1a4f9c8fc94f58eeeae868042f1bbce147fe999c5495386c50dca777ccf6feb4

Sharing

Copy URL Twitter E-mail

General

Target

1a4f9c8fc94f58eeeae868042f1bbce147fe999c5495386c50dca777ccf6feb4
Size

1.6MB
MD5

f476ca3a22ef77406bebb1a4a5b3da0c
SHA1

39af851766457a5488ae7dd5c077a6f9960d8ca9
SHA256

1a4f9c8fc94f58eeeae868042f1bbce147fe999c5495386c50dca777ccf6feb4
SHA512

1f678e54c3f9bf1637170b3249248aca86f6715d67f1cb829c3ec6a5335c07ab921e9b5fc409dd0508e10bda538426c44081b0f64dde92f285d65195af24dd55
SSDEEP

49152:+hPnq0ra66FKczLE1eTrIKsRSbidA3BpB:+h4FjE14rxsRSmdA3t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a4f9c8fc94f58eeeae868042f1bbce147fe999c5495386c50dca777ccf6feb4

Files

1a4f9c8fc94f58eeeae868042f1bbce147fe999c5495386c50dca777ccf6feb4
.exe windows x86

780e791b25dcfe6f034cc0127f0605aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
HeapSize
DeleteFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFullPathNameW
SetEndOfFile
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
FlushFileBuffers
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileSizeEx
SleepEx
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExW
FreeLibrary
GetSystemDirectoryW
FormatMessageW
SetLastError
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetFileSize
WriteFile
VirtualQuery
CreateNamedPipeW
WideCharToMultiByte
CreateProcessW
CloseHandle
GetLastError
MultiByteToWideChar
WaitForSingleObject
CreatePipe
OutputDebugStringA
ReadFile
lstrcpyW
GetModuleHandleW
GetConsoleOutputCP
Sleep
SetFilePointer
CreateFileW
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
WaitForMultipleObjects
CreateEventW
SetEvent
ResetEvent
SetThreadPriority
GetCurrentThreadId
TerminateThread
RaiseException
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
LocalFileTimeToFileTime
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
MulDiv
GetFileAttributesW
LoadLibraryW
GetProcAddress
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
VerifyVersionInfoW
VerSetConditionMask
GetTickCount
GlobalFree
GetCurrentDirectoryW
FindResourceW
LoadResource
SizeofResource
GetEnvironmentVariableW
GetModuleHandleA
GetCurrentProcessId

user32

DispatchMessageW
SetTimer
PeekMessageW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
TranslateMessage
KillTimer
RegisterClassExW
GetWindowLongW
GetAsyncKeyState
LoadCursorW
GetKeyState
IntersectRect
CharNextW
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
WaitMessage
SetClipboardData
ReleaseDC
RegisterClassW
GetClassInfoExW
SetWindowLongW
IsWindow
UnregisterClassW
GetWindow
CreateWindowExW
DestroyWindow
PostMessageW
DefWindowProcW
OffsetRect
GetCursorPos
SetForegroundWindow
RegisterWindowMessageW
PostQuitMessage
AppendMenuW
LoadIconW
BringWindowToTop
ShowWindow
TrackPopupMenu
SetCursor
CreatePopupMenu
FindWindowW
SendMessageW
EnableWindow
ScreenToClient
ClientToScreen
GetSysColor
EmptyClipboard
SetFocus
GetQueueStatus
GetWindowRect
GetMonitorInfoW
GetParent
MapWindowPoints
GetDesktopWindow
IsWindowVisible
MessageBoxW
SetWindowRgn
MonitorFromPoint
IsZoomed
UnionRect
UpdateLayeredWindow
IsRectEmpty
GetClientRect
GetUpdateRect
MoveWindow
EndPaint
BeginPaint
ReleaseCapture
SetCapture
GetFocus
InvalidateRect
SetWindowTextW
GetDC
GetPropW
SetPropW
CallWindowProcW
GetSystemMetrics
SetWindowPos
IsIconic
MonitorFromWindow
PtInRect

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathA

winmm

timeGetTime
timeKillEvent
timeSetEvent

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFileExistsW
PathIsRelativeW

gdiplus

GdipDeleteMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipCreatePen1
GdipDeletePen
GdipDrawArc
GdipCreateLineBrushFromRect
GdipDeleteBrush
GdipCloneBrush
GdipSetLineBlend
GdipCreatePen2
GdipTranslateMatrix
GdipRotateMatrix
GdipSetWorldTransform
GdipDrawImageRect
GdipImageRotateFlip
GdipLoadImageFromFile
GdipClonePen
GdipSetPenWidth
GdipGetPenWidth
GdipSetPenColor
GdipSetPenStartCap
GdipSetPenEndCap
GdipSetPenDashCap197819
GdipGetPenStartCap
GdipGetPenEndCap
GdipGetPenDashCap197819
GdipSetPenLineJoin
GdipGetPenLineJoin
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipCreateSolidFill
GdipCreateBitmapFromHBITMAP
GdipCreateTexture
GdipCreatePath
GdipClonePath
GdipResetPath
GdipSetPathFillMode
GdipGetPathFillMode
GdipStartPathFigure
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathLine2I
GdipAddPathBezierI
GdipAddPathCurveI
GdipAddPathRectangleI
GdipAddPathEllipseI
GdipAddPathArcI
GdipAddPathPieI
GdipAddPathPolygonI
GdipGetPathWorldBoundsI
GdipDrawEllipseI
GdipCreateMatrix
GdipIsVisiblePathPointI
GdipIsOutlineVisiblePathPointI
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdiplusShutdown
GdiplusStartup
GdipTransformPath
GdipDeletePath
GdipFillRectangle
GdipDrawLineI
GdipDrawBezierI
GdipDrawRectangleI
GdipDrawPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipScaleMatrix
GdipMeasureString
GdipFillPath
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawString
GdipFillEllipseI

msimg32

AlphaBlend

ws2_32

WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
ntohs
WSASetLastError
inet_ntop
WSAStartup
WSACleanup
setsockopt
WSAIoctl
htons
getsockopt
send
inet_pton
__WSAFDIsSet
gethostname
select
accept
bind
connect
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
socket

crypt32

CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

bcrypt

BCryptGenRandom

gdi32

RestoreDC
BitBlt
CreateRoundRectRgn
CreateDIBSection
GetObjectW
GetDeviceCaps
GetStockObject
CreateFontIndirectW
DeleteObject
StretchBlt
ExtSelectClipRgn
CreateRectRgnIndirect
GetObjectA
SetStretchBltMode
SetWindowOrgEx
GetWindowOrgEx
CreateCompatibleDC
SaveDC
DeleteDC
SelectObject

advapi32

CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptAcquireContextW

ole32

CoCreateInstance
CreateStreamOnHGlobal

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

780e791b25dcfe6f034cc0127f0605aa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

winmm

imm32

comctl32

shlwapi

gdiplus

msimg32

ws2_32

crypt32

bcrypt

gdi32

advapi32

ole32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 218KB - Virtual size: 218KB

.data Size: 22KB - Virtual size: 27KB

.rsrc Size: 284KB - Virtual size: 284KB

.reloc Size: 53KB - Virtual size: 52KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 218KB - Virtual size: 218KB

.data
Size: 22KB - Virtual size: 27KB

.rsrc
Size: 284KB - Virtual size: 284KB

.reloc
Size: 53KB - Virtual size: 52KB