cd8f6d28bc352fbc40e1915157fa49d5a55306236c3c05dd60171c446b093b93

Sharing

Copy URL Twitter E-mail

General

Target

cd8f6d28bc352fbc40e1915157fa49d5a55306236c3c05dd60171c446b093b93
Size

2.8MB
MD5

ceb8b0a989ff275b0f4c6e60f014ca98
SHA1

628b1b5ac910325f149167d4917afa4e6803fc51
SHA256

cd8f6d28bc352fbc40e1915157fa49d5a55306236c3c05dd60171c446b093b93
SHA512

30a2fecf9bb269432edcca554610ae3f98486818a16bd8ca4060553c5435addfa456f32d3de2feb7708e3d3978a1b03a4b593d4247dcb742736bbfdd387e084d
SSDEEP

49152:/XiPkjZCLD9Uvo2qw1UQJpt0srv4kdwxZKw+cWIZoTeWU+1AY7K:/Xi8jZCaqw1UzOg+wx4w1Wo+v7K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd8f6d28bc352fbc40e1915157fa49d5a55306236c3c05dd60171c446b093b93

Files

cd8f6d28bc352fbc40e1915157fa49d5a55306236c3c05dd60171c446b093b93
.exe windows x86

918cb43e15e6b0daad84b3536d615205

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

RemoveDirectoryW
GlobalLock
GlobalUnlock
MulDiv
GetShortPathNameW
FindAtomW
LocalFree
ExpandEnvironmentStringsW
InterlockedExchange
FindNextFileW
FindFirstFileW
GetFullPathNameW
FindClose
DeleteAtom
AddAtomW
IsDebuggerPresent
EncodePointer
InitializeSListHead
LocalAlloc
GetVersion
FreeResource
GetWindowsDirectoryW
lstrcmpW
Sleep
WaitForSingleObject
SetFileAttributesW
CreateFileW
ReadFile
WriteFile
GetFileSize
DeleteFileW
GetLocalTime
GetTickCount
WideCharToMultiByte
SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW
CreateDirectoryW
GetLogicalDriveStringsW
SetLastError
GetSystemTime
ReleaseMutex
GetFileSizeEx
OutputDebugStringW
CopyFileW
lstrcpynW
WaitForMultipleObjects
GetDiskFreeSpaceExW
GetDriveTypeW
WriteConsoleW
ReadConsoleW
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
GetConsoleMode
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileAttributesExW
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
SetEndOfFile
ResetEvent
ExitProcess
GetACP
FlushFileBuffers
GetFileType
GetModuleHandleA
GetStdHandle
GetSystemWindowsDirectoryW
lstrcmpiA
lstrcmpA
DeviceIoControl
UnhandledExceptionFilter
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
InterlockedExchangeAdd
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
WaitForSingleObjectEx
SystemTimeToFileTime
ResumeThread
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualProtect
InterlockedCompareExchange
GetPrivateProfileIntW
LoadLibraryA
CreateThread
GetUserDefaultLangID
MoveFileA
DeleteFileA
CreateFileA
SetFilePointer
SetEvent
GlobalFree
GlobalAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MoveFileExW
GetFileAttributesW
GetTempFileNameW
GetTempPathW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetStartupInfoW
TerminateProcess
MultiByteToWideChar
GetVersionExW
GetSystemDirectoryW
FindResourceExW
FindResourceW
GetCommandLineW
CreateProcessW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
LoadLibraryW
CreateEventW
CreateMutexW
lstrlenW
lstrcmpiW
CloseHandle
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetCurrentThreadId
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
FreeLibrary
LockResource
InterlockedDecrement
InterlockedIncrement
DecodePointer
GetCurrentProcessId
GetCurrentProcess
GetConsoleCP
OpenProcess
QueryPerformanceCounter
FormatMessageW
TryEnterCriticalSection
GetExitCodeThread
GetCurrentThread
SwitchToThread
DuplicateHandle
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList

user32

SetMenuItemInfoW
SetMenuDefaultItem
InvalidateRect
GetClientRect
GetWindowRect
MessageBeep
GetMenuItemInfoW
PtInRect
GetWindowLongW
SetWindowLongW
FindWindowW
CheckMenuRadioItem
LoadStringA
TrackPopupMenuEx
RemoveMenu
AppendMenuW
GetMenuItemCount
MapWindowPoints
LoadStringW
MonitorFromPoint
TranslateMessage
EnumDisplayDevicesW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
ShowWindow
UpdateLayeredWindow
IsWindowVisible
GetWindowDC
RemovePropW
CreatePopupMenu
SetCaretPos
ShowCaret
HideCaret
CreateCaret
GetIconInfo
DrawIconEx
SetRect
CharPrevW
SetWindowRgn
IsZoomed
GetPropW
SetPropW
RegisterClassW
IsRectEmpty
GetUpdateRect
GetMessageW
RegisterWindowMessageW
DestroyMenu
TranslateAcceleratorW
SetFocus
CharNextW
GetKeyState
InflateRect
wvsprintfW
DrawFocusRect
EqualRect
UnionRect
OffsetRect
GetAsyncKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
GetDlgItem
SetWindowPos
DestroyWindow
IsWindow
UnregisterClassW
CallWindowProcW
PostQuitMessage
DefWindowProcW
PostMessageW
SendMessageTimeoutW
SendMessageW
PeekMessageW
DispatchMessageW
GetCaretPos
GetMonitorInfoW
EndPaint
FillRect
GetSysColor
GetWindowTextLengthW
GetWindowTextW
InvalidateRgn
CreateAcceleratorTableW
GetFocus
IsChild
ChangeDisplaySettingsW
EnumChildWindows
ClientToScreen
DrawTextW
GetMenuItemID
GetMenuState
GetMenuStringW
TrackMouseEvent
IsIconic
CloseWindow
GetAncestor
GetWindowInfo
LoadImageW
DestroyIcon
LoadIconW
EnumWindows
GetShellWindow
GetDesktopWindow
WindowFromPoint
SetCursor
GetForegroundWindow
UpdateWindow
DeleteMenu
GetSubMenu
EnableMenuItem
LoadMenuW
GetActiveWindow
EndDialog
DialogBoxParamW
GetDoubleClickTime
ReplyMessage
UnregisterHotKey
RegisterHotKey
SetActiveWindow
MonitorFromWindow
GetWindow
CopyRect
IntersectRect
GetCursorPos
MoveWindow
IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetForegroundWindow
EnableWindow
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
CreateDialogParamW
EnumDisplaySettingsW
MessageBoxW
GetSystemMetrics
GetWindowThreadProcessId
GetClassNameW
FindWindowExW
SetParent
SetRectEmpty
SetWindowTextW
SystemParametersInfoW
LoadCursorW
GetParent
ScreenToClient

gdi32

GetTextExtentPoint32W
SetViewportOrgEx
GetViewportOrgEx
SetStretchBltMode
StretchBlt
PatBlt
CreateDCW
GetStockObject
EnumFontFamiliesW
CreateFontW
MoveToEx
LineTo
CreatePen
GetDeviceCaps
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
SaveDC
GdiFlush
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
DeleteDC
CreateSolidBrush
RectVisible
OffsetViewportOrgEx
CreateFontIndirectW
Rectangle
GetTextMetricsW
SetWindowOrgEx
CreateRoundRectRgn
CombineRgn
GetCharABCWidthsW
GetClipBox
RoundRect
SetBkColor
SetBkMode
SetTextColor
TextOutW
ExtTextOutW
GetDIBits
SetDIBitsToDevice
RestoreDC
ExtSelectClipRgn

advapi32

AdjustTokenPrivileges
UnlockServiceDatabase
QueryServiceStatusEx
QueryServiceLockStatusW
LockServiceDatabase
CreateServiceW
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ChangeServiceConfigW
GetTokenInformation
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
CheckTokenMembership
DuplicateTokenEx
LookupPrivilegeValueW
GetLengthSid
FreeSid
AllocateAndInitializeSid
CreateWellKnownSid
RegCreateKeyW
SetTokenInformation
OpenProcessToken
RegQueryValueExW
GetUserNameW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegEnumValueW
RegEnumKeyExA

shell32

SHFileOperationW
CommandLineToArgvW
SHCreateDirectoryExA
ShellExecuteExW
SHBrowseForFolderW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHChangeNotify
ord165
SHGetPathFromIDListW
ShellExecuteW

ole32

CoCreateInstance
OleLockRunning
CoInitialize
CoUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateGuid
CoInitializeSecurity
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SafeArrayPutElement
SafeArrayCreate
VarBstrCmp
SysFreeString
VarUI4FromStr
SysAllocString
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysStringLen

shlwapi

StrTrimA
StrCmpNIW
SHSetValueA
SHGetValueA
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
SHDeleteValueW
SHGetValueW
SHSetValueW
StrCmpIW
PathCombineW
PathFindFileNameW
AssocQueryStringW
StrStrIA
PathRemoveFileSpecA
SHDeleteKeyW
PathIsDirectoryW
StrCmpW
StrStrIW

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

msimg32

GradientFill
AlphaBlend

gdiplus

GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipGetImageEncoders
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawEllipseI
GdipDrawPath
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawLine
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
ord1
GdipCloneBrush
GdipDeleteBrush
GdipGetImageEncodersSize
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipDrawImagePointsI
GdipFillPath
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipGraphicsClear
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipGetImageWidth
GdipGetImageHeight
GdipSetTextRenderingHint
GdipFillRectangleI
GdipDrawImageRectRect
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipSetSmoothingMode
GdipFillEllipseI
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipAddPathArcI
GdipCreateTexture
GdipGetImageGraphicsContext

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

secur32

FreeCredentialsHandle
AcquireCredentialsHandleA
GetUserNameExW
InitializeSecurityContextA

ws2_32

htons
connect
WSACleanup
send
recv
closesocket
WSAStartup
shutdown
WSAAsyncSelect
WSAAsyncGetHostByName
WSAGetLastError
gethostbyname
socket

wininet

DeleteUrlCacheEntryW
InternetGetCookieExW
InternetGetCookieW
InternetCrackUrlW
InternetQueryOptionA
InternetQueryOptionW
InternetGetConnectedState
InternetSetCookieW

rasapi32

RasGetConnectStatusW
RasEnumConnectionsW

psapi

GetModuleFileNameExW

crypt32

CryptBinaryToStringA
CertGetNameStringW

winmm

timeSetEvent
timeEndPeriod
timeBeginPeriod
timeKillEvent

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

iphlpapi

GetAdaptersInfo

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 447KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

918cb43e15e6b0daad84b3536d615205

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

urlmon

secur32

ws2_32

wininet

rasapi32

psapi

crypt32

winmm

wintrust

iphlpapi

imm32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 447KB - Virtual size: 446KB

.data Size: 78KB - Virtual size: 99KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 447KB - Virtual size: 446KB

.data
Size: 78KB - Virtual size: 99KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB