ecbf748dd5cd5413d622249c506955bc388942383ed1fda80c5400c60f5292f7

Sharing

Copy URL Twitter E-mail

General

Target

ecbf748dd5cd5413d622249c506955bc388942383ed1fda80c5400c60f5292f7
Size

2.7MB
MD5

9ae69ae7f384924990c74317a302c594
SHA1

535ded13b16637f871dee0f2a3e7ecfcc1e1174c
SHA256

ecbf748dd5cd5413d622249c506955bc388942383ed1fda80c5400c60f5292f7
SHA512

bb91a7f0e06ddf6b68c773c37941390e6868e72eeb88e37af42f1c527f2c32e6150686473689bb78b7a2f18cb16afd66fd2296dccf408a0dccbaa9c3feedf46a
SSDEEP

49152:P3DAuMiyffEGH8ox5KpLTPtmZXHM2s+Qh7SbU6MCWxiqixh:P3EPikfEGHjcTloXHM2s+Qh7kU6F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecbf748dd5cd5413d622249c506955bc388942383ed1fda80c5400c60f5292f7

Files

ecbf748dd5cd5413d622249c506955bc388942383ed1fda80c5400c60f5292f7
.exe windows:4 windows x86 arch:x86

906591e0615083cfbe833492803f4089

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
Sleep
GetTickCount
GetACP
GetOEMCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetLastError
GetSystemDefaultLCID
GetVersion
TerminateThread
GetExitCodeThread
WaitForSingleObject
Sleep
CloseHandle
GetSystemTimeAsFileTime
IsBadReadPtr
GetCurrentThreadId
GetCurrentProcessId
EnterCriticalSection
InitializeCriticalSection
HeapFree
GetProcessHeap
HeapAlloc
DeviceIoControl
LocalFree
CreateFileA
LocalAlloc
InterlockedDecrement
InterlockedCompareExchange
CreateMutexA
ReleaseMutex
FormatMessageA
GetLastError
GetVolumeInformationA
GetEnvironmentVariableA
CreateThread
GetProcAddress
LoadLibraryA
TlsSetValue
TlsGetValue
TlsAlloc
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
GetCurrentProcess
TlsFree
GetModuleHandleA
ReadFile
WriteFile
GetFileSize
FindClose
GetLocalTime
SetErrorMode
FindFirstFileA
FindNextFileA
GetModuleFileNameA
InterlockedIncrement
HeapReAlloc
SearchPathA
CreateSemaphoreA
OpenSemaphoreA
ReleaseSemaphore
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
GetVersion
GetModuleHandleA
GetProcAddress
CreateFileW

msvcrt

strncmp

setupapi

SetupDiEnumDeviceInfo

advapi32

GetUserNameA
RegEnumKeyW

comctl32

InitCommonControlsEx
InitCommonControlsEx

user32

IsWindow
ShowWindow
GetClassNameA
GetWindowThreadProcessId
GetWindow
SetWindowPos
GetDlgItem
UpdateWindow
SetWindowTextW
GetWindowTextW
GetClientRect
GetWindowRect
SendMessageA
EnumWindows
GetDesktopWindow
MessageBoxW
GetWindowLongA
SetWindowLongA
DefWindowProcA
MessageBoxA
IsRectEmpty

hasp_windows_107479

ord3

gdi32

OffsetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW

shell32

ShellExecuteW

shlwapi

PathFindFileNameW

oledlg

OleUIBusyW

ole32

CLSIDFromString

oleaut32

SysAllocString

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 384KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.protect
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

906591e0615083cfbe833492803f4089

Headers

File Characteristics

Imports

kernel32

msvcrt

setupapi

advapi32

comctl32

user32

hasp_windows_107479

gdi32

comdlg32

winspool.drv

shell32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 208KB - Virtual size: 205KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 384KB - Virtual size: 382KB

.protect Size: 2.1MB - Virtual size: 2.1MB

.text
Size: 208KB - Virtual size: 205KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 384KB - Virtual size: 382KB

.protect
Size: 2.1MB - Virtual size: 2.1MB