84a7bf477fac09db5cc2de6d0fc2656fbb0c231a9e78a0d0aa9d544f086e0ed9

Sharing

Copy URL

Twitter E-mail

General

Target

84a7bf477fac09db5cc2de6d0fc2656fbb0c231a9e78a0d0aa9d544f086e0ed9
Size

635KB
MD5

1e8f9294c116a5da25a1f95a835dd9f3
SHA1

38ded47253ae180c1579cb46af761f19c04965e0
SHA256

84a7bf477fac09db5cc2de6d0fc2656fbb0c231a9e78a0d0aa9d544f086e0ed9
SHA512

3c82f02fe2e5a0d57104704424cc60711d238bcd056cad743b52c040565e2be7693b125ceaa91529514d2169130723340d79115ccff6ce4491ec0ab70f929d85
SSDEEP

12288:zRT3gXQB9CFVfzOpCgZyABkY+BmARfIiF/rmF7H7CVYlOF7b/lkBmLb:1T3gXQB9CX7Op3/BufjRa97CjF7bdD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84a7bf477fac09db5cc2de6d0fc2656fbb0c231a9e78a0d0aa9d544f086e0ed9

Files

84a7bf477fac09db5cc2de6d0fc2656fbb0c231a9e78a0d0aa9d544f086e0ed9
.exe windows:5 windows x86 arch:x86

965b42b175ceb9f42820432638a33620

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
CreateProcessW
CreateFileW
SetFilePointer
WriteFile
GetTempPathW
GetFileAttributesW
GetModuleFileNameW
GetCurrentDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFree
VerifyVersionInfoW
VerSetConditionMask
FreeLibrary
SetErrorMode
FormatMessageW
WriteConsoleW
FlushConsoleInputBuffer
WaitForSingleObject
PeekConsoleInputW
ReadConsoleInputW
GetStdHandle
GetConsoleMode
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentThreadId
CreateThread
InitializeCriticalSectionAndSpinCount
TerminateProcess
DecodePointer
DeleteCriticalSection
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapSize
GetProcessHeap
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetModuleHandleExW
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
CloseHandle
SetSearchPathMode
SetDllDirectoryW
GetSystemDirectoryW
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
CompareStringW
GetLastError
InterlockedIncrement
RaiseException
InterlockedDecrement
GetCommandLineW
GetCommandLineA
RtlUnwind
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
SetLastError
EncodePointer
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar

user32

MonitorFromPoint
GetMonitorInfoW
GetProcessWindowStation
GetSystemMetrics
PostThreadMessageW
MessageBoxW
TranslateMessage
DispatchMessageW
SetTimer
LoadCursorW
GetUserObjectInformationW
GetCursorInfo
GetMessageW
LoadIconW
DestroyWindow
GetGUIThreadInfo
KillTimer
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetAncestor
IsWindowVisible
EnumThreadWindows
SetWindowPos
UpdateLayeredWindow
CreateWindowExW
RegisterClassExW
IsWindow

gdi32

CreateCompatibleDC
DeleteObject
CreateDIBSection
DeleteDC
GetDeviceCaps
CreateDCW
SelectObject

advapi32

RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
CreateErrorInfo
GetErrorInfo
SafeArrayRedim
SafeArrayUnlock
SafeArrayCopy
SafeArrayLock
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetVartype
SetErrorInfo

gdiplus

GdipCloneBrush
GdipCreateSolidFill
GdipCreateHatchBrush
GdipCreateFromHDC
GdipAlloc
GdiplusShutdown
GdipDeleteBrush
GdipFillRectangleI
GdipDeleteGraphics
GdipFree
GdiplusStartup

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

965b42b175ceb9f42820432638a33620

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

Sections

.text Size: 206KB - Virtual size: 206KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 318KB - Virtual size: 317KB

.text
Size: 206KB - Virtual size: 206KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 318KB - Virtual size: 317KB