3651d7cb14509a6db9ebc21c8a4cf8d470bd1539d6c71d9867a93c8dcd918dfa

Sharing

Copy URL

Twitter E-mail

General

Target

3651d7cb14509a6db9ebc21c8a4cf8d470bd1539d6c71d9867a93c8dcd918dfa
Size

1.1MB
MD5

153229b1cb76ec0fd3e6bcf20a730fc5
SHA1

fc5d228b8933d99b033172c6b254f885537c1244
SHA256

3651d7cb14509a6db9ebc21c8a4cf8d470bd1539d6c71d9867a93c8dcd918dfa
SHA512

45ab00989a1d1012fc237ed501a5c33c41d2c8b7faeee5a2bb4f68a39be808d0730b7bd0ef01b3e76d7dd2b843ce0b86f0fb79d965216eda2dc1393f2608ad6d
SSDEEP

24576:/lI/rR2OPIiUWNQEhkZtpPMuTDWCvfwTSjB:/lI/4OPKWBQ3TDWH8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3651d7cb14509a6db9ebc21c8a4cf8d470bd1539d6c71d9867a93c8dcd918dfa

Files

3651d7cb14509a6db9ebc21c8a4cf8d470bd1539d6c71d9867a93c8dcd918dfa
.exe windows x86

c9bd987d73412246a60519b13ae114df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetExitCodeProcess
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcessId
Process32NextW
OpenProcess
TerminateProcess
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoA
IsValidCodePage
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpiA
GetCommandLineW
GetModuleHandleW
FreeLibrary
GetModuleFileNameW
lstrlenA
LoadLibraryW
GetLocalTime
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
SetEnvironmentVariableA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryA
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetProcessHeap
HeapAlloc
FlushFileBuffers
VirtualFree
VirtualAlloc
SetEndOfFile
ReadFile
CreateFileW
GetCurrentThreadId
CloseHandle
GetLastError
GetCurrentProcess
FindNextFileW
FindClose
FindFirstFileW
LeaveCriticalSection
Sleep
GetFullPathNameA
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetTimeZoneInformation
GetStringTypeA
EnumSystemLocalesA
HeapCreate
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FindFirstFileA
GetDriveTypeA
SetFilePointer
GetFileInformationByHandle
CreateThread
ExitThread
HeapReAlloc
CompareStringW
CompareStringA
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
FormatMessageA
SleepEx
SetLastError
VerSetConditionMask
VerifyVersionInfoA
GetModuleHandleA
LoadLibraryA
DeviceIoControl
InterlockedCompareExchange
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WriteFile
GetTickCount
GetProcAddress

user32

GetClientRect
GetCursorPos
SetForegroundWindow
CreatePopupMenu
IsZoomed
ScreenToClient
LoadIconW
TrackPopupMenu
AppendMenuW
KillTimer
PostQuitMessage
SendMessageW
ShowWindow
BringWindowToTop
GetWindowLongW
SetWindowLongW
SetTimer
RedrawWindow

gdi32

SelectObject
DeleteObject
GetObjectW
CreateCompatibleDC

advapi32

CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
CryptReleaseContext

shell32

CommandLineToArgvW
Shell_NotifyIconW

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

shlwapi

PathRemoveFileSpecW
PathFileExistsW

timeforyearui

?SetAutoDestroy@CContainerUI@DuiLib@@UAEX_N@Z
?IsDelayedDestroy@CContainerUI@DuiLib@@UBE_NXZ
?SetDelayedDestroy@CContainerUI@DuiLib@@UAEX_N@Z
?IsMouseChildEnabled@CContainerUI@DuiLib@@UBE_NXZ
?SetMouseChildEnabled@CContainerUI@DuiLib@@UAEX_N@Z
?FindSelectable@CContainerUI@DuiLib@@UBEHH_N@Z
?GetScrollPos@CContainerUI@DuiLib@@UBE?AUtagSIZE@@XZ
?GetScrollRange@CContainerUI@DuiLib@@UBE?AUtagSIZE@@XZ
?SetScrollPos@CContainerUI@DuiLib@@UAEXUtagSIZE@@_N@Z
?SetScrollStepSize@CContainerUI@DuiLib@@UAEXH@Z
?GetScrollStepSize@CContainerUI@DuiLib@@UBEHXZ
?LineUp@CContainerUI@DuiLib@@UAEXXZ
?LineDown@CContainerUI@DuiLib@@UAEXXZ
?PageUp@CContainerUI@DuiLib@@UAEXXZ
?PageDown@CContainerUI@DuiLib@@UAEXXZ
?HomeUp@CContainerUI@DuiLib@@UAEXXZ
?EndDown@CContainerUI@DuiLib@@UAEXXZ
?LineLeft@CContainerUI@DuiLib@@UAEXXZ
?LineRight@CContainerUI@DuiLib@@UAEXXZ
?PageLeft@CContainerUI@DuiLib@@UAEXXZ
?PageRight@CContainerUI@DuiLib@@UAEXXZ
?HomeLeft@CContainerUI@DuiLib@@UAEXXZ
?EndRight@CContainerUI@DuiLib@@UAEXXZ
?EnableScrollBar@CContainerUI@DuiLib@@UAEX_N0@Z
?GetVerticalScrollBar@CContainerUI@DuiLib@@UBEPAVCScrollBarUI@2@XZ
?GetHorizontalScrollBar@CContainerUI@DuiLib@@UBEPAVCScrollBarUI@2@XZ
?SetFloatPos@CContainerUI@DuiLib@@MAEXH@Z
?ProcessScrollBar@CContainerUI@DuiLib@@MAEXUtagRECT@@HH@Z
?GetItemAt@CContainerUI@DuiLib@@UBEPAVCControlUI@2@H@Z
?GetItemIndex@CContainerUI@DuiLib@@UBEHPAVCControlUI@2@@Z
?SetItemIndex@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?GetCount@CContainerUI@DuiLib@@UBEHXZ
?Add@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?AddAt@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?Remove@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?RemoveAt@CContainerUI@DuiLib@@UAE_NH@Z
?RemoveAll@CContainerUI@DuiLib@@UAEXXZ
??1CVerticalLayoutUI@DuiLib@@UAE@XZ
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?SetResourcePath@CPaintManagerUI@DuiLib@@SAXPB_W@Z
??BCDuiString@DuiLib@@QBEPB_WXZ
??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z
?GetInstancePath@CPaintManagerUI@DuiLib@@SA?AVCDuiString@2@XZ
??1CDuiString@DuiLib@@QAE@XZ
?MessageLoop@CPaintManagerUI@DuiLib@@SAXXZ
??0WindowImplBase@DuiLib@@QAE@XZ
??1WindowImplBase@DuiLib@@UAE@XZ
??0CDuiString@DuiLib@@QAE@PB_WH@Z
?IsAutoDestroy@CContainerUI@DuiLib@@UBE_NXZ
??8CDuiString@DuiLib@@QBE_NPB_W@Z
?IsSelected@COptionUI@DuiLib@@QBE_NXZ
?Format@CDuiString@DuiLib@@QAAHPB_WZZ
?SetBkImage@CControlUI@DuiLib@@QAEXPB_W@Z
?HandleMessage@WindowImplBase@DuiLib@@UAEJIIJ@Z
?Close@CWindowWnd@DuiLib@@QAEXI@Z
?GetInstance@CPaintManagerUI@DuiLib@@SAPAUHINSTANCE__@@XZ
??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
?GetSizeBox@CPaintManagerUI@DuiLib@@QAEAAUtagRECT@@XZ
?GetCaptionRect@CPaintManagerUI@DuiLib@@QAEAAUtagRECT@@XZ
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@UtagPOINT@@@Z
?OnFinalMessage@WindowImplBase@DuiLib@@UAEXPAUHWND__@@@Z
?HandleCustomMessage@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetHWND@CWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKHHHHPAUHMENU__@@@Z
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
