6a3245356f5b05d562e7f29e18bcb515117361eaad89c79d34efce3de2792bcc

Sharing

Copy URL Twitter E-mail

General

Target

6a3245356f5b05d562e7f29e18bcb515117361eaad89c79d34efce3de2792bcc
Size

4.6MB
MD5

36af67550292c88ce893b94dffda0ac6
SHA1

33e6fe8e98cbc3dab3fd8f01070da5e8b860394b
SHA256

6a3245356f5b05d562e7f29e18bcb515117361eaad89c79d34efce3de2792bcc
SHA512

926842c552bfc035fe81d4fd807e7a48e9a1ce7eb294f4ce114b66ab2a6d9e46752ff0dfafeab39ff05c63602eb8737a8d2e4fca928aa2cbbdfa14ab81e4fc6c
SSDEEP

98304:Ty2ezmLy4448p6NKbAnjLfNOvk02gaZxI9/E:2SLy4lrK8j7N02gSI9/E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a3245356f5b05d562e7f29e18bcb515117361eaad89c79d34efce3de2792bcc

Files

6a3245356f5b05d562e7f29e18bcb515117361eaad89c79d34efce3de2792bcc
.exe windows x86

2c0ede128b902b59e6588c8904498426

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegSetValueExW
GetTokenInformation
RegCloseKey
RegQueryValueExW
SetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
CreateProcessAsUserW
DuplicateTokenEx
RevertToSelf
ImpersonateLoggedOnUser
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegSetValueW
EqualSid
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
AddAccessAllowedAce
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
SetFileSecurityW
GetFileSecurityW
LookupAccountNameW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
OpenProcessToken

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
OleLockRunning
CLSIDFromProgID
CreateBindCtx
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString

shlwapi

StrToIntExW
PathFileExistsW

user32

DestroyIcon
SetFocus
GetFocus
DefWindowProcW
CallWindowProcW
RegisterClassExW
CreateWindowExW
GetDlgItem
GetActiveWindow
GetClientRect
GetWindowRect
MapWindowPoints
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
TrackMouseEvent
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
GetCapture
SetCapture
ReleaseCapture
UpdateWindow
BeginPaint
EndPaint
InvalidateRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
HideCaret
SetCaretPos
ScreenToClient
EnableWindow
IsWindowEnabled
SetActiveWindow
LoadBitmapW
DispatchMessageW
LoadImageW
GetMessageW
ClientToScreen
CharNextW
GetSysColor
GetSystemMetrics
MessageBoxW
IsWindowVisible
DrawTextW
SystemParametersInfoA
CharLowerBuffW
MapVirtualKeyA
UpdateLayeredWindow
IsMenu
CreatePopupMenu
DestroyMenu
GetMenuItemCount
AppendMenuW
TrackPopupMenu
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
MsgWaitForMultipleObjects
GetProcessWindowStation
GetUserObjectInformationW
TranslateMessage
SetWindowLongW
SendMessageW
SetWindowTextW
GetWindowLongW
ShowWindow
PostQuitMessage
PostMessageW
PtInRect
EqualRect
IsRectEmpty
SystemParametersInfoW
SetForegroundWindow
GetForegroundWindow
UnionRect
IntersectRect
CopyRect
SetRect
SetCursor
KillTimer
SetTimer
DestroyWindow
IsWindow
DestroyCursor
LoadCursorW
LoadStringW
GetDesktopWindow
wsprintfW
GetKeyState
GetClassNameW
EnableMenuItem
PeekMessageW
CreateIconFromResource
UnregisterClassW
GetDC
ReleaseDC
InflateRect
OffsetRect
DrawIconEx
GetIconInfo
SetWindowPos

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdipCreateBitmapFromFile
GdipFree
GdipAlloc
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipSaveImageToFile
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup

kernel32

TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FormatMessageW
GetVersionExW
MulDiv
GetLastError
MultiByteToWideChar
GetCurrentProcessId
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
LocalFree
GetSystemInfo
GlobalFree
LocalAlloc
OpenProcess
TerminateProcess
GetExitCodeProcess
lstrcpyW
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindClose
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
GetLongPathNameW
GetCurrentThread
CreateDirectoryW
RemoveDirectoryW
GetSystemDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
UnhandledExceptionFilter
TlsAlloc
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetVolumeInformationW
ReleaseMutex
CreateMutexW
FileTimeToSystemTime
DeviceIoControl
SetPriorityClass
FlushInstructionCache
HeapCreate
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetLocalTime
GetVersionExA
GetModuleHandleA
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WriteConsoleW
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
TryEnterCriticalSection
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcess
WaitForSingleObjectEx
DuplicateHandle
GetTempPathW
SetCurrentDirectoryW
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateThread
LoadLibraryA
lstrlenW
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
VirtualProtect
VirtualFree
VirtualAlloc
GetFileAttributesW
CreateFileW
OutputDebugStringA
LoadLibraryW
GetTickCount
CloseHandle
ReadFile
WriteFile
GetFileSize
Sleep
GetProcAddress
FreeLibrary
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedDecrement
InterlockedIncrement
SetEndOfFile
FormatMessageA
SleepEx
WaitForMultipleObjects
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
GetSystemDirectoryA
VerifyVersionInfoA
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
SetConsoleMode
ReadConsoleA
GetSystemTime
SystemTimeToFileTime
InterlockedCompareExchange
GetFileInformationByHandle
GetFileSizeEx
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
lstrlenA
ResetEvent
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryW
GetEnvironmentVariableW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
GetFileType
GetACP
ExitProcess
GetStdHandle
GetModuleHandleExW
ExitThread
RtlUnwind

imm32

ImmAssociateContext
ImmReleaseContext
ImmGetContext

gdi32

DeleteDC
DeleteObject
CreateCompatibleDC
GetRegionData
IntersectClipRect
SelectClipRgn
SelectObject
CreateDIBSection
GetObjectW
SetViewportOrgEx
BitBlt
EnumFontsW
CreateRoundRectRgn
CreateBitmap
GetDeviceCaps
SetGraphicsMode
CreateFontIndirectW
CreateSolidBrush
GetStockObject
Rectangle
SetBkMode
StretchBlt
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextColor
SetTextAlign
GetTextMetricsW
SetWorldTransform
ExtTextOutW
GetTextFaceW
GdiFlush
GetCurrentObject
GetViewportOrgEx
ExtCreateRegion

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules

shell32

SHGetFolderPathW
SHFileOperationW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wininet

InternetReadFile
InternetQueryOptionW
HttpQueryInfoW
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle

wldap32

ord30
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord200
ord301
ord143

ws2_32

recv
send
WSAStartup
WSAGetLastError
__WSAFDIsSet
select
getaddrinfo
WSASetLastError
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
WSACleanup

oleaut32

SysAllocString
SysFreeString
SysStringLen

usp10

ScriptItemize
ScriptFreeCache
ScriptShape

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 507KB - Virtual size: 506KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c0ede128b902b59e6588c8904498426

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

shlwapi

user32

version

gdiplus

kernel32

imm32

gdi32

psapi

shell32

userenv

wininet

wldap32

ws2_32

oleaut32

usp10

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 912KB - Virtual size: 912KB

.data Size: 77KB - Virtual size: 188KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 507KB - Virtual size: 506KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 912KB - Virtual size: 912KB

.data
Size: 77KB - Virtual size: 188KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 507KB - Virtual size: 506KB