1ca8fcb391467677eb09df93d88cfd20eb453cda9e264ce75ffae4fada0d2705

Sharing

Copy URL Twitter E-mail

General

Target

1ca8fcb391467677eb09df93d88cfd20eb453cda9e264ce75ffae4fada0d2705
Size

5.2MB
MD5

ed964b1f3062ba9ae988a3d5f641628a
SHA1

4a9fd9dd16ece475921383ee9621722c158ca8c6
SHA256

1ca8fcb391467677eb09df93d88cfd20eb453cda9e264ce75ffae4fada0d2705
SHA512

3a59687ae19fdbf59df52d5d8b086356b417814afef43de5cfe5ad85ffd2b7d744a42b182034e372e5891b86ff9c553609eff6c554542f3869c0a1550c94e42f
SSDEEP

98304:exmcdzLiGN5jm6+mIpqDUnyhjfjKOMq/BsB:esylj1mSVjKOMKBs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ca8fcb391467677eb09df93d88cfd20eb453cda9e264ce75ffae4fada0d2705

Files

1ca8fcb391467677eb09df93d88cfd20eb453cda9e264ce75ffae4fada0d2705
.exe windows x86

4cc9343dd1524fb570ba116c256448a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleInputA
SetEnvironmentVariableA
OutputDebugStringW
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetDriveTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
GetTimeZoneInformation
WriteConsoleW
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsValidCodePage
SetStdHandle
GetSystemTimeAsFileTime
HeapQueryInformation
AreFileApisANSI
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
GetCommandLineA
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
FindResourceExW
VirtualProtect
Sleep
GetProfileIntA
SearchPathA
GetWindowsDirectoryA
GetTempFileNameA
GetTempPathA
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
InitializeCriticalSection
VerifyVersionInfoA
lstrcpyA
VerSetConditionMask
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
ResumeThread
SetThreadPriority
WaitForSingleObject
FindNextFileA
GetThreadLocale
GetVolumeInformationA
lstrcmpiA
GetCurrentProcess
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameA
FlushFileBuffers
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
FindResourceA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleA
GetModuleFileNameW
FreeResource
GetSystemDirectoryW
EncodePointer
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
SetLastError
FlushConsoleInputBuffer
QueryPerformanceCounter
GlobalMemoryStatus
GetCurrentProcessId
GetFileType
GetVersion
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
GetConsoleWindow
FreeConsole
DeleteFileA
CreateDirectoryA
GetCommandLineW
CreateMutexA
FindClose
OutputDebugStringA
lstrcmpA
LocalAlloc
GetVersionExA
CopyFileA
LoadLibraryA
LocalFree
GetModuleFileNameA
FindFirstFileA
GetACP
FormatMessageA
VerLanguageNameA
CreateFileA
TlsAlloc
DeleteFileW
GetFileAttributesW
SetFileAttributesW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetModuleHandleW
LoadLibraryW
TlsSetValue
TlsGetValue
GetTickCount
DosDateTimeToFileTime
FileTimeToDosDateTime
LocalFileTimeToFileTime
CloseHandle
SetFileTime
SetFilePointer
ReadFile
WriteFile
GetStdHandle
GetFileSize
GetFileInformationByHandle
GetCurrentThreadId
GetProcAddress
FreeLibrary
InterlockedIncrement
GetLocalTime
lstrcpyW
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
GetLastError
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LoadResource
LockResource
SetConsoleMode

