478eb22a1f1be2ef6e70625cf42ca61c716389135acbb705c0e21f0cf330bf46

Sharing

Copy URL

Twitter E-mail

General

Target

478eb22a1f1be2ef6e70625cf42ca61c716389135acbb705c0e21f0cf330bf46
Size

1.8MB
MD5

1743b9303a76e843907a46c5202b00f3
SHA1

31faff7870a51a57999caf5814622517ba0cb778
SHA256

478eb22a1f1be2ef6e70625cf42ca61c716389135acbb705c0e21f0cf330bf46
SHA512

1393976f517d91a29b1e37c470ac35203f67d6bf1e539308a86cbb752c4d7f165343a2c0485bec4ccc37b4ac6b95927b0a5af182f384bb59d1c4c72768160663
SSDEEP

24576:5UWFBXwhWTtTWITNYeGQEq+3iu8kEPGIyQ+cwa+Djo8+ST2Sjm1vkAyGcjgP:+Y8QD7BHyQ1EUvSaO+9Es

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
478eb22a1f1be2ef6e70625cf42ca61c716389135acbb705c0e21f0cf330bf46

Files

478eb22a1f1be2ef6e70625cf42ca61c716389135acbb705c0e21f0cf330bf46
.exe windows:6 windows x64 arch:x64

cf3c1817c9d16be6d7625ac7e9642807

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
HeapCreate
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleHandleExW
TerminateProcess
ExitProcess
GetCurrentProcess
GetModuleFileNameW
WriteFile
GetStdHandle
RtlPcToFileHeader
RaiseException
EncodePointer
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry

user32

LockSetForegroundWindow
ToUnicodeEx
DrawEdge
AttachThreadInput
RealGetWindowClassW
WaitForInputIdle
GetMenuBarInfo
WinHelpW
CascadeWindows
GetScrollInfo
DlgDirListW
IsGUIThread
FindWindowW
GetDesktopWindow
InflateRect
GetSysColor
ShowCaret
SetWindowTextW
GetPropW
GetScrollPos
LockWindowUpdate
GetWindowDC
GetDC
GetAncestor
GrayStringW
MenuItemFromPoint
GetCapture
keybd_event
GetKeyboardType
GetAsyncKeyState
CharUpperW
GetPriorityClipboardFormat
GetDialogBaseUnits
GetDlgCtrlID
GetNextDlgGroupItem
GetDlgItemTextW
BringWindowToTop
SetWindowPlacement
SetLayeredWindowAttributes
SetDoubleClickTime

gdi32

GdiSetBatchLimit
UnrealizeObject
GetDCOrgEx
SetViewportExtEx
MoveToEx
GetArcDirection
StrokePath
GetPath
BeginPath
SetColorAdjustment
CombineTransform
GetWorldTransform
PlayEnhMetaFile
GetEnhMetaFilePaletteEntries
SetTextColor
SetSystemPaletteUse
SetRectRgn
SetMapMode
SetMapperFlags
SetDIBitsToDevice
SetBkMode
SaveDC
PtInRegion
PlayMetaFile
Pie
OffsetClipRgn
InvertRgn
GetWindowOrgEx
GetFontUnicodeRanges
GetSystemPaletteUse
GetRgnBox
GetRasterizerCaps
GetDIBits
GetDeviceCaps
ExtFloodFill
GetROP2
GetBkColor
GetBoundsRect
GetCharABCWidthsW
GetClipBox
GetCurrentObject

winspool.drv

WritePrinter
ScheduleJob
FindNextPrinterChangeNotification
FindClosePrinterChangeNotification

comdlg32

GetFileTitleW
CommDlgExtendedError
PrintDlgExW
ChooseFontW
ReplaceTextW
FindTextW
ChooseColorW
GetSaveFileNameW

advapi32

GetUserNameW
DecryptFileW

shell32

SHParseDisplayName
SHBindToParent
ord176
ord6
ord75
ord47
SHGetDataFromIDListW
SHGetInstanceExplorer
ord4
ord2
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListW
ord154
ord190
ord27
ord21
ord16
ord24
ord152
ord153
ord25
SHSetLocalizedName
ord180
SHGetDiskFreeSpaceExA
SHGetFileInfoW
SHEmptyRecycleBinW
ShellExecuteExW
SHFileOperationW
ShellAboutW
ShellExecuteW
DragQueryFileW
SHGetDiskFreeSpaceExW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 206KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf3c1817c9d16be6d7625ac7e9642807

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 243KB - Virtual size: 242KB

.data Size: 206KB - Virtual size: 221KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 243KB - Virtual size: 242KB

.data
Size: 206KB - Virtual size: 221KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB