41da9355b1137296861187c51515f019cb358ce493136c54a60d1c1d8bf98ed9

Sharing

Copy URL

Twitter E-mail

General

Target

41da9355b1137296861187c51515f019cb358ce493136c54a60d1c1d8bf98ed9
Size

1.1MB
MD5

fde3e9bb6886fcf55a2c6e13f87967b8
SHA1

706f36fcc8e4c40da57092c0d22ed8d047b3399a
SHA256

41da9355b1137296861187c51515f019cb358ce493136c54a60d1c1d8bf98ed9
SHA512

3106864317600d3424e18d062d069e60d4d48c3d0a05cd8ee5d4c632d02a07a00ab5236aa68c8bfb978d8cdf6a4ba7193a3044e23edc22dedd3cd18c2d544f09
SSDEEP

24576:N/QKBLJ2TutS+yAFHBdfuwufXJFeZahuC9T6r57hoYNtwj:eRgqLMZc9TY57Oetwj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
41da9355b1137296861187c51515f019cb358ce493136c54a60d1c1d8bf98ed9

Files

41da9355b1137296861187c51515f019cb358ce493136c54a60d1c1d8bf98ed9
.dll windows x86

bb58ef1e7086f37607ea2916fe131e68

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

htons
getservbyname
htonl
recv
WSAAsyncSelect
inet_addr
inet_ntoa
gethostbyname
ioctlsocket
WSASetLastError
WSAGetLastError
gethostbyaddr
getservbyport
ntohs
send
gethostname
shutdown
WSACleanup
closesocket
connect
socket
WSAStartup

winmm

joyGetPosEx
mciSendStringW
joyGetDevCapsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_ReplaceIcon
CreateStatusWindowW
ImageList_Create
ImageList_GetIconSize

psapi

GetProcessImageFileNameW

wininet

InternetCloseHandle
InternetReadFileExA
InternetReadFile
InternetOpenW
InternetOpenUrlW

shlwapi

StrCmpLogicalW

uxtheme

EnableThemeDialogTexture
SetWindowTheme
IsAppThemed

dwmapi

DwmGetWindowAttribute

kernel32

GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
WideCharToMultiByte
GetCPInfo
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetEnvironmentVariableW
IsValidCodePage
LoadLibraryW
GetLastError
OutputDebugStringW
lstrcmpiW
GetStringTypeExW
CreateThread
SetThreadPriority
GetExitCodeThread
CloseHandle
CreateMutexW
VirtualProtect
SetLastError
GetModuleHandleW
GetDiskFreeSpaceExW
GetDriveTypeW
CreateFileW
DeviceIoControl
SetVolumeLabelW
GetVolumeInformationW
GetDiskFreeSpaceW
SetEnvironmentVariableW
MultiByteToWideChar
GetFullPathNameW
GetFileAttributesW
CreateDirectoryW
ReadFile
DeleteFileW
LoadResource
LockResource
WriteFile
SizeofResource
SetCurrentDirectoryW
CopyFileW
SetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetErrorMode
GetSystemTimeAsFileTime
SetFileTime
GetFileSizeEx
MoveFileW
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
GetProcessId
QueryDosDeviceW
EnterCriticalSection
LeaveCriticalSection
Beep
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDateFormatEx
GetTickCount64
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetCurrentDirectoryW
GetSystemWindowsDirectoryW
GetTempPathW
WaitForSingleObject
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetVersionExW
InitializeCriticalSection
DeleteCriticalSection
SetDllDirectoryW
GetModuleHandleExW
GetShortPathNameW
CreateProcessW
FormatMessageW
CompareStringW
RemoveDirectoryW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
IsWow64Process
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
Sleep
GetTickCount
MulDiv
GetModuleFileNameW
LocalFree
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
ExitProcess
HeapSize
HeapReAlloc
HeapQueryInformation
HeapFree
HeapAlloc
GetProcessHeap
FindFirstFileExW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStringTypeW
SetStdHandle
FlushFileBuffers
FindResourceW
GetConsoleOutputCP
GetConsoleMode
DecodePointer
WriteConsoleW
LocalFileTimeToFileTime
VirtualQuery
UnhandledExceptionFilter