?GetSuperClassName@CWindowWnd@DuiLib@@MBEPB_WXZ
?GetClassStyle@WindowImplBase@DuiLib@@UBEIXZ
?OnClick@WindowImplBase@DuiLib@@MAEXAAUtagTNotifyUI@2@@Z
?ResponseDefaultKeyEvent@WindowImplBase@DuiLib@@MAEJI@Z
?GetZIPFileName@WindowImplBase@DuiLib@@UBE?AVCDuiString@2@XZ
?OnClose@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnDestroy@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcActivate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcCalcSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcPaint@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnGetMinMaxInfo@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseWheel@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseHover@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?PaintBorder@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?OnSysCommand@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnCreate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKillFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSetFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonUp@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseMove@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetStyle@WindowImplBase@DuiLib@@UAEJXZ
?GetMessageMap@WindowImplBase@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ
?MessageHandler@WindowImplBase@DuiLib@@UAEJIIJAA_N@Z
??0CDuiString@DuiLib@@QAE@XZ
??4CDuiString@DuiLib@@QAEABV01@PB_W@Z
?Left@CDuiString@DuiLib@@QBE?AV12@H@Z
?Right@CDuiString@DuiLib@@QBE?AV12@H@Z
??9CDuiString@DuiLib@@QBE_NPB_W@Z
??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z
?SetFloat@CControlUI@DuiLib@@UAEX_N@Z
?GetChildPadding@CContainerUI@DuiLib@@UBEHXZ
?SetInset@CContainerUI@DuiLib@@UAEXUtagRECT@@@Z
?GetInset@CContainerUI@DuiLib@@UBE?AUtagRECT@@XZ
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z
?DoPostPaint@CVerticalLayoutUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
??0CVerticalLayoutUI@DuiLib@@QAE@XZ
??0CDuiRect@DuiLib@@QAE@XZ
?GetInterface@CVerticalLayoutUI@DuiLib@@UAEPAXPB_W@Z
?DoPaint@CContainerUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?GetPaintDC@CPaintManagerUI@DuiLib@@QBEPAUHDC__@@XZ
?GenerateBitmap@CRenderEngine@DuiLib@@SAPAUHBITMAP__@@PAVCPaintManagerUI@2@PAVCControlUI@2@UtagRECT@@@Z
?SetAttribute@CVerticalLayoutUI@DuiLib@@UAEXPB_W0@Z
?Invalidate@CControlUI@DuiLib@@QAEXXZ
?GetPaintWindow@CPaintManagerUI@DuiLib@@QBEPAUHWND__@@XZ
?GetName@CControlUI@DuiLib@@UBE?AVCDuiString@2@XZ
?SetName@CControlUI@DuiLib@@UAEXPB_W@Z
?GetControlFlags@CVerticalLayoutUI@DuiLib@@UBEIXZ
?Activate@CControlUI@DuiLib@@UAE_NXZ
?GetManager@CControlUI@DuiLib@@UBEPAVCPaintManagerUI@2@XZ
?SetManager@CContainerUI@DuiLib@@UAEXPAVCPaintManagerUI@2@PAVCControlUI@2@_N@Z
?GetParent@CControlUI@DuiLib@@UBEPAV12@XZ
?GetText@CControlUI@DuiLib@@UBE?AVCDuiString@2@XZ
?SetText@CControlUI@DuiLib@@UAEXPB_W@Z
?GetPos@CControlUI@DuiLib@@UBEABUtagRECT@@XZ
?SetChildPadding@CContainerUI@DuiLib@@UAEXH@Z
?SetPos@CVerticalLayoutUI@DuiLib@@UAEXUtagRECT@@_N@Z
?GetWidth@CControlUI@DuiLib@@UBEHXZ
?GetHeight@CControlUI@DuiLib@@UBEHXZ
?GetX@CControlUI@DuiLib@@UBEHXZ
?IsFloat@CControlUI@DuiLib@@UBE_NXZ
?SetFocus@CControlUI@DuiLib@@UAEXXZ
?IsFocused@CControlUI@DuiLib@@UBE_NXZ
?SetKeyboardEnabled@CControlUI@DuiLib@@UAEX_N@Z
?IsKeyboardEnabled@CControlUI@DuiLib@@UBE_NXZ
