f83a8be9b344e8a2a656d9b5ad5fd9989a652ed1c370581c544b59a8e89f61bb

Sharing

Copy URL Twitter E-mail

General

Target

f83a8be9b344e8a2a656d9b5ad5fd9989a652ed1c370581c544b59a8e89f61bb
Size

1.9MB
MD5

96a69c7cc11ba7e6f5f6d19423a70962
SHA1

80ec5cf3ace70939ada676f29378c9b55852de02
SHA256

f83a8be9b344e8a2a656d9b5ad5fd9989a652ed1c370581c544b59a8e89f61bb
SHA512

74795f9daf7813721c364c0be3ebb599f4dede5ee07cb33bb31e890cf26d1b9773a09c2696170881eb8497cc0a766ca37b09914590943afc4037a1628bcffd29
SSDEEP

24576:yYdLxUJ5Bp1S46KOyKWEMt6/McyRjlXNPB2RI3Op/agA4A0Lb4pqnCFNkNhh:yYUp1T6KxEMt60coNPBmI6/W4AD+FN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f83a8be9b344e8a2a656d9b5ad5fd9989a652ed1c370581c544b59a8e89f61bb

Files

f83a8be9b344e8a2a656d9b5ad5fd9989a652ed1c370581c544b59a8e89f61bb
.exe windows x86

68d7817b431c7d5447a2f031e7fd3f7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

cabinet

ord20
ord22

kernel32

GetFileAttributesA
LocalFileTimeToFileTime
InterlockedIncrement
UnmapViewOfFile
InterlockedExchangeAdd
GlobalMemoryStatusEx
QueryPerformanceFrequency
GetDriveTypeW
GetDateFormatW
GetExitCodeProcess
VirtualQuery
CreateFileMappingW
GetDiskFreeSpaceExW
CreateNamedPipeW
FileTimeToLocalFileTime
ResumeThread
GetThreadPriority
DosDateTimeToFileTime
Process32FirstW
QueryPerformanceCounter
GetSystemInfo
SetEnvironmentVariableW
LoadResource
GetModuleFileNameA
SuspendThread
GetPrivateProfileStringW
GetCurrentDirectoryA
GetCurrentThread
GetTickCount
FindClose
VerifyVersionInfoW
GetVersionExW
OpenProcess
CloseHandle
DeleteCriticalSection
GetLastError
MoveFileExW
WaitForSingleObject
VerSetConditionMask
CreateProcessW
DeleteFileW
DisconnectNamedPipe
MultiByteToWideChar
WaitNamedPipeW
DeleteFileA
EnterCriticalSection
GlobalUnlock
TerminateProcess
CreateFileW
SystemTimeToFileTime
WideCharToMultiByte
FindFirstFileW
LoadLibraryA
GlobalFree
GlobalLock
GetOverlappedResult
RemoveDirectoryW
CopyFileW
SetEvent
Sleep
FreeLibrary
ResetEvent
CopyFileA
InitializeCriticalSection
SetCurrentDirectoryW
GetTimeZoneInformation
FindNextFileW
RemoveDirectoryA
LeaveCriticalSection
CreateDirectoryW
WaitForMultipleObjectsEx
GetSystemDirectoryW
SetFileTime
CreateEventW
SetFilePointer
ReadFile
GetProcAddress
PeekNamedPipe
WriteFile
MulDiv
GetLocaleInfoW
MoveFileW
GetFileSizeEx
MoveFileA
CancelIo
GetTempPathW
SleepEx
GetCurrentThreadId
ExitProcess
SetThreadExecutionState
ReadDirectoryChangesW
lstrlenA
LockResource
GetCurrentProcess
GetCPInfo
ReadProcessMemory
GlobalSize
GetEnvironmentVariableW
InterlockedExchange
ConnectNamedPipe
GetSystemTime
ReleaseMutex
CreateThread
GetModuleHandleW
InterlockedDecrement
MapViewOfFile
DuplicateHandle
GlobalAlloc
GetCurrentProcessId
GetModuleFileNameW
ProcessIdToSessionId
GetACP
SetUnhandledExceptionFilter
CreatePipe
GetPrivateProfileSectionNamesW
GetEnvironmentVariableA
GetTimeFormatW
WaitForMultipleObjects
FindResourceW
GetShortPathNameW
GetStartupInfoW
SizeofResource
LocalFree
GetPrivateProfileIntW
SetThreadPriority
RtlCaptureContext
Process32NextW
GlobalHandle
HeapAlloc
HeapFree
GetComputerNameW
FreeResource
LocalAlloc
GetProcessHeap
SetLastError
SetFileAttributesW
CreateToolhelp32Snapshot
GetThreadContext
GetStdHandle
SystemTimeToTzSpecificLocalTime
GetCommandLineW
lstrcpyW
FileTimeToSystemTime
SetEndOfFile
LoadLibraryW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetConsoleMode
GetConsoleCP
RtlUnwind
RaiseException
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetFileTime
GetVersionExA
GetFileAttributesW
SetFilePointerEx
FlushFileBuffers
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapReAlloc
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
CreateMutexW

