f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388

Sharing

Copy URL

Twitter E-mail

General

Target

f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388
Size

4.9MB
MD5

b1417930b362afa743ccc22ee0897616
SHA1

8223e4108872d80ac7946ba40228d727a0c8474b
SHA256

f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388
SHA512

9750b25661a1f2a7768eb0f0c8778a4f166f240250e0e6be40f7b4198eb6168bedefd66bca206d34c8f20fbf8103a86bf0b7096e32365e73e4328687a8715a67
SSDEEP

49152:Kcy+hHebo3rvGLHMjOPgNOlE8XHg1itvjKWv54O3BgBaLhx7ooJCKk:hy+hHGo3rqoIlOqj6oJCK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388

Files

f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388
.exe windows x86

0f8a8e45c1311d821c13a51e05150cf7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
GetWindowsDirectoryW
DeleteFileW
LockResource
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFullPathNameW
SetEndOfFile
SetStdHandle
GetTimeZoneInformation
GetExitCodeProcess
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapQueryInformation
HeapSize
HeapReAlloc
SetConsoleCtrlHandler
OutputDebugStringW
GetCurrentThread
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
SetProcessWorkingSetSize
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
DuplicateHandle
WriteConsoleW
GetSystemInfo
HeapValidate
ExitProcess
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileSizeEx
SleepEx
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExW
FormatMessageW
SetLastError
FreeLibrary
GetSystemDirectoryW
GetCPInfo
CompareStringEx
GetTempPathW
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
DecodePointer
EncodePointer
LocalFree
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetTickCount64
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
FormatMessageA
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetComputerNameW
FindFirstFileW
CopyFileW
CreateMutexW
WideCharToMultiByte
MultiByteToWideChar
CreateProcessW
WaitForSingleObject
CreatePipe
GetLastError
CloseHandle
OutputDebugStringA
ReadFile
lstrcpyW
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
Sleep
GetEnvironmentVariableW
WriteFile
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
RaiseException
SetThreadPriority
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
FileTimeToLocalFileTime
LocalFileTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
FileTimeToSystemTime
SystemTimeToFileTime
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
VerSetConditionMask
GetTickCount
VerifyVersionInfoW
SetCurrentDirectoryW
GetCurrentDirectoryW
LoadResource
SizeofResource
FindResourceW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetFileAttributesW
GetProcAddress
LoadLibraryW
GlobalSize
MulDiv
GetCurrentProcessId
OpenProcess
GetModuleHandleA
CreateFileW
GetFileSize
CreateDirectoryW
SetFilePointer
SetFileTime

user32

RegisterClassExW
UnregisterClassW
DefWindowProcW
WaitMessage
PostMessageW
PeekMessageW
TranslateMessage
MoveWindow
DestroyWindow
SetWindowPos
IsIconic
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
EnableWindow
GetSystemMetrics
GetDC
CallMsgFilterW
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
SetPropW
GetPropW
SetWindowTextW
GetClientRect
GetQueueStatus
CreateWindowExW
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
CallWindowProcW
RegisterClassW
RegisterWindowMessageW
PostQuitMessage
ShowWindow
BringWindowToTop
CreatePopupMenu
AppendMenuW
TrackPopupMenu
GetClassInfoExW
SetForegroundWindow
GetCursorPos
LoadIconW
SendMessageW
FindWindowW
GetWindowRect
IsWindow
ReleaseDC
ScreenToClient
DispatchMessageW
IntersectRect
IsRectEmpty
GetParent
MapWindowPoints
GetDesktopWindow
wsprintfW
UnionRect
GetSysColor
ClientToScreen
SetCursor
GetAsyncKeyState
CharNextW
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
MonitorFromPoint
OffsetRect
MessageBoxW
SetWindowRgn
IsZoomed
IsWindowVisible
GetMonitorInfoW
MonitorFromWindow
LoadImageW
LoadCursorW
GetWindow
SetWindowLongW
GetWindowLongW
PtInRect
UpdateLayeredWindow

