21352915d8cd0751e3172c62c75b3e0f0923cab8130b4bbe60e28b76abca0da9

Sharing

Copy URL Twitter E-mail

General

Target

21352915d8cd0751e3172c62c75b3e0f0923cab8130b4bbe60e28b76abca0da9
Size

1.6MB
MD5

4b3c22f17c2079183f0e09a989486de1
SHA1

d108e9ab83cee38969f6988cfec1dbde314de0e0
SHA256

21352915d8cd0751e3172c62c75b3e0f0923cab8130b4bbe60e28b76abca0da9
SHA512

a12059f67cb933f53cccc2a628b17a0a4e8e4fd0aea470a43f033e6133c475ec907449df20a28ef26fa48591ba1de371b81db7594b15ff64217bff816ce1046d
SSDEEP

24576:VVg49KsPrJb89l5D7aZtkPRLCEQmeqtw2mVFNc3IXiYsxIc5ojK0O+GwYl8bcsY/:xzJbkvaZeIZmeHpcSi+cMK0O+S0Nf61

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21352915d8cd0751e3172c62c75b3e0f0923cab8130b4bbe60e28b76abca0da9

Files

21352915d8cd0751e3172c62c75b3e0f0923cab8130b4bbe60e28b76abca0da9
.exe windows x86

ba66c10308c42056e12eaf8401d58770

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

winmm

timeEndPeriod
timeGetDevCaps
timeSetEvent
PlaySoundW
timeGetTime
mciSendCommandA
timeKillEvent
timeBeginPeriod

imm32

ImmGetDefaultIMEWnd
ImmAssociateContext

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

CreateWaitableTimerA
SwitchToThread
SizeofResource
FindResourceA
LockResource
LoadResource
GetTickCount
LoadLibraryA
GetProcAddress
FreeLibrary
GetVolumeInformationW
FindFirstFileW
VirtualFree
FindNextFileW
DeviceIoControl
VirtualAlloc
GetDriveTypeA
GetModuleFileNameW
SetErrorMode
FindClose
GetVolumeInformationA
GetFileAttributesW
GetLogicalDriveStringsW
GetDiskFreeSpaceA
GetDevicePowerState
FileTimeToSystemTime
GetDiskFreeSpaceExW
DeleteFileW
GetLocalTime
SetCurrentDirectoryW
SystemTimeToFileTime
GetTempFileNameW
GetDriveTypeW
GetModuleHandleA
SetThreadAffinityMask
GetLogicalProcessorInformation
GetCurrentThread
CreateDirectoryW
RemoveDirectoryW
ExitThread
SetFileAttributesW
OpenMutexA
CreateThread
CreateProcessW
MoveFileW
GetExitCodeProcess
GetExitCodeThread
CopyFileW
GlobalMemoryStatus
GlobalMemoryStatusEx
GetComputerNameA
CreateFileMappingA
CreateMutexA
ReleaseMutex
GetCurrentProcess
OpenProcess
MultiByteToWideChar
GetUserDefaultUILanguage
FindResourceW
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointerEx
WaitForMultipleObjects
GetFileType
CreateFileMappingW
HeapFree
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
LoadLibraryExW
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetACP
GetThreadPriority
MulDiv
CreateSemaphoreA
ReleaseSemaphore
DuplicateHandle
OutputDebugStringW
TlsFree
TlsSetValue
SetWaitableTimer
TlsAlloc
CreateEventW
SetLastError
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsValidCodePage
GetOEMCP
GetCurrentProcessId
UnmapViewOfFile
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetConsoleMode
FlushFileBuffers
GetConsoleCP
WriteConsoleW
SignalObjectAndWait
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetVersionExW
FindFirstFileExW
VirtualProtect
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
TryEnterCriticalSection
ResetEvent
GetSystemInfo
WaitForSingleObjectEx
DecodePointer
RaiseException
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileTime
WideCharToMultiByte
GetFileSize
GetLastError
CreateFileW
SetFilePointer
SetFileTime
GetSystemTime
WriteFile
ReadFile
CreateEventA
CloseHandle
SetEvent
WaitForSingleObject
SetThreadPriority
DeleteCriticalSection
Sleep
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetVersionExA
TlsGetValue
MapViewOfFile
LCMapStringW
HeapReAlloc
HeapSize
HeapAlloc

