cd9aa84f676a8586efbc34bde5b83913a0093346ac0a93be5a3218e6be4d4575

Sharing

Copy URL Twitter E-mail

General

Target

cd9aa84f676a8586efbc34bde5b83913a0093346ac0a93be5a3218e6be4d4575
Size

2.1MB
MD5

5bf27491f8d82eb02559495d30801e10
SHA1

e3ff2b7ae57b20a945f8267d6f31e75c191de074
SHA256

cd9aa84f676a8586efbc34bde5b83913a0093346ac0a93be5a3218e6be4d4575
SHA512

845f53d71fcbba1eb70246cb68fb1ce5406a2d065392c141df765ae53770f944e068f2f8990d31c01c97ad41a866065facfb30ea31a984d60e34960c2b58fc95
SSDEEP

24576:p0LjWjIbnZfTXJHdcCnwJT+8rSSVFLL2aVnLqf7qfDPiVOTFHfoxI4eugAgsO3/1:p0LjVnZr89gBfARIL9xHzvVtwk0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd9aa84f676a8586efbc34bde5b83913a0093346ac0a93be5a3218e6be4d4575

Files

cd9aa84f676a8586efbc34bde5b83913a0093346ac0a93be5a3218e6be4d4575
.exe windows x86

ad43998fb8402447a285c79c388ec294

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRenameExtensionA
PathFindFileNameA
PathFindExtensionA
PathMakeSystemFolderA
PathIsDirectoryEmptyA
PathIsDirectoryA
StrToInt64ExA
PathFileExistsA
PathUnmakeSystemFolderA
PathRemoveBlanksA
PathIsSystemFolderA
StrFormatByteSize64A

kernel32

HeapFree
HeapAlloc
VirtualProtectEx
GetStartupInfoA
WriteFile
InterlockedIncrement
GetDriveTypeA
DeviceIoControl
GetLogicalDriveStringsA
GetExitCodeThread
CreateRemoteThread
CreateFileA
MapViewOfFile
IsDebuggerPresent
RtlFillMemory
TerminateThread
DebugActiveProcess
GlobalReAlloc
CopyFileA
VirtualQueryEx
InterlockedDecrement
_lclose
GlobalLock
MoveFileA
LoadLibraryA
VirtualAlloc
lstrcpynA
VirtualFree
ResumeThread
SuspendThread
EnterCriticalSection
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
GlobalDeleteAtom
lstrcmpA
lstrcpyA
OpenThread
LeaveCriticalSection
GlobalFree
FlushFileBuffers
Thread32First
GetLongPathNameA
GetCurrentProcess
VirtualFreeEx
WaitForSingleObject
GetProcAddress
VirtualAllocEx
QueryDosDeviceA
SetEndOfFile
ExitProcess
InitializeCriticalSection
LCMapStringA
GlobalAlloc
GetUserDefaultLCID
GetModuleFileNameA
GetFileSize
FreeLibrary
SetFileAttributesA
GetEnvironmentVariableA
RemoveDirectoryA
CreateDirectoryA
GetCommandLineA
WritePrivateProfileStringA
GetVersionExA
DeleteCriticalSection
CreatePipe
CreateThread
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
OpenProcess
GetTempPathA
GetWindowsDirectoryA
SetProcessWorkingSetSize
RtlMoveMemory
CloseHandle
Process32Next
Process32First
SetFilePointer
Thread32Next
GetModuleHandleA
GetCurrentThread
GetTimeFormatA
GetDateFormatA
WriteProcessMemory
GetProcessHeap
lstrcpyn
DeleteFileA
ReadProcessMemory
IsDBCSLeadByteEx
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GetCurrentProcessId
RtlZeroMemory
GlobalUnlock
Sleep
lstrlenA
LocalFree
LocalAlloc
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
Module32Next
Module32First
CreateEventA
OpenEventA
VirtualProtect
SetWaitableTimer
CreateToolhelp32Snapshot
HeapReAlloc
GetTickCount
FlushInstructionCache
CreateProcessA
lstrcmpiA
IsBadReadPtr
FindClose
FindFirstFileA
FindNextFileA
GlobalFindAtomA
GetLocalTime
GetPrivateProfileStringA
SetLastError
PeekNamedPipe
ReadFile
GlobalFlags
MulDiv
GetVersion
GetExitCodeProcess
CreateWaitableTimerA
GetLastError
GetCommandLineA
GetTickCount
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
MulDiv
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
TerminateProcess
RaiseException
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
GetFileAttributesA
WaitForSingleObject
CloseHandle
SuspendThread
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
WideCharToMultiByte
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapReAlloc
ReleaseSemaphore
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
GetModuleFileNameA
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ResumeThread
CreateSemaphoreA
CreateMutexA
ReleaseMutex
TerminateThread

