6fa57a88f516b4192376ed659174ee706881b2c56b6d2b615c30e43e1d32fa45

Sharing

Copy URL Twitter E-mail

General

Target

6fa57a88f516b4192376ed659174ee706881b2c56b6d2b615c30e43e1d32fa45
Size

5.1MB
MD5

3d85ee6a298e5dbc3b9a139249fc9687
SHA1

bf9cbc7818ea406d5990337a165407a7c5015f93
SHA256

6fa57a88f516b4192376ed659174ee706881b2c56b6d2b615c30e43e1d32fa45
SHA512

f5d4ef8b0392383a3b9bd50c0d65cc8d748590c1aecdb055dbbd1dfff56c745f5f546039e70fb862a1219aa7eec8ecf64df3867da3ae92d38f589b1b79421764
SSDEEP

49152:PvOaCNsm+uklNyVcLUTGA2H/LhiPUI82jigo960XYO8IVKygC0+x2RBbt0bSc4dW:HleCNyVcLUB2H/disIf0XfL0+xu5jA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fa57a88f516b4192376ed659174ee706881b2c56b6d2b615c30e43e1d32fa45

Files

6fa57a88f516b4192376ed659174ee706881b2c56b6d2b615c30e43e1d32fa45
.exe windows x86

478c0fc09ce4592d59be8a9aa548c731

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW
FileTimeToSystemTime
SystemTimeToFileTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetFileAttributesW
GetCommandLineW
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
ExitThread
HeapQueryInformation
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
GetTickCount
IsValidCodePage
GetOEMCP
GetCPInfo
GetTimeZoneInformation
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
LocalReAlloc
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
CreateFileA
OpenFile
SystemTimeToTzSpecificLocalTime
GetLogicalDriveStringsW
CreateDirectoryW
GetDriveTypeA
OpenProcess
GetFileAttributesA
FindFirstFileA
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
DeviceIoControl
FindResourceA
MoveFileExW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetSystemDefaultLangID
GetTempFileNameW
MapViewOfFile
FindFirstFileW
GetDriveTypeW
GetLogicalDrives
GetSystemPowerStatus
GetSystemDirectoryA
GetTempPathW
CreateFileMappingW
GetSystemInfo
GetTempPathA
SetVolumeLabelA
FindVolumeClose
SetVolumeMountPointW
GetVolumeInformationA
DeleteVolumeMountPointW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
DefineDosDeviceW
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
lstrlenW
PeekNamedPipe
CreateProcessW
GetExitCodeProcess
CreatePipe
InterlockedDecrement
PulseEvent
WaitForMultipleObjects
GetExitCodeThread
GetLogicalDriveStringsA
lstrlenA
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
SetEvent
lstrcmpA
GetCurrentThread
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
EncodePointer
FreeResource
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
FindResourceW
LoadLibraryA
SizeofResource
LockResource
LoadResource
GetVersionExW
LoadLibraryW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
SetLastError
OutputDebugStringA
GetACP
WideCharToMultiByte
MultiByteToWideChar
FindClose
CreateFileW
DeleteFileW
GetCurrentDirectoryW
UnmapViewOfFile
GlobalFlags
FindFirstFileExW
GetFileInformationByHandle
GetFullPathNameA
GlobalMemoryStatusEx
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
CopyFileExW
CreateMutexW
HeapCompact
TryEnterCriticalSection
InterlockedCompareExchange
FlushViewOfFile
WaitForSingleObjectEx
UnlockFileEx
FormatMessageA
HeapCreate
HeapValidate
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetVersionExA
GetSystemTime
DeleteFileA
GetThreadTimes
InitializeSListHead
GetModuleHandleW
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentProcessId
CreateThread
CloseHandle
IsValidLocale
WaitForSingleObject

