6a213ecfcce7df1016a210efad47ab9134de2a7492ed3709081b6e786bf2e374

Sharing

Copy URL Twitter E-mail

General

Target

6a213ecfcce7df1016a210efad47ab9134de2a7492ed3709081b6e786bf2e374
Size

4.3MB
MD5

131f5d5db6a1277f33c168e7cc97ad16
SHA1

763c0e6db3428e5392869dc690ea1ee58d20a222
SHA256

6a213ecfcce7df1016a210efad47ab9134de2a7492ed3709081b6e786bf2e374
SHA512

7b12c93e551f5ba132f00fc939c57323f0984c6521c15ff8f814fc874852360286fa4a8e00923caaa70708685af40af6980fbfa26732bdca93f26212e471cc7a
SSDEEP

49152:oDctyF+Qg3cIarjBUQKbmBDgWDe79N0Covf99maezJgE/CuByXhFK8JyPFm4:c+yBrnBpomBsfNdovregE/C2gho8JQT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a213ecfcce7df1016a210efad47ab9134de2a7492ed3709081b6e786bf2e374

Files

6a213ecfcce7df1016a210efad47ab9134de2a7492ed3709081b6e786bf2e374
.exe windows x86

0e63c77fcb80ffedc0aa5e91fc6c1e3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError
send
WSAStartup
WSACleanup
socket
WSAEventSelect
WSACreateEvent
WSACloseEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
closesocket
shutdown
listen
bind
inet_addr
htons
connect
setsockopt
ioctlsocket
recv
accept
gethostname
gethostbyname
htonl
inet_ntoa

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CopyFileA
GlobalFree
SetLastError
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpA
DeactivateActCtx
LoadLibraryA
ActivateActCtx
CompareStringA
GetLocaleInfoA
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
GlobalDeleteAtom
SetThreadPriority
ResumeThread
GetModuleHandleA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GlobalAddAtomA
FreeResource
FindResourceA
lstrcmpW
LoadLibraryW
GetVersionExA
GlobalFindAtomA
lstrlenA
CreateActCtxW
ReleaseActCtx
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
lstrcpyA
GetThreadLocale
lstrcmpiA
LockFile
UnlockFile
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
lstrlenW
GetACP
GetCPInfo
GetOEMCP
FileTimeToSystemTime
SetErrorMode
GetFileAttributesExA
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetTempFileNameA
GetTempPathA
GetWindowsDirectoryA
GetNumberFormatA
GetProfileIntA
SearchPathA
VirtualProtect
FindResourceExW
RtlUnwind
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
VirtualAlloc
ExitProcess
ExitThread
HeapQueryInformation
HeapSize
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetTimeZoneInformation
IsValidCodePage
SetHandleCount
GetConsoleCP
GetConsoleMode
LCMapStringW
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
CompareStringW
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GetTickCount
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
MulDiv
Sleep
DeleteCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
GetModuleFileNameA
GetLocalTime
CreateThread
GetCurrentDirectoryA
IsBadReadPtr
GlobalMemoryStatusEx
CreateDirectoryA
CloseHandle
ReadFile
WriteFile
DeleteFileA
SetFileAttributesA
SetFilePointer
GetFileSize
FlushFileBuffers
GetFileAttributesA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
VirtualQuery
GetSystemInfo
RaiseException
SetUnhandledExceptionFilter
SetEvent
CreateEventA
WaitForSingleObject
SetEndOfFile
InterlockedExchange
InitializeCriticalSection
GlobalGetAtomNameA

user32

ReleaseCapture
WaitMessage
DestroyIcon
CharUpperA
CharNextA
OffsetRect
CopyAcceleratorTableA
IsRectEmpty
SetRect
IntersectRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
InflateRect
GetMenuItemInfoA
DestroyMenu
UnregisterClassA
IsZoomed
SetWindowRgn
RedrawWindow
SetParent
DestroyAcceleratorTable
CreatePopupMenu
NotifyWinEvent
GetAsyncKeyState
SetClassLongA
LoadMenuW
GetSystemMenu
DrawStateA
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
ToAsciiEx
MapVirtualKeyA
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetCursorPos
BringWindowToTop
LockWindowUpdate
TranslateAcceleratorA
InsertMenuItemA
LoadAcceleratorsA
LoadImageA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
GetMenuDefaultItem
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
CopyImage
RegisterClipboardFormatA
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageA
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
CopyIcon
CharUpperBuffA
GetDoubleClickTime
IsCharLowerA
GetKeyNameTextA
MapVirtualKeyExA
SubtractRect
DestroyCursor
GetWindowRgn
KillTimer
SetTimer
InvalidateRect
RealChildWindowFromPoint
DeleteMenu
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
WindowFromPoint
TabbedTextOutA
FillRect
RegisterWindowMessageA
LoadIconA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowTextLengthA
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
CheckDlgButton
GetWindow
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxA
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
SetCapture
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoA
DrawTextA
SetRectEmpty
GetWindowLongA
SetWindowPos
GetSystemMetrics
LoadIconW
EnableWindow
GetClientRect
GetWindowRect
IsIconic
DrawIcon
SendMessageA
PostMessageA
DispatchMessageA
PeekMessageA
TranslateMessage
GetMessageA
wsprintfA
IsWindow

shell32

ShellExecuteA
SHAppBarMessage
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
DragFinish
SHGetFileInfoA

ole32

OleUninitialize
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleInitialize
OleGetClipboard
CoInitializeEx
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
CoCreateInstance
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree

comdlg32

GetFileTitleA

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW

oledlg

ord8

dbghelp

MiniDumpWriteDump

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

gdi32

SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetBkMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateDIBitmap
CreateFontIndirectA
SetPixelV
GetTextFaceA
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
SetROP2
SetWindowExtEx
GetTextExtentPoint32A
GetBkColor
GetTextColor
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
CreateBitmap
CreateDCA
CopyMetaFileA
SetPolyFillMode
SelectObject
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetDeviceCaps

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

oleaut32

VariantCopy
VarBstrFromDate
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
SysAllocStringByteLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e63c77fcb80ffedc0aa5e91fc6c1e3b

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

shell32

ole32

comdlg32

msimg32

comctl32

shlwapi

oledlg

dbghelp

oleacc

gdiplus

imm32

winmm

gdi32

winspool.drv

oleaut32

advapi32

msvcrt

iphlpapi

psapi

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.sedata Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 13KB - Virtual size: 16KB

.rsrc Size: 68KB - Virtual size: 72KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.sedata
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 13KB - Virtual size: 16KB

.rsrc
Size: 68KB - Virtual size: 72KB

.sedata
Size: 4KB - Virtual size: 4KB