167dff23a2feea31de2a3eef671e347f53e3b7146e063ece24c39177114f2428

Sharing

Copy URL Twitter E-mail

General

Target

167dff23a2feea31de2a3eef671e347f53e3b7146e063ece24c39177114f2428
Size

944KB
MD5

162b86eb2174b4c0b22717b430a6a4fe
SHA1

641c7aa75ab24f0d0815d11befdf6e6fc4e57c15
SHA256

167dff23a2feea31de2a3eef671e347f53e3b7146e063ece24c39177114f2428
SHA512

15854c2973f9c1f7bb31b9e1c99066ffc0faddf11d924847db67975fb485677cd11a66b60abfd7d60ce0df91edf4e31984206dc949b69b08fef9664786c6014f
SSDEEP

3072:0IRHX8QGcbWHsXWk+Pm5GJutLyzMgoSkwIHGF8GEMI59qCJw:0IRH+cbdXWX+5GARSiw8Lb5j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
167dff23a2feea31de2a3eef671e347f53e3b7146e063ece24c39177114f2428

Files

167dff23a2feea31de2a3eef671e347f53e3b7146e063ece24c39177114f2428
.exe windows:4 windows x86 arch:x86

219061768c06e24c53e4d0cc028ed357

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertGetIntendedKeyUsage
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CertCloseStore
CertGetNameStringW
CertCreateCertificateContext
CertFreeCertificateContext
CertOpenStore

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetCloseHandle
InternetGetConnectedState
DeleteUrlCacheEntryW
InternetSetStatusCallbackW
InternetReadFileExA

shlwapi

PathFileExistsW

mfc42u

ord538
ord6051
ord1768
ord4418
ord807
ord2915
ord2004
ord2112
ord554
ord4158
ord1637
ord5568
ord2910
ord940
ord941
ord942
ord5783
ord4128
ord4292
ord1614
ord2756
ord4197
ord5852
ord536
ord2444
ord2745
ord1192
ord537
ord472
ord5446
ord6390
ord5436
ord6379
ord2567
ord4390
ord5286
ord2637
ord3569
ord556
ord567
ord609
ord809
ord4270
ord4279
ord2371
ord5047
ord4768
ord5977
ord6266
ord3871
ord283
ord613
ord6871
ord289
ord2114
ord1761
ord2634
ord4667
ord4269
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord4616
ord3733
ord561
ord6376
ord1197
ord6211
ord2078
ord2613
ord1131
ord2717
ord3716
ord3393
ord3728
ord795
ord810
ord2294
ord2857
ord2089
ord2445
ord755
ord470
ord6451
ord3282
ord3285
ord4120
ord6004
ord4219
ord3701
ord2855
ord4294
ord4282
ord4470
ord2235
ord5706
ord4532
ord3133
ord3792
ord6166
ord3084
ord922
ord2746
ord1821
ord3605
ord656
ord6330
ord2362
ord2293
ord861
ord4704
ord2810
ord3087
ord6195
ord4229
ord800
ord641
ord825
ord324
ord540
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord1569
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord5856
ord2400
ord2088
ord1172
ord2859
ord2397
ord640
ord323
ord1633
ord5781
ord6190
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord3614
ord1634
ord858
ord2606
ord5784
ord2559
ord2406
ord5679
ord4272
ord2755
ord4124
ord5871
ord3621
ord3688
ord3568
ord3566
ord2854
ord5602
ord2858
ord4078
ord6138
ord2430
ord3658
ord3649
ord2576
ord4215
ord1854
ord772
ord500
ord3696
ord535
ord686
ord384
ord823
ord1165
ord5710
ord1143
ord4073
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord815
ord6193
ord3397

msvcrt

__dllonexit
_onexit
_controlfp
wcscat
_except_handler3
_wcsicmp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
memset
wcschr
wcslen
abort
puts
memmove
free
malloc
wcscpy
_ftol
wcscmp
memcpy
wcsncpy
_beginthreadex
_endthreadex
_wtol
wcsstr
printf
__CxxFrameHandler
_EH_prolog
strlen
strcat
strcmp
sprintf
memcmp
rand
srand
time
swprintf
_purecall
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr

