fefc7ecbde6e38287f243c76fb0d9eb070b24709a3c210f380466ded589cc9e0

Sharing

Copy URL

Twitter E-mail

General

Target

fefc7ecbde6e38287f243c76fb0d9eb070b24709a3c210f380466ded589cc9e0
Size

2.5MB
MD5

f800ca91b7482ed0c3d9727f85f319f1
SHA1

dc998267c1c050ce3315d0eebaea792b105da978
SHA256

fefc7ecbde6e38287f243c76fb0d9eb070b24709a3c210f380466ded589cc9e0
SHA512

6b2788235ece3fa5a1210829e5561e8eb1c61f17422258b85f5fa7b36ddd53cb11cfd6789959fd9000d18ef11b325b14be41cde396da23bcc8c2dd802d66db0f
SSDEEP

49152:x/HLMsqtgk7dYfMiIjHzFqXZT5AdT6Vjfs9TDp/gjV:ysbkR51HzFqXZadT6VUOV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fefc7ecbde6e38287f243c76fb0d9eb070b24709a3c210f380466ded589cc9e0

Files

fefc7ecbde6e38287f243c76fb0d9eb070b24709a3c210f380466ded589cc9e0
.exe windows x86

661f896f1e481d1113f1c50cc538b3de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutWrite
timeGetTime

ws2_32

recvfrom
sendto
getaddrinfo
freeaddrinfo
accept
listen
ioctlsocket
gethostname
shutdown
htonl
recv
getservbyname
gethostbyname
WSAGetOverlappedResult
WSAStringToAddressW
WSAAddressToStringW
WSASend
WSARecv
WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
send
WSAIoctl
connect
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket

wldap32

ord27
ord301
ord33
ord79
ord41
ord32
ord200
ord30
ord26
ord50
ord211
ord22
ord46
ord45
ord35
ord143

crypt32

CertGetNameStringW
CryptMsgClose
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptDecodeObject
CryptQueryObject
CertCloseStore

kernel32

GlobalHandle
GlobalUnlock
GlobalFree
VirtualAllocEx
VirtualFreeEx
OpenProcess
GetCurrentProcessId
RaiseException
CreateThread
GetCurrentThreadId
GetLastError
SetLastError
ReadProcessMemory
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CloseHandle
MulDiv
lstrcmpW
lstrcmpiW
lstrcpyW
CreateMutexW
CreateEventW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
GetTempPathA
DeleteFileA
DeleteFileW
ProcessIdToSessionId
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateThread
ReadFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
WTSGetActiveConsoleSessionId
WideCharToMultiByte
DecodePointer
GetFileSize
MapViewOfFile
UnmapViewOfFile
SetUnhandledExceptionFilter
GetLogicalDriveStringsW
CreateDirectoryW
GetTickCount
GetSystemDirectoryW
LoadLibraryW
GetLocaleInfoW
WriteConsoleW
TerminateProcess
GlobalLock
GetTempPathW
GetStdHandle
FindFirstFileA
GetProcAddress
LocalAlloc
CreateFileMappingW
QueryDosDeviceW
GetSystemInfo
GetUserDefaultUILanguage
GetShortPathNameW
GetWindowsDirectoryW
LocalFree
CreateFileA
lstrcmpA
FileTimeToLocalFileTime
GetModuleHandleA
GetVersion
GetFileType
InitializeCriticalSection
SleepEx
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
HeapCreate
PostQueuedCompletionStatus
SetEvent
GetQueuedCompletionStatus
SwitchToThread
CreateIoCompletionPort
MapViewOfFileEx
GetNativeSystemInfo
CreateSemaphoreW
ReleaseSemaphore
FreeLibrary
FreeResource
InterlockedCompareExchange
InterlockedExchange
GetVersionExW
FindResourceExW
FileTimeToSystemTime
GlobalAlloc
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
FindResourceW
lstrlenW
lstrcpynW
SizeofResource
LoadResource
Sleep
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
FlushInstructionCache
LockResource
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
WaitNamedPipeW
CreateFileW
GetLocalTime
WriteFile
SetConsoleMode
CreateTimerQueue
VirtualFree
GetStringTypeW
GetSystemTimeAsFileTime
EncodePointer
RtlUnwind
FindFirstFileExW
FindNextFileW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
ExitThread
GetFileInformationByHandle
SetFilePointerEx
GetTimeZoneInformation
GetConsoleMode
ReadConsoleInputA
WaitForSingleObjectEx
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCPInfo
UnhandledExceptionFilter
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
IsValidCodePage
GetACP
GetOEMCP
SetStdHandle
GetConsoleCP
ReadConsoleW
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDriveTypeW
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
DuplicateHandle
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
SetEnvironmentVariableA
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
lstrlenA
VirtualQuery
FindClose

