0c9d5a35b7994813181bb0c07b8f9793f6c08e8a9b3bf1088bb13c38773a1e9c

Sharing

Copy URL

Twitter E-mail

General

Target

0c9d5a35b7994813181bb0c07b8f9793f6c08e8a9b3bf1088bb13c38773a1e9c
Size

1.9MB
MD5

8de575b98c0e771c3e604aa53898eeb9
SHA1

433c8b4d3ddfefeeac506c53e1c1ae14a9f6097b
SHA256

0c9d5a35b7994813181bb0c07b8f9793f6c08e8a9b3bf1088bb13c38773a1e9c
SHA512

4af343c90d3b1e8919323070ed09556399b0b2d264c78a22cd713faf94eae7b84b4a06316d6e5fac9fa05b3833986309e95196a3c6e03fbec2a249015446a11c
SSDEEP

49152:dVxFn5WvsYa7AQs3ZqExThJ7qchBhC1E9xQ:Dn5WvqAQsJqwJth/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c9d5a35b7994813181bb0c07b8f9793f6c08e8a9b3bf1088bb13c38773a1e9c

Files

0c9d5a35b7994813181bb0c07b8f9793f6c08e8a9b3bf1088bb13c38773a1e9c
.dll windows x86

d1c3ff63ebd4d3d36814c6729401f0f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundW

comctl32

PropertySheetW
_TrackMouseEvent

winspool.drv

OpenPrinterW
SetPrinterDataW
GetPrinterDataW
GetJobW
GetPrinterDataExW
EnumPortsW
EnumPrintersW
ClosePrinter
GetPrinterDriverDirectoryW
GetPrinterDriverW
GetPrinterW

kernel32

GetCurrentProcess
WaitForSingleObject
GetCurrentThread
GetExitCodeThread
DuplicateHandle
SuspendThread
ResumeThread
OutputDebugStringA
CreateThread
LocalFree
ReadFile
SetFilePointer
SetLastError
DeleteFileW
GetEnvironmentVariableW
HeapAlloc
HeapFree
DebugBreak
DeviceIoControl
OpenProcess
CreateDirectoryW
VirtualFree
VirtualAlloc
VirtualProtect
CreateFileA
GetModuleHandleExA
VirtualQuery
GetProcessHeap
CreateDirectoryA
HeapSize
GetSystemInfo
GetModuleFileNameA
GetTempPathA
SetEndOfFile
GetTempFileNameW
GetModuleHandleExW
SetThreadLocale
TerminateProcess
GetStartupInfoW
ExitThread
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapCreate
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
RtlUnwind
GetCPInfo
RaiseException
GetCommandLineA
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
InterlockedExchange
GlobalUnlock
GlobalLock
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetStdHandle
GetEnvironmentVariableA
GetUserDefaultLangID
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetHandleCount
GetTimeZoneInformation
GetStringTypeW
FreeResource
FindResourceW
FreeLibrary
LoadResource
FindResourceExW
GetComputerNameA
GetLastError
GetTempPathW
CreateFileW
GetUserGeoID
WriteFile
OutputDebugStringW
GetWindowsDirectoryW
GetCommandLineW
GetProcAddress
GetSystemTime
GlobalAlloc
GetUserDefaultUILanguage
MultiByteToWideChar
MulDiv
GetTimeFormatW
WideCharToMultiByte
GetDateFormatW
GetLocalTime
GetVersionExW
CloseHandle
LoadLibraryW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoW
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateProcessW
GetCurrentThreadId
Sleep
GetPrivateProfileStringW
GetTickCount
GetComputerNameW
GetCurrentProcessId
GlobalFree
DisableThreadLibraryCalls
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleHandleW
LockResource
GetModuleFileNameW
SizeofResource

