d05fba4c95243c34aa501c0b5fe81c0fd79d87885e84167ad37eaec404f9d722

Sharing

Copy URL

Twitter E-mail

General

Target

d05fba4c95243c34aa501c0b5fe81c0fd79d87885e84167ad37eaec404f9d722
Size

265KB
MD5

62c0cf85981c81901ca9666e59bad7e2
SHA1

4b9775fa328161e604db1a76249c63b1cfc5d8be
SHA256

d05fba4c95243c34aa501c0b5fe81c0fd79d87885e84167ad37eaec404f9d722
SHA512

64acdfd9e9b4d21d8d18241205f7a063d5b3583487ab34753833364089af07036c019d8526b36f07a9ee821d4be8a2962dee3c3c83ec234df4f74dc5e3533312
SSDEEP

6144:gS/fxKRynNc/u3oXCd9fJP1dbK+6KORgCbUHL0v16+8uqJLENq:jADqfl1dbK+igCKo9o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d05fba4c95243c34aa501c0b5fe81c0fd79d87885e84167ad37eaec404f9d722

Files

d05fba4c95243c34aa501c0b5fe81c0fd79d87885e84167ad37eaec404f9d722
.exe windows:5 windows x86 arch:x86

d28d8a4aaca5a9606fa65164faf302ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
GetFullPathNameW
CopyFileW
GetSystemDirectoryW
Sleep
WaitForSingleObject
CreateProcessW
FindNextFileW
FindFirstFileW
SetCommState
CommConfigDialogW
GetDefaultCommConfigW
CloseHandle
GetCommState
CreateFileW
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetSystemDefaultLangID
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidLocale
WideCharToMultiByte
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetProcAddress
SetStdHandle
GetSystemInfo
GetOEMCP
GetACP
SetFilePointer
ReadFile
ExitProcess
HeapCreate
HeapSize
HeapReAlloc
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
GetCPInfo
LCMapStringW
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InitializeCriticalSection
GetLastError
lstrlenW
GetModuleFileNameW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
SetLastError
RaiseException
DeleteCriticalSection
LCMapStringA
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
LoadLibraryW
EnumSystemLocalesA
GetProcessHeap
HeapFree
InterlockedCompareExchange

user32

GetMessageW
PeekMessageW
ShowWindow
IsDialogMessageW
SetWindowTextW
SendMessageW
EnableWindow
TranslateMessage
DispatchMessageW
GetDlgItem
GetSystemMetrics
GetClientRect
SetWindowPos
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
GetParent
UnregisterClassA
LoadImageW
RegisterDeviceNotificationW
SetDlgItemTextW
PostQuitMessage
SetTimer
DefWindowProcW
DestroyWindow
EndDialog
GetWindowTextW
MessageBoxW
wsprintfW
CharNextW
SetWindowLongW
CreateDialogParamW

gdi32

CreateSolidBrush
DeleteObject

winspool.drv

GetPrinterDriverDirectoryW
EnumPrintersW
EnumPrinterDriversW
AddPrinterDriverW
ord204
ClosePrinter
AddPrinterW
AddMonitorW
GetPrinterW
EnumJobsW
OpenPrinterW
EnumFormsW
DeletePrinterConnectionW
DeleteFormW
DeletePrinter
DeletePrinterDriverExW
XcvDataW
ConfigurePortW
EnumPortsW

advapi32

OpenProcessToken
RegDeleteValueW
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
StartServiceA
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoCreateInstance
CoTaskMemRealloc
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

oleaut32

VarUI4FromStr

shlwapi

StrStrIW
PathFileExistsW

comctl32

InitCommonControlsEx

newdev

UpdateDriverForPlugAndPlayDevicesW

setupapi

SetupDiGetClassDevsW
SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
SetupDiEnumDeviceInterfaces
CM_Locate_DevNodeW
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
CM_Reenumerate_DevNode
SetupDiGetDeviceRegistryPropertyW

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 949KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d28d8a4aaca5a9606fa65164faf302ca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

newdev

setupapi

Sections

.text Size: 179KB - Virtual size: 179KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 949KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 179KB - Virtual size: 179KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 949KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 13KB - Virtual size: 13KB