9f192763f3fad8f3f9944bd7d29824f5c6319dc1adf15036019fd33783bb898eN

Sharing

Copy URL

Twitter E-mail

General

Target

9f192763f3fad8f3f9944bd7d29824f5c6319dc1adf15036019fd33783bb898eN
Size

209KB
MD5

bb18d7f28135589c7f56e54e76dc3130
SHA1

0ae95b21242486b866fd986d7c5608330ba8e2c0
SHA256

9f192763f3fad8f3f9944bd7d29824f5c6319dc1adf15036019fd33783bb898e
SHA512

fb964de784866fa6042aade0a25514bcc184b2103a17eb5a86904d76c165e34f986e1cc8060486fce8fd4c400d0fdc3d4f4dfaeab8d4e4ad9f9a6d621fc2f4f1
SSDEEP

3072:GEdOQzZnx6OJPa0UVKS1DNB4jQVckmFP5GTBiRw0OZ9pB05OZalrl7Sy+uwY4d:PzZnx68OKSOjQ7m+TUWzpm5aSxTXw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f192763f3fad8f3f9944bd7d29824f5c6319dc1adf15036019fd33783bb898eN

Files

9f192763f3fad8f3f9944bd7d29824f5c6319dc1adf15036019fd33783bb898eN
.exe windows:2 windows x86 arch:x86

027de4cef9567f983d595e803fb3f00c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
lstrcatW
FreeResource
EnumTimeFormatsW
GetModuleFileNameW
GetWindowsDirectoryA
SetCalendarInfoA
EndUpdateResourceW
DisconnectNamedPipe
lstrcmpiA
MoveFileW
GetModuleHandleA
GetSystemDefaultLCID
GetExitCodeThread
CreateMailslotA
lstrcat
GetSystemTime
BeginUpdateResourceW
GetCPInfo
GetCurrentThread
lstrcmpA
ConnectNamedPipe
CompareStringA
GetTempFileNameA
GetLongPathNameW
GetModuleFileNameA
EnumCalendarInfoW
OpenEventA
CreateSemaphoreA
Beep
OpenEventW
RaiseException
CreatePipe
FindAtomW
LoadLibraryA
LocalFree
GetProcAddress
FatalAppExitW
GlobalGetAtomNameA
GetLogicalDriveStringsA
QueryPerformanceFrequency
GetVersionExA
FindResourceW
GetFullPathNameA
GetAtomNameW
GetTimeFormatA
GetSystemDirectoryA
GetTempFileNameW
IsBadStringPtrW

user32

GetWindowTextLengthA
PostQuitMessage
GetClassInfoExA
DialogBoxIndirectParamA
GetMenuItemRect
EnumDesktopsW
CreateDialogIndirectParamW
ActivateKeyboardLayout
WaitForInputIdle
GetSysColor
RemoveMenu
ChildWindowFromPoint
EnumDesktopsW
ShowCaret
GetWindowLongW
CloseWindow
OpenClipboard
IsDlgButtonChecked
CreateDesktopA
GetParent
GetClassLongW
CreateCaret
SetWindowRgn
GetWindowLongA
CreateWindowExA
PeekMessageA
EnableMenuItem
EnableWindow
MessageBoxW
LoadIconA
RegisterClassExA
CreateDesktopW
PostMessageA
CreateDialogParamW
GetDlgItemTextA
GetScrollPos
CharLowerW
GetWindowTextLengthW
CascadeWindows
LoadIconW
GetSystemMetrics
SendDlgItemMessageA
EnumWindows
InsertMenuA

gdi32

GetTextExtentPointW
CreatePatternBrush
CreateColorSpaceW
GetICMProfileA
ExtEscape
UnrealizeObject
GdiGetBatchLimit
SetTextColor
GetICMProfileW
GetCharABCWidthsW
ArcTo
UpdateColors
StartDocA
CreateBitmap
CreateEnhMetaFileA
UpdateICMRegKeyA
GetSystemPaletteUse

advapi32

RegQueryInfoKeyW
RegCloseKey
RegRestoreKeyW
RegFlushKey
RegEnumValueW
RegCreateKeyA

shlwapi

IntlStrEqWorkerA
PathIsContentTypeW
UrlCompareA
PathUnmakeSystemFolderW

version

VerInstallFileA
VerLanguageNameA

wininet

FindFirstUrlCacheContainerW
FtpSetCurrentDirectoryA
CommitUrlCacheEntryA
HttpAddRequestHeadersW
CommitUrlCacheEntryW
InternetSetCookieExW
FtpGetFileSize
InternetAlgIdToStringA
IsUrlCacheEntryExpiredW
FtpRenameFileA
GetUrlCacheGroupAttributeA
InternetOpenUrlW
InternetQueryFortezzaStatus
ShowX509EncodedCertificate
InternetTimeFromSystemTimeA
InternetGetConnectedStateEx

urlmon

ReleaseBindInfo
HlinkGoBack
AsyncGetClassBits
DllCanUnloadNow
CoInstall
DllUnregisterServer
GetSoftwareUpdateInfo

winspool.drv

AddPrinterW
SetPrinterDataW

oledlg

OleUIInsertObjectA
OleUIEditLinksW
OleUIPasteSpecialA
OleUIChangeIconW
OleUICanConvertOrActivateAs
OleUIChangeSourceW
OleUIAddVerbMenuW
OleUIPromptUserA
OleUIConvertW
OleUIEditLinksA

wsock32

WSAStartup

crypt32

I_CryptGetTls
CertGetPublicKeyLength
CryptRegisterOIDInfo
CertDuplicateCertificateContext
CertFindChainInStore
CryptProtectData
I_CertSrvProtectFunction
CertAddEncodedCTLToStore
CryptDecodeMessage

Sections

.edata
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 36KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

027de4cef9567f983d595e803fb3f00c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

version

wininet

urlmon

winspool.drv

oledlg

wsock32

crypt32

Sections

.edata Size: 1KB - Virtual size: 14KB

.rdata Size: 19KB - Virtual size: 18KB

.edata Size: 1KB - Virtual size: 36KB

.rdata Size: 5KB - Virtual size: 5KB

.rdata Size: 1KB - Virtual size: 16KB

.edata Size: 1024B - Virtual size: 40KB

.data Size: 5KB - Virtual size: 9KB

.edata Size: 1024B - Virtual size: 10KB

.rsrc Size: 171KB - Virtual size: 170KB

.reloc Size: 1024B - Virtual size: 32KB

.edata
Size: 1KB - Virtual size: 14KB

.rdata
Size: 19KB - Virtual size: 18KB

.edata
Size: 1KB - Virtual size: 36KB

.rdata
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 16KB

.edata
Size: 1024B - Virtual size: 40KB

.data
Size: 5KB - Virtual size: 9KB

.edata
Size: 1024B - Virtual size: 10KB

.rsrc
Size: 171KB - Virtual size: 170KB

.reloc
Size: 1024B - Virtual size: 32KB