4cbd6375eb6a67c034b4023c839ddc77224c84c9884df77405c2756c660aad01

Sharing

Copy URL

Twitter E-mail

General

Target

4cbd6375eb6a67c034b4023c839ddc77224c84c9884df77405c2756c660aad01
Size

894KB
MD5

adcc1427d43adcd9b3352bd36a3371df
SHA1

fbd39ce1cbbe60651f509766f00827b3a472d78a
SHA256

4cbd6375eb6a67c034b4023c839ddc77224c84c9884df77405c2756c660aad01
SHA512

a626e69beadc260fbda9dfc83cf760a16a304271cf03e07ac9188c87bd329a70c29c6c48b7c1becd55462244dea961e6d8bafe1ac30c7fdb99debe70a6c8e7bb
SSDEEP

12288:CqNXZc+chl8vdLj6+E2KPNklz7OlJyn5ZlJm6I3IQqWRiTscQSdVTAYEk9MsjKE:hNXG+pPTlT5Z5khq8iT74k9M+J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cbd6375eb6a67c034b4023c839ddc77224c84c9884df77405c2756c660aad01

Files

4cbd6375eb6a67c034b4023c839ddc77224c84c9884df77405c2756c660aad01
.exe windows x86

bed157666afc76a8acd63c1aaed16f5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
TerminateProcess
GetWindowsDirectoryW
GetSystemDirectoryW
FileTimeToSystemTime
VirtualFree
VirtualAlloc
InterlockedCompareExchange
FormatMessageW
GetFileSizeEx
ReleaseMutex
FlushFileBuffers
CreateFileA
InterlockedIncrement
OutputDebugStringW
InterlockedDecrement
GetDiskFreeSpaceExW
GetExitCodeThread
SleepEx
DuplicateHandle
TerminateThread
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetCurrentDirectoryA
GetFullPathNameA
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CreateMutexW
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
Process32FirstW
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetStdHandle
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapCreate
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
GetStartupInfoW
ExitProcess
GetModuleHandleA
GetSystemTimeAsFileTime
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
ProcessIdToSessionId
GetCommandLineW
CopyFileW
GetVersionExW
GetModuleHandleW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
FreeResource
GetModuleFileNameW
InterlockedExchange
GetPrivateProfileIntW
GetPrivateProfileStringW
FreeLibrary
GetProcAddress
LoadLibraryW
OpenProcess
RemoveDirectoryW
FindNextFileW
GetModuleFileNameA
WaitForMultipleObjects
SetFilePointer
SetEndOfFile
ResetEvent
SetEvent
CreateThread
CreateEventW
GetCurrentProcessId
ExpandEnvironmentStringsW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
CreateProcessW
MoveFileExW
SetFileAttributesW
QueryDosDeviceW
GetLogicalDriveStringsW
CreateDirectoryW
GetFileAttributesW
WaitForSingleObject
MoveFileW
DeleteFileW
Sleep
GetLocalTime
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
FlushInstructionCache
GetStartupInfoA
GetCurrentThreadId
GetCurrentProcess
GetFileSize
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
LoadResource
LockResource
SizeofResource
FindFirstFileW
FindResourceW
MultiByteToWideChar
GetLastError
WideCharToMultiByte
WriteFile
lstrlenW
lstrlenA
CloseHandle
ReadFile
CreateFileW
FindClose

