d1dec545ef711281ce94096f40781b1dab26e785ab070549a597429135f7f610

Sharing

Copy URL

Twitter E-mail

General

Target

d1dec545ef711281ce94096f40781b1dab26e785ab070549a597429135f7f610
Size

1.9MB
MD5

d8cecf863c5017e0e4d0829fae4d23be
SHA1

4d9031b53c73cdd38134ff96672c09d8c0870d14
SHA256

d1dec545ef711281ce94096f40781b1dab26e785ab070549a597429135f7f610
SHA512

b2ea685830ac07cb3064f422a3486a6a04a018c5cee38448c2bc9b3dc0e99c4a5a245794423a8518bbcccfad466f2787f96a51fec39e7460b0668075186ca8c0
SSDEEP

49152:6tLAO8M9XQg3dhbkhELEQobYVT/NXWx8VEQ6:6tMzM9FHLEQoww

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1dec545ef711281ce94096f40781b1dab26e785ab070549a597429135f7f610

Files

d1dec545ef711281ce94096f40781b1dab26e785ab070549a597429135f7f610
.exe windows x86

1a6a5cae42dc5cb449270d20e8fc7580

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmAssociateContextEx
ImmNotifyIME
ImmDisableIME
ImmGetContext

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

StrToIntA
PathFindFileNameW
PathAppendW
StrDupW
ord12

kernel32

FileTimeToSystemTime
SetLastError
MultiByteToWideChar
WideCharToMultiByte
CreateMutexW
ReleaseMutex
GetVersionExW
GetSystemInfo
lstrcmpiW
QueryDosDeviceW
HeapFree
HeapAlloc
GetProcessHeap
GetACP
GetEnvironmentVariableW
ResumeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ReadFile
WriteFile
SetFileTime
GetFileTime
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
LoadLibraryExW
GetFileAttributesW
lstrcatW
lstrcpyW
UnmapViewOfFile
CreateFileMappingW
CreateProcessW
GetLogicalDriveStringsW
FindNextFileW
FindClose
InterlockedExchangeAdd
CreateDirectoryW
GetFullPathNameW
GetTempPathW
SetFileAttributesW
DeleteFileW
GetCurrentDirectoryW
GetWindowsDirectoryW
CopyFileW
GetFileSizeEx
InterlockedExchange
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcmpW
InterlockedIncrement
MulDiv
SetWaitableTimer
CreateWaitableTimerW
FreeResource
MapViewOfFileEx
TlsSetValue
GetModuleHandleA
DisableThreadLibraryCalls
TlsAlloc
CreateThread
TlsGetValue
VirtualProtect
GetModuleHandleExW
OutputDebugStringA
HeapCreate
HeapDestroy
FlushInstructionCache
VirtualFree
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Thread32Next
Thread32First
SuspendThread
CreateToolhelp32Snapshot
HeapReAlloc
GetThreadContext
SetThreadContext
OpenThread
RtlUnwind
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetFileType
HeapSize
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
GetTempFileNameW
lstrlenW
ExpandEnvironmentStringsW
VirtualQuery
DeviceIoControl
GetModuleFileNameW
LocalFree
LocalAlloc
GetFileSize
CreateFileW
SetEndOfFile
SetFilePointer
GetCurrentProcess
InterlockedDecrement
GetModuleHandleW
FreeLibrary
lstrcpynW
GlobalMemoryStatusEx
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
GetProcAddress
LoadLibraryW
CloseHandle
OpenProcess
GetCurrentThreadId
LCMapStringW
GetStartupInfoW
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
GlobalFree
GlobalAlloc
LockResource
SizeofResource
GetCurrentProcessId
Sleep
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
SetErrorMode
InitializeCriticalSectionAndSpinCount
TlsFree
SwitchToThread
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
EncodePointer
GetCPInfo
GetStringTypeW
GetPrivateProfileStringW
GetLocaleInfoW
FormatMessageW
CompareStringW
GetSystemTimeAsFileTime

user32

SetRectEmpty
GetClassLongW
SetCaretPos
LoadImageW
LoadBitmapW
GetIconInfo
ToAscii
GetCaretBlinkTime
GetKeyboardState
GetSysColor
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
GetAncestor
RegisterWindowMessageW
EnumThreadWindows
CreateAcceleratorTableW
DestroyAcceleratorTable
GetFocus
GetAsyncKeyState
ValidateRect
SetFocus
SetParent
KillTimer
BeginPaint
EndPaint
DestroyWindow
GetKeyState
ScreenToClient
TrackMouseEvent
SetCapture
ReleaseCapture
GetMessageW
PeekMessageW
AdjustWindowRectEx
ShowWindowAsync
FillRect
PostQuitMessage
PostMessageW
EqualRect
EnumChildWindows
OffsetRect
RedrawWindow
ClientToScreen
IntersectRect
GetWindowDC
SetCursor
IsZoomed
GetPropW
SetWindowRgn
InvalidateRgn
OpenClipboard
InvalidateRect
GetDCEx
GetCursorPos
CreateWindowExW
RegisterClassExW
LoadCursorW
RemovePropW
SetPropW
GetActiveWindow
GetClassInfoExW
GetWindowTextLengthW
GetWindow
GetWindowRect
MonitorFromWindow
SetWindowTextW
GetMonitorInfoW
CopyRect
MapWindowPoints
GetClassNameW
GetClientRect
GetDlgItem
EnableWindow
GetWindowTextW
LoadStringW
MessageBoxW
SetWindowPos
ShowWindow
IsWindow
AttachThreadInput
SystemParametersInfoW
SetForegroundWindow
IsIconic
GetDC
ReleaseDC
GetWindowThreadProcessId
GetSystemMetrics
WindowFromPoint
GetForegroundWindow
GetDesktopWindow
GetParent
GetWindowLongW
DefWindowProcW
CallWindowProcW
SendMessageW
SetTimer
MoveWindow
IsRectEmpty
SetWindowLongW
UnregisterClassW
IsChild
MsgWaitForMultipleObjects
UpdateLayeredWindow
UnionRect
PtInRect
SetRect
TranslateMessage
CharNextW
IsWindowVisible
DispatchMessageW
DrawIconEx

