73f54d3b8a76e1636a73677edf3316ff9257e622267247ba45f2213c6dd6fc13

Sharing

Copy URL Twitter E-mail

General

Target

73f54d3b8a76e1636a73677edf3316ff9257e622267247ba45f2213c6dd6fc13
Size

1.7MB
MD5

76ecddeb1c289a5e6e4a8934fa019d6e
SHA1

7efcef456214556be26ecf191f38ec3268339a9e
SHA256

73f54d3b8a76e1636a73677edf3316ff9257e622267247ba45f2213c6dd6fc13
SHA512

8b85311de81ff7fcb831cd4ce7e1821c29a1a71e1d24ed5b2b68aa4a235dd75a2944f27dbaa79829d72fd03b1cc552d26d301c117fe47b9691ec68b58253740e
SSDEEP

24576:oCCMjv3/Cr90kaiyhOFwtUfXlZh5TGbTanhQpBRSM/sm66/3smokciE+cD9VPF3K:ozM7/K90pjoFSzbw8BEmXqyEpD9VPpD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73f54d3b8a76e1636a73677edf3316ff9257e622267247ba45f2213c6dd6fc13

Files

73f54d3b8a76e1636a73677edf3316ff9257e622267247ba45f2213c6dd6fc13
.exe windows:5 windows x86 arch:x86

92c5f9689128aa6e935ed19eb5d804e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
CopyFileW
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcess
CloseHandle
OpenProcess
SetLastError
TerminateProcess
Process32NextW
GetLastError
LocalFree
lstrcpyA
GetTempPathW
GetProcAddress
GetTempFileNameW
CreateFileW
WriteFile
GetTickCount
GetPrivateProfileIntW
GetSystemDirectoryW
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
SetStdHandle
SetFilePointerEx
LCMapStringW
HeapSize
GetStringTypeW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
OutputDebugStringW
FreeResource
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
GetProcessHeap
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleExW
ExitProcess
RaiseException
FindClose
FindNextFileW
MoveFileExW
DeleteFileW
FindFirstFileExW
InterlockedDecrement
InterlockedIncrement
SizeofResource
lstrcpyW
LockResource
LoadResource
FindResourceW
GetPrivateProfileStringW
Sleep
GetExitCodeThread
WaitForSingleObject
CreateDirectoryW
LoadLibraryW
FreeLibrary
lstrcpynW
GetModuleHandleW
GetModuleFileNameW
lstrcmpW
lstrlenW
IsProcessorFeaturePresent
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
GetCommandLineW
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
LoadLibraryExW
ExitThread
GetCurrentThreadId
CreateThread
DecodePointer
EncodePointer
lstrcatW
RtlUnwind
ReadFile
SetFilePointer
CreateFileA
SetFileAttributesW
WriteConsoleW

user32

TranslateAcceleratorW
LoadBitmapW
GetClientRect
CreateWindowExW
SendMessageW
SetWindowTextW
FillRect
FindWindowW
IsWindow
GetWindowRect
GetSystemMetrics
LoadIconW
SetWindowPos
LoadStringW
GetSysColorBrush
PostQuitMessage
SetTimer
KillTimer
wsprintfW
GetDesktopWindow
DispatchMessageW
TranslateMessage
PostMessageW
SetWindowTextA
GetMessageW
LoadAcceleratorsW
MessageBoxW
GetFocus
FindWindowExW
GetParent
GetClassNameW
SetFocus
EnableWindow
LoadCursorW
SetWindowLongW
EndPaint
BeginPaint
DefWindowProcW
GetWindowLongW
RegisterClassExW
UpdateWindow
ShowWindow

gdi32

GetStockObject
GetObjectW
DeleteDC
StretchBlt
SelectObject
CreateCompatibleDC
CreateFontIndirectW

advapi32

RegSetValueExW
RegCloseKey
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetFileInfoW
ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

StrChrIW
PathFileExistsW
StrStrIW
StrStrIA

Exports

Exports

_ExtractArchive@8

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92c5f9689128aa6e935ed19eb5d804e3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

version

shlwapi

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 21KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 21KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 6KB - Virtual size: 5KB