78e952301dd92ea1dc446c6747aec8eb51022d283ef5787505fa79a7ed768c77

Sharing

Copy URL

Twitter E-mail

General

Target

78e952301dd92ea1dc446c6747aec8eb51022d283ef5787505fa79a7ed768c77
Size

2.1MB
MD5

1a390b4776610815267a2a8acfa94992
SHA1

7b2afd0774a3bcb1c54508c40904df8e96ae4884
SHA256

78e952301dd92ea1dc446c6747aec8eb51022d283ef5787505fa79a7ed768c77
SHA512

fd3b97e38eaa4947fc41e98b1ac663a621e3ab2aa268500d4f033e42862dbd2d5b8c317191192897a9adebc51962ef440f048d03fe3940aa262b6401fbbba974
SSDEEP

49152:D6oEoCFCZncSQgm9+j0Kw+GO/itb3EwxzsdaDOKME9sA0xHF:D6oSFCZncSU+QK7HcFxodJBx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78e952301dd92ea1dc446c6747aec8eb51022d283ef5787505fa79a7ed768c77

Files

78e952301dd92ea1dc446c6747aec8eb51022d283ef5787505fa79a7ed768c77
.exe windows:6 windows x86 arch:x86

c3b3e237882eee62183656bf059232be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
GetCurrentProcess
GlobalMemoryStatusEx
WideCharToMultiByte
LCIDToLocaleName
GetThreadLocale
OutputDebugStringW
GetExitCodeProcess
WaitForSingleObject
WriteFile
ReadFile
GetDriveTypeW
CreateFileW
CopyFileW
lstrcmpiW
LoadLibraryExW
FreeLibrary
GetCurrentThreadId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
SetLastError
RaiseException
CloseHandle
GetTempPathW
GetTempFileNameW
WriteConsoleW
GetFullPathNameW
GetCurrentDirectoryW
Process32FirstW
GetFileAttributesExW
GetTimeZoneInformation
MultiByteToWideChar
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetFileType
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
OpenProcess
TerminateProcess
LocalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FreeResource
SetEndOfFile
CreateProcessW
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
GetEnvironmentVariableA
MoveFileExA
FormatMessageW
GetTickCount
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
SleepEx
LoadLibraryExA
VirtualFree
MoveFileExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FindResourceExW
Sleep
RemoveDirectoryW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetCPInfo
GetLastError
SetStdHandle
GetStringTypeW
DecodePointer
LCMapStringEx
EncodePointer
QueryPerformanceFrequency
WakeConditionVariable
TryAcquireSRWLockExclusive
GetExitCodeThread
WaitForSingleObjectEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter

user32

GetWindow
SetWindowPos
DefWindowProcW
CallWindowProcW
UpdateLayeredWindow
MoveWindow
LoadIconW
SetWindowTextW
SetTimer
KillTimer
LoadCursorW
GetWindowThreadProcessId
FindWindowExW
SetWindowLongW
MessageBoxW
SetForegroundWindow
UnregisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
AttachThreadInput
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetForegroundWindow
CharNextW
BringWindowToTop
ShowWindow
PostMessageW
SetFocus
GetMonitorInfoW
MonitorFromWindow
GetParent
GetWindowLongW
PtInRect
SetRect
MapWindowPoints
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
DestroyWindow

gdi32

ExtTextOutW
CreateDIBSection
SetTextColor
SetBkMode
SetBkColor
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectW
GetStockObject
DeleteObject
CreateFontIndirectW

shell32

DragFinish
DragQueryFileW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

VariantClear
VarUI4FromStr

advapi32

RegCreateKeyExW
CryptCreateHash
CryptGenRandom
RegQueryValueExA
RegOpenKeyExA
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryValueExW
CryptGetHashParam
RegCloseKey
CryptDestroyHash
CryptAcquireContextA
CryptReleaseContext
CryptHashData

shlwapi

PathAppendW
SHDeleteKeyW
PathFileExistsW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx

gdiplus

GdipDrawString
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipDeleteFont
GdipCreateFont
GdipCloneFontFamily
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectRectI
GdipFillRectangleI
GdipDrawRectangleI
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipCreateBitmapFromHICON
GdipDisposeImage
GdipCloneImage
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipAlloc

ws2_32

ioctlsocket
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
inet_pton
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send

crypt32

CryptDecodeObjectEx
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CertFreeCertificateChain
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain

Sections

.text
Size: 506KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3b3e237882eee62183656bf059232be

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

comctl32

gdiplus

ws2_32

crypt32

Sections

.text Size: 506KB - Virtual size: 505KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 6KB - Virtual size: 11KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 506KB - Virtual size: 505KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 6KB - Virtual size: 11KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 22KB - Virtual size: 22KB