6d35e4f596b286ebf2695103e5ed6b271ceceb71918ab156a3ea237b76b11f3e

Sharing

Copy URL Twitter E-mail

General

Target

6d35e4f596b286ebf2695103e5ed6b271ceceb71918ab156a3ea237b76b11f3e
Size

5.1MB
MD5

093c21d12b2e3e782fdcd8cb987ff12c
SHA1

6ffdf14901f4d6f991585176dadcab1fe9c95622
SHA256

6d35e4f596b286ebf2695103e5ed6b271ceceb71918ab156a3ea237b76b11f3e
SHA512

750a15bdf4c49784c8a26ed80b3885db230bf58b89fd9db29b553571f6a8134ccfeea7a93d2630e561c88c8a203cc989a350d5f496a7ddb61b9c94f7cc5dc027
SSDEEP

98304:k4e0DO7rmpurrxy74wAG+UH7pKT4xfEXF+kUPmUP:9q7rmG24ihiXwkQmQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d35e4f596b286ebf2695103e5ed6b271ceceb71918ab156a3ea237b76b11f3e

Files

6d35e4f596b286ebf2695103e5ed6b271ceceb71918ab156a3ea237b76b11f3e
.exe windows x86

40464d6340f4dd97621de617c7797589

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetVersionExW
CreateDirectoryW
SetFileTime
CreateFileW
GetFileAttributesW
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
GetEnvironmentVariableA
DeleteFileW
GetDiskFreeSpaceExA
GetCommandLineA
HeapCreate
InitializeCriticalSection
FlushInstructionCache
IsBadReadPtr
FindFirstFileW
GetFullPathNameW
FreeResource
GetTickCount
GetVersionExA
RtlCaptureStackBackTrace
GetPrivateProfileStringW
IsBadStringPtrW
GetCurrentProcess
LoadLibraryExW
MulDiv
lstrcmpW
GlobalUnlock
lstrcmpiW
FreeLibrary
GlobalLock
FindResourceExW
GlobalAlloc
Sleep
CreateEventW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
CreateThread
InitializeCriticalSectionAndSpinCount
WritePrivateProfileStringA
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateDirectoryA
SetCurrentDirectoryW
FindResourceW
LoadLibraryW
CopyFileA
GetTempPathA
SetErrorMode
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
GetTimeZoneInformation
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
OutputDebugStringA
GetFileType
SetStdHandle
GetStdHandle
ExitThread
GetModuleHandleExW
ExitProcess
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
SetProcessAffinityMask
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
VirtualQuery
OpenThread
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
Thread32First
Thread32Next
InterlockedCompareExchange
InterlockedExchange
SetUnhandledExceptionFilter
LoadLibraryExA
InterlockedPushEntrySList
InterlockedPopEntrySList
GetLogicalDriveStringsW
FindFirstChangeNotificationW
FindCloseChangeNotification
MoveFileW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
RemoveDirectoryW
GetFileSize
WaitForMultipleObjects
CreateSemaphoreW
ReleaseSemaphore
GlobalMemoryStatus
DosDateTimeToFileTime
FileTimeToDosDateTime
FindNextFileW
VirtualFree
VirtualAlloc
CompareFileTime
SetFileAttributesW
MoveFileExW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
ResetEvent
SetEvent
GetProcessTimes
lstrcmpiA
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
GlobalFree
GetComputerNameA
Process32Next
Process32First
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
DeleteCriticalSection
HeapDestroy
DecodePointer
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
CreateProcessA
CreateProcessW
GetProcessHeap
GetCurrentProcessId
RemoveDirectoryA
HeapAlloc
LoadResource
Process32FirstW
DeleteFileA
LockResource
GetSystemDirectoryA
Process32NextW
GetFileAttributesA
GetLastError
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
FindClose
FindResourceA
SetEndOfFile
SetFilePointer
ExpandEnvironmentStringsA
FindNextFileA
GetModuleFileNameW
GetDriveTypeA
WriteFile
SetLastError
HeapFree
FindFirstFileA
GetLogicalDrives
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringA
GetModuleHandleW
LocalFree
GetProcAddress
GetSystemInfo
CloseHandle
CreateFileA
OutputDebugStringW
GetModuleHandleA
LocalAlloc
TlsFree
TlsSetValue
TlsGetValue
lstrlenA
TlsAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
EncodePointer
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
FormatMessageW
GetLocalTime
WriteConsoleW
LoadLibraryA
GetFileSizeEx
GetModuleFileNameA
GetDateFormatW
ReadFile

