e8b792e11ad8ae3309963856cb4782152d870e720faf1d053d846f3ae534d2a0

Sharing

Copy URL

Twitter E-mail

General

Target

e8b792e11ad8ae3309963856cb4782152d870e720faf1d053d846f3ae534d2a0
Size

585KB
MD5

bf35967809bce9dfdf636f55e13685b0
SHA1

75fb0a20517972b611c40fb0ebf2c2278141ee27
SHA256

e8b792e11ad8ae3309963856cb4782152d870e720faf1d053d846f3ae534d2a0
SHA512

87cb15a65e73b7fb2a5cff6f008b28231d7f5551a2a1776c69cd050e1f76c8c0626a657fd4579164f0c492cd3e6ce39bcd7217617514b53e78e81d0d95b6ef98
SSDEEP

12288:vocAHzfdBuh0PBGEhq6FJxJ/3UEoiMx0:ZAT1BWEtBVUNiM2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
e8b792e11ad8ae3309963856cb4782152d870e720faf1d053d846f3ae534d2a0

Files

e8b792e11ad8ae3309963856cb4782152d870e720faf1d053d846f3ae534d2a0
.dll regsvr32 windows:6 windows x64 arch:x64

bf309f28e2e75a572eb2f2244be62b26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA
InvalidateRect
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
RegisterClassExW
LoadStringW
ShowWindow
DispatchMessageW
SetGestureConfig
GetGestureInfo
TranslateAcceleratorW
TranslateMessage
LoadCursorW
PostQuitMessage
UpdateWindow
BeginPaint
EndPaint
CloseGestureInfoHandle
ScreenToClient

gdi32

Polyline
LineTo
CreatePen
MoveToEx
DeleteObject
SelectObject

ole32

CoLoadLibrary

crypt32

CryptStringToBinaryA

kernel32

GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
GetFileSizeEx
WriteConsoleW
SetConsoleCtrlHandler
GetFileType
GetStdHandle
GetProcessHeap
EnumSystemLocalesW
SetFilePointerEx
ReadFile
ReadConsoleW
OutputDebugStringW
CreateFileW
HeapSize
CloseHandle
GetUserDefaultLCID
IsValidLocale
GetStringTypeW
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetCurrentThread
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW

