eb66417fe324e24e86b43ab11a4f3e16881669ff0b413c5eff819bc6cfc498ed

Sharing

Copy URL Twitter E-mail

General

Target

eb66417fe324e24e86b43ab11a4f3e16881669ff0b413c5eff819bc6cfc498ed
Size

3.9MB
MD5

2242b1fc393f147708abe8c64f08f7fd
SHA1

0da01ca126dea982c233390a80403ca1a4bdbc08
SHA256

eb66417fe324e24e86b43ab11a4f3e16881669ff0b413c5eff819bc6cfc498ed
SHA512

3e734702670747d30cfa55c23cb8de3720b23e7296b0a421e8360f910f005db41c1e2d01fabe98ab9582897c7defcef07dc8ae74238214ef34b3c1a5cb171778
SSDEEP

49152:oKvii46aWG9o9KG45jNN62DGnrAn1+ryjcFcBzWtQCPopbb+54NrSE0ZRI:oKvi96xwI545pUYGrAgL0SiLp9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb66417fe324e24e86b43ab11a4f3e16881669ff0b413c5eff819bc6cfc498ed

Files

eb66417fe324e24e86b43ab11a4f3e16881669ff0b413c5eff819bc6cfc498ed
.exe windows:5 windows x86 arch:x86

719eebb378266e0fe6d68ea22ea8ef72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetUserDefaultLCID
ReadConsoleA
SetConsoleMode
CreateDirectoryW
SizeofResource
FindFirstFileW
HeapFree
FindNextFileW
GetCurrentProcess
TerminateProcess
InitializeCriticalSectionAndSpinCount
FindClose
WaitForSingleObject
GetVersionExW
OpenFileMappingW
UnmapViewOfFile
HeapSize
MultiByteToWideChar
ProcessIdToSessionId
Sleep
GetLastError
LockResource
HeapReAlloc
CloseHandle
RaiseException
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
CreateProcessW
CopyFileW
WideCharToMultiByte
MapViewOfFile
GetTickCount
CreateFileMappingW
RemoveDirectoryW
GetModuleFileNameW
GetFileAttributesW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
DeleteFileW
Process32FirstW
LocalFree
GetCurrentDirectoryW
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
GetModuleHandleW
CreateFileW
SetFileAttributesW
GetUserDefaultUILanguage
GetLocaleInfoW
FindResourceExW
GetComputerNameExW
GetComputerNameW
GetTempPathW
LoadLibraryW
CreateThread
GetProcAddress
FreeLibrary
GetTempFileNameW
GetEnvironmentVariableW
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoW
InterlockedDecrement
WaitForMultipleObjects
CreateEventW
GetExitCodeThread
SetEvent
ResetEvent
InterlockedIncrement
GetStdHandle
CreateMutexW
ReleaseMutex
SetCurrentDirectoryW
IsBadStringPtrW
ReadFile
WriteFile
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrlenW
LocalAlloc
OutputDebugStringW
LocalSize
SetLastError
GetCurrentThreadId
GlobalFree
GetLocalTime
GetFileSize
FlushFileBuffers
GetCommandLineW
GlobalAlloc
LoadLibraryExW
GetExitCodeProcess
lstrcmpiW
FormatMessageA
CreateFileA
VirtualProtect
VirtualQuery
LoadLibraryExA
GetACP
OutputDebugStringA
GetModuleHandleA
GlobalLock
GlobalUnlock
MulDiv
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
EncodePointer
GetSystemDirectoryW
FreeResource
LoadLibraryA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetThreadLocale
SetThreadPriority
GetCurrentThread
lstrcmpA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetSystemDefaultUILanguage
GlobalFlags
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetSystemTime
WriteConsoleW
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetConsoleCP
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
IsValidLocale
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
ExitProcess
HeapQueryInformation
ExitThread
GetCommandLineA
SetStdHandle
PeekNamedPipe
GetFileType
GetDriveTypeW
RtlUnwind
SetFileCompletionNotificationModes
GetTickCount64
InitOnceExecuteOnce
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetHandleInformation
MoveFileExW
SetEnvironmentVariableW
GetTimeZoneInformation
GetLongPathNameW
QueueUserWorkItem
GetModuleHandleExW
FindFirstFileExW
SetFilePointerEx
AreFileApisANSI
SwitchToThread
QueryPerformanceFrequency
LCMapStringW
GetStringTypeW
GetCPInfo
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx

oleaut32

VariantInit
VariantClear
VariantChangeType
SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
SysAllocStringLen

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

sensapi

IsNetworkAlive

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 955KB - Virtual size: 955KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

719eebb378266e0fe6d68ea22ea8ef72

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

oleaut32

oledlg

urlmon

secur32

sensapi

bcrypt

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 955KB - Virtual size: 955KB

.data Size: 52KB - Virtual size: 89KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 147KB - Virtual size: 147KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 955KB - Virtual size: 955KB

.data
Size: 52KB - Virtual size: 89KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 147KB - Virtual size: 147KB