e0401e663040ef840f94fd7e5ca68750109016b56b5e7b53956c3c1e3ce47367

Sharing

Copy URL Twitter E-mail

General

Target

e0401e663040ef840f94fd7e5ca68750109016b56b5e7b53956c3c1e3ce47367
Size

161KB
MD5

5e337c154e4d10af1ea1af1c979b5d61
SHA1

ed1e2cf92cf6854fb82bc4443640be820c0221c1
SHA256

e0401e663040ef840f94fd7e5ca68750109016b56b5e7b53956c3c1e3ce47367
SHA512

82cb11cc9a767e7a0053153b59618e6d4f7d364ef464dd72b1f0a067b44c28c5ee2b0869eae0232ed748c5656e9b7aa7f389d246e8799b0ad85d48126d210dcd
SSDEEP

1536:FmeaNxLq7+w5zkoNAGr2W1gzKlkKXMSzJ2WGP8cxBbH9hyrhXQELOVUT/hTJqR8j:EtqC4zkeI2qSzwxxB6VaUT/h48g8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0401e663040ef840f94fd7e5ca68750109016b56b5e7b53956c3c1e3ce47367

Files

e0401e663040ef840f94fd7e5ca68750109016b56b5e7b53956c3c1e3ce47367
.exe windows:5 windows x64 arch:x64

11a52c11d45f65ba6e6cca0e66d7c605

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryPerformanceCounter
DecodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
GetStartupInfoW
Sleep
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GlobalUnlock
OutputDebugStringW
GetFileAttributesW
FindFirstFileW
FindClose
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcatW
MulDiv
lstrcpyW
lstrlenW
GlobalReAlloc
GlobalAlloc
GlobalLock
GlobalFree
GlobalHandle
SetUnhandledExceptionFilter

user32

MessageBoxW
wvsprintfW
DefWindowProcW
GetClientRect
SetRect
GetDC
ReleaseDC
SetCapture
GetCapture
GetParent
SetWindowLongPtrW
wsprintfW
IsIconic
IsZoomed
GetSystemMetrics
SetScrollRange
SetScrollPos
BeginPaint
EndPaint
DrawMenuBar
ScrollWindow
GetClassLongPtrW
DialogBoxParamW
DestroyMenu
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
TranslateMDISysAccel
GetMessageW
LoadAcceleratorsW
LoadMenuW
RegisterClassW
GetWindow
PostQuitMessage
CheckMenuItem
EnableMenuItem
CreateWindowExW
IsWindow
DefFrameProcW
LoadIconW
EnumChildWindows
GetDlgCtrlID
EqualRect
IsRectEmpty
GetWindowTextW
SetWindowTextW
SetDlgItemInt
GetDlgItemInt
EnableWindow
SendDlgItemMessageW
CreateDialogParamW
EndDialog
DestroyWindow
MoveWindow
GetWindowRect
ShowWindow
GetDlgItem
OffsetRect
GetAsyncKeyState
InflateRect
UpdateWindow
InvalidateRect
ReleaseCapture
TrackPopupMenu
GetSubMenu
PtInRect
CopyRect
ScreenToClient
GetCursorPos
LoadCursorW
SetCursor
GetWindowLongPtrW
SendMessageW
DefMDIChildProcW
FillRect
IntersectRect
GetUpdateRect

gdi32

RealizePalette
TextOutW
CreateRectRgnIndirect
SelectPalette
FillRgn
CreateSolidBrush
GetTextExtentPoint32W
SetROP2
DeleteObject
SelectObject
GetStockObject
CreatePen
CombineRgn
Rectangle

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW
DragQueryFileW
DragAcceptFiles

msvcr100

memset
__set_app_type
ceilf
_onexit
_lock
__dllonexit
_unlock
vswprintf_s
_wtoi
_wcsicmp
wcscpy_s
swprintf_s
_amsg_exit
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
memcpy
__crt_debugger_hook
?terminate@@YAXXZ

ltkrnx

ord382
ord14
ord32
ord40
ord54
ord191
ord181
ord118
ord133
ord67
ord26
ord75
ord116

ltdisx

ord34
ord51
ord27
ord82
ord113
ord60
ord32
ord15

ltfilx

ord33
ord32
ord65
ord250

ltsgmx

ord5
ord2
ord15
ord3
ord13
ord14
ord9
ord11
ord12
ord8
ord1
ord16
ord10
ord7
ord4

ltimgclrx

ord28

ltdlgfilex

ord8
ord5

ltdlgkrnx

ord5
ord1

ltdlgclrx

ord3
ord4

ltdlgimgx

ord5

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11a52c11d45f65ba6e6cca0e66d7c605

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

msvcr100

ltkrnx

ltdisx

ltfilx

ltsgmx

ltimgclrx

ltdlgfilex

ltdlgkrnx

ltdlgclrx

ltdlgimgx

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 65KB - Virtual size: 64KB

.reloc Size: 512B - Virtual size: 60B

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 65KB - Virtual size: 64KB

.reloc
Size: 512B - Virtual size: 60B