0dd5325444caebefa43b8c017a5525babcbe37c260065057d93a51af95d6bc25

Sharing

Copy URL Twitter E-mail

General

Target

0dd5325444caebefa43b8c017a5525babcbe37c260065057d93a51af95d6bc25
Size

1.9MB
MD5

f4234f89df355a3046017a49b9e0b4e7
SHA1

868311eed6cfa8e4d8384a560edb7dc88866a39c
SHA256

0dd5325444caebefa43b8c017a5525babcbe37c260065057d93a51af95d6bc25
SHA512

6f109cfda9dd3ec70e9025a5003c4e506e7adbda818a02c31b1d9e61363f6e627ef07d151a96fe1537f8a3517701dab306edf1e27aba5ccfac12885d3af608c0
SSDEEP

49152:idlziW0AooKNjdyHbkBth8jrIEsBVFl2LK:LNjdyHbYmrBsBVFliK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dd5325444caebefa43b8c017a5525babcbe37c260065057d93a51af95d6bc25

Files

0dd5325444caebefa43b8c017a5525babcbe37c260065057d93a51af95d6bc25
.exe windows x64

328f91e96d3e07655d36b0b542449952

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertFindExtension
CryptDecodeObjectEx
CryptQueryObject
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertEnumCertificatesInStore
PFXImportCertStore
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryW
CertGetCertificateChain
CertFreeCertificateContext

user32

ReleaseCapture
GetCapture
PostMessageW
PeekMessageW
SetCursor
IsWindow
EnableWindow
SendMessageW
IsWindowEnabled
GetWindow
GetDesktopWindow
ShowWindow
GetWindowLongW
GetActiveWindow
GetWindowThreadProcessId
SetFocus
DestroyMenu
LoadMenuW
LoadIconW
GetMenu
SetMenu
WinHelpW
ReuseDDElParam
UnpackDDElParam
GetSubMenu
GetMenuItemCount
GetKeyState
GetDlgCtrlID
SetWindowPos
SetWindowLongW
GetDlgItem
EqualRect
GetSysColor
GetClassNameW
BringWindowToTop
GetLastActivePopup
GetClassInfoW
GetSystemMetrics
GetParent
SetRectEmpty
ReleaseDC
GetDC
TranslateAcceleratorW
TabbedTextOutW
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
GetMessagePos
GetMessageTime
DefWindowProcW
RemovePropW
RegisterClipboardFormatW
UnregisterClassW
PtInRect
GetClipboardFormatNameW
GetClipboardFormatNameA
SystemParametersInfoW
ModifyMenuW
InsertMenuItemW
GetMenuItemInfoW
GetMenuState
GetMenuItemID
LoadAcceleratorsW
wsprintfW
InflateRect
InvalidateRect
EnableMenuItem
CheckMenuItem
IsMenu
CreatePopupMenu
GrayStringW
DrawTextExW
DrawTextW
GetSysColorBrush
FillRect
EndDialog
CreateDialogIndirectParamW
GetCursorPos
GetMessageW
TranslateMessage
PostQuitMessage
SetWindowTextW
IsDialogMessageW
LoadCursorW
GetForegroundWindow
SetForegroundWindow
SetWindowLongPtrW
GetNextDlgTabItem
ShowOwnedPopups
IsWindowVisible
ValidateRect
UpdateWindow
GetWindowDC
EndPaint
BeginPaint
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapW
SetMenuItemBitmaps
RegisterWindowMessageW
MessageBoxW
CreateWindowExW
GetClassInfoExW
RegisterClassW
SendDlgItemMessageW
SendDlgItemMessageA
GetClientRect
MapWindowPoints
DispatchMessageW
GetFocus
SetActiveWindow
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
GetTopWindow
TrackPopupMenu
GetWindowTextW
DestroyWindow
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassLongPtrW
GetWindowLongPtrW
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW

