288ad49636239afc419de73317f11af089e0556fa0b3a2593786a97842bdc7aa

Sharing

Copy URL Twitter E-mail

General

Target

288ad49636239afc419de73317f11af089e0556fa0b3a2593786a97842bdc7aa
Size

5.9MB
MD5

56f86177cca07d3962e887dcbb0a8fc4
SHA1

5577e1a5be260df87963b369f7c9ecb240eddecf
SHA256

288ad49636239afc419de73317f11af089e0556fa0b3a2593786a97842bdc7aa
SHA512

91cd4a294b1afaa4b1fcd2287ee7ba4956208bddddc023d01f3274fa21b11de84d558c9f4b48d7eae5eb951b8eafc073c4f3c0c1d2ba2b986bb46aceb3e918e2
SSDEEP

98304:eBWYdo+5268d5rq+p7OOeA0Y9VFVux5lgafx9N2klBU0lb9Gd+jDEJcdK6I07L+i:8Jdo8X8dNV9Vq5x9N2klBDR9Gd+jgn0N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
288ad49636239afc419de73317f11af089e0556fa0b3a2593786a97842bdc7aa

Files

288ad49636239afc419de73317f11af089e0556fa0b3a2593786a97842bdc7aa
.exe windows x86

cfa8a3b30907debb4ea85675cf7660de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

MakeSureDirectoryPathExists

kernel32

GetFileType
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
GetStringTypeW
GetSystemTimeAsFileTime
LCMapStringW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
SearchPathW
GetProfileIntW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentDirectoryW
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
FindClose
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
SystemTimeToFileTime
SetFileTime
GetFileSizeEx
GetFileAttributesExW
SetErrorMode
WaitForMultipleObjects
LocalAlloc
FileTimeToLocalFileTime
lstrcmpiW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameW
FlushFileBuffers
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeResource
EncodePointer
GetCurrentThreadId
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
SetLastError
lstrcpyW
ResumeThread
SuspendThread
SetThreadPriority
GetTempFileNameA
GetDiskFreeSpaceExA
GetCurrentProcessId
GetStdHandle
GetSystemDefaultLCID
CreateDirectoryA
SetThreadExecutionState
DeleteFileA
MoveFileExA
ReleaseMutex
GetCommandLineW
CreateMutexW
GetLogicalDriveStringsA
SetVolumeLabelW
lstrcmpA
GetDriveTypeA
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
WriteFile
CopyFileExW
TerminateThread
CopyFileW
GetSystemDirectoryA
ExpandEnvironmentStringsW
WritePrivateProfileStringW
GetWindowsDirectoryW
GetLogicalDrives
CreateSemaphoreW
CreateThread
OutputDebugStringW
CreateEventW
ReleaseSemaphore
FormatMessageW
GetACP
CreateEventA
SetEvent
GetTickCount
CreateProcessW
GlobalMemoryStatusEx
GetStartupInfoW
InterlockedIncrement
GetModuleHandleW
WTSGetActiveConsoleSessionId
FindResourceW
LoadResource
FindResourceExW
GetNativeSystemInfo
LockResource
LoadLibraryA
GetDiskFreeSpaceExW
Sleep
SetCurrentDirectoryA
GetCurrentDirectoryA
GetSystemPowerStatus
InterlockedDecrement
DeviceIoControl
GetVolumeInformationW
SizeofResource
GetFileTime
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
WideCharToMultiByte
FreeLibrary
GetFileSize
MoveFileExW
GetProcAddress
LoadLibraryW
DeleteFileW
FileTimeToSystemTime
CreateFileA
GetFileAttributesA
CopyFileA
MultiByteToWideChar
GetLogicalDriveStringsW
SetFileAttributesW
GetModuleHandleA
GetSystemDirectoryW
GetVersionExW
GetFileAttributesW
GetUserDefaultLCID
GetSystemInfo
SleepEx
QueryPerformanceFrequency
PeekNamedPipe
GetEnvironmentVariableA
RtlUnwind
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle
GetCommandLineA
HeapQueryInformation
VirtualAlloc
VirtualQuery
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetTimeZoneInformation
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
GetTempPathW
FindNextFileA
GetModuleFileNameW
RemoveDirectoryW
lstrlenW
GetCurrentProcess
FindNextFileW
FindFirstFileA
ExitProcess
DosDateTimeToFileTime
GetLocalTime
OpenEventA
FormatMessageA
SetFilePointerEx
FindFirstFileW
GetModuleFileNameA
CreateDirectoryW
CreateProcessA
GetStartupInfoA
CloseHandle
WaitForSingleObject
CreatePipe
OutputDebugStringA
ReadFile
GetProcessHeap
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateFileW

user32

GetMenuDefaultItem
CreatePopupMenu
DeleteMenu
SetCursor
ShowOwnedPopups
GetNextDlgGroupItem
SetCapture
ReleaseCapture
WindowFromPoint
DrawFocusRect
IsRectEmpty
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SetLayeredWindowAttributes
SetWindowPos
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
wvsprintfW
CharNextW
GetCaretBlinkTime
GetCaretPos
CharPrevW
CreateCaret
ShowCaret
SetCaretPos
InvalidateRgn
GetGUIThreadInfo
CopyIcon
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
ShowWindow
FindWindowW
SetForegroundWindow
MessageBoxW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
ScreenToClient
MoveWindow
ClientToScreen
PostQuitMessage
KillTimer
SetTimer
GetParent
SetWindowLongW
wsprintfW
ExitWindowsEx
LoadImageW
InvalidateRect
TranslateMessage
PeekMessageW
TrackMouseEvent
DestroyIcon
MapDialogRect
GetAsyncKeyState
RealChildWindowFromPoint
CreateMenu
GetWindowRgn
DispatchMessageW
DestroyCursor
GetMessageW
LoadCursorW
SetPropW
RegisterClassExW
SendMessageW
CreateWindowExW
GetPropW
DestroyWindow
PostMessageW
DefWindowProcW
GetWindowTextW
EnumWindows
SetWindowTextW
GetWindowThreadProcessId
IntersectRect
MapWindowPoints
GetMonitorInfoW
IsWindow
MonitorFromWindow
GetWindowRect
GetWindowLongW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
RegisterWindowMessageW
GetMessagePos
GetMessageTime
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
IsMenu
IsChild
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetFocus
MessageBoxA
GetCapture
GetMenu
SetMenu
TrackPopupMenu
EnableWindow
GetClientRect
GetUserObjectInformationW
GetProcessWindowStation
OffsetRect
SetRectEmpty
SendDlgItemMessageA
CopyImage
SystemParametersInfoW
InflateRect
GetMenuItemInfoW
DestroyMenu
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetSysColorBrush
ReleaseDC
GetSystemMetrics
CharUpperW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
IsWindowEnabled
CheckDlgButton
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
UnhookWindowsHookEx
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
EqualRect
CopyRect
GetSysColor
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
GetForegroundWindow
SetActiveWindow
UpdateWindow
GetDC

advapi32

RegDeleteValueW
RegOpenKeyExA
OpenProcessToken
RegQueryValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorW

ole32

CLSIDFromProgID
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
CLSIDFromString
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize

shell32

ShellExecuteW
SHCreateDirectoryExA
SHGetSpecialFolderPathW
SHGetFolderPathA
ShellExecuteExW
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
SHGetDesktopFolder
SHBrowseForFolderW
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetSpecialFolderPathA

oleaut32

VariantClear
SysStringLen
SysAllocString
SysAllocStringByteLen
SysFreeString
VariantInit
SysAllocStringLen
VariantChangeType
SystemTimeToVariantTime
VariantTimeToSystemTime
LoadTypeLi
VariantCopy
VarBstrFromDate

shlwapi

PathStripPathW
PathFindFileNameA
PathStripToRootW
StrFormatKBSizeW
PathUnquoteSpacesA
StrCpyW
PathIsFileSpecW
PathFileExistsA
PathFindExtensionA
PathFindExtensionW
PathFileExistsW
PathRemoveArgsA
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindFileNameW
StrCmpW
PathAppendA
PathRemoveFileSpecA
PathIsUNCW

wtsapi32

WTSQueryUserToken

gdiplus

GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdiplusShutdown
GdipDeleteFontFamily
GdipGetImageHeight
GdipCloneImage
GdipDeleteBrush
GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdipFree
GdipDrawString
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipCloneBrush
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDeleteFont
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdiplusStartup
GdipGetPropertyItem
GdipCreateLineBrushI
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipGraphicsClear
GdipDrawImage
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipGetFamily
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipSetPixelOffsetMode

wininet

InternetGetConnectedState

netapi32

Netbios

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdi32

CopyMetaFileW
CreateDCW
GetDeviceCaps
SetBkColor
SetTextColor
GetObjectW
CreateBitmap
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
DeleteDC
BitBlt
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
GetObjectA
CreatePenIndirect
GetCharABCWidthsW
GdiFlush
SelectObject
ScaleWindowExtEx
CreateCompatibleDC
DeleteObject
ScaleViewportExtEx
FillRgn

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

uxtheme

DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
DrawThemeText

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

ws2_32

gethostname
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
ntohs
socket
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
select
htons
getsockopt
__WSAFDIsSet
ioctlsocket
listen
htonl
getsockname
accept
WSAStartup
WSAIoctl
WSASetLastError
closesocket
WSACleanup
recv
send
WSAGetLastError
bind
connect
getpeername
setsockopt

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmSetCompositionFontW
ImmGetOpenStatus
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

winmm

PlaySoundW

wldap32

ord127
ord27
ord26
ord117
ord41
ord167
ord216
ord46
ord219
ord145
ord142
ord79
ord14
ord133
ord147
ord301
ord208

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024KB - Virtual size: 27.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfa8a3b30907debb4ea85675cf7660de

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

wtsapi32

gdiplus

wininet

netapi32

version

gdi32

msimg32

winspool.drv

comctl32

uxtheme

setupapi

ws2_32

oleacc

imm32

winmm

wldap32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 43KB - Virtual size: 100KB

.gfids Size: 106KB - Virtual size: 105KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024KB - Virtual size: 27.7MB

.reloc Size: 207KB - Virtual size: 207KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 43KB - Virtual size: 100KB

.gfids
Size: 106KB - Virtual size: 105KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024KB - Virtual size: 27.7MB

.reloc
Size: 207KB - Virtual size: 207KB