36207f5f2bed45752c064d4a645855cf1b8ee9ed8725268461d4db8d98722ef1

Sharing

Copy URL Twitter E-mail

General

Target

36207f5f2bed45752c064d4a645855cf1b8ee9ed8725268461d4db8d98722ef1
Size

1.1MB
MD5

1f55586c12c95cc3b1dfd8b4c4f3ba1a
SHA1

13cafadf1de9ab63653ee80cd9b22c9644ae0819
SHA256

36207f5f2bed45752c064d4a645855cf1b8ee9ed8725268461d4db8d98722ef1
SHA512

f2e75789b0696aa7b7ba8f7ba3d65a98b983309feb0e4829674723306049d32791643dff0e40d511c16e64b515ec5da7619605a19c1fa80ee019297bc88c60de
SSDEEP

24576:l/fjEPLJ8CR8A1Je1D90ZL+ZOjnZ1rgK+q2FV:tfjcR88Je1J0ZL+8z89/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36207f5f2bed45752c064d4a645855cf1b8ee9ed8725268461d4db8d98722ef1

Files

36207f5f2bed45752c064d4a645855cf1b8ee9ed8725268461d4db8d98722ef1
.exe windows:5 windows x64 arch:x64

b5cde1ace2b2cc04f236126ee5e802fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupFindFirstLineA
SetupGetFieldCount
SetupFindNextLine
SetupOpenInfFileA
SetupDiGetINFClassA
SetupDiClassGuidsFromNameA
SetupDiLoadClassIcon
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupGetStringFieldA
SetupCopyOEMInfA

kernel32

CreateFileA
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetTickCount
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
FindNextFileA
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetStdHandle
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetFullPathNameA
GetVolumeInformationA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
FileTimeToSystemTime
GetThreadLocale
GetOEMCP
GetCPInfo
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GetModuleHandleW
GlobalFlags
GetModuleFileNameW
GetCurrentProcessId
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
lstrcmpW
GetModuleHandleA
SetLastError
GlobalAlloc
FormatMessageA
MultiByteToWideChar
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetWindowsDirectoryA
GetSystemDirectoryA
SetFileAttributesA
DeleteFileA
LoadLibraryA
GetProcAddress
CreateDirectoryA
CopyFileA
GetPrivateProfileStringA
FindFirstFileA
LocalAlloc
LocalFree
Sleep
GetLastError
lstrcpynA
lstrcatA
WritePrivateProfileSectionA
GetCurrentProcess
GetVersionExA
lstrcmpA
GetUserDefaultLangID
lstrlenA
lstrcpyA
GetModuleFileNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
HeapQueryInformation

user32

RegisterClipboardFormatA
PostThreadMessageA
LoadCursorA
GetSysColorBrush
DestroyMenu
SetWindowContextHelpId
MapDialogRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
SetCursor
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetClassLongPtrA
GetPropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
EnableWindow
DrawIcon
AppendMenuA
SendMessageA
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
UnregisterClassA
MessageBeep
InvalidateRgn
GetSubMenu
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
SetPropA
SetCapture
GetSystemMenu
IsIconic
GetClientRect
SetTimer
KillTimer
LoadIconA
GetSystemMetrics
CharUpperA
DestroyIcon
ExitWindowsEx
MessageBoxA
ReleaseCapture
GetCapture
LoadBitmapA
GetDC
InvalidateRect
GetParent
GetWindowLongA
ClientToScreen
PostMessageA
GetNextDlgGroupItem
GetSysColor
OffsetRect
GetCursorPos
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
RemovePropA

gdi32

ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
GetDeviceCaps
DeleteObject
DeleteDC
SelectObject
GetObjectA
GetStockObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegEnumValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
VariantChangeType
VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 664KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b5cde1ace2b2cc04f236126ee5e802fa

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 320KB - Virtual size: 320KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 14KB - Virtual size: 54KB

.pdata Size: 22KB - Virtual size: 22KB

.rsrc Size: 664KB - Virtual size: 668KB

.text
Size: 320KB - Virtual size: 320KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 14KB - Virtual size: 54KB

.pdata
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 664KB - Virtual size: 668KB