06dbb005c57126f59b96373cff4a255d310c5e35e6d500a19ae8fd0c506005a2

Sharing

Copy URL Twitter E-mail

General

Target

06dbb005c57126f59b96373cff4a255d310c5e35e6d500a19ae8fd0c506005a2
Size

5.3MB
MD5

40f5c9252add89d462b888f51e8ef4e4
SHA1

85a7a53f5cb4f07cb5ca7fc1abbfd8439d232a66
SHA256

06dbb005c57126f59b96373cff4a255d310c5e35e6d500a19ae8fd0c506005a2
SHA512

0c42f33fb378c1247bb8e7ccdf1798e9eff8dcdc557656a5e072873b4c8b9f3376cd4b4456f87ecf5daebb36ba17549db9cdf9417306531bb13e014354bca2ca
SSDEEP

98304:W+L5VZCr2ZooNgABNzUkOQzu6pnu59vdNyieTE:WMVZA2ZjNgABpU9yuSnu+T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06dbb005c57126f59b96373cff4a255d310c5e35e6d500a19ae8fd0c506005a2

Files

06dbb005c57126f59b96373cff4a255d310c5e35e6d500a19ae8fd0c506005a2
.exe windows x64

cf5766d876786386f40a1ef4dd5a69bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueW

kernel32

LeaveCriticalSection
EnterCriticalSection
SetNamedPipeHandleState
InitializeCriticalSectionEx
GetLastError
SetThreadPriority
CreateSemaphoreA
GetSystemFirmwareTable
GetVolumeInformationW
GetStdHandle
GetVersionExW
UnmapViewOfFile
GetVersion
GetSystemInfo
CreateFileMappingW
MapViewOfFile
VirtualQuery
ReadFile
GetCurrentDirectoryW
GetCurrentThreadId
QueryPerformanceCounter
GetFileSize
GetModuleHandleA
GetEnvironmentVariableW
GetStringTypeW
RtlPcToFileHeader
EncodePointer
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
GetCPInfo
GetLocaleInfoW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
RtlCaptureContext
HeapAlloc
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetModuleHandleW
IsProcessorFeaturePresent
ResetEvent
GetStartupInfoW
GetFileType
GetTickCount
GetTickCount64
MulDiv
VerSetConditionMask
VerifyVersionInfoW
QueryPerformanceFrequency
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetEnvironmentVariableA
CreateFileA
PeekNamedPipe
RtlUnwindEx
FreeLibraryAndExitThread
VirtualProtect
GetFileAttributesExW
WriteConsoleW
ExitProcess
CloseHandle
SetConsoleCtrlHandler
GetDriveTypeW
GetProcessHeap
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetConsoleCP
GetFullPathNameW
FormatMessageW
ExpandEnvironmentStringsW
HeapDestroy
HeapReAlloc
HeapSize
CreateMutexW
TerminateProcess
GetUserDefaultLCID
GetCommandLineW
LoadLibraryExW
RaiseException
DecodePointer
Sleep
GetModuleFileNameW
TerminateThread
CreateSemaphoreW
WaitForMultipleObjects
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetUnhandledExceptionFilter
LoadLibraryA
LockResource
LoadResource
SizeofResource
FindResourceW
CancelIo
ReadDirectoryChangesW
ExitThread
SetEvent
SleepEx
SetErrorMode
CreateEventW
CreateThread
FreeLibrary
LoadLibraryW
MultiByteToWideChar
GetFileInformationByHandle
LocalFree
GetFileSizeEx
GetTimeFormatW
GetDateFormatW
DeleteFileW
FlushFileBuffers
SetFilePointer
SetEndOfFile
SetFilePointerEx
WriteFile
CreateFileW
FindNextFileW
lstrcmpiW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
GetCurrentProcess
GetSystemDirectoryW
FileTimeToSystemTime
LCMapStringW
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetProcAddress
FindFirstFileW
FindClose
CompareFileTime
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
IsDebuggerPresent
OutputDebugStringW
SetLastError
ReleaseSemaphore
ReleaseMutex
GetSystemTime
RtlUnwind
MoveFileExW
CompareStringW

