605ba64b7df6358fa376748f861132c23851056f76b31a16fa3e4fedec879eb6

Sharing

Copy URL Twitter E-mail

General

Target

605ba64b7df6358fa376748f861132c23851056f76b31a16fa3e4fedec879eb6
Size

208KB
MD5

01633756116f12b45301ba7dd07ebb73
SHA1

492c109739c7c11592ee5fa436b0ada15f759f94
SHA256

605ba64b7df6358fa376748f861132c23851056f76b31a16fa3e4fedec879eb6
SHA512

d4e19cf2b424f1039b42c1dfe9bcc5cba87fa3633de5a3bf7e98702766f71462398b3a0dc85e672ebc8ea1bd4d81eb6b1b40bb95bed69bcc7c85f84a149131e5
SSDEEP

6144:da1oB/yvpK0JCmRcRRR8N0e2kXfCqNidkfk:dbapK0JCmRcU9vVokf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
605ba64b7df6358fa376748f861132c23851056f76b31a16fa3e4fedec879eb6

Files

605ba64b7df6358fa376748f861132c23851056f76b31a16fa3e4fedec879eb6
.exe windows:2 windows x86 arch:x86

e391eee2fda3671a828f8ce7165ca399

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
GetModuleHandleW
ConnectNamedPipe
GetModuleFileNameA
EnumTimeFormatsW
SuspendThread
GetWindowsDirectoryW
GetPriorityClass
lstrlen
CreateThread
GetSystemDefaultLangID
FlushFileBuffers
ReadDirectoryChangesW
GetDateFormatA
BeginUpdateResourceW
FreeResource
GetSystemDirectoryA
CreateMutexW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryW
FatalAppExitA
SetLocaleInfoW
GetProcessHeap
GetDiskFreeSpaceA
GetProcAddress
FindResourceA
GetOEMCP
lstrcpyW
GetThreadPriority
GlobalGetAtomNameW
MoveFileW
CompareStringA
LocalFree
MultiByteToWideChar
GetVersionExW
GetACP

user32

LoadMenuIndirectA
UnregisterClassW
GetClassInfoExW
RegisterClassA
GetClassNameA
LoadMenuW
DefDlgProcW
SetWindowRgn
GetParent
DialogBoxIndirectParamA
LoadMenuA
GetClassInfoW
DrawTextW
CreateDialogIndirectParamW
wvsprintfA
LoadCursorW
EnumWindows
DialogBoxIndirectParamW
CharNextW
FindWindowW
GetDCEx
GetSysColor
GetMenuStringW
GetTopWindow
LoadBitmapA
TrackPopupMenuEx
AppendMenuW
InsertMenuItemA
GetWindowRect
MessageBoxW
SetActiveWindow
EnumDesktopsA
CreatePopupMenu
FindWindowA
MessageBoxIndirectW
CreateAcceleratorTableW
CharLowerA
DeleteMenu
GetForegroundWindow
EnumDesktopWindows
EnumDesktopsW
CopyRect
OpenClipboard
GetDlgItemTextW
GetWindowLongW
GetMenuItemCount
CheckDlgButton
CreateAcceleratorTableA
WaitForInputIdle
DialogBoxParamW
PostQuitMessage
GetActiveWindow
CreateCaret
RegisterWindowMessageW
GetClassNameW
GetMenuItemInfoA
EndMenu
WinHelpA
SetCapture
SetTimer
CreateMenu
CreateDialogParamA
SendDlgItemMessageA
LoadCursorA
DefWindowProcW
EnumDesktopsA
SetMenu

gdi32

GetBrushOrgEx
StrokeAndFillPath
CreateFontW
GetEnhMetaFilePixelFormat
GetPixel
GetViewportOrgEx
CreateDCA
CopyMetaFileW
AbortPath
RemoveFontResourceA
GetKerningPairsA
EnumFontFamiliesExW
AddFontResourceW
Rectangle
GetDeviceGammaRamp
PolyPolygon
RectInRegion
GetGlyphIndicesA
CreatePolygonRgn
SetColorSpace
SetMetaFileBitsEx
CreateBitmap
OffsetRgn
EndDoc
CreateDIBPatternBrush
PlayEnhMetaFile
RestoreDC
GetCharWidth32W
PaintRgn
StartFormPage

advapi32

RegDeleteKeyW
RegOpenKeyA
RegQueryMultipleValuesW
RegEnumValueW
RegSetValueA
RegEnumKeyExA
RegCreateKeyExA
RegRestoreKeyW
RegCloseKey
RegEnumKeyA
RegEnumKeyW
RegDeleteValueA
RegQueryValueW
RegReplaceKeyW
RegFlushKey
CryptSetProviderA
RegOpenKeyW
RegEnumValueA

shell32

ExtractIconExA

comctl32

ImageList_SetImageCount
ImageList_Duplicate
FlatSB_EnableScrollBar
DllGetVersion
ImageList_SetBkColor
InitCommonControls
ImageList_GetBkColor

comdlg32

FindTextA
LoadAlterBitmap
ReplaceTextW
GetFileTitleW
GetSaveFileNameW
ReplaceTextA

oleaut32

VarR8FromDisp
VarUI1FromStr
VarDateFromUI8
OleLoadPictureFile
VarUI1FromDisp
VarUI8FromCy

wininet

GopherGetLocatorTypeA
ShowCertificate
HttpQueryInfoA
SetUrlCacheHeaderData
FindFirstUrlCacheContainerA
GetUrlCacheEntryInfoA
FindNextUrlCacheContainerA
DeleteUrlCacheEntry
InternetGetConnectedState
GetUrlCacheConfigInfoW
InternetConfirmZoneCrossing
InternetGetConnectedStateEx
InternetCreateUrlA
CreateUrlCacheEntryA
InternetSetPerSiteCookieDecisionW
InternetSetOptionW
RetrieveUrlCacheEntryFileW
FindCloseUrlCache
UrlZonesDetach

urlmon

IsValidURL
CoInternetCreateSecurityManager
URLDownloadToCacheFileW
Extract
MkParseDisplayNameEx
GetMarkOfTheWeb
CopyStgMedium
HlinkNavigateMoniker

wsock32

GetAddressByNameA
GetAddressByNameW
s_perror
WSAAsyncGetProtoByNumber
socket
WSAAsyncGetHostByName
send
AcceptEx
shutdown

crypt32

CertFreeCRLContext
CertGetIntendedKeyUsage
CertGetNameStringW
PFXExportCertStoreEx
CryptVerifyMessageHash
CertGetIssuerCertificateFromStore
I_CryptEnableLruOfEntries
I_CryptGetAsn1Decoder
CertEnumSystemStoreLocation
I_CryptSetTls

Sections

.ehkoKk
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WbOYt
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jVQpnF
Size: 1KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MAgzG
Size: 109KB - Virtual size: 217KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e391eee2fda3671a828f8ce7165ca399

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

comdlg32

oleaut32

wininet

urlmon

wsock32

crypt32

Sections

.ehkoKk Size: 2KB - Virtual size: 20KB

.WbOYt Size: 16KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 6KB

.jVQpnF Size: 1KB - Virtual size: 49KB

.MAgzG Size: 109KB - Virtual size: 217KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 64KB - Virtual size: 64KB

.reloc Size: 512B - Virtual size: 4KB

.ehkoKk
Size: 2KB - Virtual size: 20KB

.WbOYt
Size: 16KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 6KB

.jVQpnF
Size: 1KB - Virtual size: 49KB

.MAgzG
Size: 109KB - Virtual size: 217KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 512B - Virtual size: 4KB