ea8f2e205912c3050ff0b3b242f581220916873635420b8033d9fc57970b45faN

Sharing

Copy URL

Twitter E-mail

General

Target

ea8f2e205912c3050ff0b3b242f581220916873635420b8033d9fc57970b45faN
Size

2.2MB
MD5

19af54479b3943ec510005f8cfbc6af0
SHA1

cee2ca7c429bd2f04ce0d000f663e56e9d04199b
SHA256

ea8f2e205912c3050ff0b3b242f581220916873635420b8033d9fc57970b45fa
SHA512

5a9a6116dc46219a05236b3d8c97b0792a0e6cd205cb9edc597904b36dfd7f67315df05960c5c88031302c75737100b43e7d69927c0e126646424b3bfd471f68
SSDEEP

49152:ql1PbynTerQ4h1qvWiBsr48rqDTSVxxaD+JBV1Ls2wBEJBV1Ls2wBj:qbDrfhcviJBvA7lj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea8f2e205912c3050ff0b3b242f581220916873635420b8033d9fc57970b45faN

Files

ea8f2e205912c3050ff0b3b242f581220916873635420b8033d9fc57970b45faN
.exe windows:4 windows x64 arch:x64

3cf1896f99101f636135032b9acbfa8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
wcscmp
memmove
wcslen
wcscpy
wcscat
memcpy
fread
longjmp
_setjmp
_wcsdup
free
wcsncmp
_wcsicmp
tolower
wcsncpy
_snwprintf
fabs
malloc
ceil
floor
fseek
ftell
fclose
pow
??3@YAXPEAX@Z
_wcsnicmp
frexp
modf
memcmp
fopen
_errno
strerror
abort
atof
_gmtime64
fflush
ferror
remove
fwrite
realloc
calloc
__iob_func
strchr
strstr
isxdigit
strncmp
isalpha
strtol
strncpy
sscanf
strrchr
strpbrk
strtoul
_time64
_strtoi64
qsort
fgets
fputs
atoi
isspace
memchr
isdigit
_stricmp
_strnicmp
_read
_write
fputc
sprintf
getenv
isalnum
_stat64
isupper
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
GetCurrentProcessId
GetCurrentThreadId
CloseHandle
InitializeCriticalSection
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
CreateProcessW
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
HeapFree
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
FreeLibrary
LoadLibraryW
WideCharToMultiByte
GetProcAddress
CreateThread
CreateFileW
DeleteFileW
WriteFile
Sleep
SetLastError
CreateDirectoryW
SetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
SetFilePointer
GetFileSize
ReadFile
HeapReAlloc
GlobalFree
GlobalAlloc
MultiByteToWideChar
MulDiv
TlsFree
DeleteCriticalSection
GetLastError
VerSetConditionMask
VerifyVersionInfoA
LoadLibraryA
SleepEx
ExpandEnvironmentStringsA
FormatMessageA
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

advapi32

GetCurrentHwProfileW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

ole32

CoInitialize
RevokeDragDrop
CoTaskMemFree

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

ws2_32

WSAIoctl
getaddrinfo
freeaddrinfo

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
connect
select
__WSAFDIsSet
recv
WSAGetLastError
send
WSASetLastError
getsockopt
setsockopt
getpeername
getsockname
ntohs
gethostname
ntohl
htonl

winmm

timeBeginPeriod

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

user32

MessageBoxW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongPtrW
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
DestroyWindow
GetIconInfo
InvalidateRect
UpdateWindow
RedrawWindow
ReleaseCapture
BeginPaint
DrawStateW
EndPaint
SetCapture
CallWindowProcW
GetWindowRect
ScreenToClient
SendMessageW
GetSystemMetrics
CreateWindowExW
SetWindowLongPtrW
GetSysColor
GetSysColorBrush
GetDC
GetWindowTextLengthW
GetWindowTextW
SetRect
DrawTextW
GetWindowLongW
ReleaseDC
SetWindowTextW
GetPropW
RemovePropW
DefWindowProcW
GetParent
SetPropW
GetWindow
SetActiveWindow
DestroyIcon
LoadIconW
LoadCursorW
RegisterClassW
AdjustWindowRectEx
ShowWindow
CreateAcceleratorTableW
UnregisterClassW
DefFrameProcW
DestroyAcceleratorTable
EnumChildWindows
GetClientRect
FillRect
SetFocus
GetFocus
PostMessageW
GetActiveWindow
GetKeyState
GetClassNameW
IsChild
RegisterWindowMessageW
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW

gdi32

GetStockObject
GetObjectType
GetObjectW
DeleteObject
SetTextColor
SetBkColor
SelectObject
CreateSolidBrush
GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
DeleteDC
CreateBitmap
SetPixel
GetDIBits
BitBlt
CreateDCW
CreateFontW

comctl32

InitCommonControlsEx

Sections

.code
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cf1896f99101f636135032b9acbfa8b

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

ole32

shell32

ws2_32

wsock32

winmm

gdiplus

user32

gdi32

comctl32

Sections

.code Size: 9KB - Virtual size: 9KB

.text Size: 395KB - Virtual size: 395KB

.rdata Size: 88KB - Virtual size: 87KB

.pdata Size: 23KB - Virtual size: 22KB

.data Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 73KB - Virtual size: 72KB

.code
Size: 9KB - Virtual size: 9KB

.text
Size: 395KB - Virtual size: 395KB

.rdata
Size: 88KB - Virtual size: 87KB

.pdata
Size: 23KB - Virtual size: 22KB

.data
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 73KB - Virtual size: 72KB