73720f6bc404b52b8753577dc3cba3e153b4f4886b1258239631c8e0703ce9b9

Sharing

Copy URL Twitter E-mail

General

Target

73720f6bc404b52b8753577dc3cba3e153b4f4886b1258239631c8e0703ce9b9
Size

14.4MB
MD5

fbb46c66968f3f82f9dcf7f4fa4d026f
SHA1

83bed66f5f62498eeb3abe023f767a3493917ef1
SHA256

73720f6bc404b52b8753577dc3cba3e153b4f4886b1258239631c8e0703ce9b9
SHA512

5e17126d0111050f452585b52b5c9f55df1f90bf40ceb1c40b8d75c90e958a335f344c25fa59e8826215e884fda77afdb25d2ce0b63308787d44a302a3341d6d
SSDEEP

98304:nIS7pxtSQdpN9SqChMg2nZFYL6xBBBlI5XW34watpesCvKdlF1fXUeCBM1MPetRd:nt7BWqChKnZFYOwVesYs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73720f6bc404b52b8753577dc3cba3e153b4f4886b1258239631c8e0703ce9b9

Files

73720f6bc404b52b8753577dc3cba3e153b4f4886b1258239631c8e0703ce9b9
.exe windows x64

60bdc516ad5d7ab5169127ed77687ef3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdiplus

GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPolygonI
GdipAlloc
GdipCloneBrush
GdipClosePathFigure
GdipCreateFromHDC
GdipCreatePath
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteGraphics
GdipDeletePath
GdipDeletePen
GdipDrawArcI
GdipDrawLineI
GdipDrawPath
GdipFillPath
GdipFillPieI
GdipFree
GdipGetPenWidth
GdipScaleWorldTransform
GdipSetPenColor
GdipSetPenDashArray
GdipSetPenDashStyle
GdipSetPenEndCap
GdipSetPenLineJoin
GdipSetPenStartCap
GdipSetPenWidth
GdipSetSmoothingMode
GdipSetSolidFillColor
GdiplusShutdown
GdiplusStartup

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateSemaphoreW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCommandLineW
GetComputerNameA
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MulDiv
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReadFileEx
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEnvironmentVariableW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetThreadErrorMode
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFileEx
__C_specific_handler
lstrlenW

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_close
_close
_errno
_fmode
_fpreset
_ftime
_gmtime64
_initterm
_lock
_lseeki64
_onexit
_open
_read
_stat64
_strdup
_time64
_unlock
_vsnprintf
_waccess
_wchdir
_wchmod
_wexecvp
_wfopen
_wgetcwd
_wgetenv
_wmkdir
_wopen
_wputenv
_wrename
_write
_wrmdir
_wstat
_wsystem
_wunlink
abort
acos
acosf
atan2
atan2f
atof
calloc
cosf
exit
fclose
feof
ferror
fflush
fgets
fmod
fmodf
fopen
fprintf
fputc
fputs
fread
free
frexp
fscanf
fseek
ftell
fwrite
getc
getenv
localeconv
malloc
modf
printf
putchar
raise
rand
realloc
remove
rewind
setlocale
signal
sinf
sqrtf
strerror
tan
tanf
ungetc
vfprintf

ntdll

NtReadFile
NtWriteFile
_setjmp
_stricmp
_strnicmp
atoi
atol
bsearch
cos
floor
isalnum
isalpha
islower
isprint
isspace
isupper
isxdigit
log
longjmp
mbstowcs
memchr
memcmp
memcpy
memmove
memset
pow
qsort
sin
sprintf
sqrt
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
tolower
toupper
wcscpy
wcslen
wcsncpy
wcstombs
NtCreateFile
RtlNtStatusToDosError

libstdc++-6

_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE5clearESt12_Ios_Iostate
_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_x
_ZSt4cout

