69b2c77f4b01443306f493791453983588976e3b2e091bca289edfa745eda77a

Sharing

Copy URL

Twitter E-mail

General

Target

69b2c77f4b01443306f493791453983588976e3b2e091bca289edfa745eda77a
Size

2.3MB
MD5

925da8f6d9daf4a747045092dfa00f45
SHA1

9e0cdda54919e0968a34dc418b7ad32bd0dc6ff3
SHA256

69b2c77f4b01443306f493791453983588976e3b2e091bca289edfa745eda77a
SHA512

6e8a0313bb2781ba2cc631d314a363bd7231cd8cfa3165a5f1e32ca61b9e0e0e573edbda7323e96ea6a494e212f3edea186c807a6d72a199f442dcd8560118ba
SSDEEP

49152:4VTl30e7fqneJeGI1jrrM20N7LX3fESdzX2zUaunG5a8s/0zB9ddWxKDTQ/k2X8:4ZyeMeMjM2SLfEY2UauG5D60zBHdWowS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
69b2c77f4b01443306f493791453983588976e3b2e091bca289edfa745eda77a

Files

69b2c77f4b01443306f493791453983588976e3b2e091bca289edfa745eda77a
.exe windows x86

ac6dde8e5d33e8ab4c532f22dbbf1f53

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
FormatMessageA
GetUserDefaultLCID
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetLocalTime
GetFileSize
ReadFile
FindFirstFileA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetTickCount
SetFileAttributesA
WriteFile
GetModuleFileNameA
WritePrivateProfileStringA
Sleep
GetPrivateProfileStringA
IsBadReadPtr
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
MoveFileExA
GetTempFileNameA
GetTempPathA
GetLastError
LocalSize
GlobalSize
RtlMoveMemory
lstrlenW
MoveFileA
CreateDirectoryA
DeviceIoControl
CreateEventA
OpenEventA
CreateMutexA
CreateWaitableTimerA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetDiskFreeSpaceExA
GlobalMemoryStatusEx
Module32Next
GetFileAttributesA
VirtualProtect
Process32Next
Process32First
CreateToolhelp32Snapshot
IsDebuggerPresent
GetCurrentProcessId
SetWaitableTimer
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
GetStringTypeW
CreateWaitableTimerW
HeapFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
VirtualFree
VirtualAlloc
WideCharToMultiByte
CloseHandle
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcess
CreateFileA
FreeResource
SizeofResource
LockResource
LoadResource
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
GetACP
GetSystemTime
RaiseException
TerminateProcess
RtlUnwind
GetOEMCP
GetCPInfo
SetErrorMode
GetProcessVersion
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcatA
GlobalFlags
MulDiv
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
FlushFileBuffers
SetFilePointer
lstrcpyA
lstrcpynA
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
lstrlenA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetLastError
GetTimeZoneInformation
FindResourceA
MultiByteToWideChar
GetNativeSystemInfo
GetProcAddress
GetModuleHandleW
GetProcessHeap

user32

CopyImage
MsgWaitForMultipleObjects
IsWindowVisible
GetWindowTextA
GetClassNameA
CreateWindowStationA
IsWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId
ShowWindow
GetWindowRect
MoveWindow
SetActiveWindow
MessageBeep
GetPropA
SetForegroundWindow
RemovePropA
PostMessageW
SetCursor
SendMessageA
KillTimer
GetAsyncKeyState
IntersectRect
InvalidateRect
UpdateLayeredWindow
ReleaseCapture
IsZoomed
GetClassNameW
LoadCursorFromFileW
SetTimer
SendMessageW
ReleaseDC
SetCaretPos
GetCursorPos
CallWindowProcW
TrackMouseEvent
BeginPaint
EndPaint
SetCapture
GetFocus
SetFocus
SetWindowLongW
SetWindowPos
SetPropA
GetClassLongW
GetWindowTextW
GetParent
SetWindowRgn
GetSystemMetrics
DestroyWindow
MessageBoxA
wsprintfA
DispatchMessageA
GetMessageA
PeekMessageA
CreateWindowExW
DefWindowProcW
RegisterClassExW
EndDialog
CreateDialogIndirectParamA
DestroyMenu
PostThreadMessageA
UnregisterClassA
LoadStringA
GetSysColorBrush
SystemParametersInfoA
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
LoadCursorW
PtInRect
IsIconic
UpdateWindow
SetWindowTextA
EnableWindow
IsWindowEnabled
GetForegroundWindow
GetActiveWindow
PostQuitMessage
PostMessageA
GetWindowLongA
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
GetDlgCtrlID
GetWindow
ClientToScreen
UnhookWindowsHookEx
GetMenuItemCount
GetDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
GetWindowPlacement
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
LoadCursorA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
WinHelpA
LoadIconA

