3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e

Sharing

Copy URL

Twitter E-mail

General

Target

3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e
Size

828KB
MD5

c04e8b163d3b377221a71a04a16bf84c
SHA1

99ceee7a93ea9b097301b947bb3afc6c45be39dc
SHA256

3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e
SHA512

280ec29e5c849380bb586de2a58e019121a8c8b121a519ff4328b77e91c06aecddd8e22cb54116ab67494c79262b930811995076e7e5b3ae0559eaf20b6ea81f
SSDEEP

6144:pytjBYoNndfTZ9WA0rTeI4DX+KLJaP8nDEnZjzWGhLX4T2n9HPm+eE8d7+xYM0my:wtzZeXixgP8DmHWEX4T2ZIdKmLjACr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e

Files

3be905066595dc785c9b6b98bfb2d9e0478f32df31337a8aeec96d7ccd52769e
.exe windows:4 windows x86 arch:x86

e20f68de67436be7c4605ecbbe06082a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
GetACP
lstrcmpA
GetLastError
SetLastError
GetProcessId
lstrlenA
lstrcatA
GetCurrentThreadId
GetTickCount
GetCurrentThread
GetLogicalDriveStringsA
GetThreadPriorityBoost
GetPrivateProfileStructA
Module32First
GetDateFormatA
DnsHostnameToComputerNameW
VirtualQueryEx
GlobalWire
GetWindowsDirectoryA
InitializeCriticalSection
SwitchToFiber
FindCloseChangeNotification
GlobalHandle
CreateDirectoryA
CreateSemaphoreA
TlsAlloc
QueryDosDeviceW

user32

GetGUIThreadInfo
GetCapture
ReleaseDC
DdeAccessData
GetClipboardOwner
DrawEdge
EnterReaderModeHelper
GetClipboardData
LoadStringA
DdeInitializeA
FreeDDElParam
IsCharAlphaNumericA
FindWindowW
DdeQueryNextServer
ValidateRect
GetWindowTextLengthA
DeregisterShellHookWindow
ToAscii
CreateDesktopA
TrackMouseEvent
GetKeyNameTextA
DdeAbandonTransaction
SendMessageA
UnhookWindowsHookEx
RegisterHotKey
LoadCursorA
SetSystemCursor

comctl32

InitCommonControls
ImageList_DragLeave
ImageList_LoadImageA
ImageList_GetIcon
DSA_Destroy
FlatSB_SetScrollProp
CreateToolbar
FlatSB_SetScrollInfo
DPA_Destroy
ImageList_BeginDrag
FlatSB_GetScrollProp
DPA_EnumCallback
ImageList_EndDrag
ImageList_SetFlags
EnumMRUListW
DllGetVersion
InitCommonControlsEx
ImageList_DrawIndirect
CreateMRUListW
PropertySheet
Str_SetPtrW
DrawStatusText
ImageList_Duplicate
DPA_SetPtr
DPA_GetPtr
ImageList_GetFlags
ImageList_AddIcon
FlatSB_GetScrollPos

oleaut32

VarUI1FromUI2
LHashValOfNameSys
LHashValOfNameSysA
VarDateFromUdateEx
VarUI1FromUI4
SafeArrayAllocDescriptorEx
VarDateFromUdate
VarR8FromUI8
VarUI1FromBool
OleCreateFontIndirect
OleCreatePictureIndirect
VarI2FromBool
VarI2FromUI4
SafeArrayCopyData
VarI4FromDisp
VarI2FromUI2
VarDateFromI2
SafeArrayAccessData
VarBoolFromR4
VarFix
VarUI8FromUI4
VarUI2FromR8
VarI8FromI2
VarR4FromR8
UnRegisterTypeLibForUser
VarBstrFromCy
VarI2FromR4
VarI4FromDate

advapi32

LsaEnumerateAccountsWithUserRight
LsaEnumeratePrivileges
SystemFunction016
SaferiPopulateDefaultsInRegistry
CreatePrivateObjectSecurity
GetFileSecurityW
RegDisablePredefinedCacheEx
OpenEventLogW
CryptDuplicateKey
LsaICLookupNames
ChangeServiceConfigW
CredGetTargetInfoA
I_ScSendTSMessage
I_ScPnPGetServiceName
ChangeServiceConfigA
QueryServiceConfigW
BuildTrusteeWithObjectsAndSidW
CloseEventLog
ControlTraceA
GetServiceKeyNameW
ObjectPrivilegeAuditAlarmW
GetOverlappedAccessResults
WmiNotificationRegistrationW
ElfOpenEventLogW
ConvertAccessToSecurityDescriptorA
ObjectOpenAuditAlarmW
BuildSecurityDescriptorW
SystemFunction011
CryptSignHashW
RegCreateKeyW
WriteEncryptedFileRaw

