59d421af5f874cc53d9b0a6c66b2b4b15e37f19834e517ba31b783007a82480f

Sharing

Copy URL Twitter E-mail

General

Target

59d421af5f874cc53d9b0a6c66b2b4b15e37f19834e517ba31b783007a82480f
Size

2.7MB
MD5

7d8ddf13a135d7206b6973eb9cb9a68b
SHA1

806f89ade488af8ce9d12e155a27a22f20aa1f1b
SHA256

59d421af5f874cc53d9b0a6c66b2b4b15e37f19834e517ba31b783007a82480f
SHA512

68687ce7d6b8baeab2aa591dfacb3bb8e2c4171d599338d755176cde9f9ec8e081be6b84e96f7304797b6987582406eaeaff4085bef2865710480c21ea197625
SSDEEP

49152:TrPN9CVLPZQ0pUYBGbFRoPIct4M/lxbw+MxGEBZ7TNVp/DzbQ1rQj9M/:3PbQSWUhxRoN4M/vSGEBv81

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59d421af5f874cc53d9b0a6c66b2b4b15e37f19834e517ba31b783007a82480f

Files

59d421af5f874cc53d9b0a6c66b2b4b15e37f19834e517ba31b783007a82480f
.exe windows x86

e33d48f7a8480073e105dcbeb1f3c7e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetEvent
Sleep
MoveFileW
SetLocalTime
MoveFileA
GetLocalTime
CreateFileMappingW
MapViewOfFile
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
OpenMutexW
CreateMutexW
SetErrorMode
GetFileAttributesA
CreateFileMappingA
OpenFileMappingA
CreateMutexA
ReleaseMutex
CopyFileW
CreateEventW
FreeLibrary
LoadLibraryW
GetProcAddress
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
MoveFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyA
lstrlenA
lstrcatA
GetFullPathNameA
GetLogicalDriveStringsA
QueryDosDeviceA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetDriveTypeA
GetDriveTypeW
ExitProcess
ExitThread
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WritePrivateProfileStringA
CreateThread
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
HeapReAlloc
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetCurrentDirectoryA
GetFullPathNameW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetPrivateProfileIntA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
HeapValidate
FormatMessageW
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
SystemTimeToFileTime
HeapCompact
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
GetFileAttributesExW
OutputDebugStringA
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
GetPrivateProfileStringA
TerminateProcess
OpenProcess
GetVersionExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SleepEx
GetVersionExA
FormatMessageA
HeapCreate
GetFileInformationByHandle
WriteFile
CreateFileA
FindNextFileW
DeleteFileW
FindFirstFileW
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
GlobalUnlock
GlobalLock
ReadFile
GetFileSize
CreateFileW
WaitForSingleObject
CloseHandle
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
SetConsoleMode
ReadConsoleInputA
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalAlloc
GetCurrentThreadId
CopyFileA
GetTickCount
GetModuleFileNameA
lstrlenW
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesW
DeleteCriticalSection
GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSection

user32

AppendMenuW
TrackPopupMenu
CallWindowProcW
GetParent
LoadIconW
LoadCursorW
CreatePopupMenu
GetCursorPos
UnregisterHotKey
DestroyWindow
RegisterHotKey
MessageBoxW
DrawIcon
DefWindowProcW
EndPaint
GetWindowRgn
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
SendMessageA
FindWindowA
SetLastErrorEx
InvalidateRect
KillTimer
SetTimer
PostMessageW
RegisterWindowMessageW
wsprintfW
GetWindowLongW
CreateWindowExW
RegisterClassExW
LoadImageW
SetForegroundWindow
SetWindowsHookExW
GetSystemMetrics
SetWindowPos
SetWindowLongW
SetWindowTextW
IsWindowVisible
IsWindow
CallNextHookEx
MoveWindow
GetWindowRect
ScreenToClient
UnhookWindowsHookEx
ShowWindow
DrawTextW
GetClientRect
BeginPaint

advapi32

CryptHashData
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptDeriveKey
CryptSetKeyParam
CryptEncrypt
CryptDecrypt

ole32

CoCreateInstance
CoUninitialize
CoInitialize

shell32

ShellExecuteW
ShellExecuteA
Shell_NotifyIconW
ShellExecuteExA

oleaut32

VariantClear
VariantInit

shlwapi

PathFindExtensionW

gdi32

CreateCompatibleBitmap
SetBkMode
SetTextColor
CreateFontIndirectW
Rectangle
GetStockObject
GetObjectW
SetDIBColorTable
SelectObject
GetDIBColorTable
DeleteDC
CreateCompatibleDC
CreatePen
MoveToEx
LineTo
CreateSolidBrush
RoundRect
CreateRectRgn
PtInRegion
BitBlt
CreateDIBSection
DeleteObject
SetStretchBltMode
StretchBlt

