8be9af5790544dc8c252dd73e3d7cce89e6c53c3cba25429dd582de09a32fbb1

Sharing

Copy URL Twitter E-mail

General

Target

8be9af5790544dc8c252dd73e3d7cce89e6c53c3cba25429dd582de09a32fbb1
Size

784KB
MD5

35c5db232a53f609dd4b8cb265cd35dc
SHA1

3771237d824d99bfeb4167e842441231ba1f84f1
SHA256

8be9af5790544dc8c252dd73e3d7cce89e6c53c3cba25429dd582de09a32fbb1
SHA512

05bb707c9cd8f99c5c51bb4685b834a02587ebbbde82b6678d229a453ef13385c8dcdaaa1ce256c738a1ddbfae57a60a9cc3db08a30cded1c22dae6a1299ff4d
SSDEEP

12288:X26uN1kHMiwhMp16RGs3SGHmrqKbPfcstlam6z2v6kMjablL/b6rezXMUpZw2CKX:GVDiEMT6RaGGrqgfc9m6zk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8be9af5790544dc8c252dd73e3d7cce89e6c53c3cba25429dd582de09a32fbb1

Files

8be9af5790544dc8c252dd73e3d7cce89e6c53c3cba25429dd582de09a32fbb1
.exe windows x86

658fb4b368b55015bab5ac1c3afb9ef0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetTickCount
GenerateConsoleCtrlEvent
FlushFileBuffers
GetExitCodeProcess
SetFilePointer
CreateDirectoryA
GlobalHandle
ExpandEnvironmentStringsA
GetTimeFormatA
GetFinalPathNameByHandleA
GetUserDefaultLCID
GetDateFormatA
GetLocaleInfoA
LocalFree
WideCharToMultiByte
FormatMessageA
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPriorityClass
AddVectoredExceptionHandler
GetCurrentProcessId
GetCurrentThread
lstrlenA
RaiseException
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
HeapAlloc
DeleteProcThreadAttributeList
CreateThread
ReleaseSRWLockExclusive
UpdateProcThreadAttribute
Sleep
DuplicateHandle
ResumeThread
WaitForSingleObject
PeekNamedPipe
CreatePipe
SetThreadPriority
InitializeProcThreadAttributeList
TerminateProcess
TryAcquireSRWLockExclusive
GetStdHandle
HeapFree
CreateNamedPipeA
SetHandleInformation
DebugBreak
GetTempFileNameA
GetLongPathNameA
DeleteCriticalSection
DecodePointer
GetTempPathA
MultiByteToWideChar
GetProcessHeap
SetCurrentDirectoryA
GetCurrentDirectoryA
FindClose
InitializeCriticalSectionEx
OpenFile
GetFullPathNameA
FindNextFileA
FindFirstFileA
GetFileAttributesExA
CompareFileTime
ReadFile
VerifyVersionInfoW
VerSetConditionMask
GetLocalTime
GetLastError
CompareStringA
GetDiskFreeSpaceA
OpenProcess
GetVolumeInformationA
GetDriveTypeA
GetCurrentProcess
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryExW
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
LoadResource
CloseHandle
GlobalFree
GetEnvironmentVariableA
GlobalAlloc
LockResource
CreateFileA
FreeResource
GetModuleHandleA
FindResourceA
WriteFile
SizeofResource
MulDiv
GlobalUnlock
GlobalLock
SetUnhandledExceptionFilter
GetCurrentThreadId
SetErrorMode
GetLogicalDrives
SetEnvironmentVariableA
WritePrivateProfileSectionA

user32

EnumChildWindows
HideCaret
ScreenToClient
GetClassNameA
SetCaretPos
BeginDeferWindowPos
SetTimer
DdeConnect
DdeGetLastError
DdeCreateStringHandleA
ClientToScreen
CreateCaret
MapWindowPoints
GetWindowLongA
LoadBitmapA
DdeUninitialize
DdeClientTransaction
DestroyCaret
EndDeferWindowPos
LoadIconA
ShowCaret
KillTimer
DdeDisconnect
DdeInitializeA
DdeFreeStringHandle
GetCursorPos
SendInput
TabbedTextOutW
GetDC
FillRect
DrawIcon
DrawTextA
FrameRect
TabbedTextOutA
DrawTextW
GetMenuItemCount
ReleaseDC
UnregisterClassA
EndPaint
GetWindowThreadProcessId
GetMessageW
DispatchMessageA
LoadCursorA
SetWindowPos
keybd_event
SetActiveWindow
PostMessageA
CallNextHookEx
WaitMessage
GetKeyboardState
TranslateAcceleratorA
GetWindowTextA
LoadAcceleratorsA
AttachThreadInput
GetForegroundWindow
UnhookWindowsHookEx
TranslateMessage
SetCapture
SetCursor
PeekMessageA
ReleaseCapture
IsIconic
wsprintfA
CallWindowProcA
DrawFocusRect
GetSysColor
SendDlgItemMessageA
GetCaretPos
GetMessageA
OpenClipboard
CloseClipboard
GetKeyboardLayout
IsCharAlphaNumericA
GetClipboardData
EnableWindow
UpdateWindow
DrawMenuBar
SendMessageA
IsClipboardFormatAvailable
DrawEdge
SetFocus
IsDialogMessageA
IsWindow
GetFocus
LoadStringA
MessageBeep
CharUpperBuffA
CharToOemA
OemToCharA
CharUpperA
CharLowerA
GetMessagePos
RemovePropA
SetPropA
GetCapture
GetPropA
PtInRect
GetAsyncKeyState
TrackMouseEvent
GetMenuItemRect
MenuItemFromPoint
GetMenuItemInfoW
GetMenuBarInfo
GetWindowDC
GetSystemMetrics
GetWindowPlacement
OffsetRect
IntersectRect
SystemParametersInfoA
GetMessageTime
LoadMenuA
GetMenuItemID
InsertMenuA
LoadImageA
DeleteMenu
CreatePopupMenu
TrackPopupMenu
GetSubMenu
SetMenuItemInfoA
SetMenu
DestroyMenu
AppendMenuA
RemoveMenu
CheckMenuItem
EnableMenuItem
GetMenuItemInfoA
GetMenuStringA
CreateMenu
ModifyMenuA
PostQuitMessage
GetClassInfoExA
DestroyIcon
BringWindowToTop
SetClassLongA
RegisterClassExA
ChildWindowFromPoint
SetWindowsHookExA
AdjustWindowRectEx
GetWindowRect
ShowWindow
GetDlgItemTextA
RedrawWindow
PostThreadMessageA
SetWindowPlacement
ValidateRect
SetParent
GetClientRect
IsZoomed
GetWindowTextLengthA
InvalidateRect
DeferWindowPos
GetKeyState
BeginPaint
DragDetect
CreateWindowExA
DefWindowProcA
MessageBoxA
SetWindowLongA
RegisterWindowMessageA
SetForegroundWindow
CreateDialogParamA
IsWindowEnabled
SetWindowTextA
DialogBoxParamA
EndDialog
IsWindowVisible
DestroyWindow
GetParent
GetDlgItem
SetDlgItemTextA

