4f37e7ef0d344d7d37565a757a9d2d22a7088139021f758a0ff98d7e36b979ab

Sharing

Copy URL Twitter E-mail

General

Target

4f37e7ef0d344d7d37565a757a9d2d22a7088139021f758a0ff98d7e36b979ab
Size

13.2MB
MD5

0dcbb9a0d73415a62ceded464a07cf82
SHA1

011810d0a4d422d33356a4b016ead8e3453199de
SHA256

4f37e7ef0d344d7d37565a757a9d2d22a7088139021f758a0ff98d7e36b979ab
SHA512

646da8004579c07cb80cc65839b2d548917025f49fe1355a0e791468b3389da248adf5a9b4f7a08c4ade19996dc7c8fdfe63f94c39934c805b232789bda214e3
SSDEEP

196608:q8r36faTeQgCeMflA6W4LC8d8Ta3DJyvRrXCJsv6tWKFdu9CPQI:qS36fa4CeSA2C8tJeryJsv6tWKFdu9C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f37e7ef0d344d7d37565a757a9d2d22a7088139021f758a0ff98d7e36b979ab

Files

4f37e7ef0d344d7d37565a757a9d2d22a7088139021f758a0ff98d7e36b979ab
.exe windows x86

22ff14d601b8a998f804e1734f997180

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAAsyncSelect
accept
__WSAFDIsSet
closesocket
connect
inet_ntoa
getpeername
getsockname
getsockopt
htonl
listen
select
WSACleanup
bind
setsockopt
shutdown
WSASetLastError
WSAGetLastError
WSAStartup

ole32

CoLockObjectExternal
CoTaskMemFree
RegisterDragDrop
CoGetMalloc
CoTaskMemAlloc
RevokeDragDrop
OleInitialize
OleUninitialize
CoInitialize
CoCreateGuid
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
ReleaseStgMedium
DoDragDrop
StringFromGUID2
CoUninitialize
CoCreateInstance

imm32

ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME

winmm

PlaySoundW

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SystemTimeToVariantTime
VariantChangeType
VariantInit
SysStringLen

shell32

ShellExecuteA
SHGetFileInfoW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteExW

gdi32

GetDeviceCaps
GetDIBits
CreateBitmap
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetBitmapBits
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
GetTextFaceW
GetObjectW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
CreateFontIndirectW
EnumFontFamiliesExW
CreateDCW
CreateCompatibleBitmap
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

ws2_32

WSASend
WSARecv
WSAIoctl
WSASocketW
getaddrinfo
freeaddrinfo

advapi32

SetSecurityDescriptorGroup
CopySid
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
SetSecurityDescriptorOwner
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid
AddAccessAllowedAce
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
ShowWindow
IsChild
CreateWindowExW
PostMessageW
SendMessageW
MessageBeep
InvalidateRect
SetWindowTextW
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetDesktopWindow
GetParent
SetParent
DestroyCursor
DestroyIcon
GetAncestor
GetKeyboardLayoutList
UnregisterClassW
GetClassInfoW
RegisterClassExW
GetFocus
GetClientRect
GetCursorPos
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
SetClipboardViewer
ChangeClipboardChain
GetWindowThreadProcessId
RegisterClipboardFormatW
GetAsyncKeyState
GetKeyboardLayout
RegisterWindowMessageW
CreateCaret
DestroyCaret
HideCaret
SetCaretPos
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu
TrackPopupMenuEx
SetMenuItemInfoW
NotifyWinEvent
RegisterClassW
GetClipboardFormatNameW
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
TrackMouseEvent
GetMessageExtraInfo
GetWindowTextW
EnumWindows
RealGetWindowClassW
MessageBoxW
DrawIconEx
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
GetDoubleClickTime
SetWindowRgn
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSysColor
GetSystemMetrics
EnableMenuItem
GetSystemMenu
ReleaseDC
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
PostThreadMessageW
CharNextExA
GetDC
GetCaretBlinkTime

