e2dd8ad384002a560f3a2b41a0f021809d6e76a3c1e96f25d704f4644a2a506e

Sharing

Copy URL Twitter E-mail

General

Target

e2dd8ad384002a560f3a2b41a0f021809d6e76a3c1e96f25d704f4644a2a506e
Size

6.3MB
MD5

e006241c7ba5f579630ed92f1eeb86e8
SHA1

0533a21c2ae29779021da447bc63d8c5daf25ceb
SHA256

e2dd8ad384002a560f3a2b41a0f021809d6e76a3c1e96f25d704f4644a2a506e
SHA512

df55b20f33a2bbb24a86334bc348fe5de57b935b217fe632a7aec127bc2b2223815a1d4aeb10d402ec6f0835ac7f5be3cbc593470f198de1c462b6d4ac811f05
SSDEEP

98304:NrIzH+VCMEsEFMYnUJXyRNglUVjdhqzarrJnhyrfslAiLTceHE:izJM8kXINgl8Wz+sroAgy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2dd8ad384002a560f3a2b41a0f021809d6e76a3c1e96f25d704f4644a2a506e

Files

e2dd8ad384002a560f3a2b41a0f021809d6e76a3c1e96f25d704f4644a2a506e
.exe windows x64

458544bb08f85182fe3c53933ae471c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
WriteConsoleW
DeleteFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
HeapQueryInformation
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetSystemInfo
SetFilePointerEx
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
FreeLibraryAndExitThread
CreateThread
RtlUnwindEx
GetStringTypeW
LCMapStringEx
TryEnterCriticalSection
InitializeSRWLock
RtlPcToFileHeader
OutputDebugStringW
SetErrorMode
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
FileTimeToSystemTime
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetThreadLocale
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
DeleteFileA
CreateFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
GetVersionExA
GetCurrentThread
SetEvent
GetCurrentProcessId
CompareStringA
GetUserDefaultLCID
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
FindResourceA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetCurrentThreadId
EncodePointer
FormatMessageA
MulDiv
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
GetACP
GetFileSizeEx
CreateFileW
VerifyVersionInfoW
VerSetConditionMask
WaitForSingleObjectEx
QueryPerformanceCounter
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
MoveFileExW
Sleep
FormatMessageW
SetLastError
GetEnvironmentVariableA
LoadLibraryW
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
QueryPerformanceFrequency
SleepEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
Process32Next
Process32First
CreateToolhelp32Snapshot
MultiByteToWideChar
MoveFileExA
WriteProfileStringA
GetProfileStringA
LocalFree
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
IsWow64Process
WriteProcessMemory
GetTickCount
GetLocalTime
OpenProcess
CreateProcessA
TerminateProcess
ExitProcess
CreateMutexA
FindNextFileW
LoadResource
FindNextFileA
FindFirstFileA
FindClose
GetCurrentProcess
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
RaiseException
DecodePointer
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
ExitThread
RtlUnwind
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
HeapAlloc
RtlUnwindEx
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetWindowTextA
IsWindowEnabled
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
IsDialogMessageA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
GetWindowLongA
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetActiveWindow
GetWindowThreadProcessId
GetMessageA
TranslateMessage
SetWindowPos
SetPropA
MoveWindow
SendMessageA
GetCursorPos
PostQuitMessage
SetCursor
SetWindowContextHelpId
GetWindow
SetTimer
EnableWindow
GetWindowRect
GetDesktopWindow
UnregisterClassA
ExitWindowsEx
IsIconic
GetSystemMetrics
GetSystemMenu
AppendMenuA
DrawIcon
SetForegroundWindow
GetClientRect
MessageBoxA
LoadIconA
LoadIconW
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetParent
GetSubMenu
GetMenuItemID
GetMenuItemCount
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
GetSysColor
CopyRect
IntersectRect
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CharUpperA
DestroyMenu
GetSysColorBrush
LoadCursorA
RealChildWindowFromPoint
KillTimer
InvalidateRect
SetCapture
ReleaseCapture
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
MapDialogRect
SetMenuItemInfoA
LoadBitmapW
RegisterWindowMessageA
DispatchMessageA
PeekMessageA
GetMessagePos
GetMessageTime
PostMessageA
DefWindowProcA
CallWindowProcA
GetScrollPos
RedrawWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
IsWindow
IsMenu
IsChild
DestroyWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetDlgItem
GetDlgCtrlID
PostThreadMessageA
CharUpperBuffW

