5a1332267a3c432c5f7ac0dc6ca37058db99a9070f691355782a282701f37e42

Sharing

Copy URL Twitter E-mail

General

Target

5a1332267a3c432c5f7ac0dc6ca37058db99a9070f691355782a282701f37e42
Size

5.3MB
MD5

db1a3b2c2cff04dac96571c22d23483f
SHA1

479de93641d85174805a5bd44ba9a18a27bc1250
SHA256

5a1332267a3c432c5f7ac0dc6ca37058db99a9070f691355782a282701f37e42
SHA512

85fdcb0de09f75037724b4d8d408727877e7dd428a68348157a64af7b8a73738c9959084f394daa046a101af671026702020828f07508f77040780c758d0a247
SSDEEP

49152:zGtlqCNIU6izVwASOKtKkVqe8Ml+UBY6vVWa1YwnKPf7ON6tp5U30yz1lTdNrvu1:F+2AkpBY0DHLuDFzUgnMQa19toaQWN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a1332267a3c432c5f7ac0dc6ca37058db99a9070f691355782a282701f37e42

Files

5a1332267a3c432c5f7ac0dc6ca37058db99a9070f691355782a282701f37e42
.exe windows x64

64f3a7eeffdbcf303bc4270b9aa694dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueW

kernel32

LeaveCriticalSection
EnterCriticalSection
GetTickCount64
InitializeCriticalSectionEx
GetLastError
SetThreadPriority
CreateSemaphoreA
GetVolumeInformationW
GetStdHandle
GetVersionExW
UnmapViewOfFile
GetVersion
GetSystemInfo
CreateFileMappingW
MapViewOfFile
VirtualQuery
ReadFile
GetCurrentDirectoryW
QueryPerformanceFrequency
HeapAlloc
GetFileSize
GetModuleHandleA
GetEnvironmentVariableW
GetStringTypeW
RtlPcToFileHeader
EncodePointer
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
GetCPInfo
GetLocaleInfoW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
RtlCaptureContext
GetProcessHeap
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetModuleHandleW
IsProcessorFeaturePresent
ResetEvent
GetStartupInfoW
GetFileType
GetTickCount
GetCurrentThreadId
MulDiv
VerSetConditionMask
VerifyVersionInfoW
QueryPerformanceCounter
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetEnvironmentVariableA
MoveFileExW
SetNamedPipeHandleState
RtlUnwindEx
FreeLibraryAndExitThread
VirtualProtect
GetFileAttributesExW
WriteConsoleW
ExitProcess
CloseHandle
SetConsoleCtrlHandler
GetDriveTypeW
CreateFileA
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetConsoleCP
GetFullPathNameW
FormatMessageW
ExpandEnvironmentStringsW
HeapDestroy
HeapReAlloc
HeapSize
CreateMutexW
TerminateProcess
GetUserDefaultLCID
GetCommandLineW
LoadLibraryExW
RaiseException
DecodePointer
Sleep
GetModuleFileNameW
TerminateThread
CreateSemaphoreW
WaitForMultipleObjects
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetUnhandledExceptionFilter
GetCurrentProcess
LoadLibraryA
LockResource
LoadResource
SizeofResource
FindResourceW
CancelIo
ReadDirectoryChangesW
ExitThread
SetEvent
SleepEx
SetErrorMode
CreateEventW
CreateThread
FreeLibrary
LoadLibraryW
MultiByteToWideChar
GetFileInformationByHandle
LocalFree
GetFileSizeEx
GetTimeFormatW
GetDateFormatW
DeleteFileW
FlushFileBuffers
SetFilePointer
SetEndOfFile
SetFilePointerEx
WriteFile
CreateFileW
FindNextFileW
lstrcmpiW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
GetSystemDirectoryW
FileTimeToSystemTime
LCMapStringW
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetProcAddress
FindFirstFileW
FindClose
CompareFileTime
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
IsDebuggerPresent
OutputDebugStringW
SetLastError
ReleaseSemaphore
ReleaseMutex
GetSystemTime
RtlUnwind
PeekNamedPipe
CompareStringW

