3e64abf087093eaabb69254ed3cef8b8e641f529a8a46c695724ccf453d685a9

Sharing

Copy URL

Twitter E-mail

General

Target

3e64abf087093eaabb69254ed3cef8b8e641f529a8a46c695724ccf453d685a9
Size

3.3MB
MD5

4429af1bed021884a44834eba118309a
SHA1

36782c26983541d76124c07b55b5ee3436bca3c2
SHA256

3e64abf087093eaabb69254ed3cef8b8e641f529a8a46c695724ccf453d685a9
SHA512

113c1ff85f2a58473b55245f4d6bd630a00440b61b78943c6e391726a28551667fe175c363f37723c303614f43c77e04b2fc2b61518b7ef077d1b99527ef96af
SSDEEP

49152:fNHL+FwkSn3K1Wt3qn3sOb/QLXGm8wR9dvdjIjvaXPf+hVcYyWOx:ZowbBA3sIoKlY9Ndjqa/eVcYyW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e64abf087093eaabb69254ed3cef8b8e641f529a8a46c695724ccf453d685a9

Files

3e64abf087093eaabb69254ed3cef8b8e641f529a8a46c695724ccf453d685a9
.exe windows x86

4995e3906c299d55d93b12ba23fde129

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetErrorMode
GetLastError
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
DeleteCriticalSection
LoadResource
SizeofResource
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
MultiByteToWideChar
LockResource
FindResourceExW
WideCharToMultiByte
GetShortPathNameW
LoadLibraryW
DeleteFileW
CopyFileW
MoveFileW
GetCommandLineW
GetTickCount
OpenProcess
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
SetLastError
WaitForSingleObject
FreeLibrary
InterlockedDecrement
WriteFile
SetFilePointer
MoveFileExW
FindNextFileW
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
CreateFileW
GetFullPathNameW
RemoveDirectoryW
GetTempFileNameW
lstrlenW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
CloseHandle
RaiseException
InterlockedIncrement
FindClose
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
WriteConsoleW
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
WaitForSingleObjectEx
Sleep
GetNativeSystemInfo
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
LocalFree
EncodePointer
LCMapStringEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCPInfo
ReleaseMutex
FormatMessageW
CreateMutexW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetVersionExW
GetFileSizeEx
ReadFile
GetACP
FreeResource
ExitProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSize
lstrcmpW
MulDiv
lstrcpynW
IsBadReadPtr
GlobalFree
SetEvent
ResetEvent
CreateEventW
GetVersion
InterlockedExchange
InterlockedCompareExchange
ResumeThread
GetLocalTime
SetEndOfFile
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetTempPathW
SetUnhandledExceptionFilter
CreateThread
GetCurrentThread
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
WaitForMultipleObjects
GetStdHandle
FlushFileBuffers
SetFilePointerEx
SetFileTime
DuplicateHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExA
GetModuleHandleExW
OutputDebugStringA
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
LocalFileTimeToFileTime
DosDateTimeToFileTime
DeviceIoControl
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
GetSystemWindowsDirectoryW
RtlUnwind
ExitThread
FreeLibraryAndExitThread
GetFileType
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
DecodePointer

user32

AdjustWindowRectEx
CopyRect
IntersectRect
IsIconic
SetWindowRgn
MonitorFromWindow
GetMonitorInfoW
FindWindowExW
CharPrevW
DrawTextW
SetRect
DrawIconEx
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
RemovePropW
GetWindowDC
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
FillRect
PeekMessageW
WaitMessage
CallMsgFilterW
GetQueueStatus
MsgWaitForMultipleObjectsEx
DefWindowProcW
UnregisterClassW
DestroyWindow
SetPropW
PostMessageW
IsChild
CreateWindowExW
SendMessageW
DispatchMessageW
DestroyIcon
LoadImageW
MessageBoxW
GetPropW
GetMenu
EnableWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
GetWindow
GetClassNameW
GetParent
TranslateMessage
GetMessageW
LoadCursorW
SetWindowLongW
GetWindowLongW
IsRectEmpty
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
KillTimer
OffsetRect
InflateRect
SetCursor
wvsprintfW
wsprintfW
SetTimer
SetWindowPos
MoveWindow
GetIconInfo
ReleaseDC
GetDC
SystemParametersInfoW
LoadIconW
PtInRect
MapWindowPoints
ScreenToClient
GetCursorPos
GetWindowRect
GetClientRect
SetForegroundWindow
SwitchToThisWindow
UpdateWindow
SetFocus
IsZoomed
IsWindowVisible
ShowWindow
IsWindow
PostQuitMessage
RegisterWindowMessageW
ReleaseCapture
SetCapture
GetKeyState
GetFocus
CharNextW
UpdateLayeredWindow

gdi32

GetDIBits
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
GetStockObject
GetTextExtentPoint32W
Rectangle
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
DeleteObject
CreateSolidBrush
SetDIBitsToDevice
CreateDCW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CombineRgn
CreateRectRgnIndirect
GetCharABCWidthsW
GetClipBox
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
MoveToEx
TextOutW
ExtTextOutW
GetDeviceCaps

advapi32

RegOpenKeyExA
RegCreateKeyW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
RegEnumKeyExA
RegQueryValueExA

shell32

Shell_NotifyIconW
ord165
SHGetSpecialFolderPathW
SHChangeNotify
SHCreateDirectoryExW
ShellExecuteW
ShellExecuteExW
SHFileOperationW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateGuid
OleLockRunning
CLSIDFromString
CLSIDFromProgID

oleaut32

VariantClear
VariantInit
SafeArrayPutElement
SafeArrayCreate
SysAllocStringLen
SysAllocString
VarUI4FromStr
SysFreeString

shlwapi

StrStrIW
PathAppendW
SHGetValueA
SHSetValueA
StrCmpIW
StrCmpNIW
StrTrimA
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
SHDeleteKeyW
PathCombineW
PathFindFileNameW
SHGetValueW
SHSetValueW
AssocQueryStringW
StrCpyW
StrStrIA

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

gdiplus

GdipCreatePen1
ord1
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRectI
GdiplusStartup
GdiplusShutdown
GdipDrawPath
GdipDrawEllipseI
GdipDeletePen
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipFillEllipseI
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipGraphicsClear
GdipDrawImageRectI
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipAddPathArcI
GdipCreateTexture
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipFillPath
GdipDrawImagePointsI

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetGetCookieExW
InternetCrackUrlW
InternetSetCookieW
InternetGetConnectedState

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

msimg32

GradientFill
AlphaBlend

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4995e3906c299d55d93b12ba23fde129

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

version

wininet

iphlpapi

crypt32

wintrust

winmm

msimg32

urlmon

imm32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 260KB - Virtual size: 260KB

.data Size: 23KB - Virtual size: 36KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 61KB - Virtual size: 61KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 260KB - Virtual size: 260KB

.data
Size: 23KB - Virtual size: 36KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 61KB - Virtual size: 61KB