Exports

Exports

ACKZMHIObnaQHKwlzPq
AOVudbyKxJVZeQMXsOLO
AYyJBXGifeSEtCQk
AhOoclQccPuG
BkVECfpqiLatpcAjjeEXOZfyXY
Bnyskkwd
BwmAydmTqsNeDELdYUdLwTih
CYNaQxtMawBMSIzdZWbTGpErba
ConsmUhFFyb
CzQwMEDCqCtUXGrJoKOLql
DJCyeSXwKMnRyfbsSLCKxPpa
DWugusOEsHPtXKgDd
DfOfLuSCMIvgQaJYk
DfkbPshiZaYhOSaqjIqPzONzY
DllRegisterServer
DnmCJIXEMkYokzeRRfG
EKbIjoXzthxYq
EWsrDBYLifLIKCx
EYRKsLUkgMAWuxrfaIJmSgUBLc
EfTrrBRRqguoDIjHNVAsJ
EfiQnj
FHJZnjTrtY
FNDTVN
FPWBMLNUrKgqAM
FSOTatWmqbOxAfLsjwDimOJuI
FVrtzByTqOLDyxlp
FWyuZZnJq
FbRCkW
FtrghRYdy
FunHXBytaEElTSmUSQaxzW
FyjmimNSHaN
GFvfuuOTsiXRZem
GQuEvZTMELOxgCfrdhLu
GTAOBqoXXNUuwQk
GXBXUVZCqiUSlXidXO
GpVGqWWnqIQjvlapeLvmZfi
HKiZorFwnyyKVvRyl
HQChNQSgCDQFBj
HSHotINBWmzydlPTEIfsXGwf
HVltrVWSPTyRN
HbmDTfXglURaCPuXXtLWU
HmUBBZu
HnPoMgPYcGNsOhwCJGXNIe
IDcRKhVmGJDZIQUlXXSXviO
IFKCtEkfbx
IHwQGYmyDi
IJrjGqhERio
IJtycxPsTSa
IZsbRuJSZRMQltptMtlTIjq
IemmPHlIUKfWUEFjL
IoBQwhYmCRZqMXpUaubCn
JJUbACbSOWX
JJsDDeNgoEWNWyBpXLgKa
JTTXkkGF
JlCiEpVZnS
JnmiFnk
JprrRmuaDn
KEekdWh
KHEZQjbrCpYNETUhvaqOH
KRPfoFibPSzSrtMziDiZJMjpEk
KZqNGoq
LQjcpeEdSdviWRBnc
LXjroPDxbnZvuHAaofawR
LcvIvMcywgnRCiIHovfshoSI
LeBqVZwmAMKFKJEYOao
LhjWUlVqYLdqrpdT
LpnuGzVsvTJPoNZtEU
MKiBXwXJxM
MMbpxrmFfmd
MNJtcYtYTpkhtNJwmsGayBExl
MbSqjor
MlUEOKTwxQO
MmNhNY
MtZNktTtZeSsetQdMIobnqgJN
NDzloBRTiOCzFqnDESlYiGJz
NHdMlFCbsRIZHAlXLut
NylPFThbliBOEyrujKtyjpW
OGGltngRdRjeETLJuyE
OMhWNPrtGvXrDc
OXTIbdKaaFNFhpZoL
OmcpNNkGQNlfySxzyKHLT
PBXSLAddeyA
PDTTTYnwZWtmvgsDhQsjZU
PRnncKInMtiadcjSSOQMFBQ
PTqVRIJDpUraWiQ
PrQvtewtRmO
QGzPJQYQmszmRrRK
QSZlVaTGjIxGWOeZfGN
RDswoygaJbJWfRato
RStXZYXYudckPDHz
RgqjGZSoUeEcIqnMvAU
SFcQiGXaye
SJVNBxANqxZOkCrdHcqd
SKGYjRmKvjRyc
SOrXsIFXOx
SpMHiyCka
SwRuhANDGtYeZvIvL
TEXYMBzoUnbpqCNMtncyH
TNIcGjIUdTpSRDDkLMLiSmMzjL
TPWLClLTaJmbJ
TvNJOHLJssnMTyGMYYfTRZkQfY
TviEPpUFMOuUAzSe
UNNICJvBjyUFXwAOWRR
UPNJpwqsqZmrRvPv
VSCiqDUzUFFEzRcrCcWUIyxW
VZZOFVhvSPFWJPbDSgML
VrvAiARvhpsioDTvCsDpBWulVj
VwTwbiJHhVyxhwrqGO
WQOHTkDrFPqAa
WRbhXlsUMohyHwwIcen
WbAqAdgWVyvU
WbVnejTmAenfcQVIpnq
WfvnosCpZU
WniHGai
WoHUOvKkHgGCLHAfQWqMp
WrenSYFI
WxbfuHhPfdKZdIwvT
XCQdNrvyrBIWZmxBXQ
XGweHugOKIsErBIXlQtoAf
XPdTfv
XeJMUhn
XgIYUiiYvZqAYkCpBzIRepfusc
XxxGZdkAjnOvfCGXaUp
YBwmARMK
YFIukFX
YIEzPijPuSEUDublpbKSuo
YMDJlOFuodaYAQLeGQkc
YWtaIGvg
YfUzklBKELBicHcyYN
YjskFIhoFvtxplXgXtnfIf
YnhRnVOJVBWcCRg
ZHJCTtneVBcLxFiFnGg
aIjZFMDS
aMTTokAjPrlPNl
aQixWbkkl
aauGXTnoHerQPEAdpmbxW
aqXPJQsGuQNY
bKpSPr
bkIIqsWVbyUjvq
bpwKexxmwQXToabxrI
buYYvJRiQBDrx
bwKTgNcwzNCMMazxQnksgPoMYH
cIWTVLVTkeeCrLMzOeeRZrGJSv
cIggJm
ceCdpaLIInGREyzrMnutvv
