4209f7c6cb1d7eac796c6393c61308dfb495438a6eeb5d23c8151a482c773de8

Sharing

Copy URL Twitter E-mail

General

Target

4209f7c6cb1d7eac796c6393c61308dfb495438a6eeb5d23c8151a482c773de8
Size

3.3MB
MD5

b25ad9a5c7cead9ebe0b61b98fcdc887
SHA1

08d6baa2349e8ab8a20af4d47f45b3aabbcdd880
SHA256

4209f7c6cb1d7eac796c6393c61308dfb495438a6eeb5d23c8151a482c773de8
SHA512

a235adc38c5cff7bfc55c55f8cdb26cde9d201d2fe37c0c80056a4fe45251231b28d13edb76d2de27850f7295bb03f49f5907a233d46d8c4488212b6c4555910
SSDEEP

49152:IU8wJWMPUqV/48Qh+TwPv8K5Z/MfUfgXX6M1SlsVYeel93L5:I2WVqV/4R7xu7n6Mos

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4209f7c6cb1d7eac796c6393c61308dfb495438a6eeb5d23c8151a482c773de8

Files

4209f7c6cb1d7eac796c6393c61308dfb495438a6eeb5d23c8151a482c773de8
.exe windows:6 windows x86 arch:x86

f4303b9dd45ee602f7d3e6d2387a5073

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
MultiByteToWideChar
GetFileAttributesExW
GlobalFlags
DeleteFileW
GetSystemInfo
GetCurrentDirectoryW
SetCurrentDirectoryW
WideCharToMultiByte
IsBadReadPtr
VirtualQuery
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
SetEvent
ResetEvent
FileTimeToSystemTime
GetLocalTime
GetSystemTimeAsFileTime
GetEnvironmentVariableW
RaiseException
VirtualProtect
VirtualFree
VirtualAlloc
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
SetWaitableTimer
CreateWaitableTimerW
WriteConsoleW
HeapSize
SetEndOfFile
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
IsWow64Process
FlushFileBuffers
GetTimeZoneInformation
DecodePointer
LCMapStringW
CompareStringW
GetCurrentProcess
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
CreateFileA
VerifyVersionInfoA
FormatMessageW
WaitForMultipleObjects
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
InitializeCriticalSectionEx
QueryPerformanceCounter
GetCommandLineW
SetLastError
SetFilePointerEx
GetLastError
WriteFile
GetTickCount
FindResourceW
LoadResource
LockResource
FreeResource
GetCurrentThreadId
SizeofResource
MulDiv
GlobalUnlock
GlobalLock
LeaveCriticalSection
LoadLibraryA
WaitForSingleObject
CreateThread
FreeLibrary
LoadLibraryW
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetProcAddress
GetModuleHandleW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GlobalAlloc
GlobalFree
IsDebuggerPresent
GetModuleFileNameW
CreateFileW
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
Sleep
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessW
CreatePipe
CreateEventW
ExitProcess
OpenEventW
CopyFileW
CloseHandle
GetFullPathNameW

user32

GetActiveWindow
MsgWaitForMultipleObjects
PeekMessageW
KillTimer
TranslateMessage
DispatchMessageW
WaitForInputIdle
SendMessageTimeoutW
SetTimer
GetPropW
LoadImageW
GetWindowTextLengthW
GetWindowTextW
GetParent
GetDesktopWindow
LoadCursorW
LoadIconW
SetPropW
RegisterClassW
GetClassInfoW
LoadStringW
SendMessageW
CreateWindowExW
DestroyWindow
DefWindowProcW
GetWindowLongW
EnumWindows
MonitorFromWindow
wsprintfW
MessageBoxA
ReleaseDC
GetMessageW
MessageBoxW
GetAsyncKeyState
GetWindow
GetTopWindow
GetDC
RemovePropW
IsWindowVisible
WindowFromPoint
GetWindowThreadProcessId
GetCursorPos

gdi32

SelectObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GetStockObject
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject

advapi32

CryptImportKey
CryptGetHashParam
CryptAcquireContextA
CryptCreateHash
RegCloseKey
RegQueryValueW
RegOpenKeyExW
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptGenRandom

shell32

DragFinish
SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileA
DragQueryFileW

ole32

PropVariantClear
CoTaskMemAlloc
CoCreateGuid
CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance

oleaut32

VarUdateFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertCloseStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
CertFindExtension
CertOpenStore

iphlpapi

GetExtendedTcpTable

ntdll

VerSetConditionMask

psapi

GetModuleFileNameExW
EnumProcesses

shlwapi

PathFindExtensionW
PathFileExistsW
PathFindFileNameW

msvfw32

GetSaveFileNamePreviewW

wldap32

ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143

ws2_32

htons
getsockopt
getsockname
getpeername
connect
bind
WSAIoctl
select
__WSAFDIsSet
inet_pton
WSAGetLastError
WSACleanup
WSAStartup
ntohs
setsockopt
accept
closesocket
recv
send
socket
ntohl
htonl
listen
ioctlsocket
getaddrinfo
WSACloseEvent
WSAEnumNetworkEvents
WSAEventSelect
recvfrom
sendto
gethostname
WSASetLastError
WSACreateEvent
freeaddrinfo

gdiplus

GdiplusShutdown
GdipGetImageHeight
GdipGetImagePaletteSize
GdipCloneImage
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePalette
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdiplusStartup
GdipSetCompositingMode

Sections

.text
Size: 961KB - Virtual size: 961KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4303b9dd45ee602f7d3e6d2387a5073

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

crypt32

iphlpapi

ntdll

psapi

shlwapi

msvfw32

wldap32

ws2_32

gdiplus

Sections

.text Size: 961KB - Virtual size: 961KB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 17KB - Virtual size: 22KB

.rsrc Size: 191KB - Virtual size: 190KB

.reloc Size: 60KB - Virtual size: 59KB

.text
Size: 961KB - Virtual size: 961KB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 17KB - Virtual size: 22KB

.rsrc
Size: 191KB - Virtual size: 190KB

.reloc
Size: 60KB - Virtual size: 59KB