e206eb6bf4e4058a8593cfe4cd29d0c5e8c4cbbfb1f3462deddef50eacf356f3

Sharing

Copy URL Twitter E-mail

General

Target

e206eb6bf4e4058a8593cfe4cd29d0c5e8c4cbbfb1f3462deddef50eacf356f3
Size

5.8MB
MD5

9c7b486aee68159f26f230891b3637a9
SHA1

aa5fa1b8908ae4cf233e2e99cf76edaf88aa1756
SHA256

e206eb6bf4e4058a8593cfe4cd29d0c5e8c4cbbfb1f3462deddef50eacf356f3
SHA512

4f0db9acac9c489b75035bf955a8e1a27d151f6c2238f9cbfb989915f2f97fbace0d84b1810f5778a42dc00062e369691a830ba7d15a0512b5353cdd6b8dde89
SSDEEP

98304:S3iVn6rUyyc+pymaT7isBzMEcUsk80MEG/bHKl32OnjLV1aU:SyYUyyc+ETY/D1Ora

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e206eb6bf4e4058a8593cfe4cd29d0c5e8c4cbbfb1f3462deddef50eacf356f3

Files

e206eb6bf4e4058a8593cfe4cd29d0c5e8c4cbbfb1f3462deddef50eacf356f3
.exe windows:6 windows x86 arch:x86

740bf150eb3871cac3c157a56ea0718c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

comctl32

InitCommonControls

gdi32

DeleteObject
GetTextExtentPoint32A
SelectObject
GetDeviceCaps
SetBkColor
CreateFontA
CreateCompatibleDC
GdiFlush
CreateDIBSection
DeleteDC
GetStockObject
SetBkMode
SetTextColor
TextOutA
PatBlt
SetDIBitsToDevice

hid

HidD_GetAttributes
HidD_GetHidGuid

imm32

ImmGetContext
ImmSetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmGetOpenStatus
ImmGetCompositionStringA
ImmAssociateContext
ImmReleaseContext

kernel32

Sleep
FreeLibrary
GetProcAddress
lstrlenA
LoadLibraryA
DeleteFileA
WriteConsoleW
HeapSize
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
GetCommandLineA
GetCurrentProcess
MoveFileA
QueryPerformanceCounter
GetCurrentThreadId
OutputDebugStringA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetCurrentDirectoryA
CreateDirectoryA
GetFullPathNameA
CloseHandle
GetLastError
WaitForSingleObject
GetVersion
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
MultiByteToWideChar
SetThreadPriority
GetThreadPriority
SuspendThread
ResumeThread
CreateFileA
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
GetOverlappedResult
CreateEventA
GetTickCount
ReleaseMutex
CreateMutexA
GlobalMemoryStatus
GetDriveTypeA
SetErrorMode
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
FindClose
FindFirstFileA
SetEvent
ResetEvent
WaitForMultipleObjects
WideCharToMultiByte
IsProcessorFeaturePresent
CreateFileW
HeapFree
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
lstrcmpW
MulDiv
GetCurrentThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
GetStdHandle
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
HeapAlloc
DecodePointer
GetTimeZoneInformation
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

oleaut32

VariantClear
SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringByteLen

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

shell32

ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation

shlwapi

PathFileExistsA
PathIsDirectoryA

user32

PeekMessageA
PostMessageA
PostQuitMessage
LoadCursorA
EnumDisplayDevicesA
DefWindowProcA
RegisterClassExA
GetClassInfoExA
CreateWindowExA
DestroyWindow
AnimateWindow
SetWindowPos
SetFocus
GetActiveWindow
GetMenu
SetMenu
GetSystemMenu
DestroyMenu
DeleteMenu
UpdateWindow
SetActiveWindow
InvalidateRect
SetWindowTextA
DispatchMessageA
GetWindowRect
AdjustWindowRectEx
GetWindowLongA
SetWindowLongA
SetRect
CallWindowProcA
ChangeDisplaySettingsA
PostThreadMessageA
BringWindowToTop
MsgWaitForMultipleObjects
RegisterClipboardFormatA
IntersectRect
IsIconic
GetAsyncKeyState
SendMessageA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursorPos
GetKeyboardState
GetGuiResources
TranslateMessage
SystemParametersInfoA
GetWindowTextA
wvsprintfA
LoadMenuA
GetClientRect
LoadIconA
ReleaseDC
GetDC
GetDesktopWindow
GetSystemMetrics
MessageBoxA
ShowWindow
EndPaint
BeginPaint
GetQueueStatus

