4660b287cd3db208b01305136462412752b0923fdc6cc8f53ff53d4ffccc4df4

Sharing

Copy URL Twitter E-mail

General

Target

4660b287cd3db208b01305136462412752b0923fdc6cc8f53ff53d4ffccc4df4
Size

6.0MB
MD5

ef2bd4ea9bd581fb70d6c378799d6af3
SHA1

163c40c775fb5d9d0e33e03896365c1fa9f63d83
SHA256

4660b287cd3db208b01305136462412752b0923fdc6cc8f53ff53d4ffccc4df4
SHA512

3b5bd0b0f0f7d126778ad259a89c7579e139409de3fb698a82c70e017ed33f8705316b17378a67c132d57e9c6bf311f570b2ee586d10ce57431c54470c27855a
SSDEEP

98304:Prn4bnRgvZ4drfgYOfKC8HqubAFywD6U/4kx6JH8YAKc9l0edBbaVZ:T47yadbkCC8KtoKR/NxKH8YkKd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4660b287cd3db208b01305136462412752b0923fdc6cc8f53ff53d4ffccc4df4

Files

4660b287cd3db208b01305136462412752b0923fdc6cc8f53ff53d4ffccc4df4
.exe windows x86

e97e115e18f6601e1f4a5a8ce97cc0b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcessId
SetUnhandledExceptionFilter
WaitForSingleObject
DuplicateHandle
GetModuleHandleA
OpenProcess
LoadLibraryA
GetModuleHandleW
EnumResourceTypesW
EnumResourceNamesW
EndUpdateResourceW
EnumResourceLanguagesW
FindResourceExW
UpdateResourceW
GetFileSize
BeginUpdateResourceW
LoadLibraryExW
GetACP
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
GetErrorMode
SetErrorMode
MulDiv
CreateDirectoryW
SetFileTime
SystemTimeToFileTime
GetFileType
DosDateTimeToFileTime
ReleaseSemaphore
WaitForMultipleObjects
CreateEventW
SetEvent
CreateSemaphoreW
Sleep
GlobalFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetEndOfFile
GetStdHandle
GetFileInformationByHandle
MoveFileExW
SetLastError
VirtualAlloc
VirtualFree
WriteConsoleW
LoadLibraryW
FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
SetStdHandle
ReadConsoleW
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
ExitThread
GetModuleHandleExW
ExitProcess
GetFullPathNameW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
LocalFree
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
GetStringTypeW
GetExitCodeThread
WaitForSingleObjectEx
TryEnterCriticalSection
FormatMessageW
IsDebuggerPresent
GetCurrentThread
InitializeCriticalSection
GetCurrentThreadId
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
LoadResource
EnterCriticalSection
WideCharToMultiByte
CloseHandle
DeleteFileW
LockResource
FreeResource
CreateFileW
MultiByteToWideChar
GetModuleFileNameW
MapViewOfFile
CreateFileMappingW
FreeLibrary
UnmapViewOfFile
GetTickCount
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetDriveTypeW
GetFileAttributesW
OutputDebugStringW
OutputDebugStringA
CopyFileW
SetCurrentDirectoryW
GetEnvironmentStringsW
FindResourceW
HeapFree
SetFilePointer
WriteFile
GetFileSizeEx
SizeofResource
ReadFile
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
SetEnvironmentVariableA

user32

PostMessageW
SendMessageW
GetIconInfo
PostQuitMessage
CharUpperW
MessageBoxW
wsprintfW
LoadStringW
InvalidateRect
SetForegroundWindow
FillRect
GetGUIThreadInfo
EnumChildWindows
GetForegroundWindow
AttachThreadInput
ShowWindow
SetWindowPos
EnumThreadWindows
MessageBoxA
GetWindowThreadProcessId
SetCursor
LoadCursorW
CharNextW
ReleaseDC
DestroyWindow
GetDC
GetClientRect
SetWindowTextW
GetWindowLongW
SetWindowLongW
GetKeyState
GetWindow
SetFocus
GetUpdateRect
IsRectEmpty
BeginPaint
EndPaint
IsIconic
CreateWindowExW
GetCursorPos
GetWindowRect
InflateRect
PtInRect
ScreenToClient
IsWindow
IsWindowVisible
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjectsEx
UnionRect
GetFocus
SetTimer
KillTimer
SetCapture
ReleaseCapture
GetClassNameW
GetParent
IsWindowEnabled
IntersectRect
ClientToScreen
GetSysColor
GetCaretBlinkTime
DefWindowProcW
GetMonitorInfoW
MonitorFromWindow
RegisterClassW
GetClassInfoExW
MapWindowPoints
GetWindowRgn
UpdateLayeredWindow
MoveWindow
CharPrevW
RegisterClassExW
CallWindowProcW
SetPropW
GetPropW
IsZoomed
OffsetRect
SetWindowRgn
LoadIconW
MonitorFromPoint
UpdateLayeredWindowIndirect
SetRect

gdi32

CreateDCW
GetRgnBox
PtInRegion
GetTextExtentPoint32W
GetCharABCWidthsW
SetBkColor
SetTextColor
SetBkMode
GetObjectA
SelectClipRgn
CreateRectRgnIndirect
SetWorldTransform
GetDIBits
GetStockObject
CreateRectRgn
BitBlt
SetGraphicsMode
CreateDIBSection
CreateCompatibleDC
DeleteDC
GetDeviceCaps
GetObjectW
GetTextMetricsW
SelectObject
DeleteObject
CreatePen
CreateFontIndirectW

comdlg32

GetOpenFileNameW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
OpenThreadToken

shell32

SHGetFolderPathW
SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteA
ShellExecuteExW
ShellExecuteW
ord190
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHOpenFolderAndSelectItems
ord727
ord155
SHBrowseForFolderW

ole32

CLSIDFromProgID
CLSIDFromString
OleLockRunning
OleUninitialize
OleInitialize
CoInitializeEx
CoCreateInstance
PropVariantClear
CoUninitialize
CoInitialize

oleaut32

SysStringLen
SysAllocStringLen
SysAllocString
VariantInit
VariantClear
SysFreeString

shlwapi

PathFindFileNameW
PathAppendW
ord12
PathFileExistsW
PathRemoveFileSpecW

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

comctl32

ord17
_TrackMouseEvent

d2d1

ord1

dwrite

DWriteCreateFactory

gdiplus

GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdiplusShutdown
GdiplusStartup
GdipReleaseDC
GdipGetDC
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDrawString
GdipSetSmoothingMode
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipSetTextRenderingHint
GdipGetImageWidth

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpSendRequest

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e97e115e18f6601e1f4a5a8ce97cc0b8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

winmm

comctl32

d2d1

dwrite

gdiplus

imm32

winhttp

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 221KB - Virtual size: 221KB

.data Size: 30KB - Virtual size: 37KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 64KB - Virtual size: 64KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 221KB - Virtual size: 221KB

.data
Size: 30KB - Virtual size: 37KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 64KB - Virtual size: 64KB