0000599cbc6e5b0633c5a6261c79e4d3d81005c77845c6b0679d854884a8e02f

Sharing

Copy URL

Twitter E-mail

General

Target

0000599cbc6e5b0633c5a6261c79e4d3d81005c77845c6b0679d854884a8e02f
Size

597KB
MD5

20d9fa474fa2628a6abe5485d35ee7e0
SHA1

a28af73bcfd4ebe2fe29242c07fec15e0578ec8a
SHA256

0000599cbc6e5b0633c5a6261c79e4d3d81005c77845c6b0679d854884a8e02f
SHA512

2301c6c44797d16067e2b8e0336e897929de071246d87d54f88ec9c4f217bcb2f1388837fb9f3f5a915a0f0b3651dd93b3ed13c6ce85e7dd33dd957ade571387
SSDEEP

12288:mm0+bjvfBp6pOcQmqtPxGKw3genar9XW6Y:Awn6UcQmEPx2wem9XWf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0000599cbc6e5b0633c5a6261c79e4d3d81005c77845c6b0679d854884a8e02f

Files

0000599cbc6e5b0633c5a6261c79e4d3d81005c77845c6b0679d854884a8e02f
.exe windows:3 windows x86 arch:x86

398e9ee1d2ad96bbaef7485e480d685a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadWritePtr
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalReAlloc
MultiByteToWideChar
OpenEventW
OpenProcess
OpenSemaphoreA
OpenSemaphoreW
ProcessIdToSessionId
ReadFile
ReleaseMutex
ReleaseSemaphore
ResetEvent
SearchPathW
SetConsoleCtrlHandler
SetConsoleDisplayMode
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetErrorMode
InitializeCriticalSection
SetFileAttributesW
SetFilePointer
SetLastError
SetProcessAffinityMask
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VerLanguageNameA
VirtualProtect
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
WriteFileGather
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpynW
lstrlenW
GetDriveTypeA
GetCurrentProcessId
HeapLock
Heap32ListFirst
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTimeFormatW
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetSystemPowerStatus
GetSystemInfo
GetStartupInfoW
GetProcessTimes
GetProcAddress
GetPrivateProfileSectionW
GetPrivateProfileIntA
GetPriorityClass
GetNumberOfConsoleInputEvents
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileType
GetFileSize
GetFileInformationByHandle
GetFileAttributesW
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableW
GetDriveTypeW
GetDateFormatW
GetCurrentThread
GetCurrentProcess
GetCurrentDirectoryW
GetComputerNameW
GetComputerNameExW
GetComputerNameExA
GetCommandLineW
FreeLibrary
FormatMessageW
FormatMessageA
FindResourceExW
FindResourceExA
FindNextFileW
FindNextChangeNotification
FindFirstVolumeW
FindFirstFileW
FindFirstFileA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
FindCloseChangeNotification
FindClose
FillConsoleOutputCharacterW
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DuplicateHandle
DeleteFileW
DeleteCriticalSection
DeleteAtom
CreateWaitableTimerW
CreateThread
CreateSemaphoreW
CreateProcessW
CreateProcessA
CreateMutexW
CreateMailslotA
CreateJobObjectA
CreateHardLinkW
CreateFileW
CreateEventW
CreateDirectoryW
CompareFileTime
CloseHandle
CancelWaitableTimer
SetEvent
BuildCommDCBA

