61843100f540ea0ffc3aee0acbe7a38b191a6068ef55f4c88af45267f9cd4096N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

61843100f540ea0ffc3aee0acbe7a38b191a6068ef55f4c88af45267f9cd4096N.exe
Size

300KB
MD5

26c7062d743af471972a2b061f189400
SHA1

3bf5ed70b567ce780f69cb988bd2178dcfede085
SHA256

61843100f540ea0ffc3aee0acbe7a38b191a6068ef55f4c88af45267f9cd4096
SHA512

7df8fd8f4698594e18fcd4c16218129845cf000510fa467c5ec7ea49ac83e5f4a087d583c37b87dea0ea5b72c7d1862a517a35eba433c245c3261afc7035c9ae
SSDEEP

6144:luJpajNliihoAIWOpF0L4twv1+jnqwoyfmr49okkKXNXHGE:lOuCihoAFOpFe4t41+Xwr4hkK92

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61843100f540ea0ffc3aee0acbe7a38b191a6068ef55f4c88af45267f9cd4096N.exe

Files

61843100f540ea0ffc3aee0acbe7a38b191a6068ef55f4c88af45267f9cd4096N.exe
.dll regsvr32 windows:5 windows x86 arch:x86

10f6dc7f7cd187587dd715e428f866be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeSetEvent
timeEndPeriod
timeBeginPeriod
timeGetTime

d3d9

Direct3DCreate9

gdi32

DeleteDC
CreateRectRgnIndirect
DeleteObject
CombineRgn
CreateSolidBrush
FillRgn
SetBkColor
ExtTextOutW
GetGlyphOutlineW
GetTextMetricsW
SelectObject
CreateFontW
CreateCompatibleDC
CreateRectRgn

kernel32

InterlockedCompareExchange
CreateEventW
CreateThread
CloseHandle
SetThreadPriority
CreateSemaphoreW
WaitForMultipleObjects
InterlockedDecrement
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
GetCommandLineA
ResetEvent
WaitForSingleObject
SetEvent
ReleaseSemaphore
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FlushFileBuffers
CreateFileA
InitializeCriticalSection
GetModuleHandleA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
SetLastError
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
ReadFile
lstrcpynW
GetCurrentProcess
VirtualFree
lstrcmpW
lstrlenW
VirtualAlloc
GetSystemInfo
GetCurrentThreadId
DuplicateHandle
FreeLibrary
LoadLibraryW
GetLastError
GetProcAddress
GetVersionExW
DisableThreadLibraryCalls
lstrlenA
GetModuleFileNameA
GetModuleHandleW
GetTickCount
InterlockedExchange
lstrcmpiA
RaiseException
OutputDebugStringA
Sleep

user32

SetRectEmpty
UnionRect
InflateRect
GetClientRect
ScreenToClient
IntersectRect
GetDC
ReleaseDC
GetDlgItem
EnableWindow
SetDlgItemTextA
SendDlgItemMessageA
AttachThreadInput
GetWindowThreadProcessId
SetWindowTextW
GetWindowPlacement
IsWindowVisible
GetWindowTextW
SendMessageTimeoutW
EnumDisplayDevicesA
GetMonitorInfoW
GetWindowRect
GetWindowLongW
SetWindowLongW
RegisterClassW
LoadCursorW
DestroyWindow
SetParent
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
CreateWindowExW
DefWindowProcW
ValidateRect
SetCursor
GetClassLongW
GetParent
SetWindowPos
PostQuitMessage
PostMessageW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetKeyState
SendMessageW
ShowWindow
KillTimer
MoveWindow
CreateDialogParamW
InvalidateRect
LoadStringW
GetDesktopWindow
SetTimer

advapi32

RegQueryValueExW
RegCloseKey
CryptReleaseContext
CryptAcquireContextW
CryptGenRandom
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegCreateKeyW
RegSetValueExW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
StringFromGUID2
CoInitializeEx

oleaut32

SysFreeString
VariantChangeType
SysAllocString
VariantClear
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

10f6dc7f7cd187587dd715e428f866be

Headers

File Characteristics

Imports

winmm

d3d9

gdi32

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 177KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 14KB - Virtual size: 14KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 177KB - Virtual size: 177KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 14KB - Virtual size: 14KB

.rmnet
Size: 56KB - Virtual size: 60KB