8c2b8623f34984f90e6d5c0f52b1783195cab84d81d15a03eb77e5a5a02ef75e

Sharing

Copy URL Twitter E-mail

General

Target

8c2b8623f34984f90e6d5c0f52b1783195cab84d81d15a03eb77e5a5a02ef75e
Size

5.2MB
MD5

8f21ed227ccd97bf9121c4b312c7eb94
SHA1

927365b101c921f8ce3607b2c1272a2d72148f45
SHA256

8c2b8623f34984f90e6d5c0f52b1783195cab84d81d15a03eb77e5a5a02ef75e
SHA512

55bfd1b0adf4ba1dc46f419ecbb02f216f432a7f1780bee381e2edc1f05346a7cb5e61ed30438fd0113e603aa6b9f754451e74a2edd05516e581682e85abddb9
SSDEEP

98304:UP9mUD/yNMFMJqiKHpof1qYzhNccTpdhWAxXGKKdRae2uZw8SOUY9zZf:UP8UZMupofsYdT/hW/nRwY9zB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c2b8623f34984f90e6d5c0f52b1783195cab84d81d15a03eb77e5a5a02ef75e

Files

8c2b8623f34984f90e6d5c0f52b1783195cab84d81d15a03eb77e5a5a02ef75e
.exe windows x86

5804c208060a232156913f2629686c21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord143
ord50
ord26
ord30
ord200
ord32
ord217
ord79
ord33
ord301
ord27
ord41
ord46
ord211
ord22
ord35
ord60

kernel32

GetLocaleInfoW
FileTimeToLocalFileTime
SetFileTime
GetCurrentDirectoryW
RtlUnwind
RaiseException
ExitThread
SetConsoleCtrlHandler
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
HeapReAlloc
HeapSize
ExitProcess
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetSystemDirectoryA
QueryPerformanceFrequency
VerifyVersionInfoA
CompareFileTime
GetEnvironmentVariableA
PeekNamedPipe
MoveFileExA
FlushFileBuffers
GetConsoleScreenBufferInfo
SetFilePointer
ReadFile
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
SystemTimeToFileTime
FileTimeToSystemTime
lstrlenA
lstrcmpA
CompareStringW
ResumeThread
SetThreadPriority
GetCurrentDirectoryA
GetFullPathNameA
DeleteFileA
SetConsoleMode
ReadConsoleInputA
GetFileInformationByHandle
GetFileAttributesA
FindFirstFileA
GetDriveTypeA
TryEnterCriticalSection
CreateMutexW
GetDiskFreeSpaceExW
RemoveDirectoryW
CreateHardLinkW
MoveFileExW
GetFileAttributesExW
GetComputerNameA
GetLogicalDriveStringsW
ExpandEnvironmentStringsW
GetLongPathNameW
DosDateTimeToFileTime
GetLocalTime
FormatMessageA
OpenEventA
CreateWaitableTimerA
ResetEvent
GetSystemTime
GlobalMemoryStatus
GetVersion
FlushConsoleInputBuffer
SetConsoleTextAttribute
CreatePipe
GetExitCodeThread
GetConsoleWindow
GetExitCodeProcess
SetEndOfFile
FormatMessageW
MulDiv
lstrlenW
LockResource
GlobalFree
LocalReAlloc
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
CompareStringA
GetFileSize
DuplicateHandle
CreateEventA
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
FreeResource
SizeofResource
LoadResource
FindResourceW
TlsFree
CloseHandle
GetLastError
CreateMutexA
PostQueuedCompletionStatus
WaitForSingleObject
GetPrivateProfileStringA
TlsAlloc
InterlockedExchangeAdd
SetEvent
SetFileAttributesW
GetFileAttributesW
FindClose
CopyFileW
DeleteFileW
FindNextFileW
FindFirstFileW
lstrcpyW
GetModuleHandleW
Sleep
HeapFree
GetProcessHeap
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
LocalFree
LocalAlloc
MoveFileW
GetModuleHandleA
ReleaseMutex
WritePrivateProfileStringA
LoadLibraryW
FreeLibrary
CreateProcessW
CreateFileA
DeviceIoControl
GetEnvironmentVariableW
InitializeCriticalSection
GetTempPathW
CreateDirectoryW
GetPrivateProfileIntW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
OpenMutexA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateWaitableTimerW
SetLastError
GetQueuedCompletionStatus
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SetWaitableTimer
TlsSetValue
TlsGetValue
InterlockedCompareExchange
VerSetConditionMask
VerifyVersionInfoW
CreateIoCompletionPort
SleepEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetSystemTimeAsFileTime
ReleaseSemaphore
CreateSemaphoreA
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CreateThread
GetProcAddress
GetSystemInfo
GetProcessTimes
CreateEventW
GetTickCount
CreateFileW
WriteFile
GetSystemDirectoryW
HeapAlloc
CreateToolhelp32Snapshot

