fa09c7c7884c796df63053eac7eb20e2f609689e0235ead7c30f09f25b4346c3

Sharing

Copy URL Twitter E-mail

General

Target

fa09c7c7884c796df63053eac7eb20e2f609689e0235ead7c30f09f25b4346c3
Size

2.1MB
MD5

eb8e31bc366e80967109c14ae41ec7d7
SHA1

20cef26d767039eea7a1d646e6520375ca415076
SHA256

fa09c7c7884c796df63053eac7eb20e2f609689e0235ead7c30f09f25b4346c3
SHA512

8df31e321aa09b4b7bc740b5552c7ca8660dcd1dc5bff4cbd87c6d54d7d81b3b0b46e580a8862221440d63054a8dcbf99d917911179f294050a1ab5cd3bb3896
SSDEEP

49152:aCBWSG5lrqTbVhQ+Sbk49U+YlRA/fs8MWJNE2qQ1:aOb0D9ds4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa09c7c7884c796df63053eac7eb20e2f609689e0235ead7c30f09f25b4346c3

Files

fa09c7c7884c796df63053eac7eb20e2f609689e0235ead7c30f09f25b4346c3
.dll windows x86

6a5541ba981ad8b81171923be0335973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GetCommandLineW
GetStdHandle
WaitForMultipleObjects
lstrcpyW
LoadLibraryW
GetModuleFileNameW
FreeLibrary
GetCurrentProcess
CreateEventW
WaitForSingleObject
SetEvent
DeleteFileW
ReadDirectoryChangesW
CancelIo
PostQueuedCompletionStatus
GetQueuedCompletionStatus
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetFilePointer
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MoveFileExW
lstrlenW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
GetLocalTime
OpenProcess
GetStartupInfoW
CreateProcessW
GetCurrentThreadId
CreateIoCompletionPort
CloseHandle
GetCurrentThread
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetVersionExW
FindNextFileW
FindClose
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
CreateRemoteThread
GetCurrentProcessId
CreateMutexW
OutputDebugStringW
GetTempPathW
WriteFile
SetEndOfFile
CreateFileA
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
SetStdHandle
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetModuleFileNameA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
FindFirstFileW
LocalFree
GetLogicalProcessorInformation
GetThreadPriority
ReadFile
GetFileSizeEx
GetFileSize
CreateFileW
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetSystemWindowsDirectoryW
InterlockedCompareExchange
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
FlushFileBuffers
InitializeSListHead
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsBadReadPtr
ResetEvent
ResumeThread
GetTempFileNameW
GetVersion
ExitProcess
GetACP
lstrcmpW
FreeResource
MulDiv
FindNextFileA
ReleaseMutex
OpenFileMappingW
LoadLibraryExW
IsDebuggerPresent
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
GetCPInfo
TryEnterCriticalSection
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
DeviceIoControl
SetLastError
AreFileApisANSI
GetFileInformationByHandle
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
GetStringTypeW
FormatMessageW
FindFirstFileExW
GetFileAttributesExW

user32

BringWindowToTop
SetWindowPos
MoveWindow
AttachThreadInput
ScreenToClient
UnhookWinEvent
SetWinEventHook
GetClassNameW
GetWindowTextW
IsIconic
IsWindowVisible
IsWindow
GetWindowLongW
PostQuitMessage
KillTimer
SetTimer
CharLowerBuffW
EnumDisplayMonitors
GetMonitorInfoW
wsprintfW
PostThreadMessageW
PeekMessageW
GetMessageW
GetWindowThreadProcessId
IsWindowEnabled
FindWindowExW
RemovePropW
FindWindowW
PtInRect
CopyRect
GetCursorPos
GetWindowRect
SetForegroundWindow
GetForegroundWindow
SetWindowLongW
GetDC
ReleaseDC
MonitorFromPoint
TranslateMessage
DispatchMessageW
SendMessageW
PostMessageW
CreateWindowExW
IsChild
DestroyWindow
UpdateLayeredWindow
IsZoomed
CharNextW
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
CreateCaret
GetCaretBlinkTime
SetCaretPos
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
GetParent
GetWindow
MonitorFromWindow
CharPrevW
DrawTextW
SetRect
DestroyIcon
LoadImageW
DrawIconEx
GetIconInfo
wvsprintfW
SetCursor
InflateRect
OffsetRect
LoadCursorW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
ShowWindow
EnableWindow
SetPropW
GetPropW
SetWindowRgn
MessageBoxW
HideCaret
ShowCaret
ClientToScreen
GetSysColor
GetWindowDC
SetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
FillRect

advapi32

RegGetValueW
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyW
RegSetValueExW
RegDeleteKeyW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExA

shell32

SHChangeNotify
SHOpenWithDialog
SHGetDesktopFolder
SHGetMalloc
SHGetKnownFolderPath
SHGetFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
ord165

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid

oleaut32

VariantInit
VariantClear
SysAllocString
SafeArrayCreate
SafeArrayPutElement

shlwapi

StrCmpNIW
SHSetValueA
SHGetValueA
SHAutoComplete
SHSetValueW
StrStrIA
StrStrIW
PathFileExistsW
PathIsDirectoryW
PathCombineW
PathRemoveFileSpecW
PathAppendW
StrFormatByteSizeW
PathFindFileNameW
SHGetValueW
StrCmpIW
SHDeleteKeyW
SHDeleteValueW
StrTrimA

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

gdiplus

GdipGetImagePixelFormat
GdipDrawImageRectI
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateTexture
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillEllipseI
GdipClosePathFigure
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipGraphicsClear
GdipLoadImageFromFile
GdipDrawEllipseI
GdipAddPathArc
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRectI
GdipDrawImagePointsI
GdipFillPath

msimg32

AlphaBlend
GradientFill

comctl32

_TrackMouseEvent
ImageList_DrawEx
InitCommonControlsEx
ord17

gdi32

GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
Rectangle
RestoreDC
BitBlt
SaveDC
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CombineRgn
CreateRectRgnIndirect
CreateRoundRectRgn
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
SetDIBColorTable
TextOutW
ExtTextOutW
CreateDCW
GetDIBits
SetDIBitsToDevice
CreateSolidBrush

Exports

Exports

CreateTrayClient

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a5541ba981ad8b81171923be0335973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

version

wininet

iphlpapi

crypt32

wintrust

gdiplus

msimg32

comctl32

gdi32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 297KB - Virtual size: 296KB

.data Size: 27KB - Virtual size: 44KB

.rsrc Size: 364KB - Virtual size: 364KB

.reloc Size: 81KB - Virtual size: 81KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 297KB - Virtual size: 296KB

.data
Size: 27KB - Virtual size: 44KB

.rsrc
Size: 364KB - Virtual size: 364KB

.reloc
Size: 81KB - Virtual size: 81KB