82817bd0be29f88004904b1745cfb169c14c490260ab26697f7fe242f3152afa

Sharing

Copy URL Twitter E-mail

General

Target

82817bd0be29f88004904b1745cfb169c14c490260ab26697f7fe242f3152afa
Size

10.0MB
MD5

e922ff2e4f02a2c6fc000eba5d21cac2
SHA1

44aaa8d644460f6fad74fe08d12182ff8debf435
SHA256

82817bd0be29f88004904b1745cfb169c14c490260ab26697f7fe242f3152afa
SHA512

7ea483e5636973cf8b3cafea9a049533db54239f8f116e9c7ec1fe993209721fb80697f1cb3c58d623560a6f668c4d15997108da797ac705df7dcc37d446a73e
SSDEEP

196608:PiHDYKNByZO4WmhQmXvqED5pqZnjO7+Ahhd:2DNFFfiVrSnjO7Zbd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82817bd0be29f88004904b1745cfb169c14c490260ab26697f7fe242f3152afa

Files

82817bd0be29f88004904b1745cfb169c14c490260ab26697f7fe242f3152afa
.exe windows x86

2d4152567a3e0e0bebbfb18b6043628e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
FindResourceExW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetCommandLineW
OutputDebugStringW
MultiByteToWideChar
CloseHandle
WideCharToMultiByte
MoveFileExW
FreeResource
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
LockResource
SizeofResource
GetLocalTime
FindFirstFileA
FindNextFileA
DeleteFileA
Sleep
GetDiskFreeSpaceExW
ExpandEnvironmentStringsW
GetCurrentThreadId
GetExitCodeProcess
GetModuleFileNameW
WritePrivateProfileStringW
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
IsValidCodePage
FindFirstFileExW
CreatePipe
SetStdHandle
SetEndOfFile
LoadResource
WriteConsoleW
SetEnvironmentVariableA
OutputDebugStringA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleA
GetStdHandle
GetDynamicTimeZoneInformation
GetCurrentProcessId
DeleteFileW
GetTempPathW
SetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
lstrcmpA
lstrcmpW
GetCurrentDirectoryW
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
lstrlenW
SetFileAttributesW
FindNextFileW
RemoveDirectoryW
ExitProcess
VirtualProtect
GetModuleHandleW
WaitForSingleObject
CreateToolhelp32Snapshot
lstrcmpiW
Process32NextW
Process32FirstW
TerminateProcess
OpenProcess
GetCurrentProcess
SetEnvironmentVariableW
WinExec
GetVersion
LocalFree
GetTempFileNameW
QueryDosDeviceW
GetLogicalDriveStringsW
GetLogicalDrives
GetDriveTypeW
lstrcpyA
lstrcpyW
lstrlenA
CreateMutexW
CreateFileW
GetFileSize
ReadFile
WriteFile
GetFileSizeEx
SetFilePointer
SetFilePointerEx
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageW
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
GetModuleFileNameA
LoadLibraryExA
FormatMessageA
VerSetConditionMask
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
VerifyVersionInfoW
MulDiv
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
GetFileAttributesW
GlobalFree
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryW
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetModuleHandleA
GetPrivateProfileIntW
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetVersionExW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
RtlUnwind
ExitThread
GetModuleHandleExW
CreateProcessA
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetOEMCP

user32

GetCursorPos
ScreenToClient
MapWindowPoints
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
MonitorFromPoint
GetMonitorInfoW
RealGetWindowClassW
wsprintfW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
IsWindowEnabled
SetPropW
GetPropW
LoadCursorW
LoadImageW
MoveWindow
SetWindowRgn
SetCursor
InflateRect
GetDesktopWindow
GetClientRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
UpdateLayeredWindow
GetWindowRgn
DrawTextW
FillRect
SetRect
CharNextW
GetWindowTextW
GetWindowTextLengthW
EqualRect
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
MonitorFromWindow
PostQuitMessage
MessageBoxW
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
GetSystemMetrics
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
RegisterClipboardFormatW
IsZoomed
IsIconic
IsWindowVisible
SetLayeredWindowAttributes
DestroyWindow
IsWindow
CreateWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
SetForegroundWindow
SetWindowPos
ShowWindow
AttachThreadInput
GetForegroundWindow
SetWindowTextW
ExitWindowsEx
EnumWindows
GetWindowThreadProcessId
LoadStringW
UpdateWindow
SwitchToThisWindow
PostMessageW
FindWindowW
GetWindowRect
SendMessageW
EnumDisplaySettingsW