kernel32

RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
IsDebuggerPresent
LoadLibraryExW
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
SetThreadAffinityMask
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
DecodePointer
EncodePointer
VirtualFree
VirtualAlloc
QueryDepthSList
UnregisterWaitEx
RaiseException
RtlUnwind
ExitThread
GetModuleHandleExW
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetCommandLineA
SetFileAttributesW
SetStdHandle
ReadConsoleW
GetConsoleCP
GetModuleFileNameA
GetACP
ReleaseMutex
EnumSystemLocalesW
CreateProcessA
SetEnvironmentVariableA
IsValidCodePage
GetOEMCP
WriteConsoleW
FindFirstFileExA
FindNextFileA
UnmapViewOfFile
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
FindNextFileW
FindFirstFileExW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
MoveFileExW
SetFilePointerEx
GetProcessId
GetExitCodeProcess
TerminateProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MoveFileW
CopyFileW
RemoveDirectoryW
GetLogicalDrives
GetFileInformationByHandle
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
GetStartupInfoW
WriteFileEx
CancelIo
PeekNamedPipe
ReadFileEx
GetUserDefaultUILanguage
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
ResumeThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
SwitchToThread
DuplicateHandle
GetSystemDirectoryW
LCMapStringW
QueryPerformanceFrequency
GetLocalTime
GetCommandLineW
GetUserDefaultLCID
CompareStringW
FlushConsoleInputBuffer
GlobalMemoryStatus
GetFileType
GetStdHandle
ResetEvent
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
DisconnectNamedPipe
DeviceIoControl
ExitProcess
GetModuleHandleA
GetConsoleWindow
GlobalSize
GetLocaleInfoW
GlobalUnlock
GlobalLock
GlobalAlloc
OpenProcess
CheckRemoteDebuggerPresent
GetUserDefaultLangID
CreateProcessW
ExpandEnvironmentStringsW
SetErrorMode
IsValidLocale
IsValidLanguageGroup
GetModuleHandleW
lstrcmpW
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
VerifyVersionInfoW
SetWaitableTimer
CreateWaitableTimerW
CreateEventW
SleepEx
TlsSetValue
TlsGetValue
WaitForMultipleObjects
SetEvent
GetLastError
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
CreateFileMappingA
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
HeapSize
HeapValidate
GetVersionExW
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
InterlockedCompareExchange
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
PostQueuedCompletionStatus
TlsAlloc
TlsFree
GetCurrentProcess
CreateEventA
GetModuleFileNameW
OpenMutexA
VerSetConditionMask
TerminateThread
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
InitializeCriticalSectionAndSpinCount

libftauthng

read_pskc_rec
init_pskc
decode_pdata
encode_pdata
check_password
get_passcode_time
set_pin
set_user_login
enable_token
uninit_pskc

opengl32

glStencilMask
glStencilFunc
glScissor
glReadPixels
glPolygonOffset
glPixelStorei
glLineWidth
glIsTexture
glIsEnabled
glHint
glGetTexParameteriv
glGetTexParameterfv
glGetString
glGetIntegerv
glGetFloatv
glGetError
glGetBooleanv
glStencilOp
glFrontFace
glFlush
glFinish
glEnable
glDrawElements
glDrawArrays
glDisable
glDepthRange
glDepthMask
glDeleteTextures
glCullFace
glCopyTexSubImage2D
glCopyTexImage2D
glColorMask
glClearStencil
glClearDepth
glClearColor
glClear
glBlendFunc
glBindTexture
glTexImage2D
glTexParameterf
glTexParameterfv
glTexParameteri
glTexParameteriv
glTexSubImage2D
glViewport
glGenTextures
glDepthFunc

Sections

.text
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22ff14d601b8a998f804e1734f997180

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

ole32

imm32

winmm

oleaut32

shell32

gdi32

iphlpapi

ws2_32

advapi32

user32

kernel32

libftauthng

opengl32

Sections

.text Size: 8.9MB - Virtual size: 8.9MB

.rdata Size: 3.8MB - Virtual size: 3.8MB

.data Size: 139KB - Virtual size: 189KB

.qtmetad Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 3KB - Virtual size: 2KB

_RDATA Size: 1024B - Virtual size: 560B

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 320KB - Virtual size: 320KB

.text
Size: 8.9MB - Virtual size: 8.9MB

.rdata
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 139KB - Virtual size: 189KB

.qtmetad
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 1024B - Virtual size: 560B

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 320KB - Virtual size: 320KB