user32

GetDC
FindWindowW
CallWindowProcW
DrawIconEx
EndPaint
BeginPaint
GetFocus
IsChild
IsDialogMessageW
SetFocus
GetNextDlgTabItem
MonitorFromWindow
GetMonitorInfoW
GetCursorPos
DrawFrameControl
DrawTextW
ScreenToClient
ReleaseDC
CreateWindowExW
GetDesktopWindow
DefWindowProcW
LoadCursorW
RegisterClassExW
LoadBitmapW
LoadImageW
IsWindow
GetWindowRect
SendMessageW
SetWindowPos
GetParent
GetWindowLongW
DestroyWindow
MoveWindow
InflateRect
IsWindowEnabled
RegisterWindowMessageW
FindWindowExW
GetClientRect
CopyRect
SendMessageTimeoutW
PostMessageW
GetClassInfoExW
GetActiveWindow
EnableWindow
GetWindowThreadProcessId
GetForegroundWindow
SystemParametersInfoW
AttachThreadInput
SetForegroundWindow
SetActiveWindow
GetWindow
MapWindowPoints
SetWindowLongW
BringWindowToTop
ExitWindowsEx
DispatchMessageW
PostThreadMessageW
PeekMessageW
TranslateMessage
GetMessageW
UpdateLayeredWindow
SetRectEmpty
SetCursor
PtInRect
SetRect
GetDlgCtrlID
ShowWindow
EqualRect
IsWindowVisible
GetDlgItem
DestroyIcon
ClientToScreen
SetCapture
ReleaseCapture
LoadIconW
SetTimer
KillTimer
IsRectEmpty
IntersectRect
OffsetRect
InvalidateRect
UnregisterClassA

gdi32

OffsetRgn
CreateRectRgnIndirect
GetTextExtentPoint32W
TextOutW
RoundRect
ExtSelectClipRgn
GetClipRgn
SetViewportOrgEx
GetViewportOrgEx
GetTextColor
GetCurrentObject
SetBkMode
LineTo
MoveToEx
CombineRgn
CreateFontIndirectW
Rectangle
SetStretchBltMode
RectInRegion
SaveDC
SelectClipRgn
CreatePen
SetTextColor
CreateBitmap
CreateCompatibleBitmap
CreateDIBSection
CreateRectRgn
StretchBlt
BitBlt
DeleteDC
ExtTextOutW
SetBkColor
SelectObject
CreateCompatibleDC
GetStockObject
GetObjectW
DeleteObject
GetDeviceCaps
RestoreDC
CreateRoundRectRgn

advapi32

InitializeSecurityDescriptor
RegOpenKeyW
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RevertToSelf
ImpersonateLoggedOnUser
RegOpenCurrentUser

shell32

ord680
ShellExecuteW

ole32

CreateStreamOnHGlobal

shlwapi

StrToIntW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW
StrToIntA
PathAppendW
PathAddBackslashW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipGetFontSize
GdipGetFamily
GdipDeleteFont
GdipCreateFont
GdipCreateFontFromLogfontW
GdipPrivateAddFontFile
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipCloneFontFamily
GdipFillRectangleI
GdipGetFontCollectionFamilyCount
GdipSetClipPath
GdipDrawImageI
GdipFillRectangle
GdipDrawPath
GdipMeasureString
GdipDrawString
GdipFillPath
GdipDrawRectangleI
GdipDrawLinesI
GdipDrawLine
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipAddPathStringI
GdipAddPathPieI
GdipAddPathRectangleI
GdipAddPathArcI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetPenDashStyle
GdipSetPenMode
GdipSetPenEndCap
GdipSetPenStartCap
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRectWithAngleI
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdiplusShutdown
GdiplusStartup
GdipCloneBitmapArea
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipImageRotateFlip
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipDeleteFontFamily
GdipDrawImagePointsRectI
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDrawImageRectI
GdipGraphicsClear
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDisposeImage
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipGetFontCollectionFamilyList

ws2_32

connect
getsockname
setsockopt
ioctlsocket
select
__WSAFDIsSet
WSASetLastError
WSAStartup
socket
closesocket
gethostbyname
WSACleanup
inet_ntoa
WSAGetLastError
recv
send
getsockopt
ntohs
bind
htons

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 604KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bed157666afc76a8acd63c1aaed16f5e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

msimg32

gdiplus

ws2_32

version

Sections

.text Size: 604KB - Virtual size: 601KB

.rdata Size: 148KB - Virtual size: 144KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 104KB - Virtual size: 104KB

.text
Size: 604KB - Virtual size: 601KB

.rdata
Size: 148KB - Virtual size: 144KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 104KB - Virtual size: 104KB