user32

GetAsyncKeyState
GetUpdateRect
GetPropW
SetPropW
LoadImageW
RegisterClassW
SetWindowRgn
IsZoomed
GetProcessWindowStation
IsIconic
CharUpperW
SetActiveWindow
AttachThreadInput
EnumWindows
BringWindowToTop
GetClassNameW
GetDesktopWindow
MapVirtualKeyW
DrawTextW
MonitorFromWindow
MonitorFromPoint
ClipCursor
SetCursor
ReleaseCapture
GetCapture
SetCapture
GetFocus
GetParent
UpdateLayeredWindow
RedrawWindow
BeginPaint
EndPaint
GetUserObjectInformationW
SetWindowTextW
ScreenToClient
WindowFromPoint
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageW
UnhookWinEvent
SetWinEventHook
GetSysColor
FindWindowExW
GetDlgItem
UpdateWindow
SetParent
GetForegroundWindow
ChangeClipboardChain
SetClipboardViewer
SystemParametersInfoW
PostQuitMessage
GetWindowRect
InvalidateRect
MoveWindow
GetCursorPos
GetDoubleClickTime
UnionRect
ShowWindow
PrivateExtractIconsW
SetMenuItemBitmaps
AppendMenuW
SetWindowLongPtrW
IntersectRect
InflateRect
PtInRect
SetRectEmpty
IsRectEmpty
IsWindowVisible
GetKeyNameTextW
CallWindowProcW
SetWindowLongW
GetWindowLongW
LoadCursorW
GetClassInfoExW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
UnregisterClassW
SetForegroundWindow
FindWindowW
SetFocus
EnableWindow
GetWindow
SetTimer
KillTimer
EqualRect
OffsetRect
EnumDisplayMonitors
GetSystemMetrics
CharLowerW
GetMonitorInfoW
PostMessageW
ClientToScreen
GetWindowThreadProcessId
MessageBoxW
wsprintfW
GetWindowTextW
GetWindowTextLengthW
SetWindowPos
MapWindowPoints
GetClientRect
DeleteMenu
GetMenuItemInfoW
EnableMenuItem
SetMenuItemInfoW
InsertMenuItemW
GetMenuItemCount
DestroyIcon
GetIconInfo
GetDC
ReleaseDC
GetKeyState
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SendMessageW
DestroyMenu
TrackPopupMenu
CreatePopupMenu
RegisterClipboardFormatW
DestroyWindow
GetWindowLongPtrW
DefWindowProcW
RegisterClassExW
IsWindow
CreateWindowExW
SendMessageTimeoutW

gdi32

ExtSelectClipRgn
GetDeviceCaps
StretchBlt
SaveDC
RestoreDC
GetWindowOrgEx
SetWindowOrgEx
CreateCompatibleBitmap
SetBkMode
SetBkColor
SetTextColor
SetWorldTransform
SetGraphicsMode
CreateRectRgn
CreateRectRgnIndirect
GetClipRgn
SelectClipRgn
PatBlt
BitBlt
GetBitmapBits
GetObjectW
SetViewportOrgEx
GetViewportOrgEx
CreateFontIndirectW
DeleteDC
CreateCompatibleDC
DeleteObject
GetDIBits
CreateDIBSection
SelectObject
CreateRoundRectRgn
GetStockObject
GetObjectA
SetStretchBltMode

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumKeyExW
CryptAcquireContextW
ConvertSidToStringSidW
OpenProcessToken
GetTokenInformation
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegCreateKeyExW
RegCloseKey
IsValidSid
GetLengthSid
CopySid
RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyW
CreateProcessAsUserW
DuplicateTokenEx
DeleteService
ControlService
CloseServiceHandle
StartServiceW
QueryServiceStatus
ChangeServiceConfig2W
OpenServiceW
CreateServiceW
OpenSCManagerW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegNotifyChangeKeyValue

shell32

SHGetDesktopFolder
ShellExecuteExW
ord25
SHBindToObject
SHBrowseForFolderW
ord727
ord18
SHCreateShellItemArrayFromIDLists
ord190
SHOpenFolderAndSelectItems
ord155
SHCreateShellItem
SHGetPathFromIDListW
ord165
ord68
SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteW
DragQueryFileW
SHGetSpecialFolderPathW
SHGetFolderLocation
ord19
SHBindToParent
SHParseDisplayName
SHGetFileInfoW
ord75
ord88
SHCreateItemFromIDList
CommandLineToArgvW

ole32

CoTaskMemFree
RevokeDragDrop
RegisterDragDrop
CoInitializeEx
OleUninitialize
CoTaskMemRealloc
OleInitialize
CoUninitialize
CoInitialize
StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemAlloc
OleGetClipboard
OleSetClipboard
CoCreateInstance
ReleaseStgMedium
CoCreateFreeThreadedMarshaler

