f7b65ee8eee221ff332fa010b459b35e3ad3730797babe1869bfedbb7523a62bN

Sharing

Copy URL

Twitter E-mail

General

Target

f7b65ee8eee221ff332fa010b459b35e3ad3730797babe1869bfedbb7523a62bN
Size

1.5MB
MD5

41af80cac2d365cc3d66107f0a6cd3d0
SHA1

02245fe72862f3b326fe1d54bc3e8923e1ad4f46
SHA256

f7b65ee8eee221ff332fa010b459b35e3ad3730797babe1869bfedbb7523a62b
SHA512

7fdaef97672e088eeb5a8413e23246c9232b5939caed9ace6309aec61e658944007af64c30a5ee9a14fff72969e48e1bc0aeac94b1aeb66376eb359572cfb059
SSDEEP

24576:imWB69Us7fO0EHrLRsleLHPrieTcYhT9Yxsxxa2qvJBV1Ls2wBP:i0O0EHBvPr/T2xsxxa2IJBV1Ls2wB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7b65ee8eee221ff332fa010b459b35e3ad3730797babe1869bfedbb7523a62bN

Files

f7b65ee8eee221ff332fa010b459b35e3ad3730797babe1869bfedbb7523a62bN
.exe windows:4 windows x64 arch:x64

a932451f51cabe7826a72de6f9df8885

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
memmove
fseek
fread
fclose
ftell
memcpy
log10
_wfopen
wcslen
wcscpy
wcscmp
wcscat
__iob_func
fgetc
vsprintf
sprintf
memcmp
_strdup
free
longjmp
_setjmp
_wcsdup
strcpy
wcsncmp
_wcsicmp
wcsncpy
_snwprintf
tolower
fabs
malloc
ceil
floor
pow
??3@YAXPEAX@Z
_wcsnicmp
setlocale
swscanf
wcsstr
realloc
_errno
calloc
fopen
toupper
perror
atan
fprintf
log
cos
sin
ldexp
qsort
exp
sqrt
exit
acos
frexp
memchr
modf
strerror
abort
atof
_gmtime64
fflush
ferror
remove
fwrite
getenv
sscanf
strchr
strstr
isxdigit
strncmp
isalpha
strtol
strncpy
strrchr
strpbrk
strtoul
_time64
_strtoi64
fgets
fputs
atoi
isspace
isdigit
_stricmp
_strnicmp
_read
_write
fputc
isalnum
_stat64
isupper
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
OpenProcess
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
CloseHandle
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
VirtualProtectEx
HeapDestroy
ExitProcess
FormatMessageW
LocalFree
LoadLibraryW
GetProcAddress
GetNativeSystemInfo
GetCurrentProcess
VirtualQueryEx
Process32FirstW
Process32NextW
GetLastError
TerminateProcess
HeapFree
TlsGetValue
HeapAlloc
TlsSetValue
TlsAlloc
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
GetCurrentThread
DuplicateHandle
CreateSemaphoreW
CreateThread
ReleaseSemaphore
LeaveCriticalSection
WaitForMultipleObjects
Sleep
FreeLibrary
GetCurrentProcessId
GetModuleFileNameW
CreatePipe
GetStdHandle
CreateProcessW
GetCommandLineW
PeekNamedPipe
ReadFile
HeapReAlloc
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
GetTickCount
WideCharToMultiByte
CreateFileW
DeleteFileW
WriteFile
GlobalLock
GlobalSize
MultiByteToWideChar
GlobalUnlock
GlobalAlloc
GlobalFree
GetVersionExW
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
CreateDirectoryW
SetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
CopyFileW
GetDriveTypeW
GetFileAttributesW
SetFilePointer
GetFileSize
HeapSize
MulDiv
TlsFree
DeleteCriticalSection
VerSetConditionMask
VerifyVersionInfoA
LoadLibraryA
SleepEx
ExpandEnvironmentStringsA
FormatMessageA

user32

GetForegroundWindow
GetWindowThreadProcessId
GetWindowLongPtrW
GetAsyncKeyState
GetKeyboardState
ShowWindow
SendMessageW
SetClassLongPtrW
RedrawWindow
GetDesktopWindow
GetWindow
GetWindowTextLengthW
GetWindowTextW
WindowFromPoint
FindWindowW
GetKeyNameTextW
MapVirtualKeyW
PeekMessageW
RegisterHotKey
UnregisterHotKey
MessageBoxW
DefWindowProcW
EnableWindow
DestroyWindow
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateWindowExW
SetWindowLongPtrW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
IsWindowVisible
EnumWindows
SetWindowPos
BeginPaint
EndPaint
SetWindowTextW
CallWindowProcW
RemovePropW
GetPropW
SetPropW
SetScrollPos
GetParent
GetDC
InflateRect
ReleaseDC
GetWindowDC
GetWindowRect
GetIconInfo
InvalidateRect
UpdateWindow
ReleaseCapture
DrawStateW
SetCapture
ScreenToClient
GetClientRect
FillRect
GetSysColor
GetSysColorBrush
SetRect
DrawTextW
GetWindowLongW
SetScrollInfo
GetScrollPos
MoveWindow
GetScrollRange
MapWindowPoints
ClientToScreen
GetFocus
GetClassNameW
EnumPropsExW
SetActiveWindow
DestroyIcon
RegisterClassW
AdjustWindowRectEx
GetMenu
IsZoomed
MsgWaitForMultipleObjects
GetActiveWindow
DefFrameProcW
EnumChildWindows
PostMessageW
GetKeyState
IsChild
RegisterWindowMessageW
EnumDisplaySettingsW
GetCursorPos
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

CreatePatternBrush
GetStockObject
ExcludeClipRect
GetObjectType
GetObjectW
DeleteObject
SetTextColor
SetBkColor
SelectObject
GetTextExtentPoint32W
CreateSolidBrush
GetDeviceCaps
CreateRectRgnIndirect
GetClipRgn
ExtSelectClipRgn
SelectClipRgn
CreateDCW
DeleteDC
CreateCompatibleDC
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateDIBSection
CreateBitmap
SetPixel
GetDIBits
BitBlt
CreateFontW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

ole32

CoInitialize
OleInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
RevokeDragDrop
OleCreate
OleSetContainedObject

shell32

ShellExecuteExW

ws2_32

WSAIoctl
getaddrinfo
freeaddrinfo

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
connect
select
__WSAFDIsSet
recv
WSAGetLastError
send
WSASetLastError
getsockopt
setsockopt
getpeername
getsockname
ntohs
gethostname
ntohl
htonl

winmm

timeBeginPeriod

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

uxtheme

SetWindowTheme

comctl32

InitCommonControlsEx

oleaut32

SysFreeString
SysAllocString
VariantInit
DispGetParam
VariantClear
SysStringLen

Sections

.code
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 691KB - Virtual size: 691KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 360KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a932451f51cabe7826a72de6f9df8885

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

shell32

ws2_32

wsock32

winmm

gdiplus

uxtheme

comctl32

oleaut32

Sections

.code Size: 207KB - Virtual size: 207KB

.text Size: 691KB - Virtual size: 691KB

.rdata Size: 136KB - Virtual size: 136KB

.pdata Size: 37KB - Virtual size: 36KB

_RDATA Size: 512B - Virtual size: 48B

.data Size: 360KB - Virtual size: 375KB

.rsrc Size: 73KB - Virtual size: 73KB

.code
Size: 207KB - Virtual size: 207KB

.text
Size: 691KB - Virtual size: 691KB

.rdata
Size: 136KB - Virtual size: 136KB

.pdata
Size: 37KB - Virtual size: 36KB

_RDATA
Size: 512B - Virtual size: 48B

.data
Size: 360KB - Virtual size: 375KB

.rsrc
Size: 73KB - Virtual size: 73KB