35bb2a49c14b3b750fdb4813b768f5cef1d733762abebd4503df8619ff3cb205

Sharing

Copy URL Twitter E-mail

General

Target

35bb2a49c14b3b750fdb4813b768f5cef1d733762abebd4503df8619ff3cb205
Size

14.4MB
MD5

6a34914d7b13cbe5b217add5e5d03da5
SHA1

ca5edcd85b6fcc030e0255f500e999bd6147b3bd
SHA256

35bb2a49c14b3b750fdb4813b768f5cef1d733762abebd4503df8619ff3cb205
SHA512

7079f46868582349c08fb2fd8c2e0b484871636c7d30791134d4c51ab9bce5852f18cfde4da992146ba9ae6eebb3db7c5a53488ea2a6a60156f9a99325dadea5
SSDEEP

196608:ESfoXn5ifohlw9jgonLoSHH3aIEGvKIKJXaEP+3TusHmToO2lXSE2lJsv6tWKFdy:H5PY+3TuMSojXuJsv6tWKFdu9Cy2+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35bb2a49c14b3b750fdb4813b768f5cef1d733762abebd4503df8619ff3cb205

Files

35bb2a49c14b3b750fdb4813b768f5cef1d733762abebd4503df8619ff3cb205
.exe windows x86

eec1bd70a081c43655b90aac255ae3c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiEnumDeviceInfo
CM_Get_Device_IDW
SetupDiOpenDevRegKey
CM_Get_Parent
CM_Get_Device_IDA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Status

iphlpapi

GetNetworkParams
GetAdaptersAddresses
GetAdaptersInfo

advapi32

OpenProcessToken
RegDeleteValueW
RegEnumKeyExW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
GetTokenInformation
FreeSid
GetLengthSid
CopySid
RegCreateKeyExW
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue
SystemFunction036
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
RegDeleteKeyW

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CertCreateCertificateContext
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

kernel32

GlobalFree
WaitForMultipleObjects
CreateEventW
SetHandleInformation
LocalFree
GetNativeSystemInfo
FormatMessageW
OutputDebugStringW
GetConsoleWindow
CompareStringW
GetUserDefaultLCID
GetCurrentProcessId
GetCommandLineW
GetSystemTime
GetLocalTime
GetCurrentProcess
RaiseException
SwitchToThread
CreateThread
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
SetEvent
WaitForSingleObject
DuplicateHandle
GetSystemInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WaitForSingleObjectEx
ResetEvent
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReleaseSemaphore
ReleaseMutex
CreateMutexW
CreateSemaphoreW
GetSystemDirectoryW
GetModuleFileNameW
GetStartupInfoW
GetFileAttributesExW
GetLongPathNameW
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTempPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
WaitCommEvent
GetFullPathNameW
GetFileAttributesW
DeleteFileW
FindFirstFileW
CopyFileW
MoveFileW
GetFileType
FlushFileBuffers
SetEndOfFile
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetCurrencyFormatW
GetUserDefaultUILanguage
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetModuleHandleExW
GetModuleHandleW
FindNextFileW
OpenProcess
LoadLibraryA
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
GetConsoleCP
PeekNamedPipe
VirtualQuery
FlushConsoleInputBuffer
GlobalMemoryStatus
FindNextFileA
FindFirstFileA
GetModuleHandleA
SystemTimeToFileTime
GetStringTypeW
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
GetCPInfo
DecodePointer
SetEnvironmentVariableW
SetConsoleCtrlHandler
EnumSystemLocalesW
IsValidLocale
LCMapStringW
HeapValidate
HeapAlloc
GetDriveTypeW
SetStdHandle
SetFileAttributesW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
WriteConsoleW
GetStdHandle
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlUnwind
LoadLibraryExW
SetCommTimeouts
SetCommState
SetCommMask
SetCommBreak
PurgeComm
GetCommTimeouts
GetCommState
GetCommModemStatus
EscapeCommFunction
ClearCommError
ClearCommBreak
ReadFile
Sleep
QueryDosDeviceA
CreateFileW
AttachConsole
DeviceIoControl
GetLastError
CloseHandle
WriteFile
SetFilePointerEx
CreateFileA
LoadLibraryW
GetProcAddress
FindFirstFileExW
CancelIo
SetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
RemoveDirectoryW
ExitProcess
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
PeekConsoleInputA

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoCreateGuid
CoTaskMemFree
CoInitialize

ws2_32

gethostname
WSASendTo
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
WSAAccept
setsockopt
select
listen
htons
getsockname
getpeername
closesocket
bind
WSAGetLastError
gethostbyname
gethostbyaddr
ntohl
inet_addr
getsockopt
htonl
WSAStartup
WSACleanup
WSAAsyncSelect
WSASocketW
WSASetLastError
shutdown
recv
send
__WSAFDIsSet

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
SysFreeString
SysAllocString
VariantClear
VariantInit

gdi32

GetDeviceCaps
GetDIBits
GetObjectA
DeleteObject
CreateCompatibleBitmap

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
CharNextExA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowLongW
GetWindowLongW
KillTimer
GetDC
MsgWaitForMultipleObjectsEx
GetQueueStatus
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
ReleaseDC
SetTimer

wintrust

WinVerifyTrust

Sections

.text
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1024B - Virtual size: 881B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eec1bd70a081c43655b90aac255ae3c3

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

iphlpapi

advapi32

crypt32

kernel32

shell32

ole32

ws2_32

oleaut32

gdi32

user32

wintrust

Sections

.text Size: 9.1MB - Virtual size: 9.1MB

.rdata Size: 4.9MB - Virtual size: 4.9MB

.data Size: 73KB - Virtual size: 124KB

.idata Size: 11KB - Virtual size: 10KB

.qtmetad Size: 1024B - Virtual size: 881B

.tls Size: 1024B - Virtual size: 782B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 304KB - Virtual size: 304KB

.text
Size: 9.1MB - Virtual size: 9.1MB

.rdata
Size: 4.9MB - Virtual size: 4.9MB

.data
Size: 73KB - Virtual size: 124KB

.idata
Size: 11KB - Virtual size: 10KB

.qtmetad
Size: 1024B - Virtual size: 881B

.tls
Size: 1024B - Virtual size: 782B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 304KB - Virtual size: 304KB