP_ICON/107
.rsrc/1033/GROUP_ICON/108
.rsrc/1033/GROUP_ICON/109
.rsrc/1033/GROUP_ICON/110
.rsrc/1033/GROUP_ICON/111
.rsrc/1033/GROUP_ICON/112
.rsrc/1033/GROUP_ICON/113
.rsrc/1033/GROUP_ICON/114
.rsrc/1033/GROUP_ICON/115
.rsrc/1033/GROUP_ICON/116
.rsrc/1033/GROUP_ICON/117
.rsrc/1033/GROUP_ICON/118
.rsrc/1033/GROUP_ICON/119
.rsrc/1033/GROUP_ICON/120
.rsrc/1033/GROUP_ICON/121
.rsrc/1033/GROUP_ICON/122
.rsrc/1033/GROUP_ICON/123
.rsrc/1033/GROUP_ICON/124
.rsrc/1033/GROUP_ICON/125
.rsrc/1033/GROUP_ICON/2
.rsrc/1033/GROUP_ICON/APPICON
.rsrc/1033/GROUP_ICON/ESICON
.rsrc/1033/HTML/124
.gif
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/10.ico
.rsrc/1033/ICON/11.ico
.rsrc/1033/ICON/12.ico
.rsrc/1033/ICON/13.ico
.rsrc/1033/ICON/14.ico
.rsrc/1033/ICON/15.ico
.rsrc/1033/ICON/16.ico
.rsrc/1033/ICON/17.ico
.rsrc/1033/ICON/18.ico
.rsrc/1033/ICON/19.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/20.ico
.rsrc/1033/ICON/21.ico
.rsrc/1033/ICON/22.ico
.rsrc/1033/ICON/23.ico
.rsrc/1033/ICON/24.ico
.rsrc/1033/ICON/25.ico
.rsrc/1033/ICON/26.ico
.rsrc/1033/ICON/27.ico
.rsrc/1033/ICON/28.ico
.rsrc/1033/ICON/29.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/ICON/30.ico
.rsrc/1033/ICON/31.ico
.rsrc/1033/ICON/4.ico
.rsrc/1033/ICON/5.ico
.rsrc/1033/ICON/6.ico
.rsrc/1033/ICON/7.ico
.rsrc/1033/ICON/8.ico
.rsrc/1033/ICON/9.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/1033/MANIFEST/2
.xml
.rsrc/1033/MESSAGETABLE/1
.rsrc/1033/PNG/121
.png
.rsrc/1033/PNG/122
.png
.rsrc/1033/RCDATA/API_ADOBE_PUBLIC_KEY
.rsrc/1033/RCDATA/T405_ADOBE_PUBLIC_KEY
.rsrc/1033/TYPELIB/1
.rsrc/1033/string.txt
.rsrc/1033/version.txt
.rsrc/16393/BITMAP/116.bmp
.rsrc/16393/BITMAP/117.bmp
.rsrc/16393/BITMAP/118.bmp
.rsrc/16393/TYPELIB/1
.rsrc_1
.text

Sharing

General

Malware Config

Signatures

Files

d3eafac78b2f94eb6a014af9c2a27809

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

psapi

version

kernel32

user32

advapi32

shell32

shlwapi

wininet

ws2_32

Sections

.text Size: 145KB - Virtual size: 145KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 397KB - Virtual size: 396KB

.text
Size: 145KB - Virtual size: 145KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 397KB - Virtual size: 396KB