171573ed47d054c83b648b4d8b6225b11dc27e2d14c5838f24b4cc92ff5b1742

Sharing

Copy URL Twitter E-mail

General

Target

171573ed47d054c83b648b4d8b6225b11dc27e2d14c5838f24b4cc92ff5b1742
Size

3.9MB
MD5

4c0792bd6663cfd78ddb86487dc98d8e
SHA1

99fbccb02716cd3d73ea3a6f93ff1fcc6e71ce38
SHA256

171573ed47d054c83b648b4d8b6225b11dc27e2d14c5838f24b4cc92ff5b1742
SHA512

c7b1231457cc131bccca868714919792bfb1ff8d2df5605320ac001839bf6d03ada6709737f4103efcd74d66143f0d7244f0d863b84ceb51b0d34d48b50a034b
SSDEEP

49152:oKvii46aWG9o9KG45jNN62DGnrAn1+ryjcFcBzWtQCPopbb+54NrSE0ZRA:oKvi96xwI545pUYGrAgL0SiLpl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
171573ed47d054c83b648b4d8b6225b11dc27e2d14c5838f24b4cc92ff5b1742

Files

171573ed47d054c83b648b4d8b6225b11dc27e2d14c5838f24b4cc92ff5b1742
.exe windows:5 windows x86 arch:x86

719eebb378266e0fe6d68ea22ea8ef72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetUserDefaultLCID
ReadConsoleA
SetConsoleMode
CreateDirectoryW
SizeofResource
FindFirstFileW
HeapFree
FindNextFileW
GetCurrentProcess
TerminateProcess
InitializeCriticalSectionAndSpinCount
FindClose
WaitForSingleObject
GetVersionExW
OpenFileMappingW
UnmapViewOfFile
HeapSize
MultiByteToWideChar
ProcessIdToSessionId
Sleep
GetLastError
LockResource
HeapReAlloc
CloseHandle
RaiseException
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
CreateProcessW
CopyFileW
WideCharToMultiByte
MapViewOfFile
GetTickCount
CreateFileMappingW
RemoveDirectoryW
GetModuleFileNameW
GetFileAttributesW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
DeleteFileW
Process32FirstW
LocalFree
GetCurrentDirectoryW
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
GetModuleHandleW
CreateFileW
SetFileAttributesW
GetUserDefaultUILanguage
GetLocaleInfoW
FindResourceExW
GetComputerNameExW
GetComputerNameW
GetTempPathW
LoadLibraryW
CreateThread
GetProcAddress
FreeLibrary
GetTempFileNameW
GetEnvironmentVariableW
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoW
InterlockedDecrement
WaitForMultipleObjects
CreateEventW
GetExitCodeThread
SetEvent
ResetEvent
InterlockedIncrement
GetStdHandle
CreateMutexW
ReleaseMutex
SetCurrentDirectoryW
IsBadStringPtrW
ReadFile
WriteFile
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrlenW
LocalAlloc
OutputDebugStringW
LocalSize
SetLastError
GetCurrentThreadId
GlobalFree
GetLocalTime
GetFileSize
FlushFileBuffers
GetCommandLineW
GlobalAlloc
LoadLibraryExW
GetExitCodeProcess
lstrcmpiW
FormatMessageA
CreateFileA
VirtualProtect
VirtualQuery
LoadLibraryExA
GetACP
OutputDebugStringA
GetModuleHandleA
GlobalLock
GlobalUnlock
MulDiv
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
EncodePointer
GetSystemDirectoryW
FreeResource
LoadLibraryA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetThreadLocale
SetThreadPriority
GetCurrentThread
lstrcmpA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetSystemDefaultUILanguage
GlobalFlags
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetSystemTime
WriteConsoleW
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetConsoleCP
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
IsValidLocale
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
ExitProcess
HeapQueryInformation
ExitThread
GetCommandLineA
SetStdHandle
PeekNamedPipe
GetFileType
GetDriveTypeW
RtlUnwind
SetFileCompletionNotificationModes
GetTickCount64
InitOnceExecuteOnce
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetHandleInformation
MoveFileExW
SetEnvironmentVariableW
GetTimeZoneInformation
GetLongPathNameW
QueueUserWorkItem
GetModuleHandleExW
FindFirstFileExW
SetFilePointerEx
AreFileApisANSI
SwitchToThread
QueryPerformanceFrequency
LCMapStringW
GetStringTypeW
GetCPInfo
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx

oleaut32

VariantInit
VariantClear
VariantChangeType
SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
SysAllocStringLen

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

sensapi

IsNetworkAlive

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 955KB - Virtual size: 955KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

719eebb378266e0fe6d68ea22ea8ef72

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

oleaut32

oledlg

urlmon

secur32

sensapi

bcrypt

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 955KB - Virtual size: 955KB

.data Size: 52KB - Virtual size: 89KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 147KB - Virtual size: 147KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 955KB - Virtual size: 955KB

.data
Size: 52KB - Virtual size: 89KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 147KB - Virtual size: 147KB