user32

GetWindowTextLengthW
SetCapture
ReleaseCapture
CallWindowProcW
ScreenToClient
GetPropW
SetWindowTextW
MapWindowPoints
SendMessageW
EnumChildWindows
EndDialog
GetDlgItem
GetWindowTextW
GetWindowLongW
InvalidateRect
SetPropW
BeginPaint
DialogBoxParamW
GetFocus
DrawFocusRect
GetSysColor
DrawFrameControl
SetCursor
DrawTextW
GetWindowRect
RemovePropW
EndPaint
wsprintfW
UpdateWindow
CreateDialogParamW
ShowWindow
GetParent
DestroyWindow
wsprintfA
IsWindow
PostMessageW
PeekMessageW
MsgWaitForMultipleObjects
CopyRect
EnableWindow
MessageBoxW
SetWindowPos
RedrawWindow
LoadCursorW
GetClientRect
SetLayeredWindowAttributes
GetCursor
IsWindowVisible
KillTimer
DrawIconEx
IsWindowEnabled
GetDC
GetKeyState
AnimateWindow
GetCapture
GetCursorPos
SystemParametersInfoW
SetWindowLongW
SetDlgItemTextW
SetTimer
FillRect
ReleaseDC
LoadImageW

gdi32

GetTextExtentPoint32W
SelectObject
Rectangle
CreatePen
SetTextColor
GetDeviceCaps
CreateSolidBrush
SetBkMode
DeleteObject
GetObjectW
GetStockObject
CreateBitmap
SetBkColor
GetMapMode
DeleteDC
MaskBlt
BitBlt
RoundRect
ExcludeClipRect
SetMapMode
CreateCompatibleDC
CreateFontIndirectW

advapi32

RegEnumKeyExW
RegCreateKeyW
RegEnumValueW
RegNotifyChangeKeyValue
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegConnectRegistryW
RegDeleteValueW
RegCreateKeyExA
RegSetValueExA
RegOpenKeyW
RegEnumKeyW

shell32

ShellExecuteW

ole32

CreateStreamOnHGlobal
CoInitializeEx
GetHGlobalFromStream
CoUninitialize
CoTaskMemFree
CoCreateInstance
OleUninitialize
CoCreateGuid
OleInitialize
CoInitialize

oleaut32

VariantInit
SysStringLen
VariantClear
SysStringByteLen
VariantCopy
SysAllocString
SysFreeString
SysAllocStringByteLen
VariantChangeType

version

GetFileVersionInfoSizeW
GetFileVersionInfoW

activeds

ord9

ws2_32

WSAStartup
WSACleanup
gethostbyname
getsockopt
closesocket
socket
bind
WSAStringToAddressW

winhttp

WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData

msimg32

GradientFill

dbghelp

SymGetLineFromAddr64
SymSetOptions
SymGetOptions
SymGetSearchPath
SymCleanup
SymInitialize
SymFromAddr
SymSetSearchPath

Exports

Exports

CheckDeviceW
CloseHostedDeviceStatus
CommonUIProp
DevPropSheetDestroy
DevPropSheetInit
DocEventStartDocPost
DocEventStartDocPre
DocPropSheetDestroy
DocPropSheetInit
GetCurrentDeviceStatus
GetHostedDeviceStatus
MonitorPrintJobStatusW
TrackPausedJob

Sections

.text
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 150KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 932KB - Virtual size: 931KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1c3ff63ebd4d3d36814c6729401f0f1

Headers

DLL Characteristics

File Characteristics

Imports

winmm

comctl32

winspool.drv

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

activeds

ws2_32

winhttp

msimg32

dbghelp

Exports

Exports

Sections

.text Size: 584KB - Virtual size: 583KB

.rdata Size: 210KB - Virtual size: 209KB

.data Size: 150KB - Virtual size: 209KB

.rsrc Size: 932KB - Virtual size: 931KB

.reloc Size: 80KB - Virtual size: 79KB

.text
Size: 584KB - Virtual size: 583KB

.rdata
Size: 210KB - Virtual size: 209KB

.data
Size: 150KB - Virtual size: 209KB

.rsrc
Size: 932KB - Virtual size: 931KB

.reloc
Size: 80KB - Virtual size: 79KB