advapi32

GetAce
AllocateAndInitializeSid
CryptEncrypt
GetLengthSid
AdjustTokenPrivileges
InitializeSecurityDescriptor
InitializeAcl
RegSetKeySecurity
RegOpenKeyW
CryptDestroyHash
CryptHashData
RegQueryInfoKeyW
SetSecurityDescriptorDacl
RegEnumValueW
InitializeSid
RegCreateKeyExW
LookupPrivilegeValueW
AddAccessAllowedAce
RegOpenKeyExW
RegQueryValueExW
CryptDestroyKey
RegEnumKeyW
CryptAcquireContextW
GetUserNameW
RegEnumKeyExW
SetFileSecurityW
CheckTokenMembership
DuplicateTokenEx
CryptDeriveKey
RegSetValueExW
RegCloseKey
FreeSid
GetSidSubAuthority
RegDeleteValueW
CryptDuplicateKey
CryptDecrypt
CryptCreateHash
OpenProcessToken
GetSidLengthRequired
RegDeleteKeyW

comctl32

ImageList_Destroy
ImageList_GetIconSize
ImageList_DrawEx
CreatePropertySheetPageW
ImageList_DragEnter
ImageList_GetImageInfo
PropertySheetW
ImageList_Create
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ord17
ImageList_DragLeave
ImageList_ReplaceIcon
ImageList_Merge
ImageList_DragShowNolock
ImageList_GetIcon
ImageList_DragMove
_TrackMouseEvent

comdlg32

GetSaveFileNameW
GetOpenFileNameW

gdi32

SetBkColor
GetWindowExtEx
CreateDIBitmap
SetPixel
CreateRectRgn
SetViewportExtEx
CreateDIBSection
PolyPolyline
Polyline
PatBlt
SetTextAlign
GetTextMetricsA
GetObjectA
GetDIBits
CreateBitmap
StretchBlt
GetViewportExtEx
TextOutW
SetDIBitsToDevice
CreateRectRgnIndirect
GetTextExtentPoint32W
SetDIBits
Polygon
BitBlt
SetDCBrushColor
SetWindowExtEx
CreateSolidBrush
GetCurrentObject
MoveToEx
ExtTextOutW
DeleteObject
GetObjectW
DeleteDC
GetStockObject
SelectObject
SetTextColor
CreateFontIndirectW
SetBrushOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
LineTo
GetDeviceCaps
CreatePatternBrush
SetBkMode
CreateFontW
SetDCPenColor
CreatePen
GetTextMetricsW
CreateBrushIndirect
SetStretchBltMode

ole32

CoSetProxyBlanket
CoTaskMemFree
CoInitializeSecurity
RegisterDragDrop
CoCreateInstance
CoRegisterClassObject
ReleaseStgMedium
CoAddRefServerProcess
CreateStreamOnHGlobal
CoTaskMemAlloc
DoDragDrop
OleUninitialize
CoInitialize
StringFromGUID2
CoUninitialize
OleInitialize
CoResumeClassObjects
CoRevokeClassObject
RevokeDragDrop

oleaut32

SysAllocStringByteLen
VariantClear
VariantInit
OleLoadPicture
SysAllocString
SysAllocStringLen
SysStringByteLen
OleLoadPicturePath
SysFreeString

shell32

DragFinish
ShellExecuteA
DuplicateIcon
ShellExecuteW
SHGetFolderPathW
DragQueryFileW
SHChangeNotify
ord74
ord155
ord25
SHGetDesktopFolder
DragQueryPoint
ShellExecuteExW
SHEmptyRecycleBinW
SHParseDisplayName
SHGetMalloc
ord680
DragAcceptFiles
SHGetPathFromIDListW
CommandLineToArgvW
SHCreateShellItem
SHBrowseForFolderW
SHGetFileInfoW

shlwapi

PathRelativePathToW
PathCompactPathExW
SHDeleteKeyW
SHDeleteEmptyKeyW
StrCmpLogicalW

