392e402e7f49bcafe3c21b9ba164a9ed4c3e1593cbcfb1a5f75cacfeb21abd16

Sharing

Copy URL

Twitter E-mail

General

Target

392e402e7f49bcafe3c21b9ba164a9ed4c3e1593cbcfb1a5f75cacfeb21abd16
Size

295KB
MD5

da57ec61f1bfa023ed650d8f6fbac166
SHA1

876032c5c317215e78e7b54fcc90029d9da0ac51
SHA256

392e402e7f49bcafe3c21b9ba164a9ed4c3e1593cbcfb1a5f75cacfeb21abd16
SHA512

457675f7631539d71c39b2c5ee9bb81d4998de44eb2b180ee237212880d937c4fd5fd68eab2ea0bad4da25af87a647fad3662f373742c222936f853a72280e08
SSDEEP

6144:ddchzQFA5+KmzAPGJCKfjh+XBLMJk4+O7MQNh0AaWap:ddnFA5rmX8vrQJLap

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
392e402e7f49bcafe3c21b9ba164a9ed4c3e1593cbcfb1a5f75cacfeb21abd16

Files

392e402e7f49bcafe3c21b9ba164a9ed4c3e1593cbcfb1a5f75cacfeb21abd16
.exe windows:5 windows x86 arch:x86

4efbd25063b648d3c8660fec527d2518

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord70
ord205

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData

kernel32

GetUserDefaultUILanguage
GetLastError
GetLocaleInfoW
EnumResourceLanguagesW
CreateFileW
WriteFile
CloseHandle
GetTempPathW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
DeleteFileW
RaiseException
lstrcmpiW
RemoveDirectoryW
MulDiv
GetVersionExW
CompareStringW
lstrlenW
WaitForSingleObject
lstrcpynW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
FindNextFileW
CreateDirectoryW
GetCurrentThreadId
DecodePointer
GetCommandLineW
LCMapStringW
GetStringTypeW
GetModuleFileNameW
GetStdHandle
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetProcessHeap
HeapAlloc
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
HeapFree
SetStdHandle
GetConsoleCP
GetCommandLineA
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
GetFileType
WriteConsoleW

user32

SetCapture
GetCapture
ReleaseCapture
GetDlgCtrlID
GetCursorPos
PtInRect
TrackMouseEvent
SetCursor
DrawFocusRect
GetFocus
GetSysColor
SetFocus
UpdateWindow
InvalidateRect
CallWindowProcW
DefWindowProcW
CharLowerBuffW
DialogBoxParamW
UnregisterClassW
DestroyWindow
GetActiveWindow
MessageBoxW
LoadBitmapW
GetClassNameW
LoadCursorW
SystemParametersInfoW
CreateWindowExW
CharNextW
SetWindowLongW
EndDialog
EndPaint
BeginPaint
IsWindowVisible
RedrawWindow
EnableWindow
ShowWindow
SetDlgItemTextW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
GetClientRect
GetWindowLongW
DrawTextW
OffsetRect
IsWindow
GetParent
ScreenToClient
GetWindowRect
GetDC
ReleaseDC
LoadIconW
SendMessageW
GetDlgItem
IsWindowEnabled
PostMessageW
MessageBoxIndirectW
FillRect
SetRectEmpty

gdi32

StretchBlt
DeleteObject
GetStockObject
SelectObject
SetStretchBltMode
GetDeviceCaps
CreateFontIndirectW
GetObjectW
DeleteDC
SetTextColor
CreateCompatibleDC
SetBkMode

advapi32

RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW

shell32

CommandLineToArgvW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW

ole32

CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
StringFromCLSID
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx

oleaut32

VarUI4FromStr

shlwapi

PathFindFileNameW

comctl32

InitCommonControlsEx

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4efbd25063b648d3c8660fec527d2518

Headers

DLL Characteristics

File Characteristics

Imports

msi

winhttp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 142KB - Virtual size: 142KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 142KB - Virtual size: 142KB

.reloc
Size: 7KB - Virtual size: 6KB