13a743db77a54ff14ced8a949be8a503f65962cd7217155fd662481733c0316e

Sharing

Copy URL

Twitter E-mail

General

Target

13a743db77a54ff14ced8a949be8a503f65962cd7217155fd662481733c0316e
Size

398KB
MD5

2aed2d73627ef548674c462fb6c8697f
SHA1

57fe4dcc4cd1a304e6f1c2c7d27ac462778f61ac
SHA256

13a743db77a54ff14ced8a949be8a503f65962cd7217155fd662481733c0316e
SHA512

590bbbcce0d8cdcded306c92a0dd68a4f4b140aad8aeb5c1ffd2e5f095e3810ebe1843ab621a9b602638d271dd6a8b689de14ffce268e3c8a731a382a8f5dd68
SSDEEP

12288:KaCI5jAS2vxqeZe5fh7NfdtLuCWtMiYz3aKC:3CI1n25qeZGfh7TwCW6iAqx

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Invoice NO 22073895.exe
unpack002/pvwuec.exe

Files

13a743db77a54ff14ced8a949be8a503f65962cd7217155fd662481733c0316e
.zip
Invoice NO 22073895.exe
.exe windows:4 windows x86 arch:x86

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eeelcb.fn
pvwuec.exe
.exe windows:6 windows x86 arch:x86

3416272fe2ce0f5429ab80900211eabc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsContentTypeW
PathIsPrefixW
UrlApplySchemeA
UrlCombineA
UrlEscapeA

kernel32

CloseHandle
CreateDirectoryW
CreateFileW
DecodePointer
DeleteCriticalSection
EnterCriticalSection
EnumResourceTypesA
ExitProcess
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetNumberFormatW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
RtlUnwind
SetEndOfFile
SetErrorMode
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcatW
lstrcpyW
lstrlenW

mswsock

EnumProtocolsA
GetServiceA
MigrateWinsockConfiguration
NPLoadNameSpaces
SetServiceW
TransmitFile

winspool.drv

AdvancedDocumentPropertiesA
DevQueryPrintEx
EnumFormsW
EnumPrinterDriversA
ord203
OpenPrinterW

wsock32

__WSAFDIsSet
getpeername
ioctlsocket

rtm

MgmGetFirstMfe
MgmGetMfe
MgmInitialize
RtmAddRoute
RtmBlockDeleteRoutes
RtmEnumerateGetNextRoute
RtmIsRoute

urlmon

CreateAsyncBindCtx
FindMimeFromData
RevokeBindStatusCallback
URLDownloadToFileA
URLOpenPullStreamA

ole32

CoInitialize

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.voltbl
Size: 512B - Virtual size: 177B
serrf.p

Sharing

General

Malware Config

Signatures

Files

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 225KB - Virtual size: 224KB

3416272fe2ce0f5429ab80900211eabc

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

mswsock

winspool.drv

wsock32

rtm

urlmon

ole32

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 8B

.voltbl Size: 512B - Virtual size: 177B

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 225KB - Virtual size: 224KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 8B

.voltbl
Size: 512B - Virtual size: 177B