user32

GetMonitorInfoW
SetPropW
SetWindowLongW
RemovePropW
ScreenToClient
EnumChildWindows
MonitorFromWindow
GetWindowRect
CallWindowProcW
DefWindowProcW
EnumDisplaySettingsW
SetWindowTextW
SendMessageW
DestroyWindow
GetWindowLongW
GetCursorPos
IsZoomed
SetWindowPlacement
CharPrevExA
CharUpperW
DrawIconEx
InvertRect
GetWindowPlacement
SetWindowPos
GetWindowTextW
EndPaint
BeginPaint
GetDC
InvalidateRect
GetPropW
ShowWindow
ReleaseCapture
RegisterWindowMessageW
GetClassInfoExW
PostQuitMessage
GetDlgItem
GetClientRect
SetCapture
GetClassNameW
SendMessageA
LoadCursorW
CharNextW
CreateAcceleratorTableW
MoveWindow
GetSysColor
IsChild
DestroyAcceleratorTable
ClientToScreen
RedrawWindow
InvalidateRgn
IsWindow
RegisterClassExW
CreateWindowExW
FillRect
GetFocus
GetWindow
GetKeyState
GetWindowTextLengthW
SetRect
MessageBoxW
IsIconic
SetForegroundWindow
GetForegroundWindow
RegisterHotKey
GetWindowTextA
SetParent
GetDesktopWindow
GetParent
UnregisterClassW
GetWindowThreadProcessId
GetShellWindow
LoadStringA
ReleaseDC
GetSystemMetrics
SetFocus
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
LoadIconW
EnableMenuItem
GetIconInfo
LoadImageW
CreateIconFromResource
LoadBitmapW
OffsetRect
MsgWaitForMultipleObjects
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
CheckMenuItem
DestroyMenu
CreatePopupMenu
IsMenu
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
UpdateWindow
GetCapture
SetLayeredWindowAttributes
AnimateWindow
TrackMouseEvent
SetActiveWindow
IsWindowEnabled
EnableWindow
PtInRect
EqualRect
IsRectEmpty
UnionRect
IntersectRect
InflateRect
CopyRect
SetCursor
DestroyCursor
MapWindowPoints
GetActiveWindow
FindWindowW
IsWindowVisible
TranslateMessage
PeekMessageW
DispatchMessageW
GetMessageW
ExitWindowsEx
EnumWindows
SetTimer
DestroyIcon
KillTimer
wsprintfW
MessageBoxA
UnregisterHotKey
PostMessageW

gdi32

GetViewportOrgEx
GetCurrentObject
SetViewportOrgEx
StretchBlt
GetDCOrgEx
SetBkMode
Rectangle
GetClipBox
CreateFontIndirectW
SetGraphicsMode
CreateBitmap
CreateRoundRectRgn
EnumFontsW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
GetObjectW
CreateSolidBrush
SetRectRgn
CreateRectRgn
PtInRegion
DeleteObject
CombineRgn
GetDeviceCaps
Polyline
Arc
CreateEllipticRgnIndirect
CreatePen
CreatePatternBrush
CreateRectRgnIndirect
Ellipse
ExcludeClipRect
GetClipRgn
GetRgnBox
GetTextColor
GetTextExtentPoint32W
IntersectClipRect
OffsetRgn
Pie
RectInRegion
RestoreDC
RoundRect
SaveDC
ExtSelectClipRgn
SetROP2
SetTextColor
GetWorldTransform
SetWorldTransform
CreateDIBSection
ExtCreatePen

advapi32

RegEnumKeyExA
RegQueryValueExA
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertSidToStringSidW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
GetSidSubAuthorityCount
GetSidSubAuthority
RegCreateKeyExA
CreateProcessWithTokenW
RegSetValueExW
RegSetValueExA
OpenProcessToken
RegDeleteValueA
DuplicateTokenEx
GetTokenInformation
RegOpenKeyExA

shell32

Shell_NotifyIconW
SHGetMalloc
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListA
ShellExecuteA
DragQueryFileA
SHCreateDirectoryExW
SHGetSpecialFolderPathA
ShellExecuteW
ShellExecuteExW
DragQueryFileW

ole32

CoCreateInstance
CoUninitialize
CoGetClassObject
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoInitialize
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoTaskMemFree
CreateBindCtx
CoInitializeEx
PropVariantClear
OleCreate
OleSetContainedObject
OleLockRunning
CLSIDFromString
CoTaskMemRealloc

oleaut32

VariantCopy
SysAllocStringByteLen
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
SysFreeString
VarUI4FromStr
VariantClear
SysAllocStringLen
SysStringLen
SysAllocString
OleCreateFontIndirect
LoadTypeLi
VariantInit
LoadRegTypeLi

ws2_32

inet_ntoa
WSAStartup
gethostbyname
WSACleanup
inet_addr

dbghelp

MakeSureDirectoryPathExists
MiniDumpWriteDump

shlwapi

PathRemoveFileSpecW
StrStrIA
PathAppendW
PathFindFileNameW
SHSetValueW
SHDeleteValueW
PathMatchSpecW
PathIsURLW
PathCombineW
StrCpyW
PathFileExistsW
PathAppendA
PathRemoveFileSpecA
SHCreateStreamOnFileEx
StrCmpIW
PathFileExistsA
PathIsDirectoryA
StrToIntExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA

msimg32

GradientFill
AlphaBlend

wininet

InternetOpenA
HttpQueryInfoA
InternetOpenUrlA
HttpQueryInfoW
InternetGetLastResponseInfoA
InternetCloseHandle
InternetReadFile
InternetAttemptConnect
InternetSetCookieW

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpReceiveResponse

rpcrt4

UuidCreateSequential

iphlpapi

GetAdaptersInfo
SendARP

gdiplus

GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGraphicsClear
GdipAlloc
GdipImageSelectActiveFrame
GdipCreateBitmapFromStream
GdipGetPropertyItemSize
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameCount
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetPropertyItem

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 745KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 923KB - Virtual size: 923KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40464d6340f4dd97621de617c7797589

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

dbghelp

shlwapi

version

msimg32

wininet

imm32

winhttp

rpcrt4

iphlpapi

gdiplus

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 745KB - Virtual size: 744KB

.data Size: 51KB - Virtual size: 172KB

.gfids Size: 6KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 923KB - Virtual size: 923KB

.reloc Size: 163KB - Virtual size: 162KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 745KB - Virtual size: 744KB

.data
Size: 51KB - Virtual size: 172KB

.gfids
Size: 6KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 923KB - Virtual size: 923KB

.reloc
Size: 163KB - Virtual size: 162KB