wininet

HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
HttpQueryInfoA
InternetErrorDlg
InternetReadFile
InternetAttemptConnect

winmm

timeEndPeriod
timeBeginPeriod
timeSetEvent
timeGetDevCaps
timeGetTime
timeKillEvent

d3d8

Direct3DCreate8

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CoFreeUnusedLibraries

Exports

Exports

8�i~uB�9�| C��t>-%R��2GW5ֺ�y5�0��B\9��āݭ^��_d��@]7��B�� u�߲5;�3�/琈7�]��'\�g~pN`��7�m��:�qx:+Lh� ��F�,� �D_4�E��Q|��̖M��ED�-��"Jk4��U��")ψȉ��5��&U9��K��V)-YQ��Tv��<��t/^!�y��<�V�%GV.lv��d�2?��lw9a�� p��C4��;�q*�m$r�(=��zi�+��87 Y)jf��x�F%�❻��س9h�1�Hp�nT$5��J/� ��Ņ'�pk�_w��Sj��(�|<c< ��C��R9k$f��U(��֨��X��rM1@-W$X��~!˽u˭�&��r�S�Q��)&|ں<k��`�� V9�S0��@U��t�5:F�WD*�~I|L�c.��<��C�'0�OXn�5cq��X�~w� ��e�0��4�7�]}G?>�G�|�0�1��P��R��("?�WI1��&K��.,�O��}[$�x�FV�˺�<�cIsn��6I��0)l�5~��-t-O��p��(�n� a�V�:�ť�vՒefC�%U�]��n��7�n{��w8r��6�몠�F�F��垢��i0��2S��"V��v�ڼ��̈m d�{!��7Ps��4��ǑS�� 1�I�9��c��g�ɩFE�QP�RS��RN��2\\��2�C�/�Q2e2T|6+=Ή=��q��/D��N�,�q��qp�'��ZJ�$K ݟ�r�0�(�� n1�Qv�덨�)�׭ �U�,|�L��Ht�٢�# ur��;��?�mm ��N��&s0V��|NID�Z�t��Y%.�GЭ>3qX�� y�"W��/��N��tzm�Ȗ8��b��h�7�}a�Gq�h��(G<̥�E�To?z��4 yȽ=�v�tş��a� �.,ԙ��Y_� q�K��_ۉ>A��g9�v&$}��*˴{�\m��d��?��}1��&��0T�vՔ�*��vv��)$6��h�O��GX?J�B�o�љc�u��M�bx-� Qs7��f�E�G;w�3�� e��Uf��dJ�נ��ĸ��W�SMO�q܌�z�Ay*JoB�s�RG(��GKyV��먳B��ٹ��,*9"꫱rW؊�wG³`Kd� ��,z��>�/��/K�E�E�Yfm<�^�"��pqu�؉��G��:a&��*/Å��8��Y)ʖ�`�E�I��f�ߦ�p�*��r>�n��:�t��bE�J�ƕ�~%?��rT̳��*�j[ꖔKȆ��\�h�ܜ��羰G]��5ؐ J��5�T�N�b@��Lv�� ʛ��r�8C�t�wM�Ri�]��S�ؔ}5�D��ߺ�:��Vd�:��!�]�8s�f��S�9*��e�6t�kI��?`�#j��Ҭ��tԥ�Q�qo�� m;��jb@�ģ�R��55N&~�B��,��?$�#q�ؾ�D�Գf��f�K �sUE�C�� O��b��Pv�,��T�w^��PˑȧD�z�dx�� n�� sՖ��u�4# �R[��R�Bf�B$;�K%r��/E)��f;�8��U��w�A�O$�_�Z;�X ?/T��ɨ{&��LȪH��O!d�Q��)N�g�a�'��{ɬg�-$�<��0��n��H[��A�˴!|%gr�^ r/�=�Xad��Vr�W6��b[�f� ��v��?#m&ŧf�ݢ�#�B��>"N�l�ѱeJ��S"��,��F��߽6��!Ҋ��U8f�̶�:3!{Ѻz�X(ۃ2!/|�'B�$o�x��Q��Bjߖ&+��ۅ�E��ƻ�7q�s��K��yR�D�X��/�n�.ڇ,*�Y�5"1@��(�Ygy��?��gڕ��=�߶^ޕ��T}�m��)�A��K��U��Z��CGR�Q��Z��<�~�f�l-60ٗ�'��1��]�p�@��%Lr�PA�3��y@��*��lGuI��]W4Ȅӝa�_O��x�E�[0��f�!