6af0e8ffb931618c592985bddaf37088c22b6f5467c4219a8310adc5834b7c66

Sharing

Copy URL Twitter E-mail

General

Target

6af0e8ffb931618c592985bddaf37088c22b6f5467c4219a8310adc5834b7c66
Size

554KB
MD5

ccba3635601867db24aef274b06ee4c4
SHA1

9c9d69aabe78f103f5b8541f1fec45a568d98f62
SHA256

6af0e8ffb931618c592985bddaf37088c22b6f5467c4219a8310adc5834b7c66
SHA512

0f3a63a11ad99444be46b87d99b0a22ab8ebba776b9534d6b253559fe0bae674c1940d9f8e58c38e1f91acd8b9ee285588045e14b535276adbeb87168b46dfff
SSDEEP

6144:tZpWmJsN4AGRT+kfUVb1crFyHlLTBqbktnZp9:tDy4AG3MVhcrulLTsbO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6af0e8ffb931618c592985bddaf37088c22b6f5467c4219a8310adc5834b7c66

Files

6af0e8ffb931618c592985bddaf37088c22b6f5467c4219a8310adc5834b7c66
.exe windows x86

0dc100277c692327d4ded0bf6516871b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
LoadLibraryA
InitializeCriticalSection
FlushFileBuffers
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
SetHandleCount
DosDateTimeToFileTime
GetFileType
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
RaiseException
TerminateProcess
MoveFileW
RtlUnwind
HeapFree
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFileTimeToFileTime
SetFileTime
GetPrivateProfileStringW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
WritePrivateProfileStringW
CreateFileW
GetFileSize
ReadFile
CloseHandle
CreateDirectoryW
CopyFileW
DeleteFileW
MoveFileExW
DeleteCriticalSection
ExitProcess
HeapSize
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoW
GetVersionExA
InterlockedIncrement
GetSystemTimeAsFileTime
Sleep
InterlockedDecrement
GetLastError
FreeLibrary
GetModuleHandleW
GetCurrentProcess
GlobalLock
GlobalUnlock
GetCurrentThreadId
GlobalAlloc
GetCommandLineW
GetExitCodeProcess
CreateProcessW
WaitForSingleObject
GetTickCount
QueryPerformanceFrequency
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
GetVersionExW
QueryPerformanceCounter
GetTempPathW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
CreateFileA
VirtualFree
SetFilePointer
GetConsoleMode
GetConsoleCP
WriteFile
HeapAlloc

user32

SetDlgItemInt
SetDlgItemTextW
SetWindowPos
GetWindowRect
SetWindowTextW
SetWindowLongW
GetDlgItem
DialogBoxParamW
ShowWindow
EndDialog
MessageBoxW
GetWindowLongW
CreateWindowExW
DestroyWindow
MoveWindow
DefWindowProcW
LoadCursorW
RegisterClassExW
EnumDisplayMonitors
SystemParametersInfoW
GetMonitorInfoW
FindWindowW
GetDesktopWindow

gdi32

CreateDIBSection
CreateCompatibleDC
CreateICW
CreateFontW
SelectObject
GetTextExtentPoint32W
DeleteObject
CreateSolidBrush
DeleteDC

advapi32

RegOpenKeyW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CLSIDFromString

gdiplus

GdipAlloc
GdipDeleteGraphics
GdipFree
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipCloneImage
GdipDisposeImage

duilib32

?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKHHHHPAUHMENU__@@@Z
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
?ShowModal@CWindowWnd@DuiLib@@QAEIXZ
??BCDuiString@DuiLib@@QBEPB_WXZ
??0WindowImplBase@DuiLib@@QAE@XZ
??0CDuiString@DuiLib@@QAE@XZ
??4CDuiString@DuiLib@@QAEABV01@PB_W@Z
?CreateControl@WindowImplBase@DuiLib@@UAEPAVCControlUI@2@PB_W@Z
?MessageHandler@WindowImplBase@DuiLib@@UAEJIIJAA_N@Z
?Notify@WindowImplBase@DuiLib@@UAEXAAUtagTNotifyUI@2@@Z
?GetStyle@WindowImplBase@DuiLib@@UAEJXZ
?HandleCustomMessage@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseMove@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonUp@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSetFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKillFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnCreate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSysCommand@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnChar@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseHover@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseWheel@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnGetMinMaxInfo@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcHitTest@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcPaint@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcCalcSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcActivate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnDestroy@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnClose@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?ResponseDefaultKeyEvent@WindowImplBase@DuiLib@@MAEJI@Z
?OnFinalMessage@WindowImplBase@DuiLib@@UAEXPAUHWND__@@@Z
?HandleMessage@WindowImplBase@DuiLib@@UAEJIIJ@Z
?GetClassStyle@WindowImplBase@DuiLib@@UBEIXZ
?GetSuperClassName@CWindowWnd@DuiLib@@MBEPB_WXZ
??1WindowImplBase@DuiLib@@UAE@XZ
??8CDuiString@DuiLib@@QBE_NPB_W@Z
?Close@CWindowWnd@DuiLib@@QAEXI@Z
?GetCheck@CCheckBoxUI@DuiLib@@QBE_NXZ
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z
??0CDuiString@DuiLib@@QAE@PB_WH@Z
??1CDuiString@DuiLib@@QAE@XZ
?messageMap@CNotifyPump@DuiLib@@1UDUI_MSGMAP@2@B

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dc100277c692327d4ded0bf6516871b

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

duilib32

Sections

.text Size: 188KB - Virtual size: 186KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 296KB - Virtual size: 292KB

.text
Size: 188KB - Virtual size: 186KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 296KB - Virtual size: 292KB