496dec2bf62def7fc3e7a7bd9e9ab481196c51822c37198a6126b6ff501dd282

Sharing

Copy URL Twitter E-mail

General

Target

496dec2bf62def7fc3e7a7bd9e9ab481196c51822c37198a6126b6ff501dd282
Size

8.9MB
MD5

9d9c1ed62332e70e815b00c97f230c7f
SHA1

01b0f5333987966ef292e2f09ccbd7c276951393
SHA256

496dec2bf62def7fc3e7a7bd9e9ab481196c51822c37198a6126b6ff501dd282
SHA512

db7e9416f4bfe062b72297c817ab7e7d26677440e6e3f51ef6ec9492b13030ee8712360400fa6c7fcdc1ad788f64474ecab987f2d62b13f8d641f74ad806ca2c
SSDEEP

98304:jxDs0H79glocAyjkHP61N68+q8qzWiFNitmweFLOAkGkzdnEVomFHKnP:jxnH7ejDPV82WKzFLOyomFHKnP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
496dec2bf62def7fc3e7a7bd9e9ab481196c51822c37198a6126b6ff501dd282

Files

496dec2bf62def7fc3e7a7bd9e9ab481196c51822c37198a6126b6ff501dd282
.exe windows x64

d8ae2f34676baa2459dda505940b8e17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore

ws2_32

WSASetLastError
freeaddrinfo
ioctlsocket
getaddrinfo
inet_pton
htons
WSAGetLastError
select
closesocket
socket
recv
send
connect
WSACleanup
WSAStartup
__WSAFDIsSet

kernel32

GetThreadLocale
GetCurrentDirectoryW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetVolumeInformationW
DuplicateHandle
GetCurrentProcess
lstrcmpiW
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
FindResourceExW
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
PeekNamedPipe
GetFileInformationByHandle
GlobalHandle
RtlUnwindEx
GetCPInfo
CompareStringEx
LCMapStringEx
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceBeginInitialize
InitOnceComplete
RtlPcToFileHeader
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetExitCodeThread
QueryPerformanceFrequency
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
FileTimeToSystemTime
GlobalGetAtomNameW
LocalReAlloc
GetStringTypeW
GlobalReAlloc
GlobalFlags
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
CreateEventW
SetEvent
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
lstrcmpA
GetVersionExW
GetCurrentThread
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
CopyFileW
MulDiv
GlobalSize
GlobalAlloc
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LocalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetLocaleInfoW
GetUserDefaultLCID
FlushFileBuffers
GetTickCount
FormatMessageA
LockFileEx
LocalFree
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
HeapValidate
WaitForSingleObject
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
LoadLibraryA
FreeLibrary
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SystemTimeToFileTime
GetSystemTime
FormatMessageW
CreateFiber
DeleteFiber
SwitchToFiber
WriteFile
GetFileType
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
SetLastError
GetModuleHandleExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
FindClose
CreateDirectoryW
DeleteFileW
MoveFileExW
GetFileAttributesW
SetErrorMode
FindNextFileW
FindFirstFileW
GetModuleHandleW
GetComputerNameA
GetVolumeInformationA
CloseHandle
CreateMutexW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
HeapFree
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcAddress
LoadLibraryW
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
HeapQueryInformation
VirtualAlloc
VirtualQuery
SetStdHandle
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetDriveTypeW
RtlUnwind

user32

IsZoomed
TrackMouseEvent
IntersectRect
RealChildWindowFromPoint
SendDlgItemMessageA
ShowOwnedPopups
TranslateMessage
GetMessageW
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
SetLayeredWindowAttributes
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
LoadMenuW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
ShowScrollBar
GetScrollRange
SetScrollRange
CharUpperW
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
DestroyIcon
LoadImageW
SetParent
SetCursorPos
GetClientRect
GetDesktopWindow
GetWindowRect
SendMessageW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
PtInRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetAsyncKeyState
GetSystemMenu
DeleteMenu
MessageBeep
WindowFromPoint
NotifyWinEvent
CreatePopupMenu
GetMenuItemInfoW
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
DestroyMenu
EnableScrollBar
UnionRect
MonitorFromPoint
CopyImage
GetWindowThreadProcessId
GetParent
WaitMessage
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
GetNextDlgGroupItem
OpenClipboard
CloseClipboard
SetClipboardData
GetScrollPos
SetWindowPos
EnableWindow
IsWindowVisible
InvalidateRect
GetKeyState
GetMessageExtraInfo
SetCapture
ReleaseCapture
ScreenToClient
SetTimer
KillTimer
MonitorFromWindow
GetMonitorInfoW
PostQuitMessage
UnregisterClassW
GetWindow
GetPropW
GetWindowRgn
IsIconic
ShowWindow
SetForegroundWindow
GetLastActivePopup
LoadIconW
GetFocus
GetSystemMetrics
DrawIcon
SetPropW
RemovePropW
SetCursor
LoadCursorW
GetCursorPos
ClientToScreen
PostMessageW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetDC
ReleaseDC
DrawStateW
UpdateWindow
FillRect
GetClassNameW
LoadBitmapW
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
BringWindowToTop
LockWindowUpdate
GetDoubleClickTime
GetIconInfo
SetActiveWindow
GetWindowLongW
EmptyClipboard
CopyIcon
ModifyMenuW
DestroyAcceleratorTable
SetClassLongPtrW
GetUpdateRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
LoadAcceleratorsW
CreateAcceleratorTableW
RegisterClipboardFormatW
CharUpperBuffW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
FrameRect
PostThreadMessageW
GetKeyNameTextW
SubtractRect
IsClipboardFormatAvailable
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DestroyCursor
InvertRect
HideCaret
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcW
IsWindow
DefFrameProcW

gdi32

ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32W
SelectClipRgn
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
CreateCompatibleBitmap
CreateDIBitmap
CreateFontIndirectW
EnumFontFamiliesW
GetTextCharsetInfo
GetMapMode
SetRectRgn
DPtoLP
CreateRoundRectRgn
CreateDIBSection
GetRgnBox
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
EnumFontFamiliesExW
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
CreateDCW
CopyMetaFileW
GetObjectW
GetStockObject
DeleteObject
GetDeviceCaps
DeleteDC
PatBlt
CreateSolidBrush

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegDeleteKeyW
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
DeregisterEventSource
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHAppBarMessage
DragFinish
DragQueryFileW
SHGetFileInfoW
SHGetFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

IsAppThemed
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData

ole32

CoTaskMemAlloc
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleUninitialize
CoDisconnectObject
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleInitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries

oleaut32

LoadTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SafeArrayDestroy
SysStringLen
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
VariantInit
SysFreeString
VariantClear
VariantChangeType
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdiplusShutdown
GdipDrawImageI
GdipAlloc
GdipFree
GdipCreateBitmapFromStream
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImagePalette

d2d1

ord1

dwrite

DWriteCreateFactory

bcrypt

BCryptGenRandom

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8ae2f34676baa2459dda505940b8e17

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

d2d1

dwrite

bcrypt

oleacc

imm32

winmm

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 137KB - Virtual size: 195KB

.pdata Size: 246KB - Virtual size: 245KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 97KB - Virtual size: 96KB

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 137KB - Virtual size: 195KB

.pdata
Size: 246KB - Virtual size: 245KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 97KB - Virtual size: 96KB