gdi32

GetStockObject
GetObjectA
GetDIBits
CreateRectRgn
CreateRoundRectRgn
GetDeviceCaps
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
BitBlt
RestoreDC
SetBkColor
SaveDC
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

wsock32

WSACleanup
select
WSAAsyncSelect
ntohs
getsockname
recv
send
gethostbyname
connect
ioctlsocket
socket
closesocket
WSAStartup
htons

advapi32

RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
DeleteService
CreateServiceA
StartServiceA
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges

shell32

ShellExecuteA
Shell_NotifyIconW
SHGetSpecialFolderPathA

ole32

CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CLSIDFromProgID
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CLSIDFromString
StringFromGUID2

gdiplus

GdipImageSelectActiveFrame
GdipGetStringFormatFlags
GdipGetStringFormatTrimming
GdipGetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipSetCompositingQuality
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDrawString
GdipCreateSolidFill
GdipGetFontHeight
GdipDeleteBrush
GdipFillRectangle
GdipCreateLineBrushFromRect
GdipClosePathFigure
GdipDeleteStringFormat
GdipSetStringFormatHotkeyPrefix
GdipCreateStringFormat
GdipDrawImageRect
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGraphicsClear
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipResetClip
GdipSetPenDashStyle
GdipDeletePen
GdipDrawRectangle
GdipSetClipRect
GdipSetClipRegion
GdipDisposeImage
GdipDrawImageRectRect
GdipGetImageHeight
GdipGetImageWidth
GdipCloneBitmapArea
GdipGetImagePixelFormat
GdipMeasureString
GdipGetFontStyle
GdipGetFontSize
GdipGetFamilyName
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateImageAttributes
GdiplusStartup
GdipCreatePathGradientFromPath
GdipDeletePath
GdipCreatePath
GdipGetCompositingQuality
GdipCreateHBITMAPFromBitmap
GdipSetInterpolationMode
GdipGetPropertyItem
GdipLoadImageFromStream
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateRegion
GdipMeasureCharacterRanges
GdipGetRegionBounds
GdipDeleteRegion
GdipCreateRegionHrgn
GdipDrawPath
GdipDrawPolygon
GdipFillPolygon
GdipCreatePen2
GdipCreateLineBrush
GdipFillPath
GdipAddPathArc

oleaut32

SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
VariantClear
SafeArrayDestroy
OleLoadPicture

imm32

ImmAssociateContext
ImmGetContext

atl

ord47
ord42

oledlg

ord8

shlwapi

PathFileExistsA

rasapi32

RasHangUpA
RasGetConnectStatusA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

wininet

InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCanonicalizeUrlA
InternetCrackUrlA

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 396KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.1MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac6dde8e5d33e8ab4c532f22dbbf1f53

Headers

File Characteristics

Imports

kernel32

user32

gdi32

wsock32

advapi32

shell32

ole32

gdiplus

oleaut32

imm32

atl

oledlg

shlwapi

rasapi32

winspool.drv

comctl32

wininet

msvcrt

iphlpapi

psapi

Sections

.text Size: 396KB - Virtual size: 876KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 1.1MB - Virtual size: 1.3MB

.rsrc Size: 4KB - Virtual size: 4KB

.sedata Size: 752KB - Virtual size: 752KB

.idata Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 396KB - Virtual size: 876KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 1.1MB - Virtual size: 1.3MB

.rsrc
Size: 4KB - Virtual size: 4KB

.sedata
Size: 752KB - Virtual size: 752KB

.idata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB