0ad24f25bf4cfffa9be6a22fdabb517f377878094f6d5d509dbfc7cc91ec530d

Sharing

Copy URL Twitter E-mail

General

Target

0ad24f25bf4cfffa9be6a22fdabb517f377878094f6d5d509dbfc7cc91ec530d
Size

3.6MB
MD5

fab52c4bdd72afabe85dcb6513dfb0fe
SHA1

2c79bbdabe572b50d24a104357891cfab7753a5c
SHA256

0ad24f25bf4cfffa9be6a22fdabb517f377878094f6d5d509dbfc7cc91ec530d
SHA512

00ef9e0653b3a7370597bb900c1b9974ea132cd66140b6d8a19bffb82796a7bb972ad327c893a3c33ddeb3f3fd45b5d448920837d92c14a25e5cfc102b9b6dc4
SSDEEP

49152:EWCoiX8oTCSTiksxMCTGtPEHC2ubJVtnYxvJL24NGb1ZLI1KfwMJpm/:IoisoshTGtmCJKZJfUbHMIwA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ad24f25bf4cfffa9be6a22fdabb517f377878094f6d5d509dbfc7cc91ec530d

Files

0ad24f25bf4cfffa9be6a22fdabb517f377878094f6d5d509dbfc7cc91ec530d
.exe windows x86

2c0371e7f086cdd1fc4e1901002c75d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHSetValueW
SHGetValueW
PathMatchSpecW
StrRetToBufW
PathFindFileNameW
PathAppendW
PathFileExistsW
PathRemoveExtensionW
PathRemoveFileSpecW
PathRemoveBackslashW
PathCanonicalizeW
PathIsRootW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

WSAStartup
gethostname
gethostbyname
WSACleanup
WSCGetProviderPath
WSCEnumProtocols
WSCDeinstallProvider
WSCWriteProviderOrder
WSCInstallProvider

kernel32

GetSystemDirectoryW
MoveFileExW
DeleteFileW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryW
InterlockedCompareExchange
CreateMutexW
GetLastError
GetCommandLineW
CreateThread
InitializeCriticalSectionAndSpinCount
Sleep
SetUnhandledExceptionFilter
OpenEventW
GetSystemDirectoryA
ExpandEnvironmentStringsA
LoadLibraryA
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
ExpandEnvironmentStringsW
CreateEventW
GetNativeSystemInfo
GetCurrentThreadId
GetUserDefaultUILanguage
FreeResource
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
SetFilePointer
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
InterlockedIncrement
InterlockedDecrement
ExitProcess
SetFileAttributesW
lstrlenW
OutputDebugStringA
GetFileAttributesExW
FlushFileBuffers
GetTickCount
ReleaseMutex
MoveFileW
SetLastError
GetStartupInfoW
LocalFree
GetProcessHeap
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
SetHandleCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
CompareStringW
GetCPInfo
LCMapStringW
IsDebuggerPresent
UnhandledExceptionFilter
GetTimeZoneInformation
GetStdHandle
GetFileType
WriteConsoleW
RtlUnwind
HeapSetInformation
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
InterlockedExchange
GetStringTypeW
HeapSize
HeapReAlloc
RaiseException
RemoveDirectoryW
FindFirstFileW
GetFileAttributesW
GetDiskFreeSpaceExW
CopyFileW
FindClose
OpenMutexW
FindNextFileW
GetTempPathW
WriteFile
CreateFileW
GetModuleFileNameW
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentProcess
GetModuleHandleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
lstrcmpW
FreeLibrary
GetProcAddress
LoadLibraryW
WaitForSingleObject
TerminateProcess
Process32NextW
OpenProcess
CloseHandle
Process32FirstW
CreateToolhelp32Snapshot
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
SetStdHandle
VirtualQuery
SetEndOfFile
SetEnvironmentVariableA
FormatMessageA
lstrlenA

user32

HideCaret
GetFocus
ShowCaret
GetSysColor
CreateCaret
SetCaretPos
SystemParametersInfoW
GetDC
ReleaseDC
GetSystemMetrics
wsprintfW
FindWindowW
SendMessageW
PostQuitMessage
IsWindow
CreateWindowExW
SetFocus
SetWindowTextW
ShowWindow
SetTimer
KillTimer
DrawTextW
DrawFocusRect
IntersectRect
PostMessageW
ClientToScreen
SetWindowRgn
ScreenToClient
SetActiveWindow
GetMessageW
LoadImageW
SetCapture
MoveWindow
SetCursor
LoadCursorW
EnableWindow
GetClassInfoExW
RegisterClassExW
SetWindowLongW
GetWindowLongW
DefWindowProcW
InvalidateRect
DestroyWindow
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
BeginPaint
GetClientRect
UpdateLayeredWindow
IsZoomed
GetKeyState
IsWindowEnabled
TranslateMessage
OffsetRect
BringWindowToTop
PeekMessageW
GetDesktopWindow
GetCursorPos
GetActiveWindow
EndPaint
SetRectEmpty
GetWindowRect
PtInRect
GetParent
DispatchMessageW
GetWindow
CallWindowProcW
UpdateWindow
MapWindowPoints
ReleaseCapture
PostThreadMessageW

gdi32

GetObjectW
SetTextColor
SetBkColor
SetBkMode
CreateFontIndirectW
SelectObject
DeleteObject
DeleteDC
CreateRectRgn
OffsetRgn
CreateCompatibleBitmap
GetDeviceCaps
CreateDIBSection
CombineRgn
SetRectRgn
BitBlt
GetTextColor
ExtSelectClipRgn
GetClipBox
ExtTextOutW
CreateRectRgnIndirect
CreateCompatibleDC
SelectClipRgn

advapi32

IsValidSid
LookupAccountNameW
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
GetSidIdentifierAuthority
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

shell32

ord165
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderPathW
SHBindToParent

ole32

CoUninitialize
CoCreateInstance
OleInitialize
CoInitialize
CoInitializeEx
CoCreateGuid

oleaut32

VariantClear
SysAllocString
SysFreeString
SysStringLen

comctl32

_TrackMouseEvent
ord17

msimg32

GradientFill
AlphaBlend

riched20

ord4

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpCrackUrl
WinHttpReceiveResponse

wsock32

htons
htonl

iphlpapi

GetBestRoute
GetIpAddrTable
GetIfTable
GetBestInterface

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP

Sections

.text
Size: 735KB - Virtual size: 734KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c0371e7f086cdd1fc4e1901002c75d5

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

riched20

winhttp

wsock32

iphlpapi

Exports

Exports

Sections

.text Size: 735KB - Virtual size: 734KB

.rdata Size: 180KB - Virtual size: 180KB

.data Size: 15KB - Virtual size: 31KB

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 735KB - Virtual size: 734KB

.rdata
Size: 180KB - Virtual size: 180KB

.data
Size: 15KB - Virtual size: 31KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 56KB - Virtual size: 55KB