81b1519c961f3a755458d17700ad673a23b5ad9fb6eaf6b150a320921d9cb587

Sharing

Copy URL

Twitter E-mail

General

Target

81b1519c961f3a755458d17700ad673a23b5ad9fb6eaf6b150a320921d9cb587
Size

3.7MB
MD5

f03d5f46a5ddc0f5566e9ef986ea73d3
SHA1

0ab62819a6c50d062fa3eab6b31c4891198ef070
SHA256

81b1519c961f3a755458d17700ad673a23b5ad9fb6eaf6b150a320921d9cb587
SHA512

e4925d7a944f0f2397e5cc7d507cad937700a8abde8be668834492df455c5b63799ad5e3a94518b8b82d49fc2c3a0576e0971dd9d54ddd28178b3c448d53df45
SSDEEP

49152:Z5DNHI/59uMDwiMdQycjd25mPmRF2gGenHd/cb4mm30bCV7uUKTT8heQpwTI+8x6:hB9tR2en9/h8bV2wk+IC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81b1519c961f3a755458d17700ad673a23b5ad9fb6eaf6b150a320921d9cb587

Files

81b1519c961f3a755458d17700ad673a23b5ad9fb6eaf6b150a320921d9cb587
.exe windows:6 windows x86 arch:x86

162a41a8e26be2c8ee65791d5e430579

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getaddrinfo
gethostbyname
gethostbyaddr
sendto
recvfrom
inet_addr
bind
getpeername
WSAGetLastError
socket
shutdown
setsockopt
send
select
recv
getsockopt
ioctlsocket
connect
closesocket
accept
__WSAFDIsSet
inet_ntoa
htons
WSACleanup
WSAStartup
freeaddrinfo
gethostname

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringA
CertGetNameStringW
CryptMsgGetParam
CryptMsgClose
CryptQueryObject

kernel32

GetDiskFreeSpaceA
GetTempPathA
GetLocalTime
SystemTimeToFileTime
GetACP
SetConsoleCtrlHandler
GetCurrentDirectoryA
HeapFree
TerminateProcess
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetVersionExA
VirtualProtect
VirtualQuery
GetModuleFileNameA
GetModuleHandleA
SetLastError
GetSystemInfo
GetSystemDirectoryA
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
GetNativeSystemInfo
GetComputerNameA
IsBadReadPtr
GetModuleHandleExA
Sleep
Process32First
Process32Next
GetTickCount64
GlobalFree
CloseHandle
OpenThread
TlsAlloc
TlsGetValue
TlsFree
CreateToolhelp32Snapshot
Thread32First
Thread32Next
CreateDirectoryA
CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileSizeEx
RemoveDirectoryA
SetEndOfFile
SetFilePointer
WriteFile
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetProcessTimes
SwitchToThread
GetTickCount
MapViewOfFileEx
UnmapViewOfFile
GetProcAddress
LocalFree
FormatMessageA
CreateSemaphoreA
CreateFileMappingA
OpenProcess
GetSystemTimeAsFileTime
FormatMessageW
WideCharToMultiByte
FindFirstFileW
FindNextFileW
GetModuleHandleW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetFilePointerEx
SetFileTime
DeviceIoControl
GetWindowsDirectoryW
CreateDirectoryExW
AreFileApisANSI
MultiByteToWideChar
FreeLibrary
LoadLibraryA
GetEnvironmentVariableA
SetCurrentDirectoryA
GetFileAttributesA
GetFullPathNameA
GetSystemTime
FileTimeToSystemTime
GetTimeZoneInformation
GetCurrentThreadId
GetExitCodeProcess
CreateProcessA
GetStdHandle
DuplicateHandle
GetUserDefaultUILanguage
ExitThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DeleteFileA
IsWow64Process
GetProfileStringA
ReadFile
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetCPInfo
CreateThread
FreeLibraryAndExitThread
RaiseException
GetConsoleCP
InitializeCriticalSectionAndSpinCount
TlsSetValue
LoadLibraryExW
GetDateFormatW
GetCommandLineW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetStringTypeW
HeapReAlloc
HeapSize
IsValidCodePage
GetOEMCP
ReadConsoleW
GetModuleFileNameW
WriteConsoleW
EncodePointer
DecodePointer
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
LocalAlloc
MapViewOfFile
OpenFileMappingA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
SetEvent
ResetEvent
CreateEventA
OpenEventA
WaitForMultipleObjects
ProcessIdToSessionId
IsBadWritePtr
OpenSemaphoreA
FlushInstructionCache
GetVersion
LockFile
UnlockFile
IsBadStringPtrA
IsBadStringPtrW
GetDriveTypeA
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
GetThreadContext
GetLogicalDrives
GetOverlappedResult
CreateEventW
EnumSystemFirmwareTables
GetSystemFirmwareTable
OpenMutexA
WaitForSingleObjectEx
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetExitCodeThread
SetThreadContext
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapCreate
GetConsoleMode
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
FindFirstFileExW
GetCommandLineA
GetTimeFormatW

user32

DispatchMessageA
wsprintfA
TranslateMessage
PeekMessageA
CallMsgFilterA
EnumDisplayDevicesA
MessageBoxA
MessageBoxW
DrawMenuBar
GetSystemMenu
AppendMenuA
LoadStringA
CharUpperBuffA
CharLowerBuffA
GetSystemMetrics

shell32

ShellExecuteExA

advapi32

GetSecurityDescriptorSacl
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetUserNameA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegSetValueExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegDeleteKeyA
RegFlushKey
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceStatus
StartServiceA
QueryServiceStatusEx
RegQueryValueExA

psapi

GetModuleFileNameExA

powrprof

PowerReadFriendlyName

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration

wintrust

WinVerifyTrust

Sections

__wibu00
Size: 682KB - Virtual size: 682KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu01
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu02
Size: 18KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 641KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu03
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

__wibu04
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu05
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu06
Size: 107KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu07
Size: 116KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

162a41a8e26be2c8ee65791d5e430579

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

kernel32

user32

shell32

advapi32

psapi

powrprof

version

winhttp

wintrust

Sections

__wibu00 Size: 682KB - Virtual size: 682KB

__wibu01 Size: 155KB - Virtual size: 154KB

__wibu02 Size: 18KB - Virtual size: 22KB

.rsrc Size: 641KB - Virtual size: 640KB

__wibu03 Size: 66KB - Virtual size: 65KB

__wibu04 Size: 2.0MB - Virtual size: 2.0MB

__wibu05 Size: 8KB - Virtual size: 12KB

__wibu06 Size: 107KB - Virtual size: 120KB

__wibu07 Size: 116KB - Virtual size: 120KB

__wibu00
Size: 682KB - Virtual size: 682KB

__wibu01
Size: 155KB - Virtual size: 154KB

__wibu02
Size: 18KB - Virtual size: 22KB

.rsrc
Size: 641KB - Virtual size: 640KB

__wibu03
Size: 66KB - Virtual size: 65KB

__wibu04
Size: 2.0MB - Virtual size: 2.0MB

__wibu05
Size: 8KB - Virtual size: 12KB

__wibu06
Size: 107KB - Virtual size: 120KB

__wibu07
Size: 116KB - Virtual size: 120KB