3585fb87b1c8205bba4decb1e087828be64894cca4c18212f62f166f98fd952a

Sharing

Copy URL Twitter E-mail

General

Target

3585fb87b1c8205bba4decb1e087828be64894cca4c18212f62f166f98fd952a
Size

8.3MB
MD5

c1df9481ab7aa120b3d58605c4ca4bce
SHA1

f7bf2924a77525cb23a130dfbd673dd043bf53ff
SHA256

3585fb87b1c8205bba4decb1e087828be64894cca4c18212f62f166f98fd952a
SHA512

3f0078368f8d1776ba0452c8a7e7db463bc2f4d6a7dca18142138d5878d2a0c6b52f10ad7edae71833ad0d5b752648ab71c3f9342cc5de36be25380e1c232bf4
SSDEEP

98304:O7DQp7qPK2TD3yOIuNusHYGNCanjJe2lNNCZmQDqQAoxGUT+9Qpb0zR:mDM7z2vUu3k4JIjeQAo1yjz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3585fb87b1c8205bba4decb1e087828be64894cca4c18212f62f166f98fd952a

Files

3585fb87b1c8205bba4decb1e087828be64894cca4c18212f62f166f98fd952a
.exe windows x86

38d16d1a7011627f1740aea2ee96b75a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

MiniDumpWriteDump

msimg32

AlphaBlend

gdiplus

GdipFillPath
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipSaveImageToFile
GdipDrawImageRectI
GdipSetImageAttributesWrapMode
GdipSetCompositingMode
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipBitmapGetPixel
GdipBitmapSetPixel
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreatePath
GdipDeletePath
GdipClosePathFigures
GdipAddPathLine
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipFlush
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipDrawLine
GdipDrawLines
GdipDrawRectangle
GdipFillRectangle
GdipFillEllipse
GdipSetStringFormatTrimming
GdipDrawImage
GdipDeleteGraphics
GdipDrawImageI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipGraphicsClear
GdipDrawImageRectRect
GdipGetImageGraphicsContext
GdipSetClipRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth

kernel32

SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetSystemTime
GetCurrentThreadId
SetLastError
RaiseException
SetFileTime
CreateFileW
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
GetSystemDirectoryW
CreateThread
CreateEventW
CreateEventA
WaitForSingleObjectEx
WaitForSingleObject
SetEvent
CloseHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
FindResourceW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetErrorMode
GetLastError
GetFileAttributesW
SetConsoleMode
ReadConsoleA
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
MapViewOfFile
CreateFileMappingW
GetModuleFileNameW
GetTickCount
GetVersion
WaitForMultipleObjects
VirtualQuery
DecodePointer
MulDiv
FindResourceExW
GetUserGeoID
GlobalAlloc
GetGeoInfoW
GetSystemPowerStatus
LockFileEx
UnlockFile
WriteConsoleW
OutputDebugStringA
GetCommandLineA
FindNextFileA
FindFirstFileExA
SetConsoleCtrlHandler
GetOEMCP
IsValidCodePage
SetDllDirectoryW
SetDefaultDllDirectories
SetProcessShutdownParameters
GetCurrentProcessId
GetCurrentProcess
Sleep
OpenEventW
SetUnhandledExceptionFilter
CreateDirectoryW
GetCommandLineW
ResetEvent
GetUserDefaultUILanguage
GetLocaleInfoW
SystemTimeToFileTime
GlobalFree
GlobalLock
EnterCriticalSection
HeapCompact
DeleteFileA
CreateFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
SetEnvironmentVariableA
GetTimeZoneInformation
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEndOfFile
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetModuleFileNameA
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetDriveTypeW
InterlockedFlushSList
RtlUnwind
CreateWaitableTimerA
GetLogicalProcessorInformation
TlsFree
ResumeThread
SetWaitableTimer
OpenEventA
WaitForMultipleObjectsEx
ReleaseSemaphore
GetStartupInfoW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
UnmapViewOfFile
CreateMutexW
UnlockFileEx
LockFile
GetDiskFreeSpaceW
HeapCreate
LoadLibraryA
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetTickCount64
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
GetCPInfo
CompareStringEx
LCMapStringEx
TryAcquireSRWLockExclusive
InitializeSRWLock
GetStringTypeW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
CreateDirectoryA
GetFileSize
TryEnterCriticalSection
InitializeCriticalSection
GetConsoleDisplayMode
AttachConsole
FreeConsole
QueryFullProcessImageNameW
LocalAlloc
SetEnvironmentVariableW
FreeEnvironmentStringsW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
AreFileApisANSI
MultiByteToWideChar
MoveFileExA
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
SleepEx
VerSetConditionMask
VerifyVersionInfoW
GetSystemInfo
VirtualProtect
LoadLibraryExA
GetSystemDefaultUILanguage
GetStringTypeExW
LCMapStringW
GetUserDefaultLCID
GetLocaleInfoEx
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
OutputDebugStringW
GetCurrentThread
FileTimeToSystemTime
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetLongPathNameW
GetTempFileNameW
SetFilePointer
WriteFile
GetTempPathW
IsWow64Process
CopyFileW
MoveFileExW
SystemTimeToTzSpecificLocalTime
GetEnvironmentVariableW
ProcessIdToSessionId
OpenProcess
GetVersionExW
LoadLibraryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentPackageFamilyName
FreeResource
EnumResourceNamesW
GetCurrentPackageFullName
GetPackagesByPackageFamily
OpenPackageInfoByFullName
ClosePackageInfo
GetPackageInfo
TerminateProcess
GetExitCodeProcess
GetVolumeInformationW
GetComputerNameW
GlobalReAlloc
GlobalSize
GlobalUnlock
DosDateTimeToFileTime
CompareStringW
SetThreadPriority
GetThreadPriority
TerminateThread
GetExitCodeThread
GetFileSizeEx
ReleaseMutex
CreateMutexA
TlsAlloc
TlsGetValue
TlsSetValue
GetThreadLocale
SetThreadLocale
FindResourceA
GetLocaleInfoA
GetEnvironmentStringsW