user32

SetWindowRgn
SetWindowPos
EnumWindows
IsZoomed
IsIconic
GetLayeredWindowAttributes
SetLayeredWindowAttributes
DestroyWindow
UnregisterClassW
RegisterClassExW
SystemParametersInfoW
CreateWindowExW
GetMenu
EnableMenuItem
LoadAcceleratorsW
AddClipboardFormatListener
RemoveClipboardFormatListener
LoadImageW
PostQuitMessage
CheckMenuItem
RegisterWindowMessageW
DefWindowProcW
SetForegroundWindow
MonitorFromPoint
GetSystemMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
GetPropW
GetClassLongW
SetMenu
SetPropW
RemovePropW
GetSysColor
RedrawWindow
DrawTextW
SetParent
GetClassInfoExW
AdjustWindowRectEx
GetAncestor
UpdateWindow
FlashWindow
GetMessagePos
GetSysColorBrush
FillRect
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
RemoveMenu
SetMenuItemInfoW
GetMenuItemInfoW
SetMenuDefaultItem
CreateMenu
CreatePopupMenu
SetMenuInfo
DestroyMenu
TrackPopupMenuEx
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
DrawIconEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetQueueStatus
GetLastActivePopup
BlockInput
IsChild
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
WindowFromPoint
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
SendMessageTimeoutW
CharUpperW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
ReleaseDC
GetDC
DialogBoxParamW
ScrollWindow
GetSystemMetrics
GetWindowRect
SetFocus
DefDlgProcW
MoveWindow
MapWindowPoints
GetClientRect
EnableWindow
MapDialogRect
GetDlgItem
SetWindowTextW
MessageBoxW
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
IsWindowVisible
SetActiveWindow
EnumChildWindows
GetLastInputInfo
LoadCursorW
GetCursorInfo
ClientToScreen
MessageBeep
GetIconInfo
GetWindowTextLengthW
InvalidateRect
AdjustWindowRect
SetDlgItemTextW
SendDlgItemMessageW
IsCharAlphaW
DestroyIcon
EnumDisplayMonitors
ShowWindow
CountClipboardFormats
MapVirtualKeyW
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
IsClipboardFormatAvailable
MapVirtualKeyExW
GetMonitorInfoW
GetShellWindow
VkKeyScanExW
CharLowerW

gdi32

SetBkColor
GetObjectW
SetTextColor
GdiFlush
CreateDIBSection
EnumFontFamiliesExW
SetBrushOrgEx
CreatePatternBrush
GetClipBox
GetDeviceCaps
CreateCompatibleDC
CreateFontIndirectW
GetStockObject
CreateSolidBrush
GetCharABCWidthsW
GetTextMetricsW
GetPixel
GetDIBits
SelectObject
CreateDCW
CreateFontW
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteObject
BitBlt
CreateCompatibleBitmap
DeleteDC
GetSystemPaletteEntries
SetBkMode

advapi32

LookupPrivilegeValueW
RegDeleteValueW
RegDeleteKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegConnectRegistryW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
CreateProcessWithLogonW
OpenSCManagerW
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
OpenProcessToken
RegQueryValueExW
AdjustTokenPrivileges

shell32

SHGetDesktopFolder
DragQueryFileW
SHGetKnownFolderPath
ExtractIconW
DragQueryPoint
SHEmptyRecycleBinW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
SHGetMalloc
SHCreateItemFromParsingName
ShellExecuteExW
SHGetFolderPathW
Shell_NotifyIconW
DragFinish

ole32

CoCreateInstance
CoTaskMemFree
CLSIDFromString
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CLSIDFromProgID
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayGetLBound
OleLoadPicture
SysAllocString
SafeArrayCreateVector
SafeArrayPutElement
LoadTypeLi
SafeArrayDestroy
GetActiveObject
SysStringLen
SafeArrayCreate
VariantClear
SysFreeString
VariantChangeType
SafeArrayCopy
SysAllocStringLen
VariantCopyInd
SafeArrayGetUBound

Exports

Exports

GL70
Main

Sections

.text
Size: 711KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 174KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb58ef1e7086f37607ea2916fe131e68

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

wininet

shlwapi

uxtheme

dwmapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 711KB - Virtual size: 710KB

.rdata Size: 171KB - Virtual size: 170KB

.data Size: 174KB - Virtual size: 185KB

.rsrc Size: 37KB - Virtual size: 36KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 711KB - Virtual size: 710KB

.rdata
Size: 171KB - Virtual size: 170KB

.data
Size: 174KB - Virtual size: 185KB

.rsrc
Size: 37KB - Virtual size: 36KB

.reloc
Size: 39KB - Virtual size: 39KB