87821bac5a914ac81797fadd6c78f559a3c1b3682ab5b732230fc1f3a49f7582

Sharing

Copy URL Twitter E-mail

General

Target

87821bac5a914ac81797fadd6c78f559a3c1b3682ab5b732230fc1f3a49f7582
Size

888KB
MD5

58dfb1abd0830b1cd6f9f7dc019a779b
SHA1

292c3e70a9cac93b546c9e236560a0e2b3477d54
SHA256

87821bac5a914ac81797fadd6c78f559a3c1b3682ab5b732230fc1f3a49f7582
SHA512

eef0a81f99dc1ad636905e3e9783fd3efc62784e2e6a71100e926b27ab4510a09f2e34bda87cd84cb07b69ffb58994323e0c4008546e1b015d1fa8979e78c244
SSDEEP

24576:jTMQLHzpjWy2jX7MQkZ5Pdjmj7JZII4rYBa:kQLH9jWzjIQkzPlmj7nZa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87821bac5a914ac81797fadd6c78f559a3c1b3682ab5b732230fc1f3a49f7582

Files

87821bac5a914ac81797fadd6c78f559a3c1b3682ab5b732230fc1f3a49f7582
.exe windows:6 windows x86 arch:x86

68d1a492e44a93c14d4a0a8088fdd18e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\wConfigDM\Release\tg_tools.pdb

Imports

kernel32

GlobalFlags
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FileTimeToLocalFileTime
GetFileAttributesExA
GetFileSizeEx
GetFileTime
SetErrorMode
GetOEMCP
GetCPInfo
GetUserDefaultLCID
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
SystemTimeToTzSpecificLocalTime
LocalAlloc
GlobalGetAtomNameA
WriteConsoleW
GlobalFindAtomA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MoveFileExW
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
HeapQueryInformation
VirtualQuery
GetSystemInfo
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FindNextFileW
FindFirstFileExW
RtlUnwind
GetStringTypeW
CompareStringEx
LCMapStringEx
RaiseException
OutputDebugStringW
lstrcmpW
GetSystemDirectoryW
EncodePointer
GetThreadLocale
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
CreateFileA
FormatMessageA
MulDiv
LocalFree
GetCurrentProcessId
GlobalAddAtomA
CompareStringA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
LoadLibraryExW
GetModuleFileNameA
GetVersionExA
GetCurrentThread
GetCurrentThreadId
FindResourceA
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetLastError
GetACP
MoveFileExA
GetWindowsDirectoryA
GetTickCount64
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
SetFileAttributesA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapSize
HeapReAlloc
DecodePointer
FileTimeToSystemTime
GetPrivateProfileIntA
MoveFileA
OpenMutexA
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetFileAttributesA
CreateDirectoryA
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
FindResourceW
SizeofResource
LockResource
LoadResource
GetTickCount
GetLocalTime
OpenProcess
CreateProcessA
TerminateThread
CreateThread
TerminateProcess
GetCurrentProcess
Sleep
GetLastError
CloseHandle
OutputDebugStringA
RemoveDirectoryA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
GetCurrentDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualProtect
VirtualAlloc
GetProcessHeap
HeapFree
CreateFileW
HeapAlloc

user32

DestroyMenu
MessageBeep
GetNextDlgGroupItem
IsRectEmpty
IntersectRect
InvalidateRgn
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
InvalidateRect
KillTimer
LoadCursorA
GetSysColorBrush
RealChildWindowFromPoint
IsDialogMessageA
SetWindowTextA
SetDlgItemTextA
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
LoadIconA
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
SendMessageA
PostMessageA
IsIconic
SetTimer
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
GetScrollPos
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
RegisterClipboardFormatA
PostThreadMessageA
SetFocus
GetDlgCtrlID
GetTopWindow
EnableWindow
GetSystemMetrics
DrawIcon
GetClientRect
MessageBoxA
SetParent
GetWindowThreadProcessId
LoadIconW
GetGUIThreadInfo
SetRect
UnregisterClassA
wsprintfA
GetDesktopWindow
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetParent
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
IsWindow
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongA
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
IsWindowVisible
GetWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
PostQuitMessage
SetCursor
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
UnhookWindowsHookEx
CharUpperA
GetMenuItemCount
GetMenuItemID
GetSubMenu
CopyRect
ReleaseDC
GetDC
GetLastActivePopup
SetWindowPos
SetWindowContextHelpId
MapDialogRect

gdi32

OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetBkColor
GetTextColor
GetRgnBox
SetWindowExtEx
GetMapMode
SetViewportOrgEx
SetViewportExtEx
ExtTextOutA
TextOutA
GetObjectA
GetViewportExtEx
SetTextColor
SetMapMode
SetBkColor
SelectObject
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetWindowExtEx
DeleteDC
CreateBitmap
CreateRectRgnIndirect
GetDeviceCaps
DeleteObject
Escape
GetClipBox
GetStockObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteValueA
AdjustTokenPrivileges
RegEnumValueA
RegQueryValueA
RegEnumKeyA
OpenProcessToken
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
CreateProcessAsUserA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
LookupPrivilegeValueA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
UrlUnescapeA
PathRemoveFileSpecW
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathIsDirectoryA
StrToIntA

ole32

OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoInitializeEx
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoCreateGuid
CoUninitialize
CoInitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

VariantChangeType
OleCreateFontIndirect
SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantClear
VariantCopy
VariantInit
SysAllocStringLen
SysAllocStringByteLen
GetErrorInfo
SysFreeString

oledlg

ord8

urlmon

URLDownloadToFileA

wininet

InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetQueryOptionA
InternetSetOptionA
InternetGetLastResponseInfoA
InternetSetStatusCallback
InternetReadFile
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
DeleteUrlCacheEntryA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetOpenA
InternetCloseHandle
InternetConnectA

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 617KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68d1a492e44a93c14d4a0a8088fdd18e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

wininet

oleacc

Sections

.text Size: 617KB - Virtual size: 616KB

.rdata Size: 134KB - Virtual size: 134KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 84KB - Virtual size: 83KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 617KB - Virtual size: 616KB

.rdata
Size: 134KB - Virtual size: 134KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 84KB - Virtual size: 83KB

.reloc
Size: 39KB - Virtual size: 39KB