c3fcef97b44640a844f0f04a1dfe0746534882f76fd542aee6d9923f95f10ad8

Sharing

Copy URL Twitter E-mail

General

Target

c3fcef97b44640a844f0f04a1dfe0746534882f76fd542aee6d9923f95f10ad8
Size

13.9MB
MD5

5ce28fe5272fdfad10846bef64b44125
SHA1

2eab8814cdd454eddf774c3f6b9c950df1ce3948
SHA256

c3fcef97b44640a844f0f04a1dfe0746534882f76fd542aee6d9923f95f10ad8
SHA512

56e62803a34982c99f3de4443cbd37b73fcf098973ef81a134e3fa15fbbde39e0c26279c4e4e9a9f3454250ea605fabfd890fc4a8d2fe1142c78dad9ec4706e2
SSDEEP

196608:9VWBwE5B2YyrLohHndGRj4sSHijr53Ze+7dyB3Iz:9YwE5B2YYLMdGx4sSg5bdyxm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3fcef97b44640a844f0f04a1dfe0746534882f76fd542aee6d9923f95f10ad8

Files

c3fcef97b44640a844f0f04a1dfe0746534882f76fd542aee6d9923f95f10ad8
.exe windows x64

e7b0918fe259bc97f6eeba8ad05b0bbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersInfo

kernel32

GlobalSize
RegisterWaitForSingleObject
UnregisterWaitEx
ReadDirectoryChangesW
lstrlenW
QueueUserAPC
CancelIo
GetGeoInfoW
DecodePointer
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CreateDirectoryW
CreateFileW
CloseHandle
SetUnhandledExceptionFilter
SetEvent
ResetEvent
CreateEventA
CreateEventW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
SetDefaultDllDirectories
LocalFree
FormatMessageA
FormatMessageW
SetDllDirectoryW
WideCharToMultiByte
WaitForMultipleObjects
DuplicateHandle
WriteConsoleW
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetOEMCP
IsValidCodePage
SetEnvironmentVariableA
GetTimeZoneInformation
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetACP
GetModuleFileNameA
ExitProcess
SetConsoleCtrlHandler
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetDriveTypeW
RtlUnwind
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
CreateWaitableTimerA
GetLogicalProcessorInformation
ResumeThread
SetWaitableTimer
OpenEventA
WaitForMultipleObjectsEx
ReleaseSemaphore
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
GetCPInfo
CompareStringEx
LCMapStringEx
GetStringTypeW
TryAcquireSRWLockExclusive
InitializeSRWLock
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
LoadLibraryW
GetProductInfo
EncodePointer
IsDebuggerPresent
GetFileTime
CreateHardLinkW
CreateDirectoryA
EnumResourceNamesW
LoadLibraryExW
CreateMutexA
ReleaseMutex
GetLocaleInfoEx
GetPackageInfo
ClosePackageInfo
OpenPackageInfoByFullName
GetPackagesByPackageFamily
GetCurrentPackageFullName
CompareStringW
DosDateTimeToFileTime
GetCurrentPackageFamilyName
GetSystemDefaultUILanguage
GetVersionExW
GetConsoleDisplayMode
AttachConsole
FreeConsole
MulDiv
GlobalUnlock
VirtualQuery
GlobalReAlloc
GetExitCodeProcess
TerminateProcess
FindResourceExW
GetThreadPriority
SetThreadPriority
GetExitCodeThread
TerminateThread
CreateThread
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
FreeResource
GetFileSizeEx
SetThreadLocale
GetThreadLocale
GetModuleFileNameW
GetUserGeoID
QueryFullProcessImageNameW
OpenProcess
OpenEventW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SystemTimeToTzSpecificLocalTime
MoveFileExW
Process32NextW
CopyFileW
IsWow64Process
GetTempFileNameW
GetLongPathNameW
GetFileInformationByHandle
FindFirstFileExW
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
FileTimeToSystemTime
LoadLibraryExA
Process32FirstW
CreateToolhelp32Snapshot
ProcessIdToSessionId
GetUserDefaultLCID
LCMapStringW
GetStringTypeExW
LoadLibraryA
FreeLibrary
LocalAlloc
GetProcAddress
GetModuleHandleW
GetTickCount64
GlobalMemoryStatusEx
GetCurrentThread
WaitForSingleObject
GetDiskFreeSpaceExW
GetUserDefaultUILanguage
GetLocaleInfoW
GlobalFree
GlobalLock
GlobalAlloc
FindResourceW
SizeofResource
WaitForSingleObjectEx
VirtualProtect
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
VerifyVersionInfoW
MoveFileExA
CreateSemaphoreA
RaiseException
SetLastError
LoadResource
LockResource

