64f1289361b76b11ab2a3a07b97c39abb5e706a9f25d998cde823db8c480550fN

Sharing

Copy URL Twitter E-mail

General

Target

64f1289361b76b11ab2a3a07b97c39abb5e706a9f25d998cde823db8c480550fN
Size

2.7MB
MD5

7f142477ae7b901db9a0538c6902dd80
SHA1

27c6c1afeedcbee86ffbb155e99821577505ffe1
SHA256

64f1289361b76b11ab2a3a07b97c39abb5e706a9f25d998cde823db8c480550f
SHA512

a43cd3afb9c56fce093c3239f0bada9648301ae88353258920f871f246ff022500b66fb40a870298a29d014d64c413e0aa8cfc747205275772ea539d1927fdd3
SSDEEP

49152:jIYTXVEDgq4EuuIDGgQSLXxN9ncJnay3x:8oQJfUDXxN9cJak

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64f1289361b76b11ab2a3a07b97c39abb5e706a9f25d998cde823db8c480550fN

Files

64f1289361b76b11ab2a3a07b97c39abb5e706a9f25d998cde823db8c480550fN
.exe windows:4 windows x86 arch:x86

1457f27de5cbf44d7b173d9668aef7aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetUserDefaultLCID
WideCharToMultiByte
MoveFileA
RemoveDirectoryA
FindClose
FindFirstFileA
FindNextFileA
ReadFile
WriteFile
SetFilePointer
SetCurrentDirectoryA
IsBadReadPtr
HeapReAlloc
ExitProcess
CreateIoCompletionPort
OpenFileMappingA
CreateFileMappingA
SetFileAttributesA
GetQueuedCompletionStatus
SetStdHandle
IsBadCodePtr
PostQueuedCompletionStatus
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
RtlUnwind
GetCommandLineA
GetStartupInfoA
GetOEMCP
GetCPInfo
FlushFileBuffers
GetProcessVersion
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
InterlockedIncrement
InterlockedDecrement
GlobalFlags
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
SetErrorMode
OpenThread
SuspendThread
ResumeThread
CloseHandle
GetTempPathA
CreateThread
RtlMoveMemory
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
MulDiv
FindResourceA
SizeofResource
LoadResource
GetSystemInfo
GetLocalTime
GetDateFormatA
GetTimeFormatA
LockResource
CreateDirectoryA
WaitForSingleObject
OutputDebugStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetPrivateProfileSectionA
GetLogicalDriveStringsA
GetDriveTypeA
GetModuleHandleA
Sleep
GetFileSize
CreateRemoteThread
GetExitCodeThread
VirtualFreeEx
TerminateProcess
CreateFileA
DeleteFileA
CopyFileA
MultiByteToWideChar
GetCurrentThreadId
lstrcatA
lstrlenA
lstrcmpiA
lstrcpyA
GetCurrentProcess
CreateProcessA
ReadProcessMemory
VirtualAllocEx
GetStringTypeW
WriteProcessMemory
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
LocalSize
GlobalSize
DeleteTimerQueueTimer
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
GetFileAttributesA
GetTickCount
GetModuleFileNameA
GetLastError

ws2_32

WSASocketA
recv
send
closesocket
WSACleanup
WSAGetLastError
select
WSAStartup
WSAConnect
ioctlsocket
htons
inet_addr
setsockopt
WSAIoctl

user32

GetClassNameA
SetFocus
EnumDisplaySettingsA
ChangeDisplaySettingsA
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
LoadImageA
GetCursorPos
DrawTextA
KillTimer
SetTimer
GetDialogBaseUnits
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CreateDialogParamA
DialogBoxParamA
GetClassInfoExA
RegisterClassExA
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
IsZoomed
GetWindowLongA
IsWindow
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
GetLastActivePopup
PeekMessageA
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
PtInRect
GetWindow
ClientToScreen
TabbedTextOutA
GrayStringA
IsDialogMessageA
GetWindowPlacement
SystemParametersInfoA
GetForegroundWindow
GetMessagePos
GetMessageTime
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
SetActiveWindow
MapWindowPoints
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
CreateDialogIndirectParamA
GetSysColor
GetDlgItem
GetFocus
GetWindowRect
GetParent
ScreenToClient
InvalidateRect
ValidateRect
UpdateWindow
MoveWindow
SetWindowPos
SetParent
IsWindowVisible
CreateWindowExA
DestroyCursor
PostQuitMessage
DestroyIcon
TrackMouseEvent
SetCursor
DefMDIChildProcA
DestroyWindow
EndDialog
GetClientRect
DefWindowProcA
GetAsyncKeyState
EndPaint
BeginPaint
GetDlgCtrlID
CallWindowProcA
ReleaseDC
GetDC
CopyIcon
CopyImage
SendMessageA
GetSystemMetrics
SetLayeredWindowAttributes
LoadIconA
PostMessageA
SetWindowLongA
LoadCursorA
IsIconic

shell32

SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolder
SHGetPathFromIDList
SHGetMalloc
DragQueryFileA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
DragAcceptFiles
Shell_NotifyIconA
DragFinish

shlwapi

PathFindFileNameA
PathIsDirectoryA
PathFileExistsA

dbghelp

MakeSureDirectoryPathExists

ole32

CoTaskMemFree
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
OleRun
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromString

oleaut32

VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
OleLoadPicture

gdi32

SetBkMode
SetTextColor
CreatePatternBrush
CreateSolidBrush
StretchBlt
CreateRoundRectRgn
CombineRgn
ExtCreateRegion
CreateCompatibleBitmap
SelectObject
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
GetDeviceCaps
FillRgn
FrameRgn
BitBlt
SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

wininet

InternetOpenUrlA
InternetOpenA
DeleteUrlCacheEntry
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

urlmon

URLDownloadToFileA

comctl32

ImageList_Create
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_BeginDrag
ImageList_Draw
ImageList_Read
ImageList_Write
ImageList_GetImageInfo
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_SetIconSize
ImageList_GetIcon
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_Duplicate
ImageList_Copy
ImageList_AddMasked
ImageList_Add
ImageList_GetIconSize
ImageList_AddIcon
ImageList_Destroy
ord17
InitCommonControlsEx

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyExA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

oledlg

ord8

Sections

.text
Size: 412KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1457f27de5cbf44d7b173d9668aef7aa

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

shell32

shlwapi

dbghelp

ole32

oleaut32

gdi32

wininet

urlmon

comctl32

winspool.drv

advapi32

oledlg

Sections

.text Size: 412KB - Virtual size: 410KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 196KB - Virtual size: 255KB

.rsrc Size: 32KB - Virtual size: 30KB

.text
Size: 412KB - Virtual size: 410KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 196KB - Virtual size: 255KB

.rsrc
Size: 32KB - Virtual size: 30KB