�`�~s�X��p-�,��y�Ǐֳ@<�0I�'�Z��<_HS i��#��B)�}w ��'��I�$��˕m�mN��Ag�� +"O�w��p '�&8�NU��*��ޣq��? {��ؤGZ ��KRT��wБC��M��+�+Wτ�_�)U�xɣ<.��t4��9V��\�o�kO��o�'?U�^�<�¼ �W�Q�/-��*�S�M��5y8��[��B��٩,�0��h�\��\�M?�?��1[�k0��^c�,�2�+[|�;cC��ZU :�k��N䶷7EZ5��>�#c�ӒW��N'��e�lS��{%��P�K�&��nK�H�'t��z��9�[�� *W�[|7�i�oX3�Ҫ2��x%+<�"q��:V�"�N��}��X!�哂/��K=��C/i��ׯ+�oJ��V�A��]�pAh��P�s��^�{��/S@۔��r �2��O`7�쩓�M�5q+�:gcv��;��P=OZ�bB�t۪��rC�iy��b<�/Z2\��Ӓg1oT��)ub�E��3#Eƅ�x��n�S>H=��2�Ķ��: ��݇oQ�� jOέ<�y8�T��)��^஀5T�7�X{��'^��{��8�%�3��;lbUB.V��}��wx�[��k��$��Dc�6;/�z��E��DT�Ø�BeP��tRY�rj?��d-��s�:be��Ao=��m�3i��#c��L�H8�H�.W�Y��f<�I�6&3�-ls��xt��h1�26(��9b�jm�5mI�Eb��8e�4d{O�7a��{�.QVk�II��Ū7X��ܓ�Jŷ�� 69��C� ��C!�K��QV�d�l"}��_��%��9�c��/n�Ԙ�9��I�bg��0�:�.�-�].�d#x��D�f35n��͵��DG�uA�� u��'�

Sections

Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 494KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 73KB - Virtual size: 9.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 125KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

NULL
Size: - Virtual size: 7.3MB

IMAGE_SCN_MEM_DISCARDABLE

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.04Ver
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

740bf150eb3871cac3c157a56ea0718c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

hid

imm32

kernel32

oleaut32

setupapi

shell32

shlwapi

user32

wininet

winmm

d3d8

ole32

Exports

Exports

Sections

Size: 2.9MB - Virtual size: 2.9MB

Size: 494KB - Virtual size: 500KB

Size: 73KB - Virtual size: 9.3MB

Size: 2KB - Virtual size: 4KB

Size: - Virtual size: 112KB

Size: 125KB - Virtual size: 128KB

.rsrc Size: 109KB - Virtual size: 112KB

NULL Size: - Virtual size: 7.3MB

.data Size: 2.1MB - Virtual size: 2.1MB

.04Ver Size: 6KB - Virtual size: 8KB

.rsrc
Size: 109KB - Virtual size: 112KB

NULL
Size: - Virtual size: 7.3MB

.data
Size: 2.1MB - Virtual size: 2.1MB

.04Ver
Size: 6KB - Virtual size: 8KB