shlwapi

StrChrIW
UrlEscapeW
AssocQueryStringW
PathGetArgsW
ord176
ord437
PathFindFileNameW
SHRegDuplicateHKey
StrRetToBufW
ord487
PathFileExistsW

gdiplus

GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFont
GdipDrawImage
GdipFillPath
GdipFillEllipse
GdipFillRectangle
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipGraphicsClear
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipSetClipRectI
GdipGetImageHeight
GdipDrawString
GdipGetImageWidth
GdipDrawRectangle
GdipDrawLines
GdipDrawLine
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipDeleteFontFamily
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipCreateFromHDC
GdipFlush
GdipGetGenericFontFamilySansSerif
GdipDeleteFont
GdipGetImageEncodersSize
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathLine
GdipClosePathFigures
GdipDeletePath
GdipCreatePath
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdiplusStartup
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipGetImagePixelFormat
GdipDeleteGraphics
GdipCreateFontFamilyFromName
GdipSetCompositingMode

ws2_32

WSAWaitForMultipleEvents
getnameinfo
gethostbyname
WSAEventSelect
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAEnumNetworkEvents
WSAStartup
WSACleanup
setsockopt
WSAIoctl
gethostname
ioctlsocket
WSASetEvent
getpeername
htons
sendto
recvfrom
socket
__WSAFDIsSet
select
accept
bind
connect
WSACloseEvent
send
inet_pton
getsockname
getsockopt
WSACreateEvent
htonl
WSAResetEvent
freeaddrinfo
getaddrinfo
recv
listen

wldap32

ord33
ord50
ord35
ord46
ord27
ord32
ord79
ord30
ord301
ord200
ord143
ord45
ord60
ord217
ord211
ord22
ord26
ord41

normaliz

IdnToAscii

dbghelp

MiniDumpWriteDump

netapi32

NetGetJoinInformation
NetApiBufferFree

oleaut32

VariantClear
VariantCopy
SysAllocStringLen
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysFreeString
VariantChangeType
SysAllocString
VariantInit
SysStringLen

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
LoadStringW

api-ms-win-core-com-l1-1-1

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoCreateGuid
PropVariantClear
CoInitializeEx
CoUninitialize
CoTaskMemAlloc

api-ms-win-core-processthreads-l1-1-2

OpenThreadToken
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
OpenProcessToken

api-ms-win-security-base-l1-2-0

GetAce
DuplicateTokenEx
GetTokenInformation
IsValidSid
GetSecurityDescriptorSacl
GetAclInformation
AddAce
GetLengthSid
GetSidSubAuthority
AddAccessAllowedAceEx
InitializeAcl

api-ms-win-security-lsalookup-l2-1-1

LookupAccountNameW
LookupAccountSidW

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCopyTreeW
RegDeleteTreeW
RegQueryInfoKeyW
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-synch-l1-2-0

