bef895c26bd618aa2d7f7a0846b999d7c0500e9ad15ea62eb367ad3a84719f52

Sharing

Copy URL

Twitter E-mail

General

Target

bef895c26bd618aa2d7f7a0846b999d7c0500e9ad15ea62eb367ad3a84719f52
Size

204KB
MD5

654eedd9a3fa6cd97d58df2daa180993
SHA1

ab8ba9e6a27288cd95f0cebb6b33601761427527
SHA256

bef895c26bd618aa2d7f7a0846b999d7c0500e9ad15ea62eb367ad3a84719f52
SHA512

5a644bc014ea43b17290c293d8646ffa7f2019fdfca49d38c369ac7bcb381d19d34a9fa339ddfd9136385a90474914db9b1de5dd44b37082321dfa9c33e6ae54
SSDEEP

3072:3AdB3a1EPjMgnElNdxRkwjcU5rBhRJgiAwdVy26YvSEAwlGEX+KXo2:3w3a1EPDANdxewjciDT/YlYhlPXfo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bef895c26bd618aa2d7f7a0846b999d7c0500e9ad15ea62eb367ad3a84719f52

Files

bef895c26bd618aa2d7f7a0846b999d7c0500e9ad15ea62eb367ad3a84719f52
.exe windows:4 windows x86 arch:x86

28f48d4c6eb56da97dfe67a8900e7709

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmSetOpenStatus
ImmGetContext
ImmGetIMEFileNameA
ImmGetConversionStatus
ImmSetConversionStatus
ImmReleaseContext
ImmCreateContext
ImmAssociateContext
ImmDestroyContext
ImmNotifyIME
ImmIsIME

kernel32

WriteFile
SetFilePointer
CreateFileA
GetLocaleInfoA
GetSystemDirectoryA
DeleteFileA
GetSystemDefaultLCID
GetSystemInfo
RemoveDirectoryA
Sleep
lstrcpyW
lstrlenW
WideCharToMultiByte
lstrcmpA
GetWindowsDirectoryA
lstrcpynA
GetEnvironmentVariableA
CreateDirectoryA
GetPrivateProfileStringA
FlushFileBuffers
GetProcAddress
CompareStringW
SetStdHandle
ReadFile
SetConsoleCtrlHandler
GetTimeZoneInformation
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TerminateProcess
LCMapStringW
LCMapStringA
HeapFree
ExitProcess
GetVersion
GetStartupInfoA
GetModuleHandleA
FindFirstFileA
InterlockedExchange
GetDriveTypeA
FileTimeToLocalFileTime
GetCurrentThread
GetCurrentProcess
GetLastError
FreeLibrary
LoadLibraryA
GetFileAttributesA
WinExec
lstrcatA
GetTickCount
ReleaseMutex
WaitForSingleObject
UnmapViewOfFile
CloseHandle
CreateMutexA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
lstrlenA
lstrcpyA
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
lstrcmpiA
CompareStringA
GetCommandLineA
SetEnvironmentVariableA
FileTimeToSystemTime
FindClose
HeapAlloc
RtlUnwind
GetCurrentThreadId
SetLastError
GetVersionExA
LocalAlloc
GetModuleFileNameA
GetBinaryTypeA
LocalFree

user32

CharLowerA
LoadKeyboardLayoutA
SystemParametersInfoA
wsprintfA
IsCharAlphaA
GetKeyboardLayoutList
GetDlgItem
SetFocus
wsprintfW
DialogBoxParamA
DialogBoxParamW
FindWindowA
EnumChildWindows
GetDC
wvsprintfA
ReleaseDC
DrawTextW
DrawTextA
GetWindowTextLengthA
GetWindowTextLengthW
GetWindowTextW
GetWindowTextA
SetWindowTextW
SetWindowTextA
MessageBoxW
MessageBoxA
IsDialogMessageW
IsDialogMessageA
DefWindowProcW
DefWindowProcA
CallWindowProcW
CallWindowProcA
GetWindowLongW
GetWindowLongA
SetWindowLongW
SetWindowLongA
DispatchMessageW
DispatchMessageA
PeekMessageW
PeekMessageA
PostMessageW
IsWindowUnicode
SendMessageW
SendMessageA
GetClassNameA
SendMessageTimeoutA
PostMessageA
RegisterWindowMessageA
CharNextA
PostThreadMessageA
EnumWindows
UnloadKeyboardLayout
GetSysColor
GetKeyboardLayout
EndDialog

gdi32

TextOutW
TextOutA

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorDacl
AllocateAndInitializeSid
IsValidSid
FreeSid
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyA
RegCreateKeyExW
RegSetValueExW
GetUserNameA
OpenThreadToken
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
InitializeSecurityDescriptor
RegSetKeySecurity
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegFlushKey
LookupPrivilegeValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegSetValueExA
RegEnumKeyExA
RegUnLoadKeyA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoInitialize
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoUninitialize

msi

ord81

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

28f48d4c6eb56da97dfe67a8900e7709

Headers

File Characteristics

Imports

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

msi

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 32KB - Virtual size: 42KB

.rsrc Size: 4KB - Virtual size: 68KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 32KB - Virtual size: 42KB

.rsrc
Size: 4KB - Virtual size: 68KB