user32

GetClientRect
GetWindowTextW
RemovePropW
GetPropW
SetPropW
RedrawWindow
ValidateRect
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
GetDlgCtrlID
IsWindowVisible
SetRect
OffsetRect
KillTimer
SetTimer
ShowWindow
SetForegroundWindow
SetWindowPos
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
GetDesktopWindow
GetWindowLongW
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetLastActivePopup
IsWindowEnabled
GetFocus
SetFocus
IsWindow
GetParent
GetWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetWindowRect
WinHelpW
MonitorFromWindow
GetMonitorInfoW
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
MoveWindow
SendMessageW
EnableWindow
PostMessageW
UnregisterClassW
GetClassInfoW
LoadIconW
MessageBoxW
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
GetSysColor
CopyRect
EqualRect
PtInRect
SetWindowTextW
IsDialogMessageW
PostQuitMessage
SetCapture
ReleaseCapture
WindowFromPoint
InvalidateRect
IsIconic
DestroyIcon
GetWindowRgn
RegisterClassExW
GetCaretPos
SetWindowRgn
IntersectRect
IsZoomed
UpdateLayeredWindow
CloseWindow
SetCaretPos
HideCaret
CreateCaret
DestroyCaret
CloseClipboard
ExitWindowsEx
CharUpperW
GetClipboardData
OpenClipboard
SendMessageA
EnumWindows
wsprintfW
SendDlgItemMessageA
GetMessageW
TranslateMessage
SetWindowLongW
GetClassLongW
GetClassNameW
GetCursorPos
SetCursor
GetWindowThreadProcessId
GetSystemMetrics
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
ClientToScreen
RealChildWindowFromPoint
DestroyMenu
SystemParametersInfoW
GetTopWindow
UnionRect
CreateDesktopW
CloseDesktop
GetMessageTime

shell32

DragQueryFileW
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
DragAcceptFiles
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
ShellExecuteW
SHGetFileInfoW
ord165

shlwapi

PathIsRootW
PathIsDirectoryW
PathFileExistsA
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW

ws2_32

WSAGetLastError
select
htons
shutdown
WSACleanup
recv
socket
gethostbyname
send
setsockopt
inet_addr
WSAStartup
connect
ioctlsocket
closesocket

oleacc

CreateStdAccessibleObject
LresultFromObject

imagehlp

MakeSureDirectoryPathExists

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA

winmm

timeGetDevCaps
timeSetEvent
timeKillEvent

gdi32

SetBkMode
EnumFontFamiliesExW
MoveToEx
TextOutW
ExtTextOutW
SelectObject
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateFontW
GetDIBits
CreateDIBSection
CreatePolygonRgn
FillRgn
GetBitmapBits
SetBitmapBits
SetPixel
PtInRegion
SetMapMode
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
GetStockObject
GetClipBox
Escape
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateCompatibleDC
BitBlt
CreateBitmap
GetObjectW
SetTextColor
SetBkColor
GetDeviceCaps

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ControlService
UnlockServiceDatabase
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
LockServiceDatabase
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyExA

ole32

CoInitialize
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
OleSetContainedObject
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

SysAllocString
VariantInit
VariantChangeType
VariantClear
VarDateFromStr
VariantTimeToSystemTime
SysFreeString

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

setupapi

SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_IDA
CM_Get_Parent
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

gdiplus

GdipLoadImageFromStream
GdipCreateHBITMAPFromBitmap
GdipFillPath
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipSetSmoothingMode
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipCreatePath
GdipResetClip
GdipSetClipPath
GdipAddPathRectangleI
GdipAddPathEllipseI
GdipCreateBitmapFromFile
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipDrawPath
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsCount
GdipDrawImageRectRect
GdipGetImageWidth
GdipGetImageHeight
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFont
GdipCreateFont
GdipDeletePath
GdipSetPenDashStyle
GdipDrawLineI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipResetPath

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
ImmDestroyContext
ImmAssociateContext

iphlpapi

GetAdaptersInfo

wlanapi

WlanOpenHandle
WlanGetProfile
WlanCloseHandle
WlanGetProfileList
WlanFreeMemory
WlanEnumInterfaces

rpcrt4

UuidToStringW
UuidFromStringW
RpcStringFreeW

crypt32

CryptStringToBinaryW
CryptUnprotectData

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 506KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30.0MB - Virtual size: 30.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

478c0fc09ce4592d59be8a9aa548c731

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

ws2_32

oleacc

imagehlp

version

wininet

winmm

gdi32

winspool.drv

advapi32

ole32

oleaut32

msimg32

comctl32

setupapi

gdiplus

imm32

iphlpapi

wlanapi

rpcrt4

crypt32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 520KB - Virtual size: 519KB

.data Size: 184KB - Virtual size: 224KB

.vmp0 Size: 506KB - Virtual size: 505KB

.reloc Size: 211KB - Virtual size: 211KB

.rsrc Size: 30.0MB - Virtual size: 30.0MB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 520KB - Virtual size: 519KB

.data
Size: 184KB - Virtual size: 224KB

.vmp0
Size: 506KB - Virtual size: 505KB

.reloc
Size: 211KB - Virtual size: 211KB

.rsrc
Size: 30.0MB - Virtual size: 30.0MB