b3907aa91a8c1e71ba278e2a4d2687c2462f69057d8151384c57a6b3593d5040

Sharing

Copy URL Twitter E-mail

General

Target

b3907aa91a8c1e71ba278e2a4d2687c2462f69057d8151384c57a6b3593d5040
Size

1.6MB
MD5

40de1766566cc413ae7bc835f3806428
SHA1

5b1a5d6f9f9c8e72e01c42730cad72e58b8205b9
SHA256

b3907aa91a8c1e71ba278e2a4d2687c2462f69057d8151384c57a6b3593d5040
SHA512

e81c010ddbda1e1f32b26036808e489b269253f200540559a806853673e1c5d115d5b3aed5149a3ff34818d06e3c2fd9757bcc9e2895d01c0af263efac583871
SSDEEP

49152:4oLnWknnqsS6Bb/HmtX3GoW4AwQZd1pm+99rHFw0:4oLn9nmemtHGR/1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3907aa91a8c1e71ba278e2a4d2687c2462f69057d8151384c57a6b3593d5040

Files

b3907aa91a8c1e71ba278e2a4d2687c2462f69057d8151384c57a6b3593d5040
.exe windows:6 windows x86 arch:x86

e2883aa75719bf4c476489e74f01ffee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\CI_S7Z_band\cef-s7z\build\Release\s7z.pdb

Imports

kernel32

GetDiskFreeSpaceExW
GetLogicalDriveStringsW
GetDriveTypeW
lstrlenW
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetStartupInfoW
GetExitCodeProcess
TerminateProcess
lstrcpyW
GetFileSizeEx
FindFirstFileW
FindNextFileW
FindClose
GetCurrentDirectoryW
IsDBCSLeadByteEx
GetCPInfo
GetACP
IsValidCodePage
WideCharToMultiByte
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetCommandLineW
DeleteFileW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
SetDllDirectoryW
FreeLibrary
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
DecodePointer
CreateEventW
SetEvent
ResetEvent
GetTickCount
ExpandEnvironmentStringsW
QueryPerformanceFrequency
ReadFile
GetFileTime
FileTimeToSystemTime
GetCurrentProcess
LockResource
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcessId
OpenProcess
Process32NextW
VirtualQuery
GetSystemInfo
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetTimeZoneInformation
LocalFree
HeapReAlloc
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
WriteFile
GetStdHandle
ExitProcess
SetEnvironmentVariableW
GetModuleHandleExW
ExitThread
SystemTimeToTzSpecificLocalTime
GetFileType
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
GetVersionExW
PeekNamedPipe
CreateProcessW
WaitForSingleObject
CreatePipe
MultiByteToWideChar
QueryPerformanceCounter
FormatMessageW
Sleep
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
CreateDirectoryExW
CreateDirectoryW
GetFullPathNameW
CreateFileW
CloseHandle
DeviceIoControl
GetTickCount64
GetFileAttributesExW
GetLastError
GlobalUnlock
GlobalLock
GlobalSize
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
MoveFileExW
FormatMessageA
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetProcessHeap
HeapFree
HeapAlloc
OutputDebugStringW
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
InitializeCriticalSectionEx
RaiseException
HeapSize
DeleteCriticalSection
LCMapStringW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
CopyFileW
SetFileTime
SetFilePointerEx
SetEndOfFile
GetFileInformationByHandle
FindFirstFileExW
GetStringTypeW
GetExitCodeThread
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection

user32

GetClientRect
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
DestroyWindow
GetWindowPlacement
LoadIconW
MonitorFromWindow
GetMonitorInfoW
PostThreadMessageW
KillTimer
RegisterWindowMessageW
ReleaseDC
GetDC
ScreenToClient
SendMessageW
MessageBoxW
DestroyIcon
UnregisterClassW
FindWindowExW
GetPropW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
CharNextW
GetSystemMetrics
ShowWindow
ChangeWindowMessageFilter
IsWindow
GetWindowTextW
GetDlgItem
SetPropW
EnumChildWindows
SetWindowPos
MoveWindow

gdi32

GetDeviceCaps
DeleteDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

advapi32

RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyValueW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

shell32

DragAcceptFiles
SHGetPathFromIDListW
SHBrowseForFolderW
SHChangeNotify
SHCreateItemFromParsingName
SHGetFolderPathW
ord190
ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
SHOpenFolderAndSelectItems
DragQueryFileW
ord155

ole32

CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeSecurity
GetHGlobalFromStream
CLSIDFromString
CreateStreamOnHGlobal
CoInitialize

oleaut32

VarUI4FromStr
SysAllocString
SysAllocStringLen
VariantInit
SysFreeString
VariantClear
SysAllocStringByteLen
SysStringLen
SysStringByteLen

shlwapi

ord214
ord213
ord184
ord176
ord219

comctl32

ord410
ord412
ord413

gdiplus

GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromHICON
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipSaveImageToStream
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdipGetImageEncoders
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageEncodersSize

winhttp

WinHttpSetStatusCallback
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpConnect
WinHttpSendRequest
WinHttpOpen
WinHttpSetOption
WinHttpCloseHandle

dwmapi

DwmExtendFrameIntoClientArea

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2883aa75719bf4c476489e74f01ffee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

winhttp

dwmapi

urlmon

wininet

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 223KB - Virtual size: 223KB

.data Size: 35KB - Virtual size: 45KB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 59KB - Virtual size: 58KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 223KB - Virtual size: 223KB

.data
Size: 35KB - Virtual size: 45KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 59KB - Virtual size: 58KB