85d9ee5e4a82fde8199eeeae338b8a475abd8a38ede2641643cd66b1e4e865b5

Sharing

Copy URL Twitter E-mail

General

Target

85d9ee5e4a82fde8199eeeae338b8a475abd8a38ede2641643cd66b1e4e865b5
Size

6.3MB
MD5

3ef6acb0da0db39f8dddc2c8c5b0280d
SHA1

2e72eaf438c92aa8c7a9c34eccffb74ed198f1cc
SHA256

85d9ee5e4a82fde8199eeeae338b8a475abd8a38ede2641643cd66b1e4e865b5
SHA512

6e6233014b74695289bbc061d42c0f79cb5473364f52feb275f453981c50590d525ade4c6b380e0cc0b6a72d69dce7d350976c8af9058867f943f29b3ee34a87
SSDEEP

196608:PO5MBqDApy1UqV1XhLAUNFOQw2ne2uQ8ZA:2pDApcdXhLAg4QH6ZA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85d9ee5e4a82fde8199eeeae338b8a475abd8a38ede2641643cd66b1e4e865b5

Files

85d9ee5e4a82fde8199eeeae338b8a475abd8a38ede2641643cd66b1e4e865b5
.exe windows:6 windows x86 arch:x86

2f2c8f5feae9076bd660d12dca440cdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsW
SetEndOfFile
GetSystemInfo
GetModuleFileNameW
WritePrivateProfileStringW
DecodePointer
RaiseException
SetLastError
InitializeCriticalSectionEx
CreateMutexW
GetCurrentThreadId
FreeLibrary
LoadLibraryExW
lstrcmpiW
Sleep
GetDiskFreeSpaceExW
GetDriveTypeW
GetExitCodeProcess
CreateProcessW
FreeResource
GlobalAlloc
GlobalUnlock
GlobalLock
LocalFree
TerminateProcess
OpenProcess
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OutputDebugStringW
ReadFile
WriteFile
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForMultipleObjects
VirtualAlloc
VirtualFree
CloseHandle
InitializeCriticalSection
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
FindClose
FindFirstFileW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
ExitProcess
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetTempPathW
SetFileAttributesW
GetTempFileNameW
GetFullPathNameW
GetCurrentDirectoryW
SetEvent
MoveFileExW
RtlUnwind
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
GetEnvironmentVariableA
MoveFileExA
FormatMessageW
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
SleepEx
GetCurrentProcessId
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetProcAddress
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetTickCount
GetCurrentProcess
DeleteFileW
CreateDirectoryW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetFileInformationByHandle
GetFileAttributesW
FindNextFileW
GetSystemTimeAsFileTime
GetStdHandle
LCMapStringEx
QueryPerformanceFrequency
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetExitCodeThread
WaitForSingleObjectEx
LoadLibraryExA
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent

user32

SetWindowTextW
LoadCursorW
GetWindow
PostMessageW
DefWindowProcW
MessageBoxW
KillTimer
SetTimer
GetWindowThreadProcessId
FindWindowExW
SetWindowLongW
SetForegroundWindow
GetForegroundWindow
CharNextW
BringWindowToTop
ShowWindow
CharUpperW
CharLowerW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
AttachThreadInput
SetWindowPos
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
GetMonitorInfoW
MonitorFromWindow
LoadIconW
GetParent
GetWindowLongW
PtInRect
SetRect
MapWindowPoints
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
UpdateLayeredWindow
SetFocus
MoveWindow
UnregisterClassW

gdi32

ExtTextOutW
GetObjectW
CreateDIBSection
SetTextColor
SetBkMode
SetBkColor
SelectObject
GetStockObject
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

shell32

DragQueryFileW
SHGetSpecialFolderPathW
DragFinish
SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance

oleaut32

VarUI4FromStr
VariantClear
SysFreeString
SysAllocString
VariantCopy

advapi32

RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
DeleteAce
GetAce
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
BuildExplicitAccessWithNameW
RegCloseKey
RegEnumValueW

shlwapi

PathAppendW

comctl32

InitCommonControlsEx

gdiplus

GdipDrawString
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipDeleteFont
GdipCreateFont
GdipCloneFontFamily
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectRectI
GdipFillRectangleI
GdipDrawRectangleI
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipFree

ws2_32

ioctlsocket
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
inet_pton
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
send
WSACloseEvent

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertOpenStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

Sections

.text
Size: 618KB - Virtual size: 617KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61.9MB - Virtual size: 61.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f2c8f5feae9076bd660d12dca440cdc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

comctl32

gdiplus

ws2_32

crypt32

Sections

.text Size: 618KB - Virtual size: 617KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 11KB - Virtual size: 24KB

.rsrc Size: 61.9MB - Virtual size: 61.9MB

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 618KB - Virtual size: 617KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 11KB - Virtual size: 24KB

.rsrc
Size: 61.9MB - Virtual size: 61.9MB

.reloc
Size: 29KB - Virtual size: 28KB