3504a65777596ed7179516f0732ee43effae9c90044813b670a1bd8211108308

Sharing

Copy URL Twitter E-mail

General

Target

3504a65777596ed7179516f0732ee43effae9c90044813b670a1bd8211108308
Size

2.3MB
MD5

6a472f508c655614c0e2b77b0ac1aeb7
SHA1

3c0552c27a3f07a380b98636d40284d4834cb0b2
SHA256

3504a65777596ed7179516f0732ee43effae9c90044813b670a1bd8211108308
SHA512

0e3f9d6e20abc4542d5054c153b30bffec9cdbfe704bd31cddb9792db9afc2d08cba2cf12f2a7c35c4b96381965b717ed9e2ce5957d02f9b22f80a46b0d25d6a
SSDEEP

49152:Ikq1RYqtjIReqU789Rt32peGAvaHlyt7cJAPoul28MJIeh:pq1CqtjyeH7Af2pFSaHlyt+A3l2fJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3504a65777596ed7179516f0732ee43effae9c90044813b670a1bd8211108308

Files

3504a65777596ed7179516f0732ee43effae9c90044813b670a1bd8211108308
.dll windows x86

4aaba900d175e84af0ec83c562a854f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetWindowPos
PostMessageW
TranslateMessage
DispatchMessageW
GetMessageW
ShowWindow
KillTimer
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
FindWindowW
SetTimer
wsprintfW
DefWindowProcW
CreateWindowExW
SetWindowLongW
IsWindow
GetWindow
EnableWindow
SendMessageW
SetFocus
GetWindowRect
GetParent
GetMonitorInfoW
PostQuitMessage
LoadImageW
GetSystemMetrics
LoadCursorW
RegisterClassW
GetClassInfoExW
RegisterClassExW
GetWindowLongW
CallWindowProcW
TrackMouseEvent
SetPropW
GetPropW
GetClientRect
OffsetRect
InflateRect
UnionRect
SetCursor
MoveWindow
IsIconic
IsZoomed
ScreenToClient
SetWindowRgn
GetKeyState
ReleaseDC
GetDC
GetCaretBlinkTime
SetCaretPos
CreateCaret
CreateAcceleratorTableW
InvalidateRgn
MapWindowPoints
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
CharPrevW
DestroyWindow
MonitorFromWindow
GetFocus
IntersectRect
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
UpdateLayeredWindow
InvalidateRect
GetCursorPos
SetRect
DrawTextW
SetCapture
ReleaseCapture
PtInRect
CharNextW
GetWindowRgn
ShowCaret
HideCaret
ClientToScreen
GetSysColor
GetCaretPos
FillRect

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

gdi32

TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
SetBkColor
SetTextColor
SetBkMode
GetObjectA
RoundRect
Rectangle
LineTo
MoveToEx
CreatePenIndirect
CreateSolidBrush
SetStretchBltMode
StretchBlt
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
CreateRoundRectRgn
SelectClipRgn
DeleteObject
GetDeviceCaps
GetObjectW
GetStockObject
CreateFontIndirectW
CreatePen
DeleteDC
PtInRegion
CreateRectRgn
GetTextMetricsW
BitBlt
CreateCompatibleBitmap
RestoreDC
SaveDC
SelectObject
CreateDIBSection
CreateCompatibleDC

kernel32

CreateEventW
GetStartupInfoW
IsDebuggerPresent
GetCPInfo
GetSystemTimeAsFileTime
GetStringTypeW
InitializeSListHead
RtlUnwind
EncodePointer
LeaveCriticalSection
EnterCriticalSection
lstrcpynW
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GlobalFree
SetConsoleCtrlHandler
GetConsoleCP
HeapFree
CompareStringW
LCMapStringW
WaitForSingleObjectEx
UnhandledExceptionFilter
GetUserDefaultUILanguage
HeapAlloc
SetFilePointerEx
GetConsoleMode
ReadConsoleW
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcessId
GetFileSizeEx
HeapReAlloc
QueryPerformanceCounter
FlushFileBuffers
GetConsoleOutputCP
SetStdHandle
SetConsoleMode
ReadConsoleInputW
HeapSize
FindClose
FindFirstFileExW
FindNextFileW
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
SetUnhandledExceptionFilter
WriteConsoleW
LoadLibraryA
GlobalMemoryStatus
GetStdHandle
lstrcpyW
LocalFree
FlushConsoleInputBuffer
OutputDebugStringW
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
ExitProcess
WideCharToMultiByte
GetModuleFileNameW
GetCurrentThreadId
CloseHandle
MultiByteToWideChar
GetACP
FindResourceW
LoadResource
FreeResource
SizeofResource
LockResource
LoadLibraryW
GetCurrentDirectoryW
GetProcAddress
GetModuleHandleW
GetTickCount
CreateFileW
GetFileSize
ReadFile
GetCurrentProcess
WriteFile
SetFilePointer
DuplicateHandle
SystemTimeToFileTime
GetFileType
DosDateTimeToFileTime
MulDiv
InitializeCriticalSectionAndSpinCount
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocalTime
GetLocaleInfoW
GetVersionExW
FreeLibrary

ole32

CoInitializeSecurity
CoSetProxyBlanket
CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitialize
OleLockRunning

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

gdiplus

GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipCloneImage
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipDrawString
GdipMeasureString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipFillRectangleI
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipImageGetFrameDimensionsCount

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

comctl32

_TrackMouseEvent
ord17

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

GetAdaptersInfo

Exports

Exports

ControlBindNSISScript
ExitNsis
FCAesEncryptString
FindControl
GetInstallBagParam
GetMacValue
GetOSVersion
GetTimeStamp
GetUUIDAndMacAndCPU
InitWnd
IsSimpleChinese
ParseCmdLine
ShowMainWnd
ShowMsgBox
StartProgress
StopProgress
nsDuiSendMessage

Sections

.text
Size: 876KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4aaba900d175e84af0ec83c562a854f8

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

gdi32

kernel32

ole32

oleaut32

gdiplus

imm32

comctl32

version

iphlpapi

Exports

Exports

Sections

.text Size: 876KB - Virtual size: 876KB

.rdata Size: 262KB - Virtual size: 261KB

.data Size: 11KB - Virtual size: 25KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 45KB - Virtual size: 44KB

.text
Size: 876KB - Virtual size: 876KB

.rdata
Size: 262KB - Virtual size: 261KB

.data
Size: 11KB - Virtual size: 25KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 45KB - Virtual size: 44KB