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageEncoders
GdipSaveImageToFile

msimg32

TransparentBlt

libcef

cef_run_message_loop
cef_string_list_copy
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_map_alloc
cef_string_map_free
cef_string_list_size
cef_string_list_value
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_multimap_append
cef_string_map_append
cef_string_list_append
cef_string_utf16_cmp
cef_browser_host_create_browser
cef_string_utf16_set
cef_string_utf16_to_utf8
cef_string_utf16_clear
cef_string_utf8_to_utf16
cef_string_utf8_clear
cef_log
cef_string_userfree_utf16_free
cef_string_list_free
cef_string_list_alloc
cef_v8value_create_int
cef_v8value_create_string
cef_v8value_create_function
cef_shutdown
cef_quit_message_loop
cef_execute_process
cef_api_hash
cef_initialize

wsock32

socket
gethostbyname
inet_addr
htons
sendto
select
recv
send
ioctlsocket
bind
htonl
ntohs
listen
accept
WSAStartup
WSACleanup
ntohl
setsockopt
connect
recvfrom
gethostbyaddr
getpeername
closesocket
__WSAFDIsSet
inet_ntoa
gethostname
getsockname
WSAGetLastError

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comdlg32

GetSaveFileNameA

libzbar-0

zbar_scan_image
zbar_image_scanner_destroy
zbar_image_scanner_create
zbar_image_get_symbols
zbar_image_set_data
zbar_image_set_size
zbar_image_set_format
_zbar_error_string
zbar_image_scanner_set_config
zbar_symbol_set_ref
zbar_symbol_ref
zbar_symbol_get_data_length
zbar_symbol_get_type
zbar_symbol_get_data
zbar_symbol_set_first_symbol
zbar_image_create
zbar_image_set_userdata
zbar_image_ref

ws2_32

shutdown
getaddrinfo
freeaddrinfo
getsockopt
WSAIoctl
WSASetLastError

wldap32

ord211
ord22
ord60
ord143
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

opencv_core2413

?_interlockedExchangeAdd@cv@@YAHPAHH@Z
?fastFree@cv@@YAXPAX@Z
?copyTo@Mat@cv@@QBEXABV_OutputArray@2@@Z
??0_OutputArray@cv@@QAE@AAVMat@1@@Z
??0_InputArray@cv@@QAE@ABVMat@1@@Z
?deallocate@Mat@cv@@QAEXXZ
??0Mat@cv@@QAE@ABV01@ABV?$Rect_@H@1@@Z
??0_OutputArray@cv@@QAE@ABVMat@1@@Z

opencv_objdetect2413

??1CascadeClassifier@cv@@UAE@XZ
??0CascadeClassifier@cv@@QAE@XZ
?load@CascadeClassifier@cv@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

opencv_highgui2413

??0VideoCapture@cv@@QAE@XZ
?imwrite@cv@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV_InputArray@1@ABV?$vector@HV?$allocator@H@std@@@3@@Z
?imread@cv@@YA?AVMat@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z

opencv_imgproc2413

?resize@cv@@YAXABV_InputArray@1@ABV_OutputArray@1@V?$Size_@H@1@NNH@Z
?equalizeHist@cv@@YAXABV_InputArray@1@ABV_OutputArray@1@@Z
?cvtColor@cv@@YAXABV_InputArray@1@ABV_OutputArray@1@HH@Z

winmm

mciSendCommandW
mciSendCommandA

psapi

GetProcessImageFileNameA
GetModuleBaseNameA
EnumProcesses

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e33d48f7a8480073e105dcbeb1f3c7e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

gdiplus

msimg32

libcef

wsock32

version

comdlg32

libzbar-0

ws2_32

wldap32

opencv_core2413

opencv_objdetect2413

opencv_highgui2413

opencv_imgproc2413

winmm

psapi

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 441KB - Virtual size: 441KB

.data Size: 64KB - Virtual size: 88KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 118KB - Virtual size: 118KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 441KB - Virtual size: 441KB

.data
Size: 64KB - Virtual size: 88KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 118KB - Virtual size: 118KB