ceMUenqSerxOIsyip
cyFldXcQbpghTEMTx
dOcHvEogkqlHGvXiyXDlb
dcBcGkFtILZfVKGjwlp
dieMqBUxL
dseZAioHVrcmpyJiL
eQeKgkbvLQvnFKFOHCrntYX
eSncnJDMjHJgWfLETuvOrPwuX
eVWxywjPCGLxjCmBqwiSHDmQ
eZJKYQozWFVwxNEiBgKs
eZpNtEcqYmYlHr
einEDhZnOdZQrqsLeDT
ekpgkrLywwy
eksViUURftndlwRdwIOqJPqDbM
frcgaAFkyvENrvcg
fyBPxsvBwdDxNn
gcoxAPyjuxZE
giCfzkFJgbNQVgrGIg
hkTCpTyWVfVskuIaLTwIdI
hkhQezBRO
hlJDgJZgKgSWhsjKu
hwtxKkvclLfqYPlzuN
hwxxBxRyxQvU
hytdxlppfBzgJ
iGYEbafnUGwaqzLwiEkDcEoFXc
iGYlltWJoEZkQUuBZjn
iPQPztCACXTCftDZTvNvjn
idIPfAiQBpOOJt
iqDXnYKHYuvKDk
isQnIHOKAYStRuHNa
jRGQIAgrasRFSKFjASMTRGjUAQ
jbtWQsliCJlKJi
jxFwRFjTxqZBeWyYyGUjJht
kJiLoUyRaJSlGAQwQY
kXCRbDFCWsWkgDZ
knVlSRpuMXigHbteRSdN
lFuQHVlMqkcpyquJwPy
lShqxKkjpAzGfSkJhI
lUawyisBWFPUEeYWPOsrwiE
laANAlWCv
lkGHxNVNbj
lsAeLBJdMVmYYItQoJSvCRYH
lygWnYwnRJeU
mIfOwaNjapchucclSR
mYMzZFRyhlLMj
mqDuazu
nGtnIzcC
nWOEkAFtcfB
nucLASLksxzsTOm
nvMQpNuTqWTeGVaTRoGxbvqP
oRLRCOOs
obtutjxbDeJGmWXwrNJO
ogHMlfmoMSWiLsw
ogYQVDGHrtTXPfRS
ojDemZqmxKRkSOPmqat
pKXkqiQt
pZosDkvKboDlpSeaEkq
qWEuWVdjXRrRKsKgJReOLq
qWXEkPM
qkRSaAJ
rEPTSIjZh
rSJyHvLUOTZicMruxCvEGoHc
raNMBQY
risZAsSaIagieXrdZnOhDzYIOB
ruuEEEOFWCU
sHmlVkEuiFuMGKlJpwXdZx
sVJjsSsGPX
sfUPtIbRemdA
sqcseOa
tILyVSAhgCdrEHfPBfVtFyoi
tPjnuDplapdPIcrqZRmFXK
tXfRwwpgGyZPDKAjlNIXEtOWG
tkSvHbCTSiszhkEsUzPu
tnLzaHFO
tpEZEjlvmSwPCfGBwV
tuYBrkIdkvGeYBclqo
uYRaNlNJkGdzz
ulHKyMUqbCPZAAnMrkdggm
urRIlPSgdtAFARiFapAop
urbspxQGSLCjnzsgbM
utGMzHLpjYPEvUwmqbMaXd
vRJFekacz
vZXxIAQsf
vhilLLLSQAgorQlDYcrg
vjySCWm
vxGqOYVxeIQzHyntqWqhQk
vyEVtiIRlJmXCZssjhwmvCSgCi
wQVxSUwsFAtnvfvsRKP
xDofRk
xFSCNuFr
xNdkmblWjdxgkFdiybZ
xaKbvIFmKuHEoQWRK
xlqihUCH
xuhPWlfWSOvzDpLXCOqs
yBaBzgnZJat
yNjzoWhmYhDVouThktWX
yVPAgpehBiCzOhTsXpBCKvKh
yZEOJgzErmiOalDcqbqqDtPb
ycObxXXeiPKAAyH
yeWcDVvwyxEtlDMveHTXhTdOct
ynHEUiKCFMINWfolddVsmMgYDs
zCGWJxJejbcdgDMKVsDv
zNEbsppOqODrSjTVrDiLrOtygu
zNJRmDXDLDbdIKXouATLf
zloZBAmto
zvTLkjiEXqTKQtLGxHslDrtLr

Sections

.text
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf309f28e2e75a572eb2f2244be62b26

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

ole32

crypt32

kernel32

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 260KB

.rdata Size: 302KB - Virtual size: 302KB

.data Size: 3KB - Virtual size: 10KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 616B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 260KB - Virtual size: 260KB

.rdata
Size: 302KB - Virtual size: 302KB

.data
Size: 3KB - Virtual size: 10KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 616B

.reloc
Size: 2KB - Virtual size: 2KB