gdi32

PatBlt
CreateCompatibleDC
GetTextExtentPoint32A
ExtTextOutA
SaveDC
BitBlt
GetBkColor
GetObjectA
CombineRgn
CreateBitmap
StretchBlt
CreateRectRgn
GetDIBits
GetStockObject
SelectObject
CreateCompatibleBitmap
GetClipBox
GetDCOrgEx
CreateFontIndirectA
SetBrushOrgEx
Polyline
GetWindowOrgEx
PaintRgn
SetWindowOrgEx
GetDeviceCaps
DeleteDC
TextOutW
GetTextExtentPoint32W
SetTextColor
TextOutA
Rectangle
SelectClipRgn
GetTextColor
ExcludeClipRect
MoveToEx
SetBkColor
Ellipse
SetStretchBltMode
RestoreDC
CreateDCA
GetTextMetricsA
RoundRect
SetBkMode
ExtCreatePen
EnumFontFamiliesA
DeleteObject
SetDIBits
LineTo
CreateSolidBrush

comdlg32

ChooseFontA
ChooseColorA
PrintDlgA

advapi32

RegQueryValueExA
MapGenericMask
DuplicateToken
OpenProcessToken
AccessCheck
GetFileSecurityA
RegEnumValueA
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
RegDeleteKeyA
GetUserNameA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetFileInfoA
SHBrowseForFolderA
ShellExecuteExA
SHGetSpecialFolderPathA
SHGetPathFromIDListA
ShellExecuteA

ole32

CoCreateInstance
OleUninitialize
OleInitialize

shlwapi

UrlCreateFromPathA

uxtheme

SetWindowTheme
DrawThemeTextEx
OpenThemeData

msvcp140

?bad@ios_base@std@@QBE_NXZ
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?gcount@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QBE_JXZ
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?eof@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z

vcruntime140

memcpy
_CxxThrowException
__std_type_info_destroy_list
memmove
__current_exception_context
memset
strstr
__CxxFrameHandler3
__std_terminate
_purecall
__current_exception
_except_handler4_common
strrchr
strchr
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_controlfp_s
terminate
__p___argc
_set_invalid_parameter_handler
_seh_filter_dll
_configure_narrow_argv
_invalid_parameter_noinfo
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
_errno
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_initialize_narrow_environment
_c_exit
_register_thread_local_exe_atexit_callback
__p___argv

api-ms-win-crt-convert-l1-1-0

_ecvt_s
strtol
_itoa
atoi
wcstombs
strtod
strtoul
mbstowcs

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsprintf_s
getc
fopen
fclose
fwrite
__stdio_common_vsprintf
_getcwd
fopen_s
_write
__stdio_common_vsnprintf_s
_wfopen_s
ferror
_ftelli64
fputc
fflush
fgetc
fgetpos
setvbuf
ungetc
fsetpos
fread
_fseeki64
_get_stream_buffer_pointers
_set_fmode

api-ms-win-crt-string-l1-1-0

islower
_stricmp
strncmp
strncpy
isdigit
isalnum
strncpy_s
toupper
_strnicmp
_strdup
_strrev
strpbrk
tolower
_memicmp
isxdigit
isalpha
isupper

api-ms-win-crt-utility-l1-1-0

srand
qsort

api-ms-win-crt-time-l1-1-0

_ctime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_stat64i32
remove
_chdir
_chmod
_lock_file
_chdrive

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc
_recalloc

api-ms-win-crt-math-l1-1-0

_isnan
__setusermatherr
_except1
_finite
floor
ceil
_CIfmod

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Draw
ImageList_Destroy
ImageList_GetIcon
ImageList_DrawEx
InitCommonControlsEx

Sections

.text
Size: 643KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

658fb4b368b55015bab5ac1c3afb9ef0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

uxtheme

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

comctl32

Sections

.text Size: 643KB - Virtual size: 643KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 643KB - Virtual size: 643KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 4KB