user32

MonitorFromPoint
SystemParametersInfoW
MapDialogRect
LoadStringW
LoadIconW
LoadCursorW
LoadBitmapW
GetWindow
GetWindowThreadProcessId
GetClassNameW
FindWindowExW
FindWindowW
GetDesktopWindow
SetClassLongW
GetClassLongW
PtInRect
MessageBoxW
SetWindowContextHelpId
SetWindowTextW
RemovePropW
GetPropW
SetPropW
InvalidateRgn
EndPaint
BeginPaint
GetWindowDC
SetForegroundWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
AppendMenuW
GetMenuItemCount
GetSubMenu
DestroyMenu
CreatePopupMenu
LoadMenuW
GetSystemMetrics
DestroyAcceleratorTable
CreateAcceleratorTableW
KillTimer
SetTimer
GetFocus
GetMonitorInfoW
CharNextW
CharUpperW
SendDlgItemMessageW
DialogBoxIndirectParamW
GetForegroundWindow
MapWindowPoints
SetParent
IsDialogMessageW
MonitorFromWindow
IsIconic
wsprintfW
GetUserObjectInformationW
GetDlgItem
EndDialog
CreateDialogIndirectParamW
CreateDialogParamW
IsWindowVisible
MoveWindow
ShowWindow
DestroyWindow
IsChild
GetClassInfoExW
RegisterClassExW
UnregisterClassW
PostQuitMessage
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
IsRectEmpty
GetIconInfo
LoadImageW
DestroyCursor
GetParent
SetWindowLongW
GetWindowLongW
OffsetRect
InflateRect
CopyRect
FillRect
DrawFocusRect
GetSysColor
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetProcessWindowStation
MessageBoxA
MsgWaitForMultipleObjectsEx
SetFocus
GetWindowTextW
RedrawWindow
InvalidateRect
ReleaseDC
GetDC
DrawStateW
DrawTextW
ReleaseCapture
SetCapture
GetCapture
GetActiveWindow
GetDlgCtrlID
SetWindowPos
IsWindow
CreateWindowExW
CallWindowProcW
DefWindowProcW
SendMessageW
PeekMessageW
PostMessageW
FrameRect

gdi32

CreateCompatibleDC
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
GetStockObject
LineTo
SelectObject
SetBkColor
SetBkMode
SetTextColor
GetObjectW
MoveToEx
ExtTextOutW
CreateFontIndirectW
ExcludeClipRect
GetClipBox
CreateCompatibleBitmap
CreateBitmap
BitBlt
CreateFontW
GetCurrentObject
GetDeviceCaps
Rectangle
SetViewportOrgEx

advapi32

CryptHashData
RegisterEventSourceA
ReportEventA
RegCloseKey
RegCreateKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
CreateProcessAsUserW
DuplicateTokenEx
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyW
CryptGetHashParam
CryptAcquireContextW
GetUserNameW
RegEnumKeyW
CryptReleaseContext
LookupAccountNameW
CryptCreateHash
CryptDestroyHash
ConvertSidToStringSidW

shell32

SHGetMalloc
Shell_NotifyIconW
SHAppBarMessage
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoGetClassObject
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
OleRun
CoCreateGuid
CoInitializeEx
CoTaskMemRealloc

oleaut32

SysAllocString
SysFreeString
VariantInit
SysAllocStringLen
SysStringLen
VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
VariantCopy
VarBstrCmp
GetErrorInfo

shlwapi

StrPBrkW
StrChrW
PathFileExistsW

comctl32

ImageList_GetIcon
ImageList_Destroy
ImageList_LoadImageW
_TrackMouseEvent

urlmon

ObtainUserAgentString

gdiplus

GdiplusShutdown
GdipCloneBrush
GdiplusStartup
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipCreateFromHDC
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipReleaseDC
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipLoadImageFromStreamICM
GdipLoadImageFromFileICM
GdipCloneImage
GdipDrawLineI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont

psapi

GetProcessImageFileNameW
EnumProcesses

wininet

InternetGetConnectedState

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
LoadUserProfileW
GetUserProfileDirectoryW

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

661f896f1e481d1113f1c50cc538b3de

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ws2_32

wldap32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

urlmon

gdiplus

psapi

wininet

version

wintrust

userenv

wtsapi32

iphlpapi

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 458KB - Virtual size: 458KB

.data Size: 53KB - Virtual size: 72KB

Shared Size: 512B - Virtual size: 4B

.rsrc Size: 155KB - Virtual size: 155KB

.reloc Size: 93KB - Virtual size: 92KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 458KB - Virtual size: 458KB

.data
Size: 53KB - Virtual size: 72KB

Shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 155KB - Virtual size: 155KB

.reloc
Size: 93KB - Virtual size: 92KB