a154db3c9f70d522a37577a0b86305bdffdaba3384f86de2ed2ad2f5258b2f57

Sharing

Copy URL Twitter E-mail

General

Target

a154db3c9f70d522a37577a0b86305bdffdaba3384f86de2ed2ad2f5258b2f57
Size

2.9MB
MD5

15c54f26be4d9a407294ac37a8bff12a
SHA1

1c08a11ca49d9630f720d3353b4dcaed52e5067f
SHA256

a154db3c9f70d522a37577a0b86305bdffdaba3384f86de2ed2ad2f5258b2f57
SHA512

dcc3a1f2dcaa0cc0e2d6c78ce12dcb484145121cca59ed2091e18718943d0bfdf20f380f27e8bbe3e7c0b7d79069a9cb75de8f696e6307eab494cdae3c950555
SSDEEP

49152:0srlAU+cJyDRUOkHi9cQ//0MTBTlySfx0Qh9eivtFcnIgske:rtoRILilTBJjZh9FcnIk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a154db3c9f70d522a37577a0b86305bdffdaba3384f86de2ed2ad2f5258b2f57

Files

a154db3c9f70d522a37577a0b86305bdffdaba3384f86de2ed2ad2f5258b2f57
.exe windows x86

c04e5774655bb204c654f36f30bd8e07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FlushFileBuffers
SetStdHandle
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetStdHandle
ExitProcess
GetFileType
GetDriveTypeW
VirtualProtect
WriteConsoleW
MoveFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
LoadLibraryA
ExpandEnvironmentStringsA
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetSystemTimeAsFileTime
QueryPerformanceCounter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
SetEndOfFile
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
WaitNamedPipeW
GetSystemTime
GetStartupInfoW
MoveFileW
GetUserDefaultLCID
GetFileTime
IsBadReadPtr
VerLanguageNameW
GetProfileStringW
GlobalFree
FreeResource
CreateEventW
PeekNamedPipe
DuplicateHandle
WaitForMultipleObjects
SetEvent
CreateThread
GetExitCodeProcess
IsBadWritePtr
SetFilePointer
VirtualQuery
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileStringW
CopyFileW
SetFileAttributesW
CreateDirectoryW
GetTempFileNameW
GetTempPathW
FormatMessageW
FileTimeToSystemTime
LocalFree
GetModuleHandleA
GetFileSize
CreatePipe
ReadFile
TerminateThread
TerminateProcess
ExpandEnvironmentStringsW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetACP
CreateProcessW
WriteFile
GlobalMemoryStatus
GetThreadLocale
GetDateFormatW
GetTimeFormatW
GetLocalTime
CompareStringW
GetVersionExW
InterlockedExchange
OutputDebugStringW
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetVolumeInformationW
DeleteFileW
GetFileAttributesW
GetSystemDefaultLangID
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCommandLineW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
LoadLibraryW
CreateMutexW
lstrcpyW
lstrcpynW
lstrcmpiW
lstrcmpW
GetTickCount
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
DecodePointer
FindNextFileW
FindFirstFileW
CreateFileW
GetFullPathNameW
lstrlenW
FindClose
WideCharToMultiByte
MultiByteToWideChar
FindResourceExW
FindResourceW
CloseHandle
SizeofResource
LoadResource
WaitForSingleObject
ResumeThread
LockResource
MulDiv
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DeleteCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetCurrentThreadId
GetSystemInfo

user32

CloseClipboard
OpenClipboard
MonitorFromPoint
IsWindowEnabled
GetDlgCtrlID
GetMessagePos
FrameRect
GetSysColorBrush
mouse_event
LoadIconW
SetClassLongW
SendMessageW
SendDlgItemMessageW
IsDlgButtonChecked
CheckDlgButton
SetDlgItemInt
GetMenuItemID
GetScrollInfo
SetScrollInfo
GetClassLongW
IsRectEmpty
IntersectRect
InflateRect
GetWindowDC
GetSubMenu
DrawFocusRect
TrackPopupMenu
CheckMenuItem
CreatePopupMenu
DestroyCursor
LoadBitmapW
GetCursorPos
SetCursor
DrawIcon
GetMenuStringW
KillTimer
SetTimer
GetDlgItemInt
SystemParametersInfoW
DrawIconEx
DestroyIcon
OffsetRect
SetDlgItemTextA
GetClipboardData
GetScrollPos
DrawEdge
SetRectEmpty
PtInRect
RemoveMenu
UpdateWindow
GetCaretPos
WinHelpW
DrawFrameControl
PostQuitMessage
GetCapture
SetWindowsHookExW
UnhookWindowsHookEx
wsprintfW
SetClipboardData
EmptyClipboard
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
DestroyWindow
ShowWindow
MoveWindow
SetWindowPos
CreateDialogParamW
SetFocus
GetFocus
EnableWindow
SetActiveWindow
GetClientRect
EqualRect
SetPropW
InsertMenuW
GetPropW
GetDlgItemTextW
AdjustWindowRectEx
CheckRadioButton
DeferWindowPos
GetMenuState
SetLayeredWindowAttributes
LockWindowUpdate
GetClipboardOwner
SetCursorPos
WindowFromPoint
SetParent
ModifyMenuW
BringWindowToTop
IsZoomed
SetClipboardViewer
ChangeClipboardChain
SetMenu
GetDoubleClickTime
BeginDeferWindowPos
EndDeferWindowPos
CallNextHookEx
GetWindowPlacement
SetWindowPlacement
IsIconic
TranslateAcceleratorW
TrackPopupMenuEx
GetMenuItemInfoW
EnableMenuItem
SetMenuItemInfoW
SetMenuDefaultItem
ScrollWindowEx
SetScrollPos
ShowScrollBar
SetRect
CheckMenuRadioItem
LoadStringA
GetNextDlgTabItem
wvsprintfW
DeleteMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
IsMenu
MessageBoxW
GetActiveWindow
DialogBoxParamW
CopyRect
DrawTextW
GetKeyState
IsWindowVisible
LoadStringW
CharLowerW
InvertRect
GetWindowThreadProcessId
GetMenu
GetWindowRect
MapWindowPoints
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadCursorW
IsDialogMessageW
MonitorFromWindow
GetMonitorInfoW
GetDC
ReleaseDC
PostMessageW
EndDialog
GetDlgItem
SetDlgItemTextW
MessageBeep
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageTimeoutW
DefWindowProcW
CallWindowProcW
CharNextW
SetCapture
ReleaseCapture
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
GetSystemMetrics
LoadMenuW
SetForegroundWindow
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
ClientToScreen
ScreenToClient
GetSysColor
LoadImageW
GetClassNameW
FindWindowW
GetDesktopWindow
FillRect

