4dd56a28aa0734dd41e0271ac5f81ab63931c540a3aa3a41208c979f405bfa7a

Sharing

Copy URL

Twitter E-mail

General

Target

4dd56a28aa0734dd41e0271ac5f81ab63931c540a3aa3a41208c979f405bfa7a
Size

14.1MB
MD5

026a510e162ea53ea9508fb3d0b30b58
SHA1

54c9628f6aaa36a1aefe9b8bde3fdea446785309
SHA256

4dd56a28aa0734dd41e0271ac5f81ab63931c540a3aa3a41208c979f405bfa7a
SHA512

be8c30fe6a71a34347d4917d93c04f5dea5e40d34a40ed565b928d0c359f3b7aa8cebe6eb5149006cd5180f67cdf705141050227236db4cd5d1710f2acae4c17
SSDEEP

98304:Es3ZQoM05b7LFYLxGBBBuQ94zlathesGujTdvJAUNG5ff7Ow3/GNgbRG78Md6aXl:LJQ1057FY9AesGu3F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dd56a28aa0734dd41e0271ac5f81ab63931c540a3aa3a41208c979f405bfa7a

Files

4dd56a28aa0734dd41e0271ac5f81ab63931c540a3aa3a41208c979f405bfa7a
.exe windows x64

3d2bfb0ab76159da87471167d9d69bbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdiplus

GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPolygonI
GdipAlloc
GdipCloneBrush
GdipClosePathFigure
GdipCreateFromHDC
GdipCreatePath
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteGraphics
GdipDeletePath
GdipDeletePen
GdipDrawArcI
GdipDrawLineI
GdipDrawPath
GdipFillPath
GdipFillPieI
GdipFree
GdipGetPenWidth
GdipScaleWorldTransform
GdipSetPenColor
GdipSetPenDashArray
GdipSetPenDashStyle
GdipSetPenEndCap
GdipSetPenLineJoin
GdipSetPenStartCap
GdipSetPenWidth
GdipSetSmoothingMode
GdipSetSolidFillColor
GdiplusShutdown
GdiplusStartup

kernel32

CreateSemaphoreW
DeleteCriticalSection
GetTickCount
IsDBCSLeadByteEx
RaiseException
ReleaseSemaphore
RtlAddFunctionTable
RtlUnwindEx
RtlVirtualUnwind
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
__C_specific_handler
AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCommandLineW
GetComputerNameA
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MulDiv
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleW
ReadFile
ReadFileEx
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetThreadErrorMode
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFileEx
lstrlenW

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_close
_close
_errno
_fmode
_fpreset
_ftime
_gmtime64
_initterm
_lock
_lseeki64
_onexit
_open
_read
_stat64
_strdup
_time64
_unlock
_vsnprintf
_waccess
_wchdir
_wchmod
_wexecvp
_wfopen
_wgetcwd
_wgetenv
_wmkdir
_wopen
_wputenv
_wrename
_write
_wrmdir
_wstat
_wsystem
_wunlink
abort
acos
acosf
atan2
atan2f
atof
calloc
cosf
exit
fclose
feof
ferror
fflush
fgets
fmod
fmodf
fopen
fprintf
fputc
fputs
fread
free
frexp
fscanf
fseek
ftell
fwrite
getc
getenv
localeconv
malloc
modf
printf
putchar
raise
rand
realloc
remove
rewind
setlocale
signal
sinf
sqrtf
strerror
tan
tanf
ungetc
vfprintf

ntdll

NtReadFile
NtWriteFile
_setjmp
_stricmp
_strnicmp
atoi
atol
bsearch
cos
floor
isalnum
isalpha
islower
isprint
isspace
isupper
isxdigit
log
longjmp
mbstowcs
memchr
memcmp
memcpy
memmove
memset
pow
qsort
sin
sprintf
sqrt
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
tolower
toupper
wcscpy
wcslen
wcsncpy
wcstombs
NtCreateFile
RtlNtStatusToDosError

advapi32

OpenProcessToken
SystemFunction036

bcrypt

BCryptGenRandom

comctl32

_TrackMouseEvent

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
PrintDlgA

gdi32

AddFontResourceExA
Arc
BitBlt
CloseEnhMetaFile
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateEnhMetaFileA
CreateFontW
CreatePalette
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteEnhMetaFile
DeleteObject
EndDoc
EndPage
EnumFontFamiliesW
EqualRgn
ExtCreatePen
ExtCreateRegion
GdiFlush
GetCharacterPlacementW
GetDCOrgEx
GetDIBits
GetDeviceCaps
GetEnhMetaFileHeader
GetGlyphOutlineW
GetObjectA
GetRegionData
GetRgnBox
GetStockObject
GetTextExtentPoint32W
GetTextMetricsA
GetWindowOrgEx
GetWorldTransform
LPtoDP
LineTo
ModifyWorldTransform
MoveToEx
OffsetRgn
Pie
PlayEnhMetaFile
PolyPolygon
Polygon
Polyline
RealizePalette
RectInRegion
RemoveFontResourceExA
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetDIBitsToDevice
SetGraphicsMode
SetMapMode
SetPixel
SetStretchBltMode
SetTextAlign
SetTextColor
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
SetWorldTransform
StartDocA
StartPage
StretchBlt
StretchDIBits
TextOutW
UpdateColors

ole32

CoCreateGuid
DoDragDrop
OleInitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

oleaut32

GetErrorInfo
SetErrorInfo
SysAllocStringLen
SysFreeString
SysStringLen

shell32

DragQueryFileW
SHBrowseForFolderW
SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
ShellExecuteA

user32

AdjustWindowRectEx
BringWindowToTop
CallWindowProcA
ChangeClipboardChain
ClientToScreen
CloseClipboard
CopyIcon
CreateIconIndirect
CreateWindowExA
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
FillRect
GetAsyncKeyState
GetClientRect
GetClipboardData
GetClipboardOwner
GetCursorPos
GetDC
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetParent
GetSysColor
GetSystemMetrics
GetUpdateRgn
GetWindow
GetWindowLongA
GetWindowLongPtrA
GetWindowLongPtrW
GetWindowPlacement
GetWindowRect
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsWindow
LoadCursorA
LoadIconA
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
OpenClipboard
OpenIcon
PeekMessageA
PeekMessageW
PostMessageA
PostThreadMessageA
RegisterClassExW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClipboardData
SetClipboardViewer
SetCursor
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetRect
SetWindowLongA
SetWindowLongPtrA
SetWindowPos
SetWindowRgn
SetWindowTextW
ShowWindow
SystemParametersInfoA
TranslateMessage
ValidateRgn
WindowFromPoint

userenv

GetUserProfileDirectoryW

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSARecv
WSASend
WSASocketW
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 479KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 553KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/51
Size: 969KB - Virtual size: 969KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/77
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d2bfb0ab76159da87471167d9d69bbd

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

msvcrt

ntdll

advapi32

bcrypt

comctl32

comdlg32

gdi32

ole32

oleaut32

shell32

user32

userenv

ws2_32

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.data Size: 47KB - Virtual size: 46KB

.rdata Size: 479KB - Virtual size: 478KB

.pdata Size: 265KB - Virtual size: 264KB

.xdata Size: 309KB - Virtual size: 309KB

.bss Size: - Virtual size: 5KB

.idata Size: 20KB - Virtual size: 19KB

.CRT Size: 512B - Virtual size: 120B

.tls Size: 512B - Virtual size: 16B

/4 Size: 1024B - Virtual size: 656B

/19 Size: 553KB - Virtual size: 553KB

/35 Size: 512B - Virtual size: 180B

/51 Size: 969KB - Virtual size: 969KB

/63 Size: 7KB - Virtual size: 6KB

/77 Size: 384KB - Virtual size: 384KB

/89 Size: 2KB - Virtual size: 1KB

/102 Size: 1.3MB - Virtual size: 1.3MB

/113 Size: 9KB - Virtual size: 8KB

/124 Size: 528KB - Virtual size: 527KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 47KB - Virtual size: 46KB

.rdata
Size: 479KB - Virtual size: 478KB

.pdata
Size: 265KB - Virtual size: 264KB

.xdata
Size: 309KB - Virtual size: 309KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 20KB - Virtual size: 19KB

.CRT
Size: 512B - Virtual size: 120B

.tls
Size: 512B - Virtual size: 16B

/4
Size: 1024B - Virtual size: 656B

/19
Size: 553KB - Virtual size: 553KB

/35
Size: 512B - Virtual size: 180B

/51
Size: 969KB - Virtual size: 969KB

/63
Size: 7KB - Virtual size: 6KB

/77
Size: 384KB - Virtual size: 384KB

/89
Size: 2KB - Virtual size: 1KB

/102
Size: 1.3MB - Virtual size: 1.3MB

/113
Size: 9KB - Virtual size: 8KB

/124
Size: 528KB - Virtual size: 527KB