wininet

FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetQueryOptionW
InternetSetOptionW
DeleteUrlCacheEntryW

comctl32

ord413
ord410
_TrackMouseEvent

wtsapi32

WTSRegisterSessionNotification
WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory

ws2_32

WSACreateEvent
WSACloseEvent
send
getsockopt
WSAEventSelect
WSAResetEvent
WSASetEvent
listen
htonl
getsockname
WSAWaitForMultipleEvents
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
WSAEnumNetworkEvents
setsockopt
WSAIoctl
htons
socket
__WSAFDIsSet
select
connect
bind
accept
getnameinfo
gethostbyname

wldap32

ord30
ord200
ord79
ord35
ord33
ord46
ord217
ord143
ord32
ord301
ord41
ord60
ord45
ord26
ord27
ord50
ord211
ord22

normaliz

IdnToAscii

gdi32

GetTextExtentPoint32W
SetDIBColorTable
GetStockObject
SetLayout
GetObjectW
SetDIBits
SetBrushOrgEx
CreateCompatibleBitmap
CreateDIBSection
SetBkMode
SelectObject
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
BitBlt
DeleteDC
GetDeviceCaps
CreateBitmap
CreateSolidBrush
SetMapMode
CreateFontW
GetDIBits
SetTextColor
GetTextMetricsW
TextOutW
LPtoDP
AddFontMemResourceEx
SetBkColor

advapi32

AddAccessAllowedAceEx
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
DeregisterEventSource
SetSecurityInfo
GetSecurityInfo
GetUserNameW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
OpenProcessToken
InitializeAcl
GetSecurityDescriptorSacl
GetLengthSid
GetAclInformation
CryptEnumProvidersW
CryptSignHashW
OpenThreadToken
RegOpenKeyW
GetSidSubAuthority
GetTokenInformation
RegEnumKeyExW
LookupAccountNameW
ConvertSidToStringSidW
RegEnumValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
ConvertStringSidToSidW
RegFlushKey
RegQueryInfoKeyW
RegDeleteTreeW
RegCopyTreeW
GetAce
AddAce
DuplicateTokenEx
CryptDecrypt

ole32

StringFromGUID2
CoCreateGuid
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
PropVariantClear
OleUninitialize
OleInitialize
CoTaskMemFree
OleLockRunning
OleSetContainedObject
OleCreate
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoCreateInstance

oleaut32

VariantChangeType
GetErrorInfo
SetErrorInfo
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
CreateErrorInfo
SysStringLen
VariantInit
VariantCopy
SysAllocString
VariantClear
SysFreeString

shlwapi

ord176
SHRegDuplicateHKey
PathFileExistsW
PathGetArgsW
AssocQueryStringW
ord487
StrRetToBufW
StrChrIW

bcrypt

BCryptGenRandom

msi

ord217
ord173

rpcrt4

UuidCreateSequential
UuidToStringW
RpcStringFreeW

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpGetProxyForUrl

crypt32

CertOpenStore
CertCloseStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA

userenv

GetUserProfileDirectoryW
ExpandEnvironmentStringsForUserW

version

VerQueryValueW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString

secur32

GetUserNameExW

comdlg32

GetSaveFileNameW

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 776KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

38d16d1a7011627f1740aea2ee96b75a

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

msimg32

gdiplus

kernel32

wininet

comctl32

wtsapi32

api-ms-win-core-winrt-l1-1-0

ws2_32

wldap32

normaliz

gdi32

advapi32

ole32

oleaut32

shlwapi

bcrypt

msi

rpcrt4

winhttp

crypt32

userenv

version

api-ms-win-core-winrt-string-l1-1-0

secur32

comdlg32

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 39KB - Virtual size: 74KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 776KB - Virtual size: 780KB

.text
Size: 5.0MB - Virtual size: 5.0MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 39KB - Virtual size: 74KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 776KB - Virtual size: 780KB