206faa1960e849c3c4b7a2a41a3c797079ca7e39099632e814ce5376fc37cf0d

Sharing

Copy URL Twitter E-mail

General

Target

206faa1960e849c3c4b7a2a41a3c797079ca7e39099632e814ce5376fc37cf0d
Size

344KB
MD5

c427b471f94a6d440a9954f3337684a0
SHA1

e8a17e2e1c59377674621c7db1a2dfcae62ea310
SHA256

206faa1960e849c3c4b7a2a41a3c797079ca7e39099632e814ce5376fc37cf0d
SHA512

fd0b53dadf04a3f57f391b05c8cb8dd1314fdd7c43ab907f9075c93dd546a92c94fb2e02afcc6025d7ece2c16b707cf039f894fe5dfd41f820a79683ed37bee2
SSDEEP

6144:u/hEOzWRN+wvPPlI1HGHzVIubPYrfoetE:IzGNNK1HGHzVIwUQetE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
206faa1960e849c3c4b7a2a41a3c797079ca7e39099632e814ce5376fc37cf0d

Files

206faa1960e849c3c4b7a2a41a3c797079ca7e39099632e814ce5376fc37cf0d
.exe windows:5 windows x86 arch:x86

5d15a107f9cc39a4644934eb62861960

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\amigo_helpers\amigo_loader_lite\Release\AmigoLoaderLite.pdb

Imports

kernel32

HeapFree
GetProcessHeap
LeaveCriticalSection
SetLastError
HeapSize
EnterCriticalSection
GetCurrentThreadId
MapViewOfFile
UnmapViewOfFile
VirtualQuery
CreateFileW
CreateFileMappingW
GetModuleFileNameW
GetACP
GetModuleHandleW
GetProcAddress
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
GlobalLock
GlobalAlloc
GlobalUnlock
CreateProcessW
GetExitCodeProcess
GetStartupInfoW
GetTempPathW
FreeResource
FindResourceW
LoadResource
SizeofResource
LockResource
MoveFileExW
WideCharToMultiByte
MultiByteToWideChar
FlushFileBuffers
HeapAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
WriteConsoleW
GetLastError
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetStdHandle
GetFileType
SetStdHandle
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateMutexW
HeapReAlloc
SetFileAttributesW
lstrcmpiW
GetFileAttributesW
LocalFree
CloseHandle
DeleteCriticalSection
DecodePointer
RaiseException
FlushInstructionCache
Sleep
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetCommandLineW
GetConsoleCP
WriteFile
SetFilePointerEx
ReadConsoleW
GetConsoleMode
ReadFile
SystemTimeToFileTime
GetCurrentProcess
SetEndOfFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FindClose
GetSystemTimeAsFileTime
LoadLibraryExW
ExitThread
CreateThread
OutputDebugStringW
IsDebuggerPresent
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
GetStringTypeW
SetEnvironmentVariableA

user32

IsWindow
ShowWindow
GetCursorPos
SetWindowPos
EndDialog
SetWindowLongW
GetDlgItem
MonitorFromWindow
GetWindowLongW
InvalidateRect
GetCapture
wsprintfW
PtInRect
BeginPaint
GetClientRect
WindowFromPoint
ReleaseCapture
UnregisterClassW
LoadImageW
FillRect
GetWindowRect
ScreenToClient
UpdateLayeredWindow
ClientToScreen
EndPaint
KillTimer
SetTimer
GetActiveWindow
DialogBoxParamW
GetSystemMetrics
IsWindowVisible
SendMessageW
MapWindowPoints
DefWindowProcW
CopyRect
GetWindow
MoveWindow
SetWindowTextW
GetParent
CallWindowProcW
GetMonitorInfoW

gdi32

SetViewportOrgEx
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
BitBlt

advapi32

RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

shell32

CommandLineToArgvW
ShellExecuteW

ole32

CoCreateGuid
CoTaskMemFree
CreateStreamOnHGlobal
StringFromCLSID

shlwapi

PathFileExistsW
PathFindFileNameW

comctl32

_TrackMouseEvent

gdiplus

GdipDrawImageRectI
GdipSetStringFormatAlign
GdipSetSmoothingMode
GdipDeleteFontFamily
GdipCreateSolidFill
GdipDrawImageI
GdipDeleteGraphics
GdipDisposeImage
GdipCreateFont
GdipDeletePath
GdipCreateBitmapFromHBITMAP
GdipGetGenericFontFamilySansSerif
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipSetTextRenderingHint
GdipMeasureString
GdipStringFormatGetGenericDefault
GdipFree
GdipDrawString
GdipDeleteBrush
GdipAlloc
GdipGetImageWidth
GdipLoadImageFromFile
GdipGetImageHeight
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipFillRectangle
GdipCreateLineBrushFromRect
GdipDeleteStringFormat
GdipCreatePath
GdipCreateStringFormat
GdipCreateFromHDC
GdipCloneImage

wininet

InternetOpenUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
InternetOpenW

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d15a107f9cc39a4644934eb62861960

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

gdiplus

wininet

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 117KB - Virtual size: 116KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 117KB - Virtual size: 116KB

.reloc
Size: 9KB - Virtual size: 8KB