TryEnterCriticalSection
Sleep
SleepEx
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryA
GetTickCount
VerSetConditionMask
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

bcrypt

BCryptGenRandom

api-ms-win-core-file-l1-2-1

ReadFile
UnlockFileEx
GetTempPathW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesExW
FlushFileBuffers
GetDiskFreeSpaceA
GetFileAttributesA
CreateFileA
GetFullPathNameA
SetFilePointer
LockFile
GetFileType
SetEndOfFile
DeleteFileA
GetFileAttributesW
GetDiskFreeSpaceW
GetFullPathNameW
DeleteFileW
UnlockFile
LockFileEx
GetFileSize
WriteFile
CompareFileTime

crypt32

CertOpenSystemStoreA
CertGetIntendedKeyUsage
CryptQueryObject
CertOpenStore
CertGetNameStringW
CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CryptVerifyMessageSignature
CertGetCertificateContextProperty
CertCloseStore

api-ms-win-core-processenvironment-l1-2-0

GetEnvironmentVariableA
GetEnvironmentVariableW
GetStdHandle

api-ms-win-core-namedpipe-l1-2-0

PeekNamedPipe

api-ms-win-core-console-l1-1-0

ReadConsoleA
SetConsoleMode
GetConsoleMode
ReadConsoleW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-memory-l1-1-2

FlushViewOfFile
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-heap-l1-2-0

HeapValidate
HeapCompact
HeapCreate

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
OutputDebugStringW

api-ms-win-core-file-l1-2-2

AreFileApisANSI
GetTempPathA

propsys

VariantCompare

gdi32

GetDIBits
CreateFontIndirectW
CreateSolidBrush
GetDeviceCaps
GetStockObject
AddFontMemResourceEx
CreateBitmap
LPtoDP
GetObjectW
CreateDIBSection
SelectObject
DeleteObject
CreateCompatibleDC
DeleteDC
SetBkColor
SetBkMode
SetMapMode
SetTextColor
GetTextMetricsW
CreateCompatibleBitmap
CreateFontW
GetTextExtentPoint32W
TextOutW

advapi32

CryptHashData
CryptGetHashParam
RegEnumKeyW
RegDeleteKeyW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RegOpenKeyW
SetSecurityInfo
GetSecurityInfo
GetUserNameW
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptExportKey

shell32

SHGetPropertyStoreForWindow
CommandLineToArgvW
SHAppBarMessage
SHGetMalloc
SHGetFileInfoW
SHFileOperationW
ShellExecuteW
SHEvaluateSystemCommandTemplate
SHCreateDirectoryExW
SHQueryUserNotificationState
SHBindToParent
SHCreateItemFromParsingName
SHGetFolderPathW
SHGetKnownFolderPath
SHGetDesktopFolder
SHGetSettings
ShellExecuteExW

msi

ord217
ord173

rpcrt4

UuidToStringW
UuidCreateSequential
RpcStringFreeW

wininet

InternetQueryOptionW
DeleteUrlCacheEntryW

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpGetProxyForUrl

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain

userenv

ExpandEnvironmentStringsForUserW
GetUserProfileDirectoryW

comctl32

ord413
ord410

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

secur32

GetUserNameExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

comdlg32

GetSaveFileNameW

ole32

CoInitialize

Sections

.text
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 608KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e7b0918fe259bc97f6eeba8ad05b0bbd

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

kernel32

shlwapi

gdiplus

ws2_32

wldap32

normaliz

dbghelp

netapi32

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-base-l1-2-0

api-ms-win-security-lsalookup-l2-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l1-1-0

bcrypt

api-ms-win-core-file-l1-2-1

crypt32

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-namedpipe-l1-2-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-heap-l1-2-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-file-l1-2-2

propsys

gdi32

advapi32

shell32

msi

rpcrt4

wininet

winhttp

wintrust

userenv

comctl32

wtsapi32

secur32

api-ms-win-security-sddl-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-service-management-l2-1-0

api-ms-win-core-version-l1-1-0

comdlg32

ole32

Sections

.text Size: 7.9MB - Virtual size: 7.9MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 143KB - Virtual size: 198KB

.pdata Size: 388KB - Virtual size: 387KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 608KB - Virtual size: 612KB

.text
Size: 7.9MB - Virtual size: 7.9MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 143KB - Virtual size: 198KB

.pdata
Size: 388KB - Virtual size: 387KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 608KB - Virtual size: 612KB