?SetMouseEnabled@CContainerUI@DuiLib@@UAEX_N@Z
?IsMouseEnabled@CControlUI@DuiLib@@UBE_NXZ
?GetY@CControlUI@DuiLib@@UBEHXZ
?GetPadding@CControlUI@DuiLib@@UBE?AUtagRECT@@XZ
?SetPadding@CControlUI@DuiLib@@UAEXUtagRECT@@@Z
?GetFixedXY@CControlUI@DuiLib@@UBE?AUtagSIZE@@XZ
?SetFixedXY@CControlUI@DuiLib@@UAEXUtagSIZE@@@Z
?GetFixedWidth@CControlUI@DuiLib@@UBEHXZ
?SetFixedWidth@CControlUI@DuiLib@@UAEXH@Z
?GetFixedHeight@CControlUI@DuiLib@@UBEHXZ
?SetFixedHeight@CControlUI@DuiLib@@UAEXH@Z
?GetMinWidth@CControlUI@DuiLib@@UBEHXZ
?SetMinWidth@CControlUI@DuiLib@@UAEXH@Z
?GetMaxWidth@CControlUI@DuiLib@@UBEHXZ
?SetMaxWidth@CControlUI@DuiLib@@UAEXH@Z
?GetMinHeight@CControlUI@DuiLib@@UBEHXZ
?SetMinHeight@CControlUI@DuiLib@@UAEXH@Z
?GetMaxHeight@CControlUI@DuiLib@@UBEHXZ
?SetMaxHeight@CControlUI@DuiLib@@UAEXH@Z
?GetFloatPercent@CControlUI@DuiLib@@UBE?AUtagTPercentInfo@2@XZ
?SetFloatPercent@CControlUI@DuiLib@@UAEXUtagTPercentInfo@2@@Z
?GetToolTip@CControlUI@DuiLib@@UBE?AVCDuiString@2@XZ
?SetEnabled@CContainerUI@DuiLib@@UAEX_N@Z
?IsEnabled@CControlUI@DuiLib@@UBE_NXZ
?SetInternVisible@CContainerUI@DuiLib@@UAEX_N@Z
?SetToolTip@CControlUI@DuiLib@@UAEXPB_W@Z
?SetToolTipWidth@CControlUI@DuiLib@@UAEXH@Z
?GetToolTipWidth@CControlUI@DuiLib@@UAEHXZ
?GetShortcut@CControlUI@DuiLib@@UBE_WXZ
?SetShortcut@CControlUI@DuiLib@@UAEX_W@Z
?PaintText@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?PaintStatusImage@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?PaintBkImage@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?PaintBkColor@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?EstimateSize@CControlUI@DuiLib@@UAE?AUtagSIZE@@U3@@Z
?DoEvent@CVerticalLayoutUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?SetVisible@CContainerUI@DuiLib@@UAEX_N@Z
?IsVisible@CControlUI@DuiLib@@UBE_NXZ
?Event@CControlUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoInit@CControlUI@DuiLib@@UAEXXZ
?Init@CControlUI@DuiLib@@UAEXXZ
?OnChar@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?FindControl@CContainerUI@DuiLib@@UAEPAVCControlUI@2@P6GPAV32@PAV32@PAX@Z1I@Z
?SetTag@CControlUI@DuiLib@@UAEXI@Z
?GetTag@CControlUI@DuiLib@@UBEIXZ
?SetUserData@CControlUI@DuiLib@@UAEXPB_W@Z
?GetUserData@CControlUI@DuiLib@@UAEABVCDuiString@2@XZ
?SetContextMenuUsed@CControlUI@DuiLib@@UAEX_N@Z
?IsContextMenuUsed@CControlUI@DuiLib@@UBE_NXZ

ws2_32

WSACleanup
WSAStartup
connect
recv
send
shutdown
bind
ntohs
inet_addr
setsockopt
socket
htonl
ntohl
gethostbyname
inet_ntoa
recvfrom
sendto
closesocket
freeaddrinfo
WSASetLastError
__WSAFDIsSet
WSAGetLastError
WSAIoctl
getsockname
getsockopt
getpeername
accept
listen
ioctlsocket
gethostname
htons
getaddrinfo
select

wldap32

ord41
ord46
ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord27
ord33
ord301

iphlpapi

GetAdaptersInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 685KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9bd987d73412246a60519b13ae114df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

timeforyearui

ws2_32

wldap32

iphlpapi

setupapi

oleaut32

Sections

.text Size: 357KB - Virtual size: 356KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 685KB - Virtual size: 685KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 357KB - Virtual size: 356KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 685KB - Virtual size: 685KB

.reloc
Size: 33KB - Virtual size: 33KB