gdi32

CreateFontIndirectW
CreateDCW
GetDIBits
CreateDIBSection
CreateRoundRectRgn
PtInRegion
EnumFontsW
GetClipBox
SetTextColor
CreateSolidBrush
SetGraphicsMode
SetWorldTransform
CreateRectRgnIndirect
CreatePolygonRgn
SetViewportOrgEx
GetRgnBox
GetStockObject
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetObjectW
SetBkColor
DeleteObject
ExtTextOutW

advapi32

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW

shell32

ShellExecuteExW
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoTaskMemRealloc
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromString
OleInitialize
CLSIDFromProgID
StringFromGUID2
CoCreateInstance
CoGetClassObject
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
LoadTypeLi
OleCreateFontIndirect
DispCallFunc
SysStringLen
SysAllocStringLen
VarUI4FromStr
VariantInit
SysAllocString
VariantClear
SysFreeString

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

urlmon

CoInternetCreateSecurityManager
CoInternetCreateZoneManager

gdiplus

GdipGetCellDescent
GdipSetInterpolationMode
GdipSetLinePresetBlend
GdipCreateFont
GdipSetStringFormatLineAlign
GdipCreatePath
GdipEndContainer
GdipSetSmoothingMode
GdipCreateMatrix
GdipGetStringFormatAlign
GdipDeletePath
GdipDisposeImageAttributes
GdipCreateMatrix2
GdipDeleteBrush
GdipGetLineSpacing
GdipSetLineWrapMode
GdipCreateLineBrushI
GdipDrawImageRectRect
GdipSaveGraphics
GdipCreateFontFamilyFromName
GdipGetEmHeight
GdipGetStringFormatLineAlign
GdipAddPathString
GdipGetTextRenderingHint
GdipGetFamily
GdipSetCompositingQuality
GdipSetImageAttributesColorMatrix
GdipGetLineTransform
GdipDeleteFontFamily
GdipGetInterpolationMode
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipImageGetFrameDimensionsCount
GdipCreateRegionPath
GdipAddPathLineI
GdipAddPathBezierI
GdipCombineRegionPath
GdipAddPathEllipseI
GdipAddPathArcI
GdipAddPathRectangleI
GdipCombineRegionRegion
GdipGetBrushType
GdipSetLineTransform
GdipSetTextureTransform
GdipCloneBitmapArea
GdipCreateSolidFill
GdipGetFontStyle
GdipSetStringFormatTrimming
GdipTransformRegion
GdipFillPath
GdipGetPathWorldBounds
GdipGetImageWidth
GdipFree
GdipCreateHBITMAPFromBitmap
GdipMultiplyWorldTransform
GdipGraphicsClear
GdipSetPenDashStyle
GdipDrawLine
GdipDrawRectangle
GdipSetPixelOffsetMode
GdipScaleWorldTransform
GdipSetClipRectI
GdipClosePathFigure
GdipGetSmoothingMode
GdipDrawArcI
GdipCreateImageAttributes
GdipSetClipRegion
GdipDrawPath
GdipDrawString
GdipSetImageAttributesWrapMode
GdipGetClipBoundsI
GdipCreateFromHDC
GdipFillEllipse
GdipBeginContainer2
GdipCreateTexture
GdipGetTextureTransform
GdipGetMatrixElements
GdipCloneStringFormat
GdipSetTextRenderingHint
GdipGetCellAscent
GdipStringFormatGetGenericTypographic
GdipRotateWorldTransform
GdipRestoreGraphics
GdipCloneBrush
GdipMeasureString
GdipDeleteRegion
GdipGetImageGraphicsContext
GdipFillRectangleI
ord1
GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipGetFontSize
GdipTranslateWorldTransform
GdipDeletePen
GdipCreatePen1
GdipSetStringFormatAlign
GdipDrawImageRectRectI
GdipDeleteMatrix
GdipGetFamilyName
GdipCloneRegion
GdipSetStringFormatFlags
GdipBitmapUnlockBits
GdipGetImagePixelFormat
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipCloneImage
GdipCreateBitmapFromStream
GdipAlloc
GdipDisposeImage
GdipSetCompositingMode

winmm

timeGetTime

psapi

GetMappedFileNameW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a6a5cae42dc5cb449270d20e8fc7580

Headers

DLL Characteristics

File Characteristics

Imports

imm32

version

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

urlmon

gdiplus

winmm

psapi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 296KB - Virtual size: 295KB

.data Size: 17KB - Virtual size: 26KB

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 142KB - Virtual size: 141KB

.reloc Size: 75KB - Virtual size: 75KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 296KB - Virtual size: 295KB

.data
Size: 17KB - Virtual size: 26KB

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 142KB - Virtual size: 141KB

.reloc
Size: 75KB - Virtual size: 75KB