c6ddc7770ea3cfe32850dd36523cb6f3e9cadfe4bc9bc5db63c52e03a0a1852a

Sharing

Copy URL Twitter E-mail

General

Target

c6ddc7770ea3cfe32850dd36523cb6f3e9cadfe4bc9bc5db63c52e03a0a1852a
Size

544KB
MD5

862eacaabe504ca546e4a09e88bf55b9
SHA1

a5eef9de0a10d277152f2b2dddbb42d8085f61e9
SHA256

c6ddc7770ea3cfe32850dd36523cb6f3e9cadfe4bc9bc5db63c52e03a0a1852a
SHA512

64f704fe3503dc2ab2e0b5ef5cb60a4182ccd133e73d5e6fec2734541b3b77d7cc81863350495b6102d7e7f8f32d3744e10cc136025d80f6ccd0231cb917f6a3
SSDEEP

12288:YqB85Q5elWQG524iHqO++uFXq2CiJ2H/3qf0L:sO58pG59MPvuMdV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6ddc7770ea3cfe32850dd36523cb6f3e9cadfe4bc9bc5db63c52e03a0a1852a

Files

c6ddc7770ea3cfe32850dd36523cb6f3e9cadfe4bc9bc5db63c52e03a0a1852a
.exe windows x86

e89ed7d7d7019671609847b416b5330c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdiplusStartup
GdipFree
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipDrawLineI
GdipFillRectangleI
GdipDrawImageI
GdipDrawImageRectI
GdipAlloc
GdipCloneBrush
GdipCloneImage
GdipSetSolidFillColor
GdipCreatePen2
GdipCreateHatchBrush
GdipSetPenEndCap
GdipSetPenMode
GdipSetPenBrushFill
GdipCreateFromHDC
GdipDrawRectangleI
GdipDrawEllipseI
GdipFillEllipseI
GdipCreateFontFamilyFromName
GdiplusShutdown
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateFont
GdipSetClipRectI
GdipDrawImagePointRectI
GdipMeasureString
GdipDrawString
GdipSetSmoothingMode
GdipCreateBitmapFromHBITMAP
GdipDeleteFont
GdipDeleteFontFamily

kernel32

TlsGetValue
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
FileTimeToSystemTime
SetErrorMode
EnterCriticalSection
GetFileAttributesA
GetFileTime
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
ExitThread
CreateThread
HeapAlloc
HeapFree
GetStartupInfoA
GetCommandLineA
HeapReAlloc
TerminateProcess
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetTimeZoneInformation
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr
SetStdHandle
VirtualProtect
GetSystemInfo
VirtualQuery
SetEnvironmentVariableA
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpynA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpyA
GetModuleHandleA
SetLastError
InterlockedDecrement
GetTickCount
FreeResource
GlobalLock
GlobalUnlock
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
FreeLibrary
MulDiv
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
GlobalAlloc
lstrlenA
GlobalFree
FindFirstFileA
FindNextFileA
GetLastError
FindClose
MultiByteToWideChar
CreateEventA
WaitForSingleObject
CloseHandle
LoadLibraryA
GetProcAddress
WideCharToMultiByte
Sleep
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FormatMessageA
LocalFree
FileTimeToLocalFileTime

user32

MoveWindow
ShowWindow
GetMenuCheckMarkDimensions
CheckMenuItem
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
wsprintfA
PostQuitMessage
ShowOwnedPopups
ValidateRect
TranslateMessage
GetMessageA
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
GetMenuItemInfoA
FindWindowA
SetWindowRgn
MessageBeep
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
PostThreadMessageA
TranslateAcceleratorA
SetMenu
BringWindowToTop
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
UnhookWindowsHookEx
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
EndDialog
GetFocus
IsWindowEnabled
SetFocus
KillTimer
SetTimer
GetMessagePos
GetSysColorBrush
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetCapture
DrawFrameControl
DrawEdge
SetRectEmpty
RedrawWindow
LoadImageA
GetClassInfoExA
TrackPopupMenuEx
DestroyMenu
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
DrawFocusRect
SetWindowTextA
FillRect
GetIconInfo
CreateIconIndirect
DrawStateA
DestroyIcon
CharUpperA
DestroyCursor
ReleaseCapture
CloseClipboard
SetClipboardData
OpenClipboard
SetCapture
ClientToScreen
EnableMenuItem
UnionRect
GetWindowDC
RegisterWindowMessageA
SystemParametersInfoA
GetSystemMetrics
LoadIconA
SetForegroundWindow
SetParent
InvalidateRect
GetClientRect
IsIconic
PostMessageA
LoadMenuA
GetSubMenu
DrawIcon
LoadBitmapA
OffsetRect
DispatchMessageA
IsWindow
GetParent
GetWindowPlacement
SetWindowPlacement
MessageBoxA
GetKeyState
GetCursorPos
ShowCursor
SetActiveWindow
IsRectEmpty
GetDesktopWindow
SendMessageA
GetWindowTextA
LoadCursorA
SetCursor
EnableWindow
ReleaseDC
GetDC
IntersectRect
InflateRect
EqualRect
CopyRect
SetRect
EnumWindows
EnumChildWindows
GetWindowRect
PtInRect
IsWindowVisible
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
IsChild
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
IsDialogMessageA
SetDlgItemTextA
FrameRect
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
WinHelpA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
EmptyClipboard
GetClassLongA
SetWindowPos
GetWindow
EndPaint
BeginPaint
GetSysColor
ScreenToClient
GetWindowLongA

gdi32

CreateSolidBrush
CreateBitmap
CreateCompatibleDC
GetRgnBox
GetTextColor
GetMapMode
GetDeviceCaps
SelectObject
BitBlt
CreateCompatibleBitmap
CreateDCA
DeleteDC
GetObjectA
Polyline
Rectangle
StretchBlt
CreatePatternBrush
CreateRectRgnIndirect
CombineRgn
FillRgn
PatBlt
DeleteObject
GetStockObject
SetTextColor
SetBkColor
SetPixel
GetPixel
Polygon
CreateFontIndirectA
CreatePalette
RealizePalette
GetBkColor
GetTextMetricsA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextExtentPoint32A
EnumFontFamiliesExA
SetDIBits
GetDIBits
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
GetClipBox
LineTo
MoveToEx
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
SelectPalette
CreateEllipticRgn
LPtoDP
Ellipse
CreatePen

comdlg32

ChooseColorA
GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegDeleteValueA
RegCreateKeyA

shell32

DragFinish
ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA
DragQueryFileA

comctl32

ImageList_GetImageCount
ImageList_AddMasked
ImageList_Remove
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageInfo
ord17
ImageList_Destroy
ImageList_Create

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

winmm

PlaySoundA

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rol
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e89ed7d7d7019671609847b416b5330c

Headers

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

oleacc

Sections

.text Size: 308KB - Virtual size: 307KB

.rdata Size: 92KB - Virtual size: 88KB

.data Size: 32KB - Virtual size: 47KB

.rsrc Size: 108KB - Virtual size: 104KB

.rol Size: - Virtual size: 1B

.text
Size: 308KB - Virtual size: 307KB

.rdata
Size: 92KB - Virtual size: 88KB

.data
Size: 32KB - Virtual size: 47KB

.rsrc
Size: 108KB - Virtual size: 104KB

.rol
Size: - Virtual size: 1B