85b41b6e00372fc722a5e7960b1bb0046b8a97566abc4a3f1072c3b3fe31277a[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

85b41b6e00372fc722a5e7960b1bb0046b8a97566abc4a3f1072c3b3fe31277a.exe
Size

175KB
MD5

9d5aab67a846e6041c559f827996e562
SHA1

c066222ff58ef75101703b38d35caf5fb16c811c
SHA256

85b41b6e00372fc722a5e7960b1bb0046b8a97566abc4a3f1072c3b3fe31277a
SHA512

c69b4a69bcb3888d960e8bebecf9fc6af37b6c10ef50a14da31be034f7ea39f662938c250b95f61cf19638439239f28bdb29d5a1c396b1c3338ffdaf7e5e8a8d
SSDEEP

3072:KeF7Dpd7BzkiXI+wl9N/iqAx9xbWl/3u88Zw8WUL65+V3ZsXngi:KeFnpXzkCwbZ/3P8RLWe3uXnf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85b41b6e00372fc722a5e7960b1bb0046b8a97566abc4a3f1072c3b3fe31277a.exe

Files

85b41b6e00372fc722a5e7960b1bb0046b8a97566abc4a3f1072c3b3fe31277a.exe
.exe windows:4 windows x86 arch:x86

43e491e22c0bcf8928d3ef5dd5ad6938

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptEncrypt
CryptImportKey
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegOpenKeyExA
CryptCreateHash
RegQueryValueExA
RegEnumValueA
RegCreateKeyExA
RegQueryInfoKeyA
RegDeleteValueA
CryptDestroyKey
CryptAcquireContextA
RegSetValueExA
CryptReleaseContext
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA

winmm

timeGetTime
timeSetEvent

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
VerQueryValueA

gdi32

GetStockObject
BitBlt
CreateDIBitmap
StretchDIBits
GetObjectA
GetDIBits
CreateCompatibleBitmap
RealizePalette
GetDeviceCaps
SelectPalette
ExtEscape
CreateFontA
SetStretchBltMode
DeleteObject
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
CreateSolidBrush
SetBkMode

gdiplus

GdipFree
GdipAlloc
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipDisposeImage
GdipCreateBitmapFromFileICM
GdipCloneImage

ole32

OleLockRunning
OleInitialize
CoUninitialize
CreateStreamOnHGlobal
StgIsStorageFile
StringFromGUID2
CoTaskMemFree
OleUninitialize
CoGetClassObject
CoInitialize
StgOpenStorage
CoTaskMemRealloc
CoInitializeSecurity
CoSetProxyBlanket
CreateBindCtx
GetRunningObjectTable
CLSIDFromProgID
CreateItemMoniker
StgCreateDocfile
CoCreateInstance
CoTaskMemAlloc
BindMoniker
CLSIDFromString

user32

IsWindow
GetQueueStatus
GetWindowRect
ReleaseDC
UnregisterClassA
SetWindowLongA
SendMessageTimeoutA
MoveWindow
MsgWaitForMultipleObjects
IsChild
SetRect
SetCapture
CreateWindowExA
CreateAcceleratorTableA
EqualRect
RedrawWindow
ShowWindow
InvalidateRect
wsprintfA
GetWindow
SetTimer
DrawTextA
LoadCursorA
GetWindowTextA
GetActiveWindow
GetDC
GetParent
CreateDialogParamA
DispatchMessageA
EnumDisplayDevicesA
GetDesktopWindow
SendMessageA
GetWindowLongA
InvalidateRgn
ReleaseCapture
GetSysColor
CharNextA
SetFocus
BeginPaint
PostThreadMessageA
KillTimer
GetWindowTextLengthA
FindWindowA
CopyRect
RegisterWindowMessageA
EndPaint
GetClientRect
FillRect
GetClassInfoExA
SetWindowTextA
wvsprintfA
DestroyWindow
SetParent
DestroyAcceleratorTable
PostMessageA
PeekMessageA
SendNotifyMessageA
CallWindowProcA
RegisterClassExA
DefWindowProcA
GetDlgItem
GetClassNameA
GetFocus
SetWindowPos

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

kernel32

WriteFile
DisableThreadLibraryCalls
GetShortPathNameW
GetFileSize
WideCharToMultiByte
LocalAlloc
CreateFileA
GetProcessId
CreateFileW
UnmapViewOfFile
GlobalSize
Sleep
EnumResourceTypesA
LocalFree
GetTickCount
CreateFileMappingA
GetFileAttributesA
GlobalAlloc
SetFilePointer
MapViewOfFile
GlobalFree
ReadFile
CloseHandle

shlwapi

PathFileExistsW
PathCombineW

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43e491e22c0bcf8928d3ef5dd5ad6938

Headers

File Characteristics

Imports

advapi32

winmm

version

gdi32

gdiplus

ole32

user32

wininet

shell32

kernel32

shlwapi

setupapi

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 5KB - Virtual size: 4KB

.bss Size: 69KB - Virtual size: 69KB

.tls Size: 1024B - Virtual size: 92KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 5KB - Virtual size: 4KB

.bss
Size: 69KB - Virtual size: 69KB

.tls
Size: 1024B - Virtual size: 92KB