user32

GetProcessWindowStation
GetUserObjectInformationW
GetSubMenu
GetMenuItemCount
SetCursor
InvalidateRect
EndPaint
BeginPaint
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
ClientToScreen
ShowWindow
ReleaseCapture
SetRect
GetMenuItemID
GetMenuState
ValidateRect
PeekMessageW
GetKeyState
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
GetSysColorBrush
GetSysColor
wsprintfW
MoveWindow
SystemParametersInfoW
SetWindowLongW
GetWindowLongW
SetWindowTextW
RegisterWindowMessageW
WinHelpW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
CopyRect
PtInRect
GetDlgCtrlID
IsRectEmpty
UnionRect
SetWindowsHookExW
AppendMenuW
CreatePopupMenu
LoadIconW
DestroyMenu
MessageBoxW
TrackPopupMenu
SetForegroundWindow
GetCursorPos
PostMessageW
SendMessageW
KillTimer
SetTimer
UpdateWindow
PostQuitMessage
UnhookWindowsHookEx
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetParent
GetWindowThreadProcessId
FindWindowW
CreateAcceleratorTableW
InvalidateRgn
GetCaretPos
HideCaret
ShowCaret
CharPrevW
GetWindowRgn
CharNextW
UpdateLayeredWindow
GetUpdateRect
ReleaseDC
GetCaretBlinkTime
SetCaretPos
CreateCaret
SetWindowRgn
MonitorFromPoint
IsZoomed
DefWindowProcW
CallWindowProcW
GetMenu
RegisterClassExW
SetCapture
GetCapture
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
MessageBoxA

gdi32

GetTextExtentPoint32W
ExtTextOutW
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
GetStockObject
CreateSolidBrush
SaveDC
CreateRectRgnIndirect
CombineRgn
GetTextMetricsW
RestoreDC
SetBkMode
SelectClipRgn
CreateRectRgn
PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetStretchBltMode
SetMapMode
CreateCompatibleBitmap
GetObjectA
CreateRoundRectRgn
CreateDIBSection
PtInRegion
StretchBlt
GetCharABCWidthsW
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
BitBlt
ExtSelectClipRgn
DeleteDC
CreatePen

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

CryptSetHashParam
OpenSCManagerW
CryptDecrypt
ReportEventW
RegisterEventSourceW
CryptGenRandom
CryptCreateHash
CryptSignHashA
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextA
CryptGetProvParam
CryptDestroyKey
CryptReleaseContext
CryptEnumProvidersA
RegisterEventSourceA
OpenServiceW
ReportEventA
DeregisterEventSource
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueW
RegQueryValueExW
RegCloseKey
StartServiceW
DeleteService
CreateServiceW
CloseServiceHandle

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
Shell_NotifyIconW

ole32

OleLockRunning
CLSIDFromString
CreateStreamOnHGlobal
CoCreateGuid
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID

oleaut32

VariantClear
VariantChangeType
SysFreeString
SysAllocString
VariantInit

iphlpapi

GetExtendedTcpTable
GetAdaptersInfo

crypt32

CertOpenStore
CertGetCertificateContextProperty
CertOpenSystemStoreA
CertFindCertificateInStore
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext

shlwapi

wnsprintfW

ws2_32

recvfrom
getnameinfo
inet_addr
gethostbyname
gethostname
WSACreateEvent
WSAEventSelect
WSACloseEvent
WSAEnumNetworkEvents
sendto
socket
getpeername
recv
send
__WSAFDIsSet
WSAIoctl
getsockname
getsockopt
connect
accept
getaddrinfo
listen
freeaddrinfo
WSARecv
select
shutdown
ntohs
closesocket
ioctlsocket
WSASocketW
WSASend
setsockopt
bind
WSAGetLastError
htons
htonl
ntohl
WSASetLastError
WSACleanup
WSAStartup
getservbyname

mswsock

AcceptEx
GetAcceptExSockaddrs

gdiplus

GdipDrawRectangleI
GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipCloneImage
GdiplusStartup
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipDrawLineI
GdipSetPenMode
GdipCreateFontFromDC
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipDrawPath
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem

dbghelp

MiniDumpWriteDump

oleacc

CreateStdAccessibleObject
LresultFromObject

comctl32

ord17
_TrackMouseEvent

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 776KB - Virtual size: 775KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 618KB - Virtual size: 617KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5804c208060a232156913f2629686c21

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

iphlpapi

crypt32

shlwapi

ws2_32

mswsock

gdiplus

dbghelp

oleacc

comctl32

imm32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 776KB - Virtual size: 775KB

.data Size: 98KB - Virtual size: 137KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 618KB - Virtual size: 617KB

.reloc Size: 215KB - Virtual size: 214KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 776KB - Virtual size: 775KB

.data
Size: 98KB - Virtual size: 137KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 618KB - Virtual size: 617KB

.reloc
Size: 215KB - Virtual size: 214KB