user32

SetCapture
IsZoomed
TrackMouseEvent
CopyImage
RealChildWindowFromPoint
IntersectRect
EnumDisplayMonitors
LoadCursorW
SetRectEmpty
GetSysColorBrush
SetLayeredWindowAttributes
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageA
CharUpperA
MapVirtualKeyA
GetKeyNameTextA
GetWindowThreadProcessId
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
CheckDlgButton
MoveWindow
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
SendDlgItemMessageA
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
ReleaseCapture
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsWindow
SetTimer
KillTimer
DeleteMenu
GetMessagePos
SendMessageA
EnableWindow
LoadMenuW
EnableMenuItem
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
SystemParametersInfoA
InflateRect
GetMenuItemInfoA
DestroyMenu
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
UnhookWindowsHookEx
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetMenuState
SetWindowRgn
MessageBeep
WindowFromPoint
OffsetRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
IsRectEmpty
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetMenuStringA
GetClassNameA
FillRect
InsertMenuItemA
SetRect
DestroyIcon
WaitMessage
GetNextDlgGroupItem
DrawEdge
DrawFrameControl
DrawFocusRect
GetSubMenu
UpdateWindow
DrawIconEx
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
DestroyAcceleratorTable
SetCursorPos
InvalidateRect
GetClientRect
GetWindowRect
GetWindow
PostMessageA
GetParent
LoadBitmapA
RedrawWindow
LockWindowUpdate
GetSysColor
CopyRect
GetWindowLongA
SetWindowLongA
GetAsyncKeyState
ShowWindow
MessageBoxA
IsIconic
GetSystemMetrics
GetSystemMenu
AppendMenuA
DrawIcon
SetCursor
GetCursorPos
GetClassLongA
SetClassLongA
LoadBitmapW
LoadCursorA
LoadIconW
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
DrawStateA
SetParent
BringWindowToTop
LoadImageA
GetIconInfo
HideCaret
InvertRect
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
LoadImageW
RegisterClipboardFormatA
CharUpperBuffA
ModifyMenuA
LoadAcceleratorsA
TranslateAcceleratorA
GetWindowRgn
DestroyCursor
GetComboBoxInfo
LoadMenuA
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
MapVirtualKeyExA
IsCharLowerA
GetDoubleClickTime
PostThreadMessageA
FrameRect
CopyIcon
ReuseDDElParam
UnpackDDElParam
EndDeferWindowPos
CreateMenu

gdi32

ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32A
CreateRectRgnIndirect
PatBlt
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetTextMetricsA
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
CreateRoundRectRgn
CreateDIBSection
GetBkColor
GetTextColor
GetRgnBox
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
OffsetRgn
Rectangle
RoundRect
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
TextOutA
LPtoDP
GetViewportOrgEx
SetPixelV
GetTextFaceA
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
MoveToEx
GetWindowOrgEx
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePen
CreateHatchBrush
CreateBitmap
CopyMetaFileA
GetStockObject
CreateSolidBrush
CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
GetObjectA
CreatePatternBrush
CreateFontIndirectA

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptGetKeyParam
CryptGetUserKey
CryptExportKey
CryptGetHashParam
CryptGetProvParam
CryptImportKey
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumKeyA
RegQueryValueA
RegEnumValueA
RegEnumKeyExA

shell32

SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA
DragQueryFileA
SHAppBarMessage
ShellExecuteA
DragFinish
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHGetFolderPathA
SHFileOperationA
CommandLineToArgvW
ShellExecuteExA

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathStripToRootA
PathFindExtensionA
PathFindFileNameA
StrFormatKBSizeA
PathRemoveFileSpecW
PathIsUNCA

uxtheme

GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
IsAppThemed
DrawThemeParentBackground
DrawThemeText
OpenThemeData
CloseThemeData

ole32

CreateStreamOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
RegisterDragDrop
RevokeDragDrop
CoRevokeClassObject
CoRegisterMessageFilter

oleaut32

VarBstrCmp
SysAllocStringByteLen
SysAllocString
VariantCopy
LoadRegTypeLi
DispCallFunc
SysStringLen
LoadTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
VariantChangeType
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocStringLen
VarBstrFromDate
VarDateFromStr
SafeArrayDestroy
SysFreeString

oledlg

ord8

gdiplus

GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromHBITMAP

cryptui

CryptUIDlgViewContext
CryptUIWizExport

crypt32

CryptDecodeObjectEx
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertDeleteCertificateFromStore
CertCreateContext
CertGetEnhancedKeyUsage
CertFindExtension
CertNameToStrA
PFXImportCertStore
PFXVerifyPassword
PFXExportCertStoreEx
CertCreateCertificateContext
CertSetCertificateContextProperty
CryptImportPublicKeyInfo
CertAlgIdToOID
CryptSIPLoad
CryptSIPRetrieveSubjectGuid
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CryptQueryObject

wintrust

CryptCATPersistStore
CryptCATOpen
CryptCATPutAttrInfo
WinVerifyTrust
CryptCATPutMemberInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 558KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cc9343dd1524fb570ba116c256448a0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

cryptui

crypt32

wintrust

version

rpcrt4

oleacc

imm32

winmm

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 558KB - Virtual size: 558KB

.data Size: 69KB - Virtual size: 106KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 157KB - Virtual size: 156KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 558KB - Virtual size: 558KB

.data
Size: 69KB - Virtual size: 106KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 157KB - Virtual size: 156KB