b894ddfc70491c1327475f778fe706f0d23d32996dcba81617ba83e1f728f119

Sharing

Copy URL

Twitter E-mail

General

Target

b894ddfc70491c1327475f778fe706f0d23d32996dcba81617ba83e1f728f119
Size

5.9MB
MD5

518352ac52762c6744df5926a751a402
SHA1

3d7b20114a1b87a20aab36431fb856b4e2691e61
SHA256

b894ddfc70491c1327475f778fe706f0d23d32996dcba81617ba83e1f728f119
SHA512

c258ffb802253c22e00b7d4184e12adafceb847f6ebcde5a6d92fc969061d251aa34c35d18a26f2f236fbd653e0cf613a6c2f510c191e73f51fd4fab39e9208d
SSDEEP

6144:HO4thSUHz9HRg1c96R7b3/dyTl8W2p7/j1qBl9scLGUNhN:Hth3Hz9HeTZzdwl8W2ZR6aU3N

Score

1^/10

Malware Config

Signatures

Files

b894ddfc70491c1327475f778fe706f0d23d32996dcba81617ba83e1f728f119
.exe windows:5 windows x86 arch:x86

920aca8fdc4985e3316b3693228113b0

Code Sign

23:5a:1c:76:22:8c:6f:81:4a:36:15:e0:21:d3:a8:a6
Certificate

Issuer

CN=IOCRSIHZPSQUIZFOZQ

Not Before

09-09-2020 13:46

Not After

31-12-2039 23:59

Subject

CN=IOCRSIHZPSQUIZFOZQ

Extended Key Usages

ExtKeyUsageCodeSigning

9f:e3:dc:10:54:5f:bc:4d:2c:43:7c:df:1e:b3:5c:57:fc:49:c9:42
Signer

Actual PE Digest

9f:e3:dc:10:54:5f:bc:4d:2c:43:7c:df:1e:b3:5c:57:fc:49:c9:42

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
Sleep
VirtualAllocEx
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
SetEvent
InitializeCriticalSection
SizeofResource
MultiByteToWideChar
lstrlenW
RaiseException
GetLastError
LoadLibraryExW
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
CreateThread
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadResource
FreeLibrary
FindResourceW
GetCommandLineW
CloseHandle
GetModuleFileNameW
OutputDebugStringW
CreateEventW
CreateProcessW
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteVolumeMountPointW
GetCommTimeouts
GetTapePosition
EnumCalendarInfoA
GetCommModemStatus
GetComputerNameExA
CommConfigDialogA
SetNamedPipeHandleState
LocalSize
GetWriteWatch
GetCPInfoExA
FindVolumeClose
PrepareTape
SetCurrentDirectoryW
DeviceIoControl
SleepEx
FindNextChangeNotification
ReadConsoleA
UnlockFile
BackupSeek
FreeUserPhysicalPages
ExitProcess
GetTempFileNameW
SetThreadPriorityBoost
CancelDeviceWakeupRequest
VirtualProtectEx
GlobalFindAtomW
GetProcessHeap
RtlUnwind
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
GetCPInfo
GetOEMCP
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
HeapFree
SetErrorMode
lstrlenA
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
lstrcpyW
SystemTimeToFileTime
PulseEvent
OpenProcess
OpenEventW
LoadLibraryW
GetSystemTime
GetFileTime
FindFirstFileW
FindClose
FileTimeToSystemTime
CreateFileW

user32

LoadCursorA
DispatchMessageW
PostThreadMessageW
CharUpperW
TranslateMessage
CharNextW
UnregisterClassA
GetMessageW
SetDlgItemTextW
DdeGetLastError
GetKeyNameTextW
SwitchDesktop
OpenDesktopA
EnumChildWindows
InternalGetWindowText
SetWinEventHook
CharPrevW
SwapMouseButton
IMPGetIMEW
GetClassInfoExW
GetMessagePos
CharLowerBuffA
RegisterClassExA
DestroyIcon
SetCapture
IsClipboardFormatAvailable
GetDlgCtrlID
GetClassNameW
GetClipboardData
InvertRect
MonitorFromPoint
GetClassInfoA
EnumWindowStationsW
EnumDesktopsA
AppendMenuA
OffsetRect

gdi32

GetStockObject
GetEnhMetaFileBits
ResetDCW
TextOutA
CombineTransform
UnrealizeObject
ResizePalette
GdiStartDocEMF
GdiPlayJournal
GdiSetServerAttr
PolyPatBlt
GetKerningPairsA
NamedEscape
DeleteDC
GetDeviceCaps
ScaleWindowExtEx
DeleteObject
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
CreateBitmap
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutW
GetObjectW

advapi32

RegOpenKeyA
RegQueryValueExA
GetUserNameA
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW

shell32

ExtractIconA
ExtractAssociatedIconW
SHEmptyRecycleBinW
FindExecutableW
DragQueryFileAorW
FindExecutableA
DoEnvironmentSubstW
SHLoadInProc
SHGetFileInfo
ShellAboutW
SHGetDataFromIDListA
SHFreeNameMappings
SHGetInstanceExplorer
SHGetDiskFreeSpaceExA
SHGetDataFromIDListW
DragAcceptFiles
ShellExecuteA
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoInitialize
StringFromGUID2
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

shlwapi

StrCmpNIW
StrStrW
StrRChrW
StrStrIW
StrChrA
StrCmpNIA

comctl32

InitCommonControlsEx

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

920aca8fdc4985e3316b3693228113b0

Code Sign

23:5a:1c:76:22:8c:6f:81:4a:36:15:e0:21:d3:a8:a6Certificate

Extended Key Usages

9f:e3:dc:10:54:5f:bc:4d:2c:43:7c:df:1e:b3:5c:57:fc:49:c9:42Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 512B - Virtual size: 306B

.data Size: 5.6MB - Virtual size: 5.6MB

.rsrc Size: 165KB - Virtual size: 164KB

23:5a:1c:76:22:8c:6f:81:4a:36:15:e0:21:d3:a8:a6
Certificate

9f:e3:dc:10:54:5f:bc:4d:2c:43:7c:df:1e:b3:5c:57:fc:49:c9:42
Signer

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 512B - Virtual size: 306B

.data
Size: 5.6MB - Virtual size: 5.6MB

.rsrc
Size: 165KB - Virtual size: 164KB