user32

GetAsyncKeyState
GetProcessWindowStation
GetUpdateRect
GetPropW
SetPropW
LoadImageW
RegisterClassW
SetWindowRgn
IsZoomed
GetUserObjectInformationW
IsIconic
CharUpperW
SetActiveWindow
AttachThreadInput
EnumWindows
BringWindowToTop
GetClassNameW
GetDesktopWindow
DrawTextW
MonitorFromWindow
MonitorFromPoint
ClipCursor
SetCursor
ReleaseCapture
GetCapture
SetCapture
GetFocus
GetParent
UpdateLayeredWindow
RedrawWindow
BeginPaint
EndPaint
SetWindowTextW
GetKeyNameTextW
ScreenToClient
WindowFromPoint
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageW
UnhookWinEvent
SetWinEventHook
GetSysColor
FindWindowExW
GetDlgItem
UpdateWindow
SetParent
GetForegroundWindow
ChangeClipboardChain
SetClipboardViewer
SystemParametersInfoW
PostQuitMessage
GetWindowRect
InvalidateRect
MoveWindow
GetCursorPos
GetDoubleClickTime
UnionRect
PrivateExtractIconsW
ShowWindow
SetMenuItemBitmaps
AppendMenuW
SetWindowLongPtrW
IntersectRect
InflateRect
PtInRect
SetRectEmpty
IsRectEmpty
IsWindowVisible
CallWindowProcW
MapVirtualKeyW
SetWindowLongW
GetWindowLongW
LoadCursorW
GetClassInfoExW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
UnregisterClassW
SetForegroundWindow
FindWindowW
SetFocus
EnableWindow
GetWindow
SetTimer
KillTimer
EqualRect
OffsetRect
EnumDisplayMonitors
GetSystemMetrics
CharLowerW
GetMonitorInfoW
PostMessageW
ClientToScreen
GetWindowThreadProcessId
MessageBoxW
wsprintfW
GetWindowTextW
GetWindowTextLengthW
SetWindowPos
MapWindowPoints
GetClientRect
DeleteMenu
GetMenuItemInfoW
EnableMenuItem
SetMenuItemInfoW
InsertMenuItemW
GetMenuItemCount
DestroyIcon
GetIconInfo
GetDC
ReleaseDC
GetKeyState
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SendMessageW
DestroyMenu
TrackPopupMenu
CreatePopupMenu
RegisterClipboardFormatW
DestroyWindow
GetWindowLongPtrW
DefWindowProcW
RegisterClassExW
CreateWindowExW
IsWindow
SendMessageTimeoutW

gdi32

ExtSelectClipRgn
GetDeviceCaps
StretchBlt
SaveDC
RestoreDC
GetWindowOrgEx
SetWindowOrgEx
CreateCompatibleBitmap
SetBkMode
SetBkColor
SetTextColor
SetWorldTransform
SetGraphicsMode
CreateRectRgn
CreateRectRgnIndirect
GetClipRgn
SelectClipRgn
PatBlt
BitBlt
GetBitmapBits
GetObjectW
SetViewportOrgEx
GetViewportOrgEx
CreateFontIndirectW
DeleteDC
CreateCompatibleDC
DeleteObject
GetDIBits
CreateDIBSection
SelectObject
GetStockObject
CreateRoundRectRgn
SetStretchBltMode
GetObjectA

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumKeyExW
CryptAcquireContextW
ConvertSidToStringSidW
OpenProcessToken
GetTokenInformation
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegCreateKeyExW
RegCloseKey
IsValidSid
GetLengthSid
CopySid
RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyW
CreateProcessAsUserW
DuplicateTokenEx
DeleteService
ControlService
CloseServiceHandle
StartServiceW
QueryServiceStatus
ChangeServiceConfig2W
OpenServiceW
CreateServiceW
OpenSCManagerW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegNotifyChangeKeyValue

shell32

SHGetDesktopFolder
ShellExecuteExW
ShellExecuteW
SHBindToObject
SHBrowseForFolderW
ord88
ord18
SHCreateShellItemArrayFromIDLists
DragQueryFileW
ord190
SHOpenFolderAndSelectItems
SHCreateShellItem
ord155
SHGetPathFromIDListW
ord165
SHGetSpecialFolderLocation
ord68
ord25
ord727
SHGetSpecialFolderPathW
SHGetFolderLocation
ord19
SHBindToParent
SHParseDisplayName
SHGetFileInfoW
CommandLineToArgvW
ord75
SHCreateItemFromIDList
SHGetFolderPathW

ole32

CoTaskMemFree
RevokeDragDrop
RegisterDragDrop
CoInitializeEx
OleUninitialize
CoTaskMemRealloc
OleInitialize
CoUninitialize
CoInitialize
StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemAlloc
OleGetClipboard
OleSetClipboard
CoCreateInstance
ReleaseStgMedium
CoCreateFreeThreadedMarshaler