user32

UpdateWindow
CharLowerW
CreatePopupMenu
LoadImageW
DestroyMenu
IsIconic
MapWindowPoints
ReleaseDC
CheckDlgButton
GetClientRect
SetMenuItemBitmaps
SetMenuDefaultItem
CheckMenuRadioItem
IsWindowVisible
ShowWindow
GetSystemMetrics
GetDesktopWindow
UnhookWindowsHookEx
GetCursorInfo
DestroyWindow
TrackPopupMenu
SetClassLongW
GetWindowRect
SetWindowTextW
MoveWindow
RemoveMenu
DrawStateW
SystemParametersInfoW
IsZoomed
ScreenToClient
EndDialog
TranslateMessage
GetMenuBarInfo
GetMenuInfo
MonitorFromPoint
IsCharAlphaW
ValidateRect
AllowSetForegroundWindow
DrawFocusRect
PtInRect
PeekMessageW
WindowFromDC
EnumWindows
CallNextHookEx
GetForegroundWindow
ExitWindowsEx
GetClassNameA
GetMessageW
GetSysColorBrush
DrawIconEx
GetActiveWindow
MsgWaitForMultipleObjects
GetScrollInfo
GetCapture
keybd_event
wsprintfW
EnableMenuItem
GetWindowDC
EnumChildWindows
SetActiveWindow
InflateRect
RegisterClassW
ShowScrollBar
WindowFromPoint
FindWindowExW
FlashWindowEx
CreateDialogParamW
AttachThreadInput
SetWindowPlacement
SetDlgItemTextW
GetSubMenu
GetKeyboardState
FindWindowW
GetClassNameW
SetScrollInfo
SetMenu
GetCursor
GetMenuItemInfoW
LoadStringW
GetUpdateRect
EqualRect
LoadIconW
CheckMenuItem
GetComboBoxInfo
GetIconInfo
InsertMenuItemW
MapVirtualKeyW
GetAncestor
GetMenuItemCount
GetScrollBarInfo
DialogBoxIndirectParamW
GetKeyNameTextW
SetClipboardData
IsDialogMessageW
MapDialogRect
GetWindowTextLengthW
CallWindowProcW
GetClassInfoW
InvalidateRgn
PostQuitMessage
GetMonitorInfoW
InsertMenuW
DrawEdge
MonitorFromWindow
GetDlgCtrlID
GetAsyncKeyState
DispatchMessageW
SetMenuInfo
GetMessagePos
GetWindow
SetPropW
GetNextDlgGroupItem
GetDlgItemTextW
SetMenuItemInfoW
EndMenu
GetWindowThreadProcessId
EnableWindow
GetKeyState
GetSysColor
GetWindowLongW
EmptyClipboard
MessageBoxW
EndPaint
AppendMenuW
CreateDialogIndirectParamW
GetDlgItem
DefWindowProcW
GetClipboardData
SetFocus
IsWindow
CloseClipboard
SetCapture
SetWindowLongW
SetForegroundWindow
InvalidateRect
FrameRect
DeleteMenu
SetWindowPos
CreateWindowExW
WaitForInputIdle
BeginPaint
LoadCursorW
GetDC
IsDlgButtonChecked
ClientToScreen
CopyImage
GetWindowPlacement
GetPropW
SetTimer
GetFocus
PostMessageW
SetWindowsHookExW
ReleaseCapture
DialogBoxParamW
SetCursor
ModifyMenuW
RemovePropW
DestroyIcon
FillRect
ScrollWindowEx
SendDlgItemMessageW
DrawTextW
SendMessageW
IsClipboardFormatAvailable
KillTimer
GetWindowTextW
RegisterClipboardFormatW
RedrawWindow
GetParent
OpenClipboard
GetMenu
OffsetRect
IsWindowEnabled

ws2_32

WSAStartup
select
ntohs
gethostname
gethostbyname
gethostbyaddr
__WSAFDIsSet
ioctlsocket
send
setsockopt
htons
connect
inet_addr
socket
WSAGetLastError
closesocket
recv

iphlpapi

GetAdaptersAddresses
GetIpAddrTable

wininet

InternetAutodialHangup
InternetGetConnectedState
InternetQueryOptionA
InternetAutodial

dnsapi

DnsRecordListFree
DnsQuery_W

netapi32

NetApiBufferFree
NetUserGetInfo

rpcrt4

UuidToStringW
UuidCreate
UuidFromStringW
RpcStringFreeW

msimg32

AlphaBlend
GradientFill

secur32

ApplyControlToken
DecryptMessage
InitializeSecurityContextW
FreeContextBuffer
QueryContextAttributesW
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleW
EncryptMessage