advapi32

OpenProcessToken
SystemFunction036

gdi32

AddFontResourceExA
Arc
BitBlt
CloseEnhMetaFile
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateEnhMetaFileA
CreateFontW
CreatePalette
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteEnhMetaFile
DeleteObject
EndDoc
EndPage
EnumFontFamiliesW
EqualRgn
ExtCreatePen
ExtCreateRegion
GdiFlush
GetCharacterPlacementW
GetDCOrgEx
GetDIBits
GetDeviceCaps
GetEnhMetaFileHeader
GetGlyphOutlineW
GetObjectA
GetRegionData
GetRgnBox
GetStockObject
GetTextExtentPoint32W
GetTextMetricsA
GetWindowOrgEx
GetWorldTransform
LPtoDP
LineTo
ModifyWorldTransform
MoveToEx
OffsetRgn
Pie
PlayEnhMetaFile
PolyPolygon
Polygon
Polyline
RealizePalette
RectInRegion
RemoveFontResourceExA
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetDIBitsToDevice
SetGraphicsMode
SetMapMode
SetPixel
SetStretchBltMode
SetTextAlign
SetTextColor
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
SetWorldTransform
StartDocA
StartPage
StretchBlt
StretchDIBits
TextOutW
UpdateColors

user32

AdjustWindowRectEx
BringWindowToTop
CallWindowProcA
ChangeClipboardChain
ClientToScreen
CloseClipboard
CopyIcon
CreateIconIndirect
CreateWindowExA
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
FillRect
GetAsyncKeyState
GetClientRect
GetClipboardData
GetClipboardOwner
GetCursorPos
GetDC
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetParent
GetSysColor
GetSystemMetrics
GetUpdateRgn
GetWindow
GetWindowLongA
GetWindowLongPtrA
GetWindowLongPtrW
GetWindowPlacement
GetWindowRect
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsWindow
LoadCursorA
LoadIconA
MapWindowPoints
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
OpenClipboard
OpenIcon
PeekMessageA
PeekMessageW
PostMessageA
PostThreadMessageA
RegisterClassExW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClipboardData
SetClipboardViewer
SetCursor
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetRect
SetWindowLongA
SetWindowLongPtrA
SetWindowPos
SetWindowRgn
SetWindowTextW
ShowWindow
SystemParametersInfoA
TranslateMessage
ValidateRgn
WindowFromPoint

bcrypt

BCryptGenRandom

comctl32

_TrackMouseEvent

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
PrintDlgA

ole32

DoDragDrop
OleInitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

shell32

DragQueryFileW
SHBrowseForFolderW
SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
ShellExecuteA

userenv

GetUserProfileDirectoryW

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSARecv
WSASend
WSASocketW
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1008KB - Virtual size: 1007KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 553KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/51
Size: 969KB - Virtual size: 969KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/77
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60bdc516ad5d7ab5169127ed77687ef3

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

msvcrt

ntdll

libstdc++-6

advapi32

gdi32

user32

bcrypt

comctl32

comdlg32

ole32

shell32

userenv

ws2_32

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.data Size: 48KB - Virtual size: 47KB

.rdata Size: 1008KB - Virtual size: 1007KB

.pdata Size: 261KB - Virtual size: 260KB

.xdata Size: 307KB - Virtual size: 307KB

.bss Size: - Virtual size: 5KB

.idata Size: 20KB - Virtual size: 19KB

.CRT Size: 512B - Virtual size: 120B

.tls Size: 512B - Virtual size: 16B

/4 Size: 1024B - Virtual size: 656B

/19 Size: 553KB - Virtual size: 553KB

/35 Size: 512B - Virtual size: 180B

/51 Size: 969KB - Virtual size: 969KB

/63 Size: 7KB - Virtual size: 6KB

/77 Size: 384KB - Virtual size: 384KB

/89 Size: 2KB - Virtual size: 1KB

/102 Size: 1.3MB - Virtual size: 1.3MB

/113 Size: 9KB - Virtual size: 8KB

/124 Size: 528KB - Virtual size: 527KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 48KB - Virtual size: 47KB

.rdata
Size: 1008KB - Virtual size: 1007KB

.pdata
Size: 261KB - Virtual size: 260KB

.xdata
Size: 307KB - Virtual size: 307KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 20KB - Virtual size: 19KB

.CRT
Size: 512B - Virtual size: 120B

.tls
Size: 512B - Virtual size: 16B

/4
Size: 1024B - Virtual size: 656B

/19
Size: 553KB - Virtual size: 553KB

/35
Size: 512B - Virtual size: 180B

/51
Size: 969KB - Virtual size: 969KB

/63
Size: 7KB - Virtual size: 6KB

/77
Size: 384KB - Virtual size: 384KB

/89
Size: 2KB - Virtual size: 1KB

/102
Size: 1.3MB - Virtual size: 1.3MB

/113
Size: 9KB - Virtual size: 8KB

/124
Size: 528KB - Virtual size: 527KB