f981b7027074613ed0f0ff04287d23697f820723cfe4837465e8b71e8a37ec94

Sharing

Copy URL

Twitter E-mail

General

Target

f981b7027074613ed0f0ff04287d23697f820723cfe4837465e8b71e8a37ec94
Size

2.5MB
MD5

2e5afa0f9e130cc2beecd7a2ca370082
SHA1

a7e45388a2bc150fb4822713b9c568684b5ea6fd
SHA256

f981b7027074613ed0f0ff04287d23697f820723cfe4837465e8b71e8a37ec94
SHA512

1010e731b1029c05aa8a49e5eab6360da1d22076016f67c2282b6b2b8c06e0ac5759c64e59b3951bc39b842f23af81027897873c350b98a40d5d9864d34ecac4
SSDEEP

49152:m4kParqqAgDEJBOclpMpCPi9FCLWdQuh:CarkgDcBOcVit

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f981b7027074613ed0f0ff04287d23697f820723cfe4837465e8b71e8a37ec94

Files

f981b7027074613ed0f0ff04287d23697f820723cfe4837465e8b71e8a37ec94
.exe windows:5 windows x86 arch:x86

9b29f36a494d2c2cfe2ecfb9f09c8148

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect
WinHttpQueryHeaders
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpReceiveResponse
WinHttpCloseHandle

tapi32

lineClose
lineInitializeExW
lineMakeCallW
lineGetProviderListW
lineTranslateAddressW
lineTranslateDialogW
lineShutdown
lineGetCallInfoW
lineOpenW
lineNegotiateAPIVersion
lineGetDevCapsW
lineConfigDialogW

iphlpapi

GetIfEntry
GetIpAddrTable

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetLocalGroupGetMembers

psapi

GetProcessImageFileNameW
GetProcessMemoryInfo

secur32

AcquireCredentialsHandleA
QueryContextAttributesW
FreeContextBuffer
InitializeSecurityContextW
DeleteSecurityContext
AcceptSecurityContext
AcquireCredentialsHandleW
FreeCredentialsHandle

wininet

InternetSetOptionW
HttpOpenRequestA
InternetSetCookieW
InternetOpenW
InternetQueryOptionW
InternetReadFile
InternetConnectW
HttpAddRequestHeadersA
HttpSendRequestA
InternetCloseHandle
HttpQueryInfoA

wsock32

WSAStartup
connect
htonl
socket
htons
ntohs
setsockopt
recv
WSAGetLastError
gethostbyname
ntohl
accept
listen
send
closesocket
bind

ws2_32

WSASend
WSARecv

gdiplus

GdipLoadImageFromStream
GdipFree
GdipGetImageHeight
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipGetImageWidth
GdiplusStartup

kernel32

HeapSize
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetFileType
SetLastError
CreateThread
GetStartupInfoW
HeapAlloc
HeapFree
AreFileApisANSI
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
LoadLibraryExA
RaiseException
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
HeapReAlloc
SetUnhandledExceptionFilter
TerminateProcess
TlsFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringW
OutputDebugStringW
GetStringTypeW
WriteConsoleW
GetSystemTimeAsFileTime
SetConsoleOutputCP
SetStdHandle
GetComputerNameExW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
GetCurrentProcess
InterlockedIncrement
GetQueuedCompletionStatus
SetFileCompletionNotificationModes
CreateIoCompletionPort
CloseHandle
GetProcAddress
GetLastError
LoadLibraryW
GlobalFree
InterlockedDecrement
LCMapStringW
LocalFree
SystemTimeToFileTime
Sleep
FileTimeToSystemTime
FormatMessageW
GetCurrentThreadId
FindFirstFileW
SetFilePointer
CreateDirectoryW
CopyFileW
GetFileAttributesW
GetModuleFileNameW
CreateFileW
GetCurrentDirectoryW
MoveFileW
FindClose
SetCurrentDirectoryW
RemoveDirectoryW
FindNextFileW
GetFileAttributesExW
DeleteFileW
SetFileAttributesW
TlsGetValue
TlsSetValue
TlsAlloc
GetProcessHeap
GetCurrentThread
ExitThread
SetThreadPriority
GetUserPreferredUILanguages
GetStdHandle
GetLogicalProcessorInformation
SetErrorMode
GetCurrentProcessId
GetDateFormatW
GetTickCount
GetLocaleInfoW
GetTimeZoneInformation
GetLocalTime
GetSystemTime
GetVersionExW
GetTempPathW
GetLongPathNameW
GetVolumeInformationW
SystemTimeToTzSpecificLocalTime
GlobalLock
GlobalAlloc
GlobalUnlock
FreeLibrary
CreateProcessW
LoadLibraryExW
SetHandleInformation
WaitForSingleObject
OpenProcess
GetExitCodeProcess
ReadFile
SetEnvironmentVariableA
CreatePipe
TryEnterCriticalSection
SetEvent
WaitForSingleObjectEx
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventW
DeleteCriticalSection
GetFileSize
SetEndOfFile
SetFilePointerEx
WriteFile
FlushFileBuffers
GetFileSizeEx
CancelIoEx
GetEnvironmentVariableW
AllocConsole

user32

FindWindowW
GetClassNameW
GetWindowTextW
EnumWindows
PostMessageW
DispatchMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
TranslateMessage
SetForegroundWindow
GetWindowTextLengthW
AllowSetForegroundWindow
GetWindowPlacement
GetMessageW
GetSysColor
GetActiveWindow
GetWindowThreadProcessId
ShowWindow
MessageBoxW

advapi32

RegCloseKey
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
FreeSid
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
ChangeServiceConfig2W
StartServiceW
QueryServiceStatus
ChangeServiceConfigW
ControlService
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
GetUserNameW
InitializeSecurityDescriptor

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW

ole32

CreateStreamOnHGlobal
CLSIDFromString
CoInitializeEx
CoUninitialize
CoGetObject
CLSIDFromProgID
CoCreateInstance
OleInitialize
CoGetInstanceFromFile

oleaut32

SafeArrayDestroy
VariantInit
SafeArrayCreateVector
GetErrorInfo
GetActiveObject
VariantClear
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SafeArrayCopy

mscoree

CLRCreateInstance

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9b29f36a494d2c2cfe2ecfb9f09c8148

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

tapi32

iphlpapi

netapi32

psapi

secur32

wininet

wsock32

ws2_32

gdiplus

kernel32

user32

advapi32

shell32

ole32

oleaut32

mscoree

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 18KB - Virtual size: 376KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 18KB - Virtual size: 376KB