shell32

ord165
SHGetFolderPathW
SHFileOperationW
ShellExecuteW
Shell_NotifyIconW

winmm

timeGetTime
timeSetEvent
timeKillEvent

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipClonePath
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawBezierI
GdipDrawRectangleI
GdipDrawEllipseI
GdipDrawPath
GdipFillRectangle
GdipFillEllipseI
GdipFillPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipClonePen
GdipSetPenWidth
GdipGetPenWidth
GdipSetPenStartCap
GdipSetPenEndCap
GdipSetPenDashCap197819
GdipGetPenStartCap
GdipGetPenEndCap
GdipGetPenDashCap197819
GdipSetPenLineJoin
GdipGetPenLineJoin
GdipSetPenColor
GdipGetPenDashStyle
GdipSetPenDashStyle
GdipCreateTexture
GdipCreateBitmapFromHBITMAP
GdipTranslateMatrix
GdipScaleMatrix
GdipRotateMatrix
GdipLoadImageFromFileICM
GdipDeleteMatrix
GdipCreateMatrix
GdipResetPath
GdipGetPathFillMode
GdipSetPathFillMode
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetImagePaletteSize
GdipGetImagePalette
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipStartPathFigure
GdipAddPathLine2I
GdipAddPathBezierI
GdipAddPathCurveI
GdipAddPathRectangleI
GdipAddPathEllipseI
GdipAddPathPieI
GdipAddPathPolygonI
GdipTransformPath
GdipGetPathWorldBoundsI
GdipDrawImageRect
GdipDrawArc
GdipSetWorldTransform
GdipIsVisiblePathPointI
GdipIsOutlineVisiblePathPointI
GdipCreateLineBrushFromRect
GdipSetLineBlend
GdipCreatePen2
GdipLoadImageFromFile
GdipImageRotateFlip

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetOpenStatus
ImmGetOpenStatus

shlwapi

PathIsRelativeW
PathFileExistsW

msimg32

AlphaBlend

ws2_32

WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
ntohs
WSASetLastError
inet_ntop
WSAStartup
WSACleanup
setsockopt
WSAIoctl
htons
getsockopt
inet_pton
send
__WSAFDIsSet
gethostname
select
accept
bind
connect
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
socket

crypt32

CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

bcrypt

BCryptGenRandom

gdi32

SaveDC
CreateFontIndirectW
DeleteObject
GetStockObject
SelectObject
GetTextMetricsW
GetObjectW
CreateRoundRectRgn
GetDeviceCaps
ExtSelectClipRgn
CreateRectRgnIndirect
SetWindowOrgEx
GetObjectA
SetStretchBltMode
StretchBlt
BitBlt
RestoreDC
GetWindowOrgEx
GetObjectType
DeleteDC
CreateCompatibleDC
CreateDIBSection

advapi32

CryptAcquireContextW
RegOpenKeyExW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegQueryValueExW
RegCloseKey

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree

Sections

.textbss
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f8a8e45c1311d821c13a51e05150cf7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

winmm

comctl32

gdiplus

imm32

shlwapi

msimg32

ws2_32

crypt32

bcrypt

gdi32

advapi32

ole32

Sections

.textbss Size: - Virtual size: 1.8MB

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 524KB - Virtual size: 523KB

.data Size: 28KB - Virtual size: 40KB

.idata Size: 16KB - Virtual size: 16KB

.msvcjmc Size: 2KB - Virtual size: 2KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 265B

.rsrc Size: 342KB - Virtual size: 341KB

.reloc Size: 137KB - Virtual size: 137KB

.textbss
Size: - Virtual size: 1.8MB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 524KB - Virtual size: 523KB

.data
Size: 28KB - Virtual size: 40KB

.idata
Size: 16KB - Virtual size: 16KB

.msvcjmc
Size: 2KB - Virtual size: 2KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 342KB - Virtual size: 341KB

.reloc
Size: 137KB - Virtual size: 137KB