kernel32

TerminateThread
OutputDebugStringW
GetModuleHandleW
GetSystemInfo
GetTickCount
GetFileSize
ReadFile
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
LocalFree
WriteFile
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateFileW
CreateProcessA
GetExitCodeProcess
GetTempPathW
DeleteFileW
GetPrivateProfileStringW
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
Sleep
CreateThread
LoadLibraryW
GetProcAddress
FreeLibrary
CreateMutexW
GetLastError
GetCommandLineW
GetUserDefaultUILanguage
GetModuleFileNameW
lstrcatW
SetEvent
CreateEventW
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
lstrcmpW
lstrcmpiW
FindResourceW
LoadResource
LockResource
GetCPInfo
GetVersion
GetVersionExW
lstrcpynW
lstrlenW
GetSystemDefaultLangID
lstrcpyW
GetStartupInfoW

user32

FindWindowW
SetMenuDefaultItem
GetCursorPos
LoadMenuW
DrawMenuBar
EnableMenuItem
MessageBoxW
SetActiveWindow
SetFocus
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
IsWindow
RedrawWindow
EnumThreadWindows
GetFocus
GetClassNameW
GetDlgCtrlID
GetWindow
SetMenuItemInfoW
GetPropW
CallWindowProcW
GetKeyboardState
CallNextHookEx
ToAscii
GetAsyncKeyState
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowTextLengthW
CheckDlgButton
IsDlgButtonChecked
KillTimer
LoadBitmapW
SetTimer
LoadIconW
SendMessageW
GetWindowRect
GetSystemMetrics
MoveWindow
SetWindowPos
EnableWindow
keybd_event
RegisterWindowMessageW
IsIconic
CreateDialogIndirectParamW
SetWindowTextW
SetForegroundWindow
SetWindowLongW
GetWindowTextW
LoadImageW
DrawStateW
FrameRect
InflateRect
OffsetRect
DrawFocusRect
PostMessageW
ClientToScreen
WindowFromPoint
GetActiveWindow
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
GetWindowLongW
DestroyCursor
GetSubMenu
GetSysColorBrush
GetMenuStringW
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuW
GetMenuItemCount
AppendMenuW
GetDesktopWindow
DrawIconEx
DestroyIcon
GrayStringW
TabbedTextOutW
SystemParametersInfoW
GetSysColor
CopyRect
FillRect
DrawEdge
wsprintfW
DrawIcon
SetRect
GetMenuItemInfoW
GetDC
DestroyWindow
LoadStringW
GetDlgItemTextW
EnumWindows
GetDlgItem
GetMenu
SetWindowRgn
ReleaseDC
LoadCursorW
RegisterClassExW
CreateWindowExW
UpdateWindow
DefWindowProcW
ShowWindow
GetClientRect
PtInRect
InvalidateRect
BeginPaint
DrawTextW
SetPropW
EndPaint

gdi32

ExtTextOutW
Escape
BitBlt
Ellipse
CreateDIBSection
SetPixel
GetPixel
GetObjectW
PatBlt
Rectangle
SetTextColor
SetBkColor
CreateBitmap
CreateFontW
CreatePatternBrush
StretchBlt
CreateRectRgn
FillRgn
SetViewportOrgEx
GetViewportOrgEx
GetTextColor
TextOutW
PtVisible
CreateCompatibleBitmap
GetBkMode
GetDeviceCaps
CreatePolygonRgn
GetStockObject
GetTextExtentPoint32W
SetBkMode
CreateCompatibleDC
SelectObject
Polygon
DeleteDC
DeleteObject
CreateSolidBrush
CreatePen
RectVisible
CreateFontIndirectW

advapi32

InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
CryptReleaseContext
CryptDestroyHash
CryptSignHashW
CryptHashData
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Draw
_TrackMouseEvent
ImageList_AddMasked

ole32

CoUninitialize
CoInitialize

urlmon

URLDownloadToFileW

msvcp60

?compare@?$char_traits@G@std@@SAHPBG0I@Z

msimg32

AlphaBlend

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 776KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

219061768c06e24c53e4d0cc028ed357

Headers

File Characteristics

Imports

crypt32

version

wininet

shlwapi

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

urlmon

msvcp60

msimg32

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 20KB - Virtual size: 21KB

.rsrc Size: 776KB - Virtual size: 774KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 20KB - Virtual size: 21KB

.rsrc
Size: 776KB - Virtual size: 774KB