gdi32

SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
CreateRectRgnIndirect
GetMapMode
ExtTextOutA
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
TextOutA
GetObjectA
SetTextColor
DeleteDC
GetDeviceCaps
CreateBitmap
DeleteObject
Escape
GetClipBox
GetStockObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
RestoreDC
SaveDC
ExtSelectClipRgn
SelectObject
SetBkColor
SetMapMode

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

CryptDestroyKey
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ChangeServiceConfigA
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
CryptEncrypt
CryptImportKey
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
SetNamedSecurityInfoA
GetNamedSecurityInfoA
RegSetValueExA

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecA
PathFindExtensionA
PathFindFileNameA
PathIsUNCA
PathStripToRootA
PathFileExistsA

ole32

CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
CoFreeUnusedLibraries
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
OleInitialize
OleUninitialize

oleaut32

SysAllocString
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysFreeString

oledlg

ord8

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ws2_32

connect
bind
recv
WSAGetLastError
closesocket
getpeername
accept
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockname
getsockopt
gethostname
ioctlsocket
htonl
select
__WSAFDIsSet
freeaddrinfo
getaddrinfo
sendto
recvfrom
WSAWaitForMultipleEvents
listen
WSACleanup
WSAStartup
htons
inet_pton
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs

oleacc

CreateStdAccessibleObject
LresultFromObject

Exports

Exports

��!��Ԝ��}O�yv��r�vb�\�+̇�Iz��g�]�0m�Н(��yi�g��ǧ�T;��n^5��rKօ6d� ��Sut��:��t/��`v�:x�D�*�}��G�s��b�z��o��o��͊��hM�!��jpϒKg�)Z�yr9��bqt�v ��\d��E�sS܃ԥ��>�ߛ?��LsT7#`��9��?^�uU:qB��m_@ܵHꨩ:= �jњ@��<�v�69 � OOq}E/��]My|!0>$��t��A��!]��D��Z@k�* ��3��x-eS��P��W��4n�6�2��`G� 3�,�ہsl"��f��QT��;!ޤ�y}��JW��pp��ܦ҆ ۠A�[��a��ƽ~h��?��<�E^ ˔[��Ჰ��4nf�ĬE��,�M�l�9{G0F�p/��%_��2=��C7�L��-�2Fɇ!��pwcIS��GWm"J�K`�Rv�XFIR�=�_��^]�=LaW��?7Qi�� {��xH��b'D�Q�[O��v��e�ވ�,:�n��n3�M|�v!RO=N:K�V��р�=7��qA�W��Pv�M��'��i��Czi"��D�6o��W5T+2�5��H��ɂJ��h�² �8��8B�"��k�Ƿ�i:O�G�}�\�E��RY�,��׮��v��գ7zK�=�U�r^<��h)�I�@+�rO��f�[.�O��5�� F��nq%<��z�m�q�� w^t��pAY��pkl��N x�,B��0��/O�!�:L��P�]�z�]�Y�_�o1�߀�C�9�퍥��"��J�!��e�,k5��}�z�Š��Ea_12�sܞ�8�{w��Q 8��M!��7ͯKf�򝒜$�`%�]��k��*e�_$�O��E�񠀆��[�=Q}��费�"�s�B�k�+��Z��OpJ%�z��ѱ�z��ގ}��g�[s _ȱ#�p1sz��W��y;E��ͯ�ۮj�QEgG {��Bb�P˟[�� Ɍ��8{�qR9��.��V��~֔�[�,MXQ(��Z��v��-�XS=}�Cẅ�A��7f�g��Ɗ��b��\Y��n��ĈQ��$�_Q��m��N�^%?