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesA

advapi32

CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LookupAccountSidA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
GetUserNameA
CryptDecrypt
SetSecurityInfo
InitializeAcl
CryptDestroyKey
CryptEncrypt
RegDeleteKeyA
CryptDeriveKey
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

user32

EnableMenuItem
EnableWindow
GetDlgItem
ClipCursor
SendMessageTimeoutA
CharUpperA
GetWindowInfo
OpenIcon
GetDesktopWindow
GetKeyState
CharLowerA
BlockInput
PostQuitMessage
SendMessageA
SetCursor
IsWindowEnabled
GetLastActivePopup
ValidateRect
GetActiveWindow
GetNextDlgTabItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
SetWindowLongA
UnregisterClassA
PtInRect
GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
GetDC
TabbedTextOutA
DrawTextA
GrayStringA
SendDlgItemMessageA
IsDialogMessageA
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
RedrawWindow
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
IsWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
SwapMouseButton
ChangeDisplaySettingsA
RegisterHotKey
GetWindow
ShowCursor
SetWindowRgn
GetFocus
GetParent
ReleaseCapture
ExitWindowsEx
EnumChildWindows
LockWorkStation
CallNextHookEx
SetWindowsHookExA
FindWindowA
MoveWindow
GetWindowRect
EnumDisplaySettingsA
EnumWindows
SetCursorPos
ClientToScreen
mouse_event
keybd_event
UnregisterHotKey
CallWindowProcA
GetAsyncKeyState
DispatchMessageA
TranslateMessage
PeekMessageA
ReleaseDC
SetActiveWindow
MessageBoxA
wsprintfA
GetMessageA
GetCursorPos
GetSystemMetrics
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
PostMessageA
LoadCursorFromFileA
SetClassLongA
UnhookWindowsHookEx
GetWindowLongA
SetLayeredWindowAttributes
GetWindowThreadProcessId
SetWindowPos
SetForegroundWindow
ShowWindow
GetClassNameA
GetWindowTextA
IsWindowVisible
MsgWaitForMultipleObjects
SetCapture
GetKeyboardState
SetTimer
CreateWindowExA
AttachThreadInput
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
SystemParametersInfoA
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
UnregisterClassA
DrawFrameControl
TranslateMessage
LoadIconA
GetTopWindow

shell32

SHFileOperationA
SHBrowseForFolderA
ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderPathA
SHGetPathFromIDListA
Shell_NotifyIconA
ShellExecuteA

wininet

InternetTimeToSystemTime
InternetTimeFromSystemTime
InternetReadFile
HttpQueryInfoA
InternetGetCookieA
InternetOpenA
InternetSetCookieA
InternetGetCookieExA
InternetOpenUrlA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
HttpSendRequestA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ole32

OleInitialize
OleUninitialize
CLSIDFromString
OleFlushClipboard
CoRevokeClassObject
OleIsCurrentClipboard
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
OleUninitialize

oleaut32

SafeArrayAllocDescriptor
SafeArrayAllocData
VariantClear
VariantInit
VariantCopy
VariantChangeType
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SafeArrayGetDim
SafeArrayGetLBound
SysAllocString
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SafeArrayDestroy
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi

dbghelp

MakeSureDirectoryPathExists

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

psapi

EnumProcesses
GetModuleFileNameExA
GetProcessMemoryInfo
GetProcessImageFileNameA

gdi32

SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkColor
DeleteObject
CreateFontIndirectA
SelectObject
SetBkMode
SetTextColor
TextOutA
ScaleWindowExtEx
PtVisible
GetStockObject
RestoreDC
SaveDC
CreateRoundRectRgn
DeleteDC
CreateBitmap
RectVisible
GetDeviceCaps
GetClipBox
ExtTextOutA
Escape
GetObjectA
CreateEllipticRgn
CreateRoundRectRgn
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
CreateBitmap
SelectObject
GetObjectA
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
SetTextColor
GetStockObject

iphlpapi

IcmpCreateFile
GetNetworkParams
IcmpCloseHandle

winmm

mciSendStringA
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutRestart

powrprof

SetSuspendState

winhttp

WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime

ws2_32

WSAStartup
WSACleanup
inet_addr
gethostname
gethostbyname
recv
ioctlsocket
recvfrom
WSAAsyncSelect
closesocket
WSACleanup
inet_ntoa
getpeername
accept
ntohl

setupapi

SetupDiEnumDeviceInterfaces
CM_Request_Device_EjectW
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA

comdlg32

ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA
ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17
ImageList_Destroy
ord17

oledlg

ord8

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 524KB - Virtual size: 666KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad43998fb8402447a285c79c388ec294

Headers

File Characteristics

Imports

shlwapi

kernel32

wtsapi32

advapi32

user32

shell32

wininet

version

ole32

oleaut32

dbghelp

crypt32

psapi

gdi32

iphlpapi

winmm

powrprof

winhttp

ws2_32

setupapi

comdlg32

winspool.drv

comctl32

oledlg

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 156KB - Virtual size: 153KB

.data Size: 524KB - Virtual size: 666KB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 156KB - Virtual size: 153KB

.data
Size: 524KB - Virtual size: 666KB

.rsrc
Size: 24KB - Virtual size: 21KB