winspool.drv

AdvancedDocumentPropertiesW
PrinterMessageBoxA
GetPrinterDriverDirectoryW
AddPortW
DeletePrinterDataExA
DeletePrintProvidorW
FreePrinterNotifyInfo
EnumPrinterDriversW
AddPrinterDriverExA
DeviceCapabilitiesW
GetPrinterW
AddPrinterConnectionW
EnumPrinterDataExW
DeletePrinterIC
QueryRemoteFonts
GetPrinterDataW
DeletePortA
SetJobA
DeletePrintProcessorA
GetPrinterDriverW
CreatePrinterIC
GetPrintProcessorDirectoryW
DeviceCapabilities
AddPrinterDriverW
AddPortA
AddFormW
EnumPrintProcessorDatatypesA

ole32

OleCreateLinkToFile
CoRegisterSurrogate
StringFromGUID2
OleDuplicateData
CoMarshalHresult
CoReleaseMarshalData
HACCEL_UserFree
CoGetMalloc
IsEqualGUID
CoIsOle1Class
HENHMETAFILE_UserUnmarshal
CoInitializeSecurity
BindMoniker
CoRegisterChannelHook
CoRegisterMallocSpy
CoGetStandardMarshal
HBITMAP_UserMarshal
RegisterDragDrop
UtGetDvtd32Info
OleConvertOLESTREAMToIStorage

gdi32

ExtEscape
SetPaletteEntries
DdEntry34
DdEntry1
GetEnhMetaFileBits
EnableEUDC
SetMapperFlags
GdiEntry7
ExtFloodFill
GetEUDCTimeStampExW
RectVisible
GetCharWidthFloatA
GetDCPenColor
GetObjectType
SetMetaFileBitsEx
GdiEntry15
GdiConvertRegion
GetFontLanguageInfo
PolyTextOutW
GetTextExtentExPointW
SaveDC
DeleteMetaFile
GdiEntry3
DdEntry4
GetCharWidthInfo
cGetTTFFromFOT
CreateDCA
SetColorAdjustment
StretchDIBits

gdiplus

GdipCreateTextureIAI
GdipSetTextContrast
GdipGetMatrixElements
GdipSetAdjustableArrowCapHeight
GdipFillRegion
GdipGetCustomLineCapStrokeCaps
GdipFlush
GdipGetRegionData
GdipCloneMatrix
GdipGetPenColor
GdipSaveAdd
GdipCreateLineBrushFromRectI
GdipFillEllipseI
GdipDrawRectangleI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileDestRectI
GdipGetFontCollectionFamilyList
GdipGetPenWidth
GdipAddPathBeziers
GdipSetPenTransform
GdipSetPathGradientFocusScales
GdipGetCellAscent
GdipTransformPath
GdipFillRectangles
GdipGetLineRect
GdipMeasureString
GdipGetCompositingMode

msimg32

vSetDdrawflag
AlphaBlend
GradientFill
DllInitialize
TransparentBlt

winmm

waveOutSetVolume
mid32Message
midiOutGetID
waveInStop
joySetCapture
midiInReset
mmioOpenW
SendDriverMessage
joyGetDevCapsA
timeEndPeriod
mmioClose
midiOutSetVolume
midiOutUnprepareHeader
PlaySoundA
mmioStringToFOURCCW
waveOutSetPitch
mmTaskCreate
joyGetPos
auxGetNumDevs
mixerGetControlDetailsA
mmioInstallIOProcW
mciGetErrorStringW

oledlg

OleUIObjectPropertiesW
OleUIAddVerbMenuW
OleUIUpdateLinksA
OleUIEditLinksA
OleUICanConvertOrActivateAs
OleUIObjectPropertiesA
OleUIConvertW
OleUIInsertObjectA
OleUIUpdateLinksW
OleUIPasteSpecialA
OleUIBusyW
OleUIPasteSpecialW
OleUIChangeIconA
OleUIPromptUserW
OleUIConvertA

comdlg32

ReplaceTextA
GetFileTitleA
ChooseFontW
GetSaveFileNameW
PrintDlgA
CommDlgExtendedError
GetOpenFileNameA
WantArrows
FindTextW
ReplaceTextW
PageSetupDlgA
PageSetupDlgW
LoadAlterBitmap
Ssync_ANSI_UNICODE_Struct_For_WOW

Sections

.text
Size: 753KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e20f68de67436be7c4605ecbbe06082a

Headers

File Characteristics

Imports

kernel32

user32

comctl32

oleaut32

advapi32

winspool.drv

ole32

gdi32

gdiplus

msimg32

winmm

oledlg

comdlg32

Sections

.text Size: 753KB - Virtual size: 752KB

.data Size: 73KB - Virtual size: 73KB

.rsrc Size: 512B - Virtual size: 484B

.text
Size: 753KB - Virtual size: 752KB

.data
Size: 73KB - Virtual size: 73KB

.rsrc
Size: 512B - Virtual size: 484B