oleaut32

VarUI4FromStr
SysAllocString
VariantInit
SysFreeString

shlwapi

PathCombineW
PathAppendW
PathStripPathW
StrCmpLogicalW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
PathIsDirectoryW
ord176
PathIsRootW
StrCmpIW
SHDeleteValueW
SHDeleteKeyW
StrRetToBufW
PathIsRelativeW
SHGetValueW
StrStrIW
PathAddBackslashW

comctl32

ord17
ord410
ord412
_TrackMouseEvent
InitCommonControlsEx
ord413

gdiplus

GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenColor
GdipGetPenWidth
GdipSetPenWidth
GdipClonePen
GdipImageRotateFlip
GdipDrawImageRect
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipCreatePen2
GdipSetLineBlend
GdipCreateLineBrushFromRect
GdipDrawArc
GdipResetPath
GdipDeleteMatrix
GdipCreateMatrix
GdipSetPathFillMode
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame
GdipDrawPath
GdipDrawImageRectRect
GdipGetPathFillMode
GdipSetEffectParameters
GdipDeleteEffect
GdipCreateEffect
GdipReleaseDC
GdipGetDC
GdipAddPathLine
GdipAddPathArc
GdipAddPathRectangle
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipAddPathRectangleI
GdipStartPathFigure
GdipAddPathLine2I
GdipAddPathBezierI
GdipAddPathCurveI
GdipResetClip
GdipSetClipPath
GdipFillRectangleI
GdipCreateBitmapFromHBITMAP
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipGetPenDashCap197819
GdipDrawRectangle
GdipGetPenLineJoin
GdipCreatePen1
GdipFillRectangle
GdipFillPath
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipAddPathLine2
GdipDeletePath
GdipCreatePath
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipCreateFromHDC
GdipSaveImageToFile
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdiplusShutdown
GdipDisposeImage
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromFile
GdipFree
GdipAlloc
GdiplusStartup
GdipAddPathEllipseI
GdipAddPathPieI
GdipAddPathPolygonI
GdipGetPathWorldBoundsI
GdipIsVisiblePathPointI
GdipIsOutlineVisiblePathPointI
GdipTransformPath
GdipDrawLineI
GdipDrawBezierI
GdipDrawRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipGetPenEndCap
GdipCreateImageAttributes
GdipDrawString
GdipDrawEllipseI
GdipFillEllipseI
GdipMeasureString
GdipSetPenLineJoin
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipCreateTexture
GdipDeletePen
GdipClonePath
GdipBitmapApplyEffect
GdipScaleMatrix

msimg32

AlphaBlend

winmm

timeBeginPeriod
timeSetEvent
timeKillEvent
timeEndPeriod

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile

crypt32

CertGetIntendedKeyUsage
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertOpenSystemStoreW
CertGetEnhancedKeyUsage
CertGetCertificateContextProperty

ws2_32

htons
getpeername
WSAWaitForMultipleEvents
WSAResetEvent
recvfrom
select
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
ntohs
shutdown
WSAIoctl
socket
setsockopt
listen
connect
closesocket
bind
accept
WSASetLastError
send
recv
getnameinfo
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
gethostname
getsockopt
getsockname
ioctlsocket
WSAEventSelect
sendto
htonl
__WSAFDIsSet

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken

msi

ord217
ord173

iphlpapi

GetAdaptersInfo

bcrypt

BCryptGenRandom

wldap32

ord145
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord219

Exports

Exports

getopt_a
getopt_long_a
getopt_long_only_a
getopt_long_only_w
getopt_long_w
getopt_w
optarg_a
optarg_w
opterr
optind
optopt

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 540KB - Virtual size: 539KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf5766d876786386f40a1ef4dd5a69bd

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

msimg32

winmm

imm32

userenv

crypt32

ws2_32

wtsapi32

msi

iphlpapi

bcrypt

wldap32

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 80KB - Virtual size: 102KB

.pdata Size: 145KB - Virtual size: 145KB

.rsrc Size: 540KB - Virtual size: 539KB

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 80KB - Virtual size: 102KB

.pdata
Size: 145KB - Virtual size: 145KB

.rsrc
Size: 540KB - Virtual size: 539KB

.reloc
Size: 41KB - Virtual size: 40KB