22b805c2f3f8b691f14785ecc3099c76b19ca8e385f03298b3ab9e3ca300101f

Sharing

Copy URL Twitter E-mail

General

Target

22b805c2f3f8b691f14785ecc3099c76b19ca8e385f03298b3ab9e3ca300101f
Size

5.1MB
MD5

83a98d4f71168ebb1427f48fdbc9e16e
SHA1

01d68bd3ca763fcc6f5feb68d401641ac527e6f2
SHA256

22b805c2f3f8b691f14785ecc3099c76b19ca8e385f03298b3ab9e3ca300101f
SHA512

5313ff5f60dd9b58ac241ca811c40f0961bedb8a3a3ff25fbcaf0187908e24a1f10196e8c2945ef85b89317459da822ede538a776e07b4a4dc45240702039ec8
SSDEEP

98304:nNvQegvoWAGTbD4XfEfDuf2p0yiHqOnJG4qHkgRLYyEHFx:No7D4P4Duw8G4qEWYyS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22b805c2f3f8b691f14785ecc3099c76b19ca8e385f03298b3ab9e3ca300101f

Files

22b805c2f3f8b691f14785ecc3099c76b19ca8e385f03298b3ab9e3ca300101f
.exe windows x86

e4ca392f10e2f0b3862083f16e61e3c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsWindow
GetCursorPos
IsIconic
SetForegroundWindow
FindWindowW
MessageBoxA
GetDesktopWindow
GetWindow
SendMessageW
GetProcessWindowStation
PostQuitMessage
MapWindowPoints
GetUserObjectInformationW
KillTimer
AppendMenuW
LoadIconW
DestroyMenu
GetForegroundWindow
AttachThreadInput
SetTimer
ShowWindow
TrackPopupMenu
CreatePopupMenu
MessageBoxW
SetWindowPos
GetWindowThreadProcessId
GetFocus
GetParent
IsRectEmpty
IntersectRect
PtInRect
SetCursor
LoadCursorW
CharNextW
DestroyWindow
PostMessageW
GetDC
ReleaseDC
SetCapture
ReleaseCapture
FillRect
InvalidateRect
InvalidateRgn
DefWindowProcW
GetClientRect
CreateAcceleratorTableW
BeginPaint
EndPaint
MoveWindow
OffsetRect
InflateRect
UnionRect
GetKeyState
GetWindowLongW
SetWindowLongW
GetCaretBlinkTime
SetCaretPos
CreateCaret
SetFocus
GetUpdateRect
GetWindowRect
UpdateLayeredWindow
CreateWindowExW
ScreenToClient
GetMessageW
TranslateMessage
DispatchMessageW
EnableWindow
GetMonitorInfoW
MonitorFromWindow
RegisterClassW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
TrackMouseEvent
SetPropW
GetPropW
IsZoomed
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetCaretPos
SetWindowRgn
DrawTextW
SetRect
CharPrevW
GetWindowRgn
GetSysColor
ShowCaret
HideCaret
ClientToScreen

advapi32

ReportEventA
OpenProcessToken
RegisterEventSourceA
AdjustTokenPrivileges
LookupPrivilegeValueW
DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

gdi32

TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
CreateRectRgn
PtInRegion
SetBkColor
SetTextColor
SetBkMode
GetObjectA
RoundRect
Rectangle
LineTo
MoveToEx
CreatePenIndirect
CreateSolidBrush
SetStretchBltMode
StretchBlt
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
CreateRoundRectRgn
GetTextMetricsW
BitBlt
CreateCompatibleBitmap
RestoreDC
SaveDC
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
CreatePen
CreateFontIndirectW
GetDeviceCaps
GetStockObject
GetObjectW

ws2_32

WSAIoctl
socket
shutdown
gethostname
getaddrinfo
setsockopt
recvfrom
sendto
ntohs
htons
ntohl
htonl
ioctlsocket
listen
accept
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
WSAStartup
WSACleanup
__WSAFDIsSet
freeaddrinfo
WSAGetLastError
getsockopt

wldap32

ord211
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord46
ord143
ord60

shlwapi

PathFileExistsW
SHDeleteKeyW

wininet

InternetSetOptionW

kernel32

FreeLibraryAndExitThread
GetDriveTypeW
SetFilePointerEx
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
InitializeSListHead
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetStartupInfoW
IsDebuggerPresent
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetCPInfo
HeapAlloc
SetStdHandle
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
CreateThread
GetFullPathNameW
FlushFileBuffers
GetTimeZoneInformation
SetConsoleMode
ReadConsoleInputW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
LCMapStringEx
DecodePointer
EncodePointer
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitOnceBeginInitialize
GetProcessHeap
InitOnceComplete
QueryPerformanceFrequency
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RaiseException
GetStringTypeW
LocalFree
TlsFree
HeapSize
WriteConsoleW
ExitThread
LoadLibraryExW
HeapReAlloc
OutputDebugStringA
FlushConsoleInputBuffer
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTime
GetModuleHandleA
WaitForMultipleObjects
PeekNamedPipe
GetStdHandle
WaitForSingleObjectEx
FormatMessageA
SleepEx
VirtualFree
VirtualAlloc
VerifyVersionInfoA
LoadLibraryA
CreateFileA
K32GetModuleBaseNameA
GetFileInformationByHandle
SetEndOfFile
FreeLibrary
SetEvent
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
InitializeCriticalSectionEx
CreateDirectoryW
SizeofResource
FindNextFileW
GetCurrentProcess
WriteFile
TerminateProcess
GetModuleFileNameW
FindClose
CreateFileW
GetFileAttributesW
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
GetLastError
Process32NextW
LockResource
DeleteFileA
DeleteFileW
Process32FirstW
CloseHandle
LoadLibraryW
LoadResource
FindResourceW
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
lstrcmpW
GetCommandLineW
Sleep
WinExec
CreateMutexW
ReleaseMutex
CreateEventW
GetCurrentThreadId
VerSetConditionMask
InitializeCriticalSectionAndSpinCount
MulDiv
GetACP
GetCurrentDirectoryW
GetTickCount
FreeResource
ExitProcess
ReadFile
SetFilePointer
DuplicateHandle
SystemTimeToFileTime
GetFileType
DosDateTimeToFileTime
GetFileSize
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocalTime
GetTickCount64
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WTSGetActiveConsoleSessionId

shell32

SHGetFolderLocation
SHGetPathFromIDListW
ord155
ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleLockRunning
CLSIDFromString
CoUninitialize
CoInitialize
CLSIDFromProgID
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
VariantCopy
SysAllocString
SysFreeString
VariantInit

gdiplus

GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipFillRectangleI
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipMeasureString
GdipDrawString
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCloneStringFormat
GdiplusStartup
GdipDeleteStringFormat
GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipCloneImage
GdipStringFormatGetGenericTypographic

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

comctl32

ord17
_TrackMouseEvent

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4ca392f10e2f0b3862083f16e61e3c5

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

gdi32

ws2_32

wldap32

shlwapi

wininet

kernel32

shell32

ole32

oleaut32

gdiplus

imm32

comctl32

wtsapi32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 403KB - Virtual size: 403KB

.data Size: 50KB - Virtual size: 63KB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

.reloc Size: 78KB - Virtual size: 78KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 403KB - Virtual size: 403KB

.data
Size: 50KB - Virtual size: 63KB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

.reloc
Size: 78KB - Virtual size: 78KB