user32

DestroyIcon
WinHelpW
VkKeyScanW
VkKeyScanExA
UpdateWindow
TranslateMessage
ShowWindow
SetWindowsHookW
SetWindowLongW
SetUserObjectSecurity
SetUserObjectInformationA
SetTimer
SetProcessWindowStation
SetForegroundWindow
SetFocus
SetDlgItemTextW
SetDlgItemTextA
SendMessageW
SendMessageTimeoutA
SendDlgItemMessageW
ScreenToClient
ReleaseDC
RegisterWindowMessageW
RegisterDeviceNotificationW
RegisterClassW
RealGetWindowClassA
PostQuitMessage
PostMessageW
PaintDesktop
OemToCharW
MessageBoxW
MessageBoxA
MessageBeep
MapVirtualKeyW
LookupIconIdFromDirectoryEx
LoadStringW
LoadStringA
LoadImageW
LoadIconW
LoadCursorW
KillTimer
IsWindowUnicode
IsDlgButtonChecked
IsDialogMessageW
IsCharAlphaW
HiliteMenuItem
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowLongW
GetSystemMenu
GetSysColorBrush
GetParent
GetNextDlgGroupItem
GetMessageW
GetMenuInfo
GetDlgItemTextW
GetDlgItem
GetDlgCtrlID
GetDC
GetCursorPos
GetCursor
GetComboBoxInfo
GetClipboardViewer
FrameRect
FlashWindowEx
EnumWindows
EnumThreadWindows
EnumPropsExW
EnumChildWindows
EndDialog
EnableWindow
DrawTextW
DrawFocusRect
DialogBoxParamW
DestroyWindow
DefWindowProcW
DefDlgProcW
DdeUnaccessData
CreateWindowStationW
CreateWindowExW
CreatePopupMenu
CreateDialogParamW
CreateDialogIndirectParamW
CreateDesktopW
CopyImage
CloseWindowStation
CloseDesktop
ClientToScreen
ChildWindowFromPoint
CallWindowProcW
AppendMenuW
AnyPopup
DispatchMessageW

gdi32

SetROP2
SelectObject
ResetDCA
DPtoLP
GetTextExtentPointW
GetStockObject
GetBitmapBits
GdiEntry2
GdiAddGlsRecord
EudcUnloadLinkW
EngFreeModule
EngCreateClip
EngAcquireSemaphore
GetTextMetricsW

comdlg32

GetOpenFileNameW

advapi32

InitializeAcl
RegOpenKeyW
StartServiceCtrlDispatcherW
SetServiceStatus
SetSecurityDescriptorDacl
SetFileSecurityW
RevertToSelf
AddAce
AllocateAndInitializeSid
ClearEventLogW
CloseEventLog
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CopySid
CreateProcessAsUserW
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptGenKey
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptSignHashW
DeregisterEventSource
DuplicateToken
FreeSid
GetFileSecurityW
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetUserNameW
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
IsTextUnicode
IsValidSid
LogonUserW
LookupAccountNameW
LookupAccountSidW
LsaAddAccountRights
LsaClose
LsaFreeMemory
LsaOpenPolicy
LsaQueryInformationPolicy
LsaRetrievePrivateData
LsaStorePrivateData
OpenEventLogW
OpenProcessToken
OpenThreadToken
ReadEventLogW
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
ReportEventW
RegSetValueExW
RegisterEventSourceW
RegisterServiceCtrlHandlerExW

shell32

ShellAboutW
SHGetPathFromIDListW
SHGetFolderPathW
SHChangeNotify
SHBrowseForFolderW
FindExecutableW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

shlwapi

PathFindExtensionW

msvcrt

_wmakepath
wprintf
wcsspn
wcsrchr
_XcptFilter
__getmainargs
__initenv
__p___initenv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm
_itow
_purecall
_snwprintf
_ultow
_vsnprintf
_vsnwprintf
_wcsicmp
_wcsnicmp
_wcsrev
_wgetcwd
_wsplitpath
_wtoi
_wtol
calloc
exit
free
isdigit
isprint
malloc
memmove
rand
realloc
sprintf
strchr
swprintf
swscanf
tolower
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncpy
wcspbrk

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

398e9ee1d2ad96bbaef7485e480d685a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

msvcrt

Sections

.text Size: 326KB - Virtual size: 326KB

.rdata Size: 254KB - Virtual size: 253KB

.data Size: 6KB - Virtual size: 5KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 326KB - Virtual size: 326KB

.rdata
Size: 254KB - Virtual size: 253KB

.data
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 7KB - Virtual size: 6KB