user32

SwapMouseButton
ClientToScreen
GetCursorInfo
GetUserObjectSecurity
GetShellWindow
GetWindowThreadProcessId
ShowCursor
SetCursorPos
BringWindowToTop
FindWindowW
SetForegroundWindow
GetKeyboardState
IsIconic
GetDlgItemTextW
IsDlgButtonChecked
EnableWindow
PostMessageA
WaitForInputIdle
EnumDisplayMonitors
GetCursorPos
AdjustWindowRectEx
LoadCursorA
RegisterClassExW
LoadCursorW
GetSystemMetrics
SetWindowPos
GetMonitorInfoA
GetClientRect
UpdateWindow
InvalidateRect
MonitorFromWindow
FillRect
SetRect
CreateDialogParamW
CallWindowProcW
DestroyWindow
MessageBoxW
PostQuitMessage
EndDialog
DialogBoxParamA
SystemParametersInfoW
LoadImageW
EnableMenuItem
SetCursor
LoadIconW
TranslateMessage
GetForegroundWindow
RegisterHotKey
PeekMessageW
DispatchMessageW
SetActiveWindow
UnregisterHotKey
GetDlgItemTextA
SetWindowLongA
GetDlgCtrlID
CallWindowProcA
SetDlgItemTextW
SetWindowTextA
SendDlgItemMessageW
DefWindowProcA
SetFocus
SendDlgItemMessageA
SetDlgItemTextA
SendMessageA
SetWindowLongW
GetDlgItem
GetWindowTextLengthA
DialogBoxParamW
GetWindowTextW
IsWindow
MessageBoxA
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
DefWindowProcW
PostMessageW
GetWindowRect
CreateWindowExW
SendMessageW
SetWindowTextW
ShowWindow
GetAsyncKeyState
RedrawWindow
MoveWindow
BeginPaint
EndPaint
GetDC
ReleaseDC
GetSystemMenu
PeekMessageA
PostThreadMessageA
GetQueueStatus
RegisterWindowMessageA
DispatchMessageA
MsgWaitForMultipleObjects
SetTimer
ScreenToClient
KillTimer
CloseWindow

gdi32

GetCharABCWidthsFloatW
DeleteObject
GetOutlineTextMetricsW
GetObjectA
AddFontResourceExW
AddFontMemResourceEx
GetGlyphOutlineW
GetTextExtentPoint32W
TextOutW
DeleteDC
CreateFontW
EnumFontFamiliesExW
CreateCompatibleDC
CreateDIBSection
SelectObject
CreatePalette
SelectPalette
SetBkMode
SetTextColor
CreateFontA
GetStockObject
SetStretchBltMode
SelectClipRgn
CreateRectRgnIndirect
StretchDIBits
SetBrushOrgEx
GetTextMetricsA
RemoveFontMemResourceEx
RemoveFontResourceExW

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

LookupAccountSidW
RegCloseKey
RevertToSelf
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueA
GetSecurityDescriptorOwner
ImpersonateLoggedOnUser
IsValidSid
OpenProcessToken
DuplicateTokenEx
RegSetValueExW
GetUserNameA
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

DragFinish
SHBrowseForFolderW
ShellExecuteW
SHChangeNotify
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathW
DragQueryFileW
DragAcceptFiles
DragQueryFileA
SHGetMalloc

ole32

CoUninitialize
CoTaskMemAlloc
CoFreeUnusedLibraries
PropVariantClear
CoInitialize
CoTaskMemFree
CoCreateInstance

wininet

InternetOpenW
InternetSetFilePointer
InternetReadFile
InternetAttemptConnect
InternetOpenUrlW
InternetCloseHandle
InternetQueryDataAvailable

gdiplus

GdipGetImageWidth
GdipGetImageEncodersSize
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipGetImageEncoders
GdipCloneImage
GdipCreateBitmapFromFile
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipAlloc
GdipBitmapUnlockBits
GdipSaveImageToFile

mf

MFCreateVideoRendererActivate
MFCreateAudioRendererActivate
MFCreateTopology
MFCreateTopologyNode
MFCreateMediaSession

mfplat

MFShutdown
MFCreateMFByteStreamOnStream
MFStartup
MFCreateFile
MFCreateSourceResolver

dsound

ord11

Exports

Exports

??4SThreadParam@@QAEAAU0@$$QAU0@@Z
??4SThreadParam@@QAEAAU0@ABU0@@Z

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba66c10308c42056e12eaf8401d58770

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

dinput8

winmm

imm32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

wininet

gdiplus

mf

mfplat

dsound

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 18KB - Virtual size: 420KB

_RDATA Size: 1KB - Virtual size: 1KB

.rsrc Size: 150KB - Virtual size: 149KB

.reloc Size: 51KB - Virtual size: 51KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 18KB - Virtual size: 420KB

_RDATA
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 150KB - Virtual size: 149KB

.reloc
Size: 51KB - Virtual size: 51KB