ole32

StringFromCLSID
CoTaskMemFree

oleaut32

VariantInit
VariantChangeType
VariantClear

kernel32

CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenEventA
GetDriveTypeA
SetEnvironmentVariableA
CreateFileA
LCMapStringW
LCMapStringA
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
HeapQueryInformation
HeapReAlloc
GetTimeZoneInformation
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
HeapFree
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
HeapDestroy
HeapCreate
HeapSetInformation
FlsFree
FlsAlloc
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualQuery
GetSystemInfo
VirtualAlloc
OutputDebugStringW
OutputDebugStringA
ExitProcess
IsBadReadPtr
HeapValidate
HeapSize
GetDateFormatA
GetTimeFormatA
GetFileInformationByHandle
GetDriveTypeW
FileTimeToLocalFileTime
ExitThread
CreateThread
WriteConsoleW
DebugBreak
GetSystemTimeAsFileTime
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
RaiseException
GetStartupInfoW
FileTimeToSystemTime
SetEndOfFile
FlushFileBuffers
GetCurrentProcess
WritePrivateProfileStringW
GetAtomNameW
lstrlenA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
LocalFree
GlobalFlags
SetErrorMode
MulDiv
GetTickCount
GetProcAddress
LoadLibraryA
FindClose
GetEnvironmentVariableA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GetLastError
FindFirstFileW
GetModuleFileNameA
CreateDirectoryA
lstrlenW
Sleep
CreateEventA
SetFilePointer
CreateFileW
CloseHandle
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
GetFileAttributesW
GetCurrentDirectoryW
SetFileTime
WriteFile
SetLastError
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
GetModuleHandleW
QueryPerformanceCounter
WaitForSingleObject
VerifyVersionInfoW
VerSetConditionMask
GetModuleHandleA
SleepEx
GetCurrentProcessId
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
MoveFileExW
GetFileSizeEx
GlobalAddAtomW
GlobalGetAtomNameW
GlobalUnlock
GlobalLock
FreeResource
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
GetCurrentThreadId
lstrcmpW
GetVersionExW
CompareStringW
GetModuleFileNameW
EnumResourceLanguagesW
ConvertDefaultLocale
GetLocaleInfoW
GetCurrentThread
lstrcmpA
GlobalAlloc
CompareStringA
SetEvent
GlobalFree
GetFullPathNameW
DeleteFileA

advapi32

CryptReleaseContext
OpenThreadToken
RevertToSelf
SetThreadToken
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptImportKey
CryptEncrypt
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptGenRandom
CryptDestroyKey

shell32

DragQueryFileW
DragFinish

shlwapi

PathFindFileNameW
PathFindExtensionW

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
Escape
GetTextExtentPoint32W
TextOutW
GetPixel
BitBlt
RectVisible
PtVisible
GetDeviceCaps
CreateFontIndirectW
CreatePatternBrush
CreateSolidBrush
GetStockObject
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
ExtTextOutW
GetObjectType
GetObjectW
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteDC

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comctl32

InitCommonControlsEx

ws2_32

recvfrom
sendto
getpeername
WSAIoctl
htonl
setsockopt
__WSAFDIsSet
getsockname
listen
connect
accept
recv
socket
htons
getaddrinfo
freeaddrinfo
WSASetLastError
ntohs
WSACloseEvent
WSASetEvent
getsockopt
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
WSACreateEvent
WSAStartup
WSACleanup
WSAGetLastError
send
closesocket
select
ioctlsocket
gethostname
bind

wldap32

ord219
ord145
ord208
ord26
ord27
ord133
ord14
ord127
ord167
ord301
ord142
ord79
ord41
ord46
ord117
ord216
ord73
ord147

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

328f91e96d3e07655d36b0b542449952

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

user32

ole32

oleaut32

kernel32

advapi32

shell32

shlwapi

gdi32

winspool.drv

comctl32

ws2_32

wldap32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 302KB - Virtual size: 301KB

.data Size: 116KB - Virtual size: 144KB

.pdata Size: 56KB - Virtual size: 55KB

.rsrc Size: 18KB - Virtual size: 20KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 302KB - Virtual size: 301KB

.data
Size: 116KB - Virtual size: 144KB

.pdata
Size: 56KB - Virtual size: 55KB

.rsrc
Size: 18KB - Virtual size: 20KB

.reloc
Size: 30KB - Virtual size: 30KB