21486eb7f07e0cc98b11a4227383c5be93be58eeeb352a0a50973fc61c969a65

Sharing

Copy URL

Twitter E-mail

General

Target

21486eb7f07e0cc98b11a4227383c5be93be58eeeb352a0a50973fc61c969a65
Size

2.8MB
MD5

53b7229abf0a792ab697f8ae4e5f4708
SHA1

93a9f684957a99a54bc3a3b049117714a5933968
SHA256

21486eb7f07e0cc98b11a4227383c5be93be58eeeb352a0a50973fc61c969a65
SHA512

d5709f8f3c71edf48efabe5e0961a4715029050e2db59f060a6c7cb963510b8c76c07760089a97ee425ba7ce475dfc623d5643d8d87b024278c9e0fd04cc9951
SSDEEP

49152:bKhRYlGGbx4FBK3SVXiHCyDpeQxP18vS3bdFF7YaKBkOef:bYWGSx4iCMisRxPWS35RXO8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21486eb7f07e0cc98b11a4227383c5be93be58eeeb352a0a50973fc61c969a65

Files

21486eb7f07e0cc98b11a4227383c5be93be58eeeb352a0a50973fc61c969a65
.exe windows x86

a43a40c5cf5d89b5327ecd987971a0a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetVersionExA
DeactivateActCtx
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FreeResource
FindResourceA
lstrlenA
MulDiv
GlobalUnlock
GlobalLock
GetCurrentProcessId
lstrlenW
LocalFree
FormatMessageA
GlobalAlloc
GlobalSize
CopyFileA
GlobalFree
GetModuleHandleW
lstrcmpA
InterlockedExchange
GetLocaleInfoA
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateActCtxW
ReleaseActCtx
GetModuleFileNameW
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
GetACP
FileTimeToSystemTime
GetCurrentDirectoryA
DeleteFileA
lstrcpyA
lstrcmpiA
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FreeLibrary
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetFileAttributesExA
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetWindowsDirectoryA
GetNumberFormatA
SetErrorMode
GetTempFileNameA
GetTempPathA
InitializeCriticalSectionAndSpinCount
GetTickCount
GetProfileIntA
SearchPathA
VirtualProtect
GetUserDefaultLCID
FindResourceExW
EncodePointer
DecodePointer
HeapFree
ExitProcess
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
RaiseException
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
HeapQueryInformation
HeapSize
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
IsValidCodePage
SetHandleCount
GetStdHandle
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
LCMapStringW
CompareStringW
GetTimeZoneInformation
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
SetLastError
lstrcmpW
CompareStringA
LoadLibraryW
FindClose
ActivateActCtx
Sleep
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateDirectoryA
GetModuleFileNameA
GetLastError
InterlockedDecrement
LoadLibraryA
GetProcAddress
OpenProcess
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
GlobalDeleteAtom
MultiByteToWideChar
GetProcessHeap
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery

user32

GetWindowThreadProcessId
RemoveMenu
InsertMenuA
AppendMenuA
GetMenuStringA
InflateRect
IntersectRect
PostQuitMessage
WaitMessage
KillTimer
SetTimer
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetActiveWindow
GetDesktopWindow
ValidateRect
TranslateMessage
GetMessageA
ShowOwnedPopups
DrawStateA
GetMenuItemInfoA
DestroyMenu
GetSystemMetrics
SystemParametersInfoA
RealChildWindowFromPoint
GetSysColorBrush
SetCapture
WindowFromPoint
LoadCursorW
ReleaseCapture
DeleteMenu
SetRectEmpty
EnumDisplayMonitors
SetLayeredWindowAttributes
CharUpperA
OffsetRect
LoadMenuW
GetSystemMenu
SetWindowRgn
RedrawWindow
MessageBeep
NotifyWinEvent
GetAsyncKeyState
IsZoomed
IsIconic
IsRectEmpty
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
IsMenu
CreatePopupMenu
SetMenuDefaultItem
GetMenuDefaultItem
DestroyIcon
UnregisterClassA
MapVirtualKeyA
InvertRect
DrawFocusRect
HideCaret
GetIconInfo
CopyImage
LoadImageA
GetNextDlgGroupItem
DrawIconEx
TranslateAcceleratorA
BringWindowToTop
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
SetParent
DestroyAcceleratorTable
SetClassLongA
DrawEdge
DrawFrameControl
CopyAcceleratorTableA
ToAsciiEx
EndPaint
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetRect
SetCursorPos
LockWindowUpdate
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
RegisterClipboardFormatA
FrameRect
CopyIcon
CharUpperBuffA
PostThreadMessageA
GetKeyNameTextA
IsCharLowerA
MapVirtualKeyExA
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
SubtractRect
DestroyCursor
MapDialogRect
DrawIcon
GetWindowRgn
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
GetWindow
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetClientRect
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
EnableWindow
FillRect
InvalidateRect
LoadCursorA
SetCursor
wsprintfA
LoadIconW
SendMessageA
GetWindowRect
GetCursorPos
GetDC
ReleaseDC
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
GetKeyboardLayout
UpdateWindow

gdi32

SetTextAlign
MoveToEx
LineTo
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectObject
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
CreatePen
GetTextFaceA
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
CreateSolidBrush
SetTextColor
SetPixelV
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
SetPaletteEntries
ExtFloodFill
EnumFontFamiliesExA
Rectangle
SetPixel
StretchBlt
SetDIBColorTable
GetRgnBox
OffsetRgn
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
CreatePolygonRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetBkColor
CreateDIBSection
CreateRoundRectRgn
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
CreateDIBitmap
GetTextExtentPoint32A
DPtoLP
PatBlt
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateFontIndirectA
CreateDCA
CopyMetaFileA
CreateHatchBrush
GetDeviceCaps
GetObjectType
SelectPalette
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
GetLayout
SetLayout
SelectClipRgn
DeleteObject
SetBkColor

advapi32

OpenProcessToken
RegEnumKeyA
RegQueryValueA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegSetValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA

shell32

SHBrowseForFolderA
SHAppBarMessage
DragQueryFileA
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetFileInfoA
ShellExecuteA
SHGetFolderPathA

ole32

OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleCreateMenuDescriptor
DoDragDrop
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
OleDestroyMenuDescriptor

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
SysAllocStringLen
SysStringLen

msimg32

TransparentBlt
AlphaBlend

comctl32

_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathAppendA
PathRemoveFileSpecW

ws2_32

bind
send
recv
WSASetLastError
setsockopt
connect
sendto
WSAAsyncSelect
listen
inet_addr
htons
htonl
gethostbyname
select
socket
accept
closesocket
WSACleanup
WSAStartup
inet_ntoa
ntohs
WSAGetLastError
recvfrom

gdiplus

GdipDrawImageRectI
GdipReleaseDC
GdipSetSmoothingMode
GdipCreateLineBrushI
GdipDeleteBrush
GdipFree
GdipGetImageHeight
GdipCloneBrush
GdipFillRectangleI
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteGraphics
GdipCreateFromHDC
GdipAlloc
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipFillEllipse
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFile
GdiplusShutdown
GdiplusStartup
GdipDrawString
GdipSetTextRenderingHint
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawImageI
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily

dwmapi

DwmExtendFrameIntoClientArea

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.@ c
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.c`L
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.>u
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a43a40c5cf5d89b5327ecd987971a0a9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

ws2_32

gdiplus

dwmapi

wininet

oleacc

imm32

winmm

winspool.drv

comdlg32

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 271KB

.data Size: - Virtual size: 53KB

.@ c Size: - Virtual size: 1.3MB

.c`L Size: 3KB - Virtual size: 3KB

.>u Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 512B - Virtual size: 288B

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 271KB

.data
Size: - Virtual size: 53KB

.@ c
Size: - Virtual size: 1.3MB

.c`L
Size: 3KB - Virtual size: 3KB

.>u
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 512B - Virtual size: 288B

.rsrc
Size: 14KB - Virtual size: 14KB