82ed796893b395fe7a0d2e392f336860eaa4e62ee920bdaf867ffaabc6678acf

Sharing

Copy URL Twitter E-mail

General

Target

82ed796893b395fe7a0d2e392f336860eaa4e62ee920bdaf867ffaabc6678acf
Size

354KB
MD5

16a61f83ce9f10084a0d8a54b7aa35ef
SHA1

5823ff885dfc9437859ec0728470c47435c159b9
SHA256

82ed796893b395fe7a0d2e392f336860eaa4e62ee920bdaf867ffaabc6678acf
SHA512

17c435b988fd19dc03c01c4fb0ec0a894ae27b320c28c1c883b0af51c94e6f76a9737be645505fc6d747296cb5216928c5137f7a648f0b9873aa041299598f35
SSDEEP

6144:mWSCVJnIrcfZm+jm17r6Ov9z25mRKdDkinczaosk9ftC4BGDt01vP+:mWS4fZ5jmnv9z25modAuczaYCEwg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82ed796893b395fe7a0d2e392f336860eaa4e62ee920bdaf867ffaabc6678acf

Files

82ed796893b395fe7a0d2e392f336860eaa4e62ee920bdaf867ffaabc6678acf
.exe windows:5 windows x86 arch:x86

66415b615bf068baa34a4a77b6537122

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ImageList_ReplaceIcon

gdi32

DeleteObject
GetBkMode
SetBkMode
SelectObject
CreateFontA
GetDeviceCaps
SetBkColor
CreateSolidBrush

kernel32

GetWindowsDirectoryW
WideCharToMultiByte
GlobalFree
GlobalAlloc
WaitForSingleObject
CreateSemaphoreA
CreateProcessW
GetPrivateProfileStringA
ReleaseSemaphore
GetComputerNameA
GetComputerNameW
CreateNamedPipeW
CreateEventA
GetOverlappedResult
ConnectNamedPipe
GetCurrentProcess
GetCurrentProcessId
FlushFileBuffers
LoadLibraryExW
OutputDebugStringA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetSystemInfo
WriteFile
GetFileSize
CreateFileW
CreateDirectoryW
CreateDirectoryExW
GetFileAttributesExW
GetFileAttributesW
GetModuleHandleA
FindFirstFileW
CopyFileW
SetFileAttributesW
DeleteFileW
MoveFileExW
RemoveDirectoryW
GetTempPathW
GetLocaleInfoA
GetExitCodeProcess
Sleep
SetHandleInformation
GetProcessId
ResumeThread
GetCommandLineW
GetModuleHandleW
GetFileAttributesA
RtlUnwind
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetVersion
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
HeapCreate
HeapReAlloc
HeapSize
ExitProcess
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
SetStdHandle
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleFileNameW
MultiByteToWideChar
FormatMessageW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
MulDiv
GetSystemDirectoryA
FindClose
GetVersionExA
GetModuleFileNameA
GetProcAddress
FreeLibrary
GetLastError
LocalFree
SetLastError
LoadLibraryA
TerminateThread
CreateThread
SetFilePointer
GetSystemTime
ReadFile
CloseHandle
FindNextFileW
DeleteCriticalSection
VirtualFree
VirtualAlloc
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
UnhandledExceptionFilter
InitializeCriticalSection

user32

PeekMessageA
GetWindowTextLengthW
GetWindowTextW
SetWindowLongW
GetWindowLongW
MessageBoxW
GetDesktopWindow
EnumWindows
GetWindowThreadProcessId
PostQuitMessage
FlashWindowEx
LoadStringA
LoadStringW
BeginPaint
EndPaint
DrawIcon
SetFocus
IsIconic
MoveWindow
GetSystemMetrics
CreateDialogIndirectParamW
CreateDialogParamA
IsWindow
DialogBoxIndirectParamW
DialogBoxParamA
LoadImageA
LoadIconA
GetParent
CallWindowProcW
PostMessageA
SendMessageA
EnableWindow
GetDlgItem
GetSysColorBrush
GetClientRect
GetWindowLongA
GetDC
ReleaseDC
SetWindowTextW
GetSysColor
GetWindowRect
MapWindowPoints
SetWindowPos
FillRect
EndDialog
ExitWindowsEx
DestroyWindow
CreateWindowExA
DialogBoxParamW
RegisterClassA
DefWindowProcA
ScreenToClient
MessageBoxA
SendMessageW
ShowWindow

advapi32

RegDeleteValueW
RegQueryValueExW
RegCreateKeyW
SetThreadToken
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyA
RegQueryInfoKeyA
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegFlushKey
RegOpenKeyA
RegEnumKeyExW
AdjustTokenPrivileges
RegDeleteKeyW
LookupPrivilegeValueA
OpenProcessToken

shell32

ShellExecuteExW

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66415b615bf068baa34a4a77b6537122

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

gdi32

kernel32

user32

advapi32

shell32

Sections

.text Size: 197KB - Virtual size: 197KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 6KB - Virtual size: 18KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 118KB - Virtual size: 118KB

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 6KB - Virtual size: 18KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 118KB - Virtual size: 118KB