shell32

SHBindToParent
ShellExecuteW
SHGetSpecialFolderPathW
SHParseDisplayName
SHCreateItemFromIDList
SHCreateDirectoryExW
ord165
SHFileOperationW
ShellExecuteExW
CommandLineToArgvW
ord75
ord25
SHGetDataFromIDListW
SHGetPathFromIDListW
DragQueryFileW

ole32

RegisterDragDrop
CreateStreamOnHGlobal
CLSIDFromString
StringFromCLSID
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
ReleaseStgMedium
CLSIDFromProgID
OleLockRunning

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecA
PathFindFileNameA
PathRemoveExtensionA
ord219
PathAppendW
PathGetDriveNumberW
PathIsURLW
PathCombineW
PathRemoveBackslashW
PathIsDirectoryW

gdiplus

GdipSetCompositingQuality
GdiplusShutdown
GdiplusStartup
GdipCreateLineBrushFromRectI
GdipAddPathStringI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetFontStyle
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipCreateRegionPath
GdipDeleteRegion
GdipGetRegionHRgn
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetPointCount
GdipGetPathData
GdipClosePathFigure
GdipAddPathLine
ord1
GdipAddPathEllipse
GdipAddPathLineI
GdipAddPathBezierI
GdipCloneBrush
GdipDeleteBrush
GdipGetFamily
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenLineJoin
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesGamma
GdipGetDC
GdipReleaseDC
GdipSetCompositingMode
GdipGetCompositingMode
GdipGetCompositingQuality
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipSetInterpolationMode
GdipGetInterpolationMode
GdipGetPageUnit
GdipGetPageScale
GdipSetPageUnit
GdipSetPageScale
GdipGetDpiX
GdipGetDpiY
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawImageRectI
GdipDrawImageRectRect
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFontSize
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipDrawImageRectRectI
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipBitmapSetPixel
GdipAddPathString
GdipGetPathWorldBounds

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW

ws2_32

getsockname
getsockopt
htons
connect
bind
recv
WSAGetLastError
closesocket
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSACleanup
WSAStartup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
WSAWaitForMultipleEvents
WSAResetEvent
gethostname
WSAEventSelect
WSAEnumNetworkEvents
ioctlsocket
getpeername
gethostbyname
WSACreateEvent
WSACloseEvent
send

crypt32

CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindExtension

wldap32

ord73
ord216
ord14
ord145
ord219
ord208
ord41
ord117
ord142
ord26
ord27
ord127
ord167
ord46
ord79
ord133
ord147
ord301

bcrypt

BCryptGenRandom

gdi32

SetBkColor
SetTextColor
BeginPath
BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
CreateRectRgn
DeleteDC
DeleteObject
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
SelectClipRgn
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
GetDeviceCaps
StretchBlt
PtInRegion
CreateDIBSection
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
ExtSelectClipRgn
EndPath
SetBkMode
GetPath
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
GetObjectA
SetStretchBltMode

advapi32

LookupPrivilegeValueW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ControlService
StartServiceW
QueryServiceStatus
OpenServiceW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenProcessToken
CloseServiceHandle

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 148.7MB - Virtual size: 148.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d4152567a3e0e0bebbfb18b6043628e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

shlwapi

gdiplus

version

psapi

ws2_32

crypt32

wldap32

bcrypt

gdi32

advapi32

comctl32

imm32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 346KB - Virtual size: 345KB

.data Size: 23KB - Virtual size: 41KB

_RDATA Size: 2KB - Virtual size: 2KB

.rsrc Size: 148.7MB - Virtual size: 148.7MB

.reloc Size: 92KB - Virtual size: 91KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 346KB - Virtual size: 345KB

.data
Size: 23KB - Virtual size: 41KB

_RDATA
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 148.7MB - Virtual size: 148.7MB

.reloc
Size: 92KB - Virtual size: 91KB