8f2905eb79dec56feaba9c9d0a8f58f845534d521bcdc74cf46c852d8b3aaad2

Sharing

Copy URL Twitter E-mail

General

Target

8f2905eb79dec56feaba9c9d0a8f58f845534d521bcdc74cf46c852d8b3aaad2
Size

3.7MB
MD5

697028893a7d2f148f03e6aa5fd42c41
SHA1

871b24c48ac9b11e481d371b46634e43d9b36c6b
SHA256

8f2905eb79dec56feaba9c9d0a8f58f845534d521bcdc74cf46c852d8b3aaad2
SHA512

bc8eb9cd2fa3768acd0ae6cc43223a02b236a24504950839a55a329d0ab56748cdd55c28036f3e39fcdbb4b6b2fcdc85e400cb98ed13b9e9c588e74ef40c7845
SSDEEP

49152:aS24YjBasw59AtrVyUTLbWCuDHwb0X3nJMpW:aS24Y9alAtrVy9HQS5wW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f2905eb79dec56feaba9c9d0a8f58f845534d521bcdc74cf46c852d8b3aaad2

Files

8f2905eb79dec56feaba9c9d0a8f58f845534d521bcdc74cf46c852d8b3aaad2
.exe windows x86

ac9b62695ae4ae9149683602644d4778

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

select
WSAGetLastError
WSAConnect
setsockopt
ioctlsocket
shutdown
WSARecv
WSASend
htons
WSAStartup
WSACleanup
GetAddrInfoW
FreeAddrInfoW
WSASocketW
closesocket
send
recv

crypt32

CertGetNameStringW

kernel32

GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FileTimeToDosDateTime
lstrcmpiW
RaiseException
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InitializeCriticalSectionEx
GetCurrentProcessId
Thread32Next
ReadProcessMemory
ResumeThread
GetThreadContext
SuspendThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
GetCurrentThread
Module32NextW
Module32FirstW
GetProcessHandleCount
GetLocalTime
K32GetProcessMemoryInfo
GetEnvironmentVariableW
LocalFree
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
DecodePointer
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
OpenProcess
HeapSize
GetProcessHeap
CompareStringW
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
GlobalFree
LockResource
IsValidCodePage
FreeResource
FindNextFileW
CreateProcessW
CopyFileW
GetUserDefaultUILanguage
RemoveDirectoryW
GetTempPathW
ExpandEnvironmentStringsW
TerminateThread
Process32FirstW
K32GetProcessImageFileNameW
Process32NextW
MoveFileExW
GlobalMemoryStatusEx
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
FindFirstFileW
FlushInstructionCache
IsProcessorFeaturePresent
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetFileType
EnumResourceNamesW
FindClose
FileTimeToSystemTime
DosDateTimeToFileTime
HeapReAlloc
HeapFree
HeapAlloc
GetModuleHandleW
GetCurrentProcess
GetNativeSystemInfo
DeviceIoControl
LoadLibraryW
GetProcAddress
GetModuleFileNameW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateFileW
GetFileSizeEx
SetFilePointer
GetLastError
ReadFile
VirtualAlloc
GetStdHandle
LCMapStringW
GetCPInfo
GetStringTypeW
GetACP
GetOEMCP
SetFilePointerEx
GetConsoleMode
ReadConsoleW
FlushFileBuffers
FreeLibrary
VirtualFree
IsBadReadPtr
VirtualQuery
GetSystemDirectoryW
GetVolumeInformationW
SetStdHandle
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetConsoleOutputCP
GetVersionExW
GetSystemTimeAsFileTime
GetFileAttributesExW
HeapDestroy
GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
HeapCreate
WriteFile
SetEndOfFile
SystemTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
WideCharToMultiByte
GetTickCount
GetCurrentThreadId
SetThreadStackGuarantee
DeleteFileW
MultiByteToWideChar
Sleep
LeaveCriticalSection
GetExitCodeThread
EnterCriticalSection
InterlockedPushEntrySList
GetSystemInfo
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetDiskFreeSpaceExW
IsDebuggerPresent

user32

SetForegroundWindow
BringWindowToTop
DialogBoxParamW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
EnableWindow
LoadIconW
LoadBitmapW
MessageBeep
MessageBoxW
ShowWindow
GetWindowRect
EndDialog
PostQuitMessage
LoadStringW
PostMessageW
IsWindowVisible
LoadImageW
SetTimer
KillTimer
SystemParametersInfoW
IsWindowEnabled
DrawFocusRect
SetCursor
TrackMouseEvent
GetCapture
GetCursorPos
UpdateWindow
OffsetRect
DrawTextW
SetRectEmpty
GetDlgCtrlID
GetTopWindow
GetWindowThreadProcessId
SetClassLongW
GetActiveWindow
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
SendMessageW
IsWindow
GetClassNameW
GetSysColor
SetWindowPos
RedrawWindow
GetClassInfoExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
GetClientRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
LoadCursorW
RegisterClassExW
UnregisterClassW
DefWindowProcW
CharLowerW
CharNextW
PostMessageA
GetSystemMetrics
PtInRect

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateFontIndirectW
BitBlt
GetStockObject
GetObjectW
GetDeviceCaps
DeleteDC
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
GetTextExtentPoint32W
GdiGradientFill
GetTextExtentPointW
TextOutW
RestoreDC
SaveDC
CreateFontW
EnumFontFamiliesExW
CreateDIBitmap
DeleteObject
GetDIBits

advapi32

AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyExW
RegEnumKeyW
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
OpenServiceW
QueryServiceStatus
ControlService
QueryServiceConfigW
RegQueryValueW
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
EqualSid
GetAce
GetAclInformation
GetSecurityDescriptorDacl
GetFileSecurityW
GetTokenInformation
OpenProcessToken
RegCreateKeyExW

shell32

SHGetFolderPathW
ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleUninitialize
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoUninitialize
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringLen
VariantClear
LoadTypeLi
VariantInit
SysAllocStringLen
LoadRegTypeLi
VarUI4FromStr

shlwapi

PathFindExtensionW
PathCanonicalizeW

comctl32

DestroyPropertySheetPage
PropertySheetW
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Create
ImageList_SetBkColor
ImageList_AddMasked
ImageList_Draw
ImageList_Destroy
InitCommonControlsEx
CreatePropertySheetPageW

iphlpapi

GetAdaptersAddresses

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

bcrypt

BCryptGenRandom

dbghelp

SymFunctionTableAccess64
SymGetModuleBase64
StackWalk64
SymLoadModule64
SymGetOptions
SymInitialize
SymSetOptions
MiniDumpWriteDump

gdiplus

GdipAlloc
GdipDisposeImage
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipCloneImage
GdipCreateHBITMAPFromBitmap

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Sections

.text
Size: 956KB - Virtual size: 956KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 60.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac9b62695ae4ae9149683602644d4778

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

iphlpapi

version

bcrypt

dbghelp

gdiplus

wintrust

Sections

.text Size: 956KB - Virtual size: 956KB

.rdata Size: 184KB - Virtual size: 184KB

.data Size: 88KB - Virtual size: 60.9MB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 956KB - Virtual size: 956KB

.rdata
Size: 184KB - Virtual size: 184KB

.data
Size: 88KB - Virtual size: 60.9MB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 30KB - Virtual size: 30KB