e1b150823eb99d9620c1e7eebdb53b1155cbec9c2c6683f201323c1a1c6f73e2

Sharing

Copy URL

Twitter E-mail

General

Target

e1b150823eb99d9620c1e7eebdb53b1155cbec9c2c6683f201323c1a1c6f73e2
Size

732KB
MD5

d4262f94819ffaaffd627fb4fdd97770
SHA1

4a7bb0f0e12cbf954d30e44ae3818f0dfb48de50
SHA256

e1b150823eb99d9620c1e7eebdb53b1155cbec9c2c6683f201323c1a1c6f73e2
SHA512

784ba04a5f06bd19ba00903fce9bb304da36ee70a6bf579dc9bfe21ebd74345bd92c24f6eb9bd6be324b6fc6b4e5d84138ffec0b0426f2e6c610129ddf84a50b
SSDEEP

12288:jf2iwQuES3FrV9QA9d0q63JZnzY9nSL2RyvCA2ovM3Qj7StTuB:IESank9e2RO0oPj7CTs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1b150823eb99d9620c1e7eebdb53b1155cbec9c2c6683f201323c1a1c6f73e2

Files

e1b150823eb99d9620c1e7eebdb53b1155cbec9c2c6683f201323c1a1c6f73e2
.exe windows:4 windows x86 arch:x86

ee164055192ef9127d43a08756b47b5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\mhlz\dragonica_exe\toolbin\patcher\Patcher.pdb

Imports

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
GetPrivateProfileIntW
OpenMutexW
CreateMutexW
CreateProcessA
GetModuleFileNameA
WaitForSingleObject
CreateFileW
FormatMessageW
Sleep
WriteFile
ReadFile
GetPrivateProfileStringW
GetCurrentDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
CloseHandle
CompareStringW
CompareStringA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleHandleW
GetStringTypeA
IsValidLocale
FreeLibrary
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
HeapCreate
HeapDestroy
SetHandleCount
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
PeekNamedPipe
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileType
CreateDirectoryW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
HeapReAlloc
VirtualQuery
VirtualProtect
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileAttributesA
RaiseException
SetLastError
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrcmpW
lstrlenW
MulDiv
MultiByteToWideChar
lstrlenA
GlobalAlloc
GlobalLock
GlobalUnlock
EnumSystemLocalesA
GetTickCount
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
GetStringTypeW
InitializeCriticalSection
MoveFileA
RtlUnwind
FindNextFileW
FindFirstFileW
MoveFileW
FindClose
GetFileInformationByHandle
CreateFileA
TlsGetValue
ReleaseSemaphore
TlsFree
TlsAlloc
TlsSetValue
ReleaseMutex
GetTimeZoneInformation
QueryPerformanceCounter
ExitProcess
GetEnvironmentStrings
InterlockedExchange
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
WideCharToMultiByte
SetFilePointer
GetFileSize
TerminateProcess
GetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
FlushFileBuffers
SetEndOfFile
GetSystemInfo

user32

DefWindowProcW
PostQuitMessage
LoadIconW
SetLayeredWindowAttributes
SendMessageW
EndPaint
BeginPaint
ScreenToClient
UnregisterClassA
GetCursorPos
ReleaseDC
GetDC
InvalidateRect
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
SetWindowLongW
MessageBoxW
SetFocus
AdjustWindowRectEx
GetSystemMetrics
PeekMessageW
TranslateMessage
DispatchMessageW
UpdateWindow
SetClassLongW
LoadBitmapW
LoadImageW
OffsetRect
GetWindowRect
EnableWindow
EndDialog
CreateDialogParamW
ShowWindow
SetRect
DrawTextW
PostMessageW
CallWindowProcW
DestroyWindow
GetDlgItem
InvalidateRgn
SetCapture
ReleaseCapture
ClientToScreen
MoveWindow
CreateAcceleratorTableW
GetDesktopWindow
CharNextW
GetParent
GetClassNameW
SetWindowPos
RedrawWindow
IsWindow
GetClientRect
FillRect
GetWindowLongW
IsChild
GetFocus
GetWindow
GetSysColor
DestroyAcceleratorTable
CreateWindowExW
UnregisterClassW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW

gdi32

CreateDIBSection
CreateFontW
SetBkMode
GetStockObject
GetObjectW
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
SetBkColor
SetTextColor
StretchBlt

advapi32

RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW

shell32

ShellExecuteW

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
OleLockRunning

oleaut32

SysFreeString
SysStringByteLen
VariantInit
SysAllocStringLen
SysStringLen
SysAllocString
OleCreateFontIndirect
VarUI4FromStr
DispCallFunc
LoadTypeLi
LoadRegTypeLi
VariantClear

wininet

InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetAttemptConnect
InternetCloseHandle
InternetConnectW
InternetOpenW

msimg32

TransparentBlt

Sections

.text
Size: 556KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

6xQ��uT
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ee164055192ef9127d43a08756b47b5e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

msimg32

Sections

.text Size: 556KB - Virtual size: 554KB

.rdata Size: 128KB - Virtual size: 124KB

.data Size: 16KB - Virtual size: 42KB

.rsrc Size: 8KB - Virtual size: 5KB

6xQ��uT Size: 20KB - Virtual size: 20KB

.text
Size: 556KB - Virtual size: 554KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 16KB - Virtual size: 42KB

.rsrc
Size: 8KB - Virtual size: 5KB

6xQ��uT
Size: 20KB - Virtual size: 20KB