gdi32

CreateFontW
SetStretchBltMode
SetBrushOrgEx
CreateBitmap
CreateDCW
CreatePatternBrush
GetMapMode
PatBlt
ResetDCW
SetMapMode
SetRectRgn
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileHeader
Polygon
StartDocW
EndDoc
StartPage
EndPage
AbortDoc
SetViewportExtEx
SetWindowExtEx
OffsetWindowOrgEx
Polyline
IntersectClipRect
GetClipRgn
RoundRect
SetDCBrushColor
GetBkColor
GetTextColor
SetPolyFillMode
SelectPalette
RealizePalette
SetDIBColorTable
CreatePalette
CreateDIBSection
SelectClipRgn
Rectangle
CreateRectRgn
CreatePen
GetTextExtentPoint32W
GetTextMetricsW
EnumFontFamiliesExW
ExcludeClipRect
CreateRectRgnIndirect
CombineRgn
MoveToEx
StretchBlt
SetDCPenColor
LineTo
GetPixel
GetCurrentObject
GetDIBColorTable
SetWindowOrgEx
SetViewportOrgEx
LPtoDP
ExtTextOutW
TextOutW
SetTextColor
SetBkMode
SetBkColor
GetClipBox
GetObjectW
SelectObject
SaveDC
RestoreDC
GetStockObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DPtoLP
CreateFontIndirectW
DeleteObject
PlayEnhMetaFile
CreateSolidBrush
GetDeviceCaps

winspool.drv

GetPrinterW
ClosePrinter
OpenPrinterW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
PrintDlgExW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegSetValueW
RegQueryValueW
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptSetKeyParam
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ExtractIconExW
ord62
SHFileOperationW
SHGetFileInfoW
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetMalloc
SHGetDesktopFolder
ShellExecuteExW

ole32

CoTaskMemRealloc
CoUninitialize
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
PropVariantClear
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoInitialize

oleaut32

VariantChangeType
VariantCopy
SysAllocStringByteLen
SysStringByteLen
VarUdateFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayPutElement
SafeArrayGetLBound
SafeArrayGetUBound
DispCallFunc
VariantCopyInd
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

PathFileExistsW
PathAppendW
PathFindFileNameA
PathFindFileNameW
PathRemoveFileSpecW
StrStrIW
PathAddExtensionW
PathIsRelativeW
PathRemoveExtensionW
StrCmpNW
StrCmpNIW
SHStrDupW
PathCombineW
PathIsDirectoryW
StrToIntW
PathFindExtensionW

comctl32

ImageList_GetIcon
ImageList_Create
ImageList_Destroy
ImageList_Add
_TrackMouseEvent
InitCommonControlsEx
CreateStatusWindowW
ImageList_Draw
ImageList_GetImageCount
ImageList_DrawIndirect
ImageList_ReplaceIcon
ImageList_LoadImageW

msimg32

AlphaBlend
GradientFill
TransparentBlt

gdiplus

GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipDrawImageRectRect
GdipDrawImageRectI
GdipCreateFromHDC
GdipLoadImageFromFile
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageGraphicsContext
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImageWidth

sqlite3

sqlite3_bind_null
sqlite3_bind_int
sqlite3_prepare_v2
sqlite3_exec
sqlite3_bind_text16
sqlite3_open16
sqlite3_step
sqlite3_finalize
sqlite3_reset
sqlite3_close

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 716KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c04e5774655bb204c654f36f30bd8e07

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

sqlite3

version

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 220KB - Virtual size: 220KB

.data Size: 62KB - Virtual size: 285KB

.vmp0 Size: 716KB - Virtual size: 716KB

.reloc Size: 90KB - Virtual size: 89KB

.rsrc Size: 423KB - Virtual size: 423KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 220KB - Virtual size: 220KB

.data
Size: 62KB - Virtual size: 285KB

.vmp0
Size: 716KB - Virtual size: 716KB

.reloc
Size: 90KB - Virtual size: 89KB

.rsrc
Size: 423KB - Virtual size: 423KB