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CryptQueryObject
CertVerifySubjectCertificateContext
CertCloseStore

wintrust

WinVerifyTrust

gdiplus

GdipSetPenMiterLimit
GdipSetPenEndCap
GdipGetImageHorizontalResolution
GdipCreateFontFromLogfontA
GdipBitmapUnlockBits
GdipDrawPath
GdipGetRegionBounds
GdipRotateWorldTransform
GdipGetClip
GdipImageGetFrameCount
GdipGetPropertyIdList
GdipSetPenDashCap197819
GdipMeasureString
GdipClosePathFigure
GdipResetClip
GdipCloneImage
GdipCreateBitmapFromScan0
GdipSetPageUnit
GdipImageSelectActiveFrame
GdipDeletePath
GdipCreateBitmapFromHBITMAP
GdipCreateRegion
GdipAddPathRectangle
GdipSetStringFormatLineAlign
GdipTransformPath
GdipCreateFontFromDC
GdipCreateFromHDC
GdiplusShutdown
GdipStartPathFigure
GdipSetPenDashArray
GdipGetTextRenderingHint
GdipCombineRegionPath
GdipGetPropertyItem
GdipDrawLine
GdiplusStartup
GdipDisposeImageAttributes
GdipSaveGraphics
GdipFillEllipse
GdipSetStringFormatFlags
GdipCreateBitmapFromStream
GdipSetPenDashStyle
GdipGetImagePixelFormat
GdipImageGetFrameDimensionsCount
GdipGetImageVerticalResolution
GdipGetImageEncodersSize
GdipDrawEllipse
GdipFillPath
GdipGetImageGraphicsContext
GdipSetStringFormatHotkeyPrefix
GdipCreateStringFormat
GdipDeleteMatrix
GdipGetStringFormatFlags
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipSetInterpolationMode
GdipSetStringFormatTrimming
GdipSetStringFormatMeasurableCharacterRanges
GdipCreatePath
GdipGetImageWidth
GdipGetImageHeight
GdipCreateMatrix2
GdipReleaseDC
GdipSetLineWrapMode
GdipSetPenStartCap
GdipSetImageAttributesWrapMode
GdipStringFormatGetGenericTypographic
GdipGetPropertyCount
GdipCreateLineBrush
GdipDisposeImage
GdipMeasureCharacterRanges
GdipCreateBitmapFromHICON
GdipScaleWorldTransform
GdipDeleteStringFormat
GdipGetImageEncoders
GdipAddPathLine
GdipGetPropertyItemSize
GdipSetStringFormatAlign
GdipCloneStringFormat
GdipBitmapLockBits
GdipSetPenLineJoin
GdipSetPenDashOffset
GdipImageGetFrameDimensionsList
GdipGetDC
GdipRestoreGraphics
GdipSetClipRegion
GdipSetSolidFillColor
GdipGetGenericFontFamilySansSerif
GdipDeleteBrush
GdipCreateRegionRect
GdipCreateFontFamilyFromName
GdipDeleteRegion
GdipFillRectangle
GdipDeleteGraphics
GdipTranslateWorldTransform
GdipCreateSolidFill
GdipSetSmoothingMode
GdipDeleteFont
GdipDeleteFontFamily
GdipCreatePen2
GdipDrawString
GdipGraphicsClear
GdipCreateFont
GdipCloneBrush
GdipDrawRectangle
GdipSetTextRenderingHint
GdipDeletePen
GdipGetPathLastPoint

Sections

.text
Size: 888KB - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 624KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68d7817b431c7d5447a2f031e7fd3f7e

Headers

DLL Characteristics

File Characteristics

Imports

cabinet

kernel32

advapi32

comctl32

comdlg32

gdi32

ole32

oleaut32

shell32

shlwapi

user32

ws2_32

iphlpapi

wininet

dnsapi

netapi32

rpcrt4

msimg32

secur32

crypt32

wintrust

gdiplus

Sections

.text Size: 888KB - Virtual size: 888KB

.rdata Size: 356KB - Virtual size: 356KB

.data Size: 28KB - Virtual size: 28KB

.rsrc Size: 624KB - Virtual size: 624KB

.reloc Size: 68KB - Virtual size: 68KB

.text
Size: 888KB - Virtual size: 888KB

.rdata
Size: 356KB - Virtual size: 356KB

.data
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 624KB - Virtual size: 624KB

.reloc
Size: 68KB - Virtual size: 68KB