f121d2f0ae2361c00c6eaea54ceaa22724e97eef59cd70bdf0c03a51d3bf6702

Sharing

Copy URL Twitter E-mail

General

Target

f121d2f0ae2361c00c6eaea54ceaa22724e97eef59cd70bdf0c03a51d3bf6702
Size

264KB
MD5

0c2c51bc27cf96cc6584e202a74c26bc
SHA1

d00ecde91e9a82565505c374e577a1a6f824b16f
SHA256

f121d2f0ae2361c00c6eaea54ceaa22724e97eef59cd70bdf0c03a51d3bf6702
SHA512

943f6024da3d36662bfc2aac46e25945e756c337024f606454a413dcc5d70fcf52810b1e10192e17827f0e2d5736ca9ea1037f32701a0f3da1c4434545ea6f83
SSDEEP

6144:VoK9TBkGa0o5d8nydJ3010Am85+X2ddWk5wRUL7GkFgMy:VoK9TJabd1dJHE+X2Acwo1FRy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f121d2f0ae2361c00c6eaea54ceaa22724e97eef59cd70bdf0c03a51d3bf6702

Files

f121d2f0ae2361c00c6eaea54ceaa22724e97eef59cd70bdf0c03a51d3bf6702
.exe windows:5 windows x86 arch:x86

c5097a7d4c67e6df9c495f6be41da781

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

LdrGetDllHandle
LdrLoadDll
NtQueryInformationProcess
RtlUnwind

kernel32

InterlockedDecrement
lstrcatW
GetNativeSystemInfo
GetModuleHandleW
GetVersionExW
FileTimeToDosDateTime
DosDateTimeToFileTime
lstrcpynA
FileTimeToLocalFileTime
SetThreadPriority
SetEndOfFile
SetFilePointerEx
SetFileTime
FlushFileBuffers
SetLastError
GetFileTime
DeleteFileW
GetFileInformationByHandle
ResetEvent
CreateMutexW
OpenMutexW
ReleaseMutex
CreateThread
GetDriveTypeW
GetLogicalDrives
GetEnvironmentVariableW
OpenProcess
Thread32First
Thread32Next
CreateToolhelp32Snapshot
VirtualFreeEx
GetProcessId
GetExitCodeThread
WaitForMultipleObjects
SetErrorMode
GetComputerNameW
GetModuleFileNameW
OpenEventW
GetCurrentProcessId
WriteProcessMemory
TlsGetValue
TlsSetValue
TlsAlloc
GetPrivateProfileStringW
GetPrivateProfileIntW
InterlockedIncrement
HeapFree
HeapDestroy
HeapCreate
TerminateThread
TlsFree
MoveFileExW
TryEnterCriticalSection
WideCharToMultiByte
CreateRemoteThread
Process32FirstW
Process32NextW
GetSystemDefaultUILanguage
GetProcessTimes
lstrcmpW
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
GetVolumeInformationW
UnregisterWait
RegisterWaitForSingleObject
HeapReAlloc
GetProcessHeap
GetVolumeNameForVolumeMountPointW
IsBadReadPtr
VirtualAllocEx
GlobalLock
GlobalUnlock
MultiByteToWideChar
GetHandleInformation
SystemTimeToFileTime
GetTimeZoneInformation
GetTempFileNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetThreadContext
SetThreadContext
VirtualQuery
GetCurrentProcess
InterlockedCompareExchange
GetCurrentThread
FlushInstructionCache
SetFileAttributesW
FindNextFileW
RemoveDirectoryW
FindClose
GetFileSizeEx
GetTempPathW
ReadFile
GetFileAttributesW
WriteFile
VirtualFree
GetLastError
VirtualAlloc
VirtualProtect
HeapAlloc
GetLocalTime
SetFilePointer
OutputDebugStringA
TerminateProcess
lstrcpyA
Sleep
lstrcmpiA
lstrcmpA
lstrcpyW
WTSGetActiveConsoleSessionId
lstrlenW
LoadLibraryW
CreateDirectoryW
ExitProcess
ExpandEnvironmentStringsW
CreateFileW
lstrlenA
lstrcmpiW
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemTime
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LocalFree
DuplicateHandle
CreateFileMappingW
CreateProcessW
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CloseHandle
FindFirstFileW
CreateEventW
GetTickCount
SetEvent
WaitForSingleObject
QueryPerformanceCounter
ResumeThread
GetCurrentThreadId

user32

CharUpperW
LoadImageW
GetClipboardData
GetSystemMetrics
GetLastInputInfo
CharLowerA
GetCursorPos
GetIconInfo
ToUnicode
GetKeyboardState
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
CharToOemW
ExitWindowsEx
CharLowerW
DrawIcon

advapi32

SetSecurityDescriptorSacl
EqualSid
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
CryptDestroyKey
CryptImportKey
CryptGetKeyParam
CryptVerifySignatureW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertSidToStringSidW
GetLengthSid
IsWellKnownSid
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
GetSidSubAuthority
OpenProcessToken
InitiateSystemShutdownExW

shlwapi

PathSkipRootW
PathUnquoteSpacesW
SHDeleteValueW
SHDeleteKeyW
PathIsURLW
PathRemoveExtensionW
PathFindExtensionW
PathMatchSpecW
StrCmpNIA
PathGetDriveNumberW
ord14
wvnsprintfW
wvnsprintfA
PathAddBackslashW
PathQuoteSpacesW
PathIsDirectoryW
PathAddExtensionW
StrChrA
StrCmpNA
StrChrW
StrCmpIW
StrRChrA
StrCmpNIW
PathRemoveFileSpecW
PathRemoveBackslashW
PathFindFileNameW
PathRenameExtensionW
UrlUnescapeA
StrCmpNW

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

secur32

DecryptMessage
DeleteSecurityContext
GetUserNameExW
EncryptMessage

ole32

CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CLSIDFromString
StringFromGUID2
CoInitializeSecurity

gdi32

SelectObject
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
CreateDCW
DeleteDC
BitBlt

ws2_32

bind
socket
WSASetLastError
closesocket
send
listen
accept
WSACleanup
shutdown
WSACloseEvent
WSAIoctl
WSAAddressToStringW
WSAEnumNetworkEvents
WSAEventSelect
setsockopt
WSACreateEvent
getsockopt
WSAAddressToStringA
WSAStringToAddressW
WSARecv
WSAGetLastError
recvfrom
getaddrinfo
select
getsockname
sendto
recv
freeaddrinfo
getpeername
connect
WSAGetOverlappedResult
WSASend
WSAStartup

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
PFXImportCertStore
CryptUnprotectData
CertDeleteCertificateFromStore

wininet

InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetConnectA
HttpQueryInfoA
InternetCrackUrlA

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

netapi32

NetApiBufferFree
NetUserGetInfo
NetUserEnum

iphlpapi

GetAdaptersAddresses

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msvcrt

_except_handler3
_errno
memcpy
memset
memcmp
memmove
memchr
_vsnwprintf
_vsnprintf
strcmp
_purecall
_ultow
strtoul

Sections

.text
Size: 246KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5097a7d4c67e6df9c495f6be41da781

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

iphlpapi

version

msvcrt

Sections

.text Size: 246KB - Virtual size: 248KB

.data Size: 8KB - Virtual size: 12KB

.reloc Size: 9KB - Virtual size: 13KB

.text
Size: 246KB - Virtual size: 248KB

.data
Size: 8KB - Virtual size: 12KB

.reloc
Size: 9KB - Virtual size: 13KB