oleaut32

VarUI4FromStr
SysAllocString
VariantInit
SysFreeString

shlwapi

PathCombineW
PathAppendW
PathStripPathW
StrCmpLogicalW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
PathIsDirectoryW
ord176
PathIsRootW
StrCmpIW
SHDeleteValueW
StrStrIW
SHDeleteKeyW
StrRetToBufW
PathIsRelativeW
SHGetValueW
PathAddBackslashW

comctl32

ord17
ord410
ord412
_TrackMouseEvent
InitCommonControlsEx
ord413

gdiplus

GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenColor
GdipGetPenWidth
GdipSetPenWidth
GdipClonePen
GdipImageRotateFlip
GdipDrawImageRect
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipCreatePen2
GdipSetLineBlend
GdipCreateLineBrushFromRect
GdipDrawArc
GdipResetPath
GdipDeleteMatrix
GdipCreateMatrix
GdipSetPathFillMode
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame
GdipDrawPath
GdipDrawImageRectRect
GdipGetPathFillMode
GdipSetEffectParameters
GdipDeleteEffect
GdipCreateEffect
GdipReleaseDC
GdipGetDC
GdipAddPathLine
GdipAddPathArc
GdipAddPathRectangle
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipAddPathRectangleI
GdipStartPathFigure
GdipAddPathLine2I
GdipAddPathBezierI
GdipAddPathCurveI
GdipResetClip
GdipSetClipPath
GdipFillRectangleI
GdipCreateBitmapFromHBITMAP
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipSetImageAttributesColorMatrix
GdipGetPenDashCap197819
GdipCreateImageAttributes
GdipGetPenLineJoin
GdipDeletePen
GdipCreatePen1
GdipFillRectangle
GdipFillPath
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipAddPathLine2
GdipDeletePath
GdipCreatePath
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipCreateFromHDC
GdipSaveImageToFile
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdiplusShutdown
GdipDisposeImage
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromFile
GdipFree
GdipAlloc
GdiplusStartup
GdipAddPathEllipseI
GdipAddPathPieI
GdipAddPathPolygonI
GdipGetPathWorldBoundsI
GdipIsVisiblePathPointI
GdipIsOutlineVisiblePathPointI
GdipTransformPath
GdipDrawLineI
GdipDrawBezierI
GdipDrawRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipGetPenEndCap
GdipDisposeImageAttributes
GdipSetStringFormatLineAlign
GdipDrawString
GdipDrawEllipseI
GdipFillEllipseI
GdipSetPenLineJoin
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipCreateTexture
GdipDrawRectangle
GdipClonePath
GdipMeasureString
GdipBitmapApplyEffect
GdipScaleMatrix

msimg32

AlphaBlend

winmm

timeBeginPeriod
timeSetEvent
timeKillEvent
timeEndPeriod

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile

crypt32

CertGetIntendedKeyUsage
CertGetCertificateContextProperty
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertOpenSystemStoreW
CertGetEnhancedKeyUsage
CertFreeCertificateContext

ws2_32

htons
getpeername
WSAWaitForMultipleEvents
WSAResetEvent
socket
WSAEnumNetworkEvents
select
WSACreateEvent
WSACloseEvent
getsockopt
shutdown
WSAIoctl
setsockopt
listen
connect
closesocket
bind
accept
WSASetLastError
send
recv
getnameinfo
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
ntohs
gethostname
getsockname
ioctlsocket
recvfrom
WSAEventSelect
sendto
htonl
__WSAFDIsSet

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken

msi

ord217
ord173

iphlpapi

GetAdaptersInfo

bcrypt

BCryptGenRandom

wldap32

ord145
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord219

Exports

Exports

getopt_a
getopt_long_a
getopt_long_only_a
getopt_long_only_w
getopt_long_w
getopt_w
optarg_a
optarg_w
opterr
optind
optopt

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64f3a7eeffdbcf303bc4270b9aa694dc

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

msimg32

winmm

imm32

userenv

crypt32

ws2_32

wtsapi32

msi

iphlpapi

bcrypt

wldap32

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 79KB - Virtual size: 101KB

.pdata Size: 145KB - Virtual size: 145KB

.rsrc Size: 539KB - Virtual size: 539KB

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 79KB - Virtual size: 101KB

.pdata
Size: 145KB - Virtual size: 145KB

.rsrc
Size: 539KB - Virtual size: 539KB

.reloc
Size: 41KB - Virtual size: 40KB