7d12173546968f6b8acddcf71ea93994b7b50ba05d7f859838f02caf3e9622d6

Sharing

Copy URL Twitter E-mail

General

Target

7d12173546968f6b8acddcf71ea93994b7b50ba05d7f859838f02caf3e9622d6
Size

2.3MB
MD5

b49a81674bfa71891b0a8f8e49a35ad5
SHA1

4bb476135c796ccb7232646f8ee076c45a6045a0
SHA256

7d12173546968f6b8acddcf71ea93994b7b50ba05d7f859838f02caf3e9622d6
SHA512

e018aabeaa6b2d721c4b1cb60ee09ea9f31397bddb9e099e7f2fb127f5fe970be3ca74afb8829f3f6a4c8d8ac43bcaec7c6eedc4a7a28d68ebab79b8ffe2cde4
SSDEEP

49152:GCbBNS2AtbYWLYrIx8iEGsek53ws6tOo+d69YEUlhY+defV:GwE2w/xer5T6gd69YE44V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d12173546968f6b8acddcf71ea93994b7b50ba05d7f859838f02caf3e9622d6

Files

7d12173546968f6b8acddcf71ea93994b7b50ba05d7f859838f02caf3e9622d6
.exe windows:6 windows x86 arch:x86

db7bed6f884b366b20f3b87d7ceacda7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadProcessMemory
VirtualFree
VirtualQueryEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
CopyFileW
SetFilePointerEx
SetEndOfFile
GetSystemTime
CreateFileW
MultiByteToWideChar
GetLastError
OutputDebugStringW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
WideCharToMultiByte
ReadFile
UnmapViewOfFile
CloseHandle
HeapAlloc
DecodePointer
WriteConsoleW
HeapSize
GetTimeZoneInformation
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
VirtualAlloc
SetStdHandle
GetConsoleOutputCP
FlushFileBuffers
LCMapStringW
CompareStringW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
SetConsoleCtrlHandler
GetCommandLineA
LoadLibraryExW
EncodePointer
RaiseException
RtlUnwind
InitializeCriticalSection
FormatMessageW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryA
FreeLibrary
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertFiberToThread
DeleteFiber
Sleep
TerminateProcess
K32GetProcessImageFileNameW
GetLongPathNameW
GetVersionExA
ExpandEnvironmentStringsA
GetComputerNameA
GetCurrentThreadId
ExitProcess
IsDebuggerPresent
HeapReAlloc
GetSystemInfo
MoveFileExW
SetFileAttributesW
CreateProcessW
SizeofResource
LockResource
LoadResource
GetCurrentDirectoryW
GetSystemDirectoryW
GetTempPathW
GetDateFormatW
GetCurrentThread
GetVersionExW
GetProcessHeap
GetCurrentProcessId
GetCurrentProcess
DuplicateHandle
OpenProcess
OpenFileMappingW
LeaveCriticalSection
EnterCriticalSection
GetComputerNameW
GetDriveTypeW
GetLogicalDrives
GetProcAddress
LoadLibraryW
GetTickCount
MapViewOfFile
CreateFileMappingW
SystemTimeToFileTime
GetFileSize
GetLocalTime
GetFileInformationByHandle
CompareFileTime
GetFileSizeEx
FindClose
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsW
SetFilePointer
GetFileAttributesW
DeleteFileW
SetLastError
HeapFree
WriteFile
GetExitCodeProcess
QueryPerformanceCounter
GetModuleHandleExW
GetFileType
GetEnvironmentVariableW
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
FindResourceW
GetModuleHandleW
CreateEventW
WaitForMultipleObjects
CreateThread
SetEvent
ResetEvent
InitializeSListHead
DeleteCriticalSection
WaitForSingleObject
GetStartupInfoW
GetFullPathNameW
GetModuleFileNameW

user32

DialogBoxParamW
GetWindowRect
GetClientRect
LoadImageW
GetDC
SystemParametersInfoW
ReleaseDC
GetParent
SendMessageW
LoadIconW
SetClassLongW
SetWindowPos
GetWindowLongW
GetDesktopWindow
CharUpperA
CharUpperBuffW
EnumWindows
GetDlgItem
KillTimer
PostMessageW
SetDlgItemTextW
CheckDlgButton
GetDlgItemTextW
IsWindowVisible
LoadStringW
SetCursor
DestroyIcon
CallWindowProcW
InvalidateRect
IsDlgButtonChecked
GetProcessWindowStation
GetWindowThreadProcessId
GetWindowTextW
GetClassNameW
CharLowerBuffW
MessageBoxW
EndDialog
SetWindowTextW
GetUserObjectInformationW
IsCharAlphaNumericW
SetWindowLongW
SetFocus
GetDlgCtrlID
FindWindowW
MoveWindow
IsCharAlphaW
CreateCursor
LoadCursorW
FillRect
GetWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsWindow
GetAsyncKeyState
GetSystemMetrics
ClientToScreen
EnableWindow
SetTimer
ShowWindow
GetWindowTextLengthW

gdi32

TextOutW
GetTextExtentPoint32W
DeleteObject
GetStockObject
SetBkMode
SetTextColor
SelectObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenThreadToken
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CloseEventLog
ReadEventLogW
OpenEventLogW
CryptReleaseContext
CryptAcquireContextW
GetCurrentHwProfileW
RegQueryValueExA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegDeleteValueW
GetTokenInformation
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
OpenProcessToken
CryptEnumProvidersW
RegQueryValueExW
RegQueryInfoKeyW
GetUserNameW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
DragQueryFileW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathA
DragAcceptFiles
SHGetFileInfoW
SHBrowseForFolderW
ShellExecuteW
SHGetMalloc
SHGetFolderPathW

ole32

CoCreateInstance
CoInitialize
CLSIDFromProgID
CoGetClassObject

oleaut32

SysFreeString
SysAllocString

ntdll

NtEnumerateValueKey
NtSetInformationFile

comctl32

ord17
CreatePropertySheetPageW
PropertySheetW

shlwapi

PathFindFileNameW
StrStrIW

crypt32

CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore

ws2_32

WSASetLastError
closesocket
send
recv
WSAGetLastError
WSACleanup

mpr

WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetCloseHandle
InternetReadFile
InternetCheckConnectionW
InternetGetConnectedState
InternetOpenW
InternetOpenUrlW

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gcode
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db7bed6f884b366b20f3b87d7ceacda7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ntdll

comctl32

shlwapi

crypt32

ws2_32

mpr

version

wininet

bcrypt

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.gcode Size: 5KB - Virtual size: 4KB

.rdata Size: 500KB - Virtual size: 500KB

.data Size: 146KB - Virtual size: 161KB

.gdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 287KB - Virtual size: 286KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.gcode
Size: 5KB - Virtual size: 4KB

.rdata
Size: 500KB - Virtual size: 500KB

.data
Size: 146KB - Virtual size: 161KB

.gdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 287KB - Virtual size: 286KB