ab3a26a27becba01a8e48dcab67003b3c08dc9354d8c5d858d99ff4308a06640

Sharing

Copy URL Twitter E-mail

General

Target

ab3a26a27becba01a8e48dcab67003b3c08dc9354d8c5d858d99ff4308a06640
Size

5.4MB
MD5

238daae82cdec77e686d57cc0882c3f3
SHA1

2138c68f8b835d52ddf50a069b9e6aa41afadd09
SHA256

ab3a26a27becba01a8e48dcab67003b3c08dc9354d8c5d858d99ff4308a06640
SHA512

d5f5994c3697fe440a15bdc1b1437e394a92bbaf58a741b41315e574d69646a6615b367b218b5c626185506eb4dd76b93bde682fda0b40ab17b47a98f0299238
SSDEEP

49152:9+Fe8xAmwiXyM6Qym4bzyfCIgMlRJyzgso/fH3GaXDcDKutjZBAUZLY+CVbNLe9e:kcmw0Hym4bzUZ8MsyCbBAUZLjmpe9JRS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab3a26a27becba01a8e48dcab67003b3c08dc9354d8c5d858d99ff4308a06640

Files

ab3a26a27becba01a8e48dcab67003b3c08dc9354d8c5d858d99ff4308a06640
.exe windows x86

8f42eb8a7725230321abc59fb3673546

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl
ntohs
htonl

winmm

waveOutClose
waveOutReset
mixerOpen
mixerGetDevCapsA
mixerGetLineInfoA
mixerGetControlDetailsA
mixerGetLineControlsA
mixerSetControlDetails
waveOutUnprepareHeader
waveOutOpen
waveOutSetVolume
waveOutPrepareHeader
waveOutWrite

gdiplus

GdipCreateBitmapFromStream
GdiplusShutdown
GdipDeleteGraphics
GdipDrawImageI
GdiplusStartup
GdipFree
GdipCloneImage
GdipCreateFromHDC
GdipAlloc
GdipDisposeImage

d3d9

Direct3DCreate9

kernel32

GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
LoadLibraryExA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
SuspendThread
GlobalFlags
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToLocalFileTime
GetCurrentThreadId
GetFileAttributesA
GetFileTime
WritePrivateProfileStringA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
VirtualProtect
VirtualQuery
HeapReAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
HeapDestroy
HeapCreate
GetStdHandle
GetConsoleCP
GetConsoleMode
GetACP
IsValidCodePage
SetHandleCount
GetFileType
GetTimeZoneInformation
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetModuleFileNameW
GetCurrentProcessId
GetModuleFileNameA
SetLastError
HeapFree
GetProcessHeap
HeapAlloc
GetFullPathNameA
UnmapViewOfFile
CreateFileW
GetFileSize
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
GetSystemInfo
GetOverlappedResult
CancelIo
DeviceIoControl
MulDiv
FileTimeToSystemTime
GetCurrentThread
GetThreadPriority
InterlockedDecrement
InterlockedIncrement
LocalLock
LocalAlloc
LocalUnlock
GetVersion
CompareStringA
MultiByteToWideChar
CompareStringW
InterlockedExchange
GetVersionExA
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
OpenEventA
lstrcpynA
lstrlenA
lstrcmpA
LocalFree
FormatMessageA
FreeResource
CreateThread
GetSystemTime
SystemTimeToFileTime
GetLocalTime
ReadFile
Sleep
GetTickCount
ResumeThread
SetThreadPriority
SetFilePointer
GetLastError
SetEvent
OutputDebugStringA
WaitForSingleObject
LeaveCriticalSection
CreateEventA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GlobalFree
WriteFile
CloseHandle
CreateFileA
GlobalReAlloc
GlobalAlloc
ReleaseSemaphore
ResetEvent
CreateSemaphoreA
GetProcessAffinityMask
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
IsDBCSLeadByteEx