(��J�2�v��w��L �-o�$��M�$�K�y��"��G��G��B�G��3��F�.�fW0��W@p��z�w�Z��{��=c��b5�LŶ�0臨�e�/�ۨt!6�T�"L�;��8��t|[�?h/t�u� Yޗ>��ϤN��E\6�=Ʉ^��|��=��O�� s��ىD�U�O�W߉S�w�G��~��unݳ��C�+Z�b��^�!2�ih�y-Wꌍ��.�qP��Pk�9q�M�u��c웕��'l >_�!�%�l��0��f�V��>f��$��d$z*��Ѣ<��;�H�{��0��7�f�d��R=AHC��"5^��v�C퀄4��"9��_v�k��Sa�aM1��f�D��U�A@��A�3%�Ǖ��1XD�Q�)K ��a�*�e�ea?U\�׿��dK��4��D��C��I�F=,d:�>�ψX̪��*�Z��d�gs�>��x��:3L��K@��OCꖢ�Qm�G1ɿ�"z�/�dT��q�UXe��i��L5Ԧ��GP/h7�C#��.��O�jWh�<[��esg�0j��r]��@��_��_A�ȑ~��6�<qDb"�� (�q��*�GH}�`��2K��V��b拶�sJ˽�'��t�%��SM"Y_��8�p��;M��~�Ӊj۹�_=>T��Px U5RL�uo44�@��x��C�?c��_)��7��7 M�H�C�Ī��LK)��4��}>uw]��S��L0�(}�2��Bt�c��.��$�}9��Kg�L�4��±?��^� � &�T{��WUp̤��Mι�h��@U��;quG?�Ȃǫu7\�Y�B��{��m��HGc��0��/f�8?�ID1o��k@��*�D_b�*([��x��1��@��?'�#��%'M6��i��S9�ƚ�ۚ1q߃��v|��Oo��{�l4��<s��C�h:3��w6�:Gϓ�g�:�g��lJm�3�w�H�}�u��ݬXAv�d�� h��,�}�8�2jr��)��ܠK-{y�k�چH�喉�U/�M.T�ݟ >μ<.Y�|�Cٔ��L-79�� &��B��ϕꀭ�G_��z��`��ʖn˓7��0��+-?H�L=��F�Z��>�5.��?��&�+*jy��i�)@6��:��Ǒ��&D��Md��yTti�$>�}TF%��r�� `�AT�7U��Ci;"r��E^h�QB��Ϫ4 ̪��*�O�H~tۮ19;6�XnEYwN��X68�o�Kq1�S5}D�d�t2�Kq�en�6 N�J��ު(�r�-��0��dk19�Zg��bb��MٱZ"Do��tTF�:Cld$&��x��`̢�YY��K�?��O��K��X�Ʉ�v�+`��V$70�+3�O_��_5�hZ>1I�[N �q1�� DQ+�'Na-.c$dxh��B�k� /s�@�N�$�z��Fz5k�X"T]�9��$E��8KA�� xl�M��{��h�ZqVC��֊/ݢ��>�X�ˈ��?@��V�jM�꾡�(�u��5IOzl�R�Y�AA�<��O)��1_+~إo��KV��@li߭��8vٛ�5]�ԖH5y�^�N2��{TR;`[eY�|��2ϲ�D;�U��#��fȗ��

Sections

.text
Size: - Virtual size: 873KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.*>4
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.e}b
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.J@P
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

458544bb08f85182fe3c53933ae471c3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

crypt32

version

ws2_32

oleacc

Exports

Exports

Sections

.text Size: - Virtual size: 873KB

.rdata Size: - Virtual size: 259KB

.data Size: - Virtual size: 36KB

.pdata Size: - Virtual size: 47KB

_RDATA Size: - Virtual size: 244B

.*>4 Size: - Virtual size: 3.9MB

.e}b Size: 6KB - Virtual size: 5KB

.J@P Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 512B - Virtual size: 200B

.rsrc Size: 29KB - Virtual size: 39KB

.text
Size: - Virtual size: 873KB

.rdata
Size: - Virtual size: 259KB

.data
Size: - Virtual size: 36KB

.pdata
Size: - Virtual size: 47KB

_RDATA
Size: - Virtual size: 244B

.*>4
Size: - Virtual size: 3.9MB

.e}b
Size: 6KB - Virtual size: 5KB

.J@P
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 512B - Virtual size: 200B

.rsrc
Size: 29KB - Virtual size: 39KB