user32

ValidateRect
GetMessageA
DestroyMenu
UnregisterClassA
GetSysColorBrush
MessageBeep
CharNextA
CopyAcceleratorTableA
InvalidateRgn
RegisterClipboardFormatA
IsDialogMessageA
SetDlgItemTextA
CheckDlgButton
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetKeyState
IsWindowVisible
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
PostQuitMessage
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
UnhookWindowsHookEx
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxA
PostThreadMessageA
GetMonitorInfoA
MonitorFromWindow
SetRect
DrawFocusRect
DrawEdge
WindowFromPoint
GetCapture
GetNextDlgGroupItem
GetWindowLongA
CharUpperA
CloseWindow
SystemParametersInfoA
UpdateWindow
DrawIcon
IsIconic
KillTimer
SetWindowRgn
GetSubMenu
LoadMenuA
AppendMenuA
CopyIcon
GetSystemMenu
ShowWindow
FindWindowA
GetCursorPos
GetSystemMetrics
GetSysColor
LoadIconA
SetTimer
DispatchMessageA
TranslateMessage
PeekMessageA
ReleaseDC
RedrawWindow
SetForegroundWindow
GetDC
IsRectEmpty
ScreenToClient
ClientToScreen
GetWindowRect
LoadCursorA
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
OffsetRect
GetClientRect
GetNextDlgTabItem
EndDialog
MoveWindow
EqualRect
SetWindowTextA
EnableWindow
SetCursor
ReleaseCapture
GetParent
PostMessageA
SendMessageA
SetCapture
InvalidateRect
LoadBitmapA
PtInRect
DrawTextExA

gdi32

DeleteDC
CreateSolidBrush
CreateRoundRectRgn
Rectangle
GetBitmapBits
CreateBitmap
SelectClipRgn
GetPixel
CreateRectRgn
CombineRgn
GetClipBox
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SelectObject
ScaleWindowExtEx
ExtTextOutW
ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
MoveToEx
ExtTextOutA
SetMapMode
SetTextAlign
CreateFontIndirectW
CreateFontIndirectA
GetFontLanguageInfo
CreateCompatibleBitmap
GetDeviceCaps
DeleteObject
GetStockObject
BitBlt
StretchBlt
CreateCompatibleDC
RestoreDC
SetWindowExtEx
GetObjectA
GetTextMetricsW
SetBkMode
SetBkColor
SetTextColor
GetCharacterPlacementW
GetCharacterPlacementA
CreateDIBSection
GetGlyphOutlineA
GetTextMetricsA
GetObjectW
SaveDC

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegOpenKeyA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

comctl32

_TrackMouseEvent

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA

oledlg

ord8

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc

oleaut32

SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
SysStringLen
SystemTimeToVariantTime
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
SysAllocString
VariantTimeToSystemTime

Exports

Exports

HI_VOICE_DecReset
HI_VOICE_DecodeFrame
HI_VOICE_EncReset
HI_VOICE_EncodeFrame
HI_VOICE_GetVersion
HI_VOICE_TransCodeFrame
HI_VOICE_TransCodeReset

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text.un
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.drectve
Size: 4KB - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_i
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_r
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_s
Size: 4KB - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_f
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_p
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_p
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f42eb8a7725230321abc59fb3673546

Headers

File Characteristics

Imports

ws2_32

winmm

gdiplus

d3d9

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.text.un Size: 36KB - Virtual size: 32KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 68KB - Virtual size: 1.1MB

.drectve Size: 4KB - Virtual size: 1012B

.eh_fram Size: 160KB - Virtual size: 159KB

.rodata Size: 4KB - Virtual size: 1KB

.debug_i Size: 148KB - Virtual size: 144KB

.debug_a Size: 8KB - Virtual size: 6KB

.debug_l Size: 136KB - Virtual size: 135KB

.debug_a Size: 4KB - Virtual size: 704B

.debug_r Size: 16KB - Virtual size: 15KB

.debug_l Size: 32KB - Virtual size: 29KB

.debug_s Size: 4KB - Virtual size: 702B

.debug_f Size: 4KB - Virtual size: 3KB

.debug_p Size: 4KB - Virtual size: 1004B

.debug_p Size: 4KB - Virtual size: 1KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.text
Size: 1.8MB - Virtual size: 1.8MB

.text.un
Size: 36KB - Virtual size: 32KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 68KB - Virtual size: 1.1MB

.drectve
Size: 4KB - Virtual size: 1012B

.eh_fram
Size: 160KB - Virtual size: 159KB

.rodata
Size: 4KB - Virtual size: 1KB

.debug_i
Size: 148KB - Virtual size: 144KB

.debug_a
Size: 8KB - Virtual size: 6KB

.debug_l
Size: 136KB - Virtual size: 135KB

.debug_a
Size: 4KB - Virtual size: 704B

.debug_r
Size: 16KB - Virtual size: 15KB

.debug_l
Size: 32KB - Virtual size: 29KB

.debug_s
Size: 4KB - Virtual size: 702B

.debug_f
Size: 4KB - Virtual size: 3KB

.debug_p
Size: 4KB - Virtual size: 1004B

.debug_p
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB