43c21d7d78156bf6b30316b5ad617cf3fe9f380626f240ca0452a64b33e0a355

Sharing

Copy URL Twitter E-mail

General

Target

43c21d7d78156bf6b30316b5ad617cf3fe9f380626f240ca0452a64b33e0a355
Size

4.7MB
MD5

70cfaa8448faa7088425b1dce561334a
SHA1

bacb235ff1be414ab4090c106971b511b1c3f558
SHA256

43c21d7d78156bf6b30316b5ad617cf3fe9f380626f240ca0452a64b33e0a355
SHA512

4e1c084e38fd24ab8d86a0048fbffb76a81183d86aea65dfe929d76236089651e289a72953488e37c8759bd649380fa48990a3357dd6ddc9c44c94ac5920364b
SSDEEP

49152:iasxp+eEJUD7LLWf5UKKNaptk1SIcYWp2dWKd3mMuKKLciRfwj6jn34:caJUD73y5KwTISIWp7v54ihw/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43c21d7d78156bf6b30316b5ad617cf3fe9f380626f240ca0452a64b33e0a355

Files

43c21d7d78156bf6b30316b5ad617cf3fe9f380626f240ca0452a64b33e0a355
.exe windows x86

393584b0c349db4b4c4d1ef8cd8e2e16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
FormatMessageA
GetUserDefaultLCID
MoveFileA
DeleteFileA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
WriteFile
GetFileSize
ReadFile
Sleep
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
IsBadReadPtr
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
LocalSize
GlobalSize
RtlMoveMemory
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetNativeSystemInfo
GetProcessHeap
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
IsDebuggerPresent
VirtualAllocEx
VirtualFreeEx
CreateEventA
OpenEventA
CreateMutexA
CreateWaitableTimerA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetCurrentProcessId
Process32Next
Process32First
CreateFileA
GetDiskFreeSpaceExA
GlobalMemoryStatusEx
Module32Next
CreateToolhelp32Snapshot
GetFileAttributesA
VirtualProtect
CreateThread
lstrlenW
CloseHandle
SetWaitableTimer
CreateWaitableTimerW
HeapFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
VirtualFree
VirtualAlloc
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
GetACP
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetOEMCP
GetCPInfo
SetErrorMode
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcpynA
FlushFileBuffers
LocalFree
MulDiv
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetTickCount
GetVersion
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
GetTimeZoneInformation
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
GetLastError
GetCurrentProcess
GetVersionExA
TerminateProcess
OpenProcess
lstrcpyA
lstrlenA
SetLastError
lstrcatA

shlwapi

PathFileExistsA

ws2_32

WSAStartup
closesocket
socket
htons
inet_addr
connect
gethostbyname
send
recv
getsockname
ntohs
WSACleanup
select
WSAAsyncSelect

user32

GetPropA
GetMessageW
SetForegroundWindow
TranslateMessage
DispatchMessageW
RemovePropA
PostMessageW
IsWindowVisible
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
CreateWindowStationA
ShowWindow
FindWindowA
DestroyWindow
LoadCursorW
LookupIconIdFromDirectoryEx
RegisterClassExW
DefWindowProcW
SetCursor
MessageBeep
SetActiveWindow
MoveWindow
MsgWaitForMultipleObjects
CopyImage
CreateIconFromResourceEx
GetClassNameW
SystemParametersInfoA
SendMessageW
SendMessageA
KillTimer
GetAsyncKeyState
IntersectRect
InvalidateRect
UpdateLayeredWindow
ReleaseCapture
IsZoomed
IsIconic
LoadCursorFromFileW
SetTimer
PtInRect
ReleaseDC
SetCaretPos
GetCursorPos
CallWindowProcW
TrackMouseEvent
BeginPaint
EndPaint
SetCapture
GetFocus
GetDC
UpdateWindow
CreateWindowExW
SetWindowLongA
GetWindowLongA
GetWindow
SetWindowTextA
PostQuitMessage
PostMessageA
EnableWindow
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetWindowRect
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
CreateDialogIndirectParamA
EndDialog
GetDlgCtrlID
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
SetFocus
SetWindowLongW
SetWindowPos
SetPropA
GetClassLongW
GetWindowTextW
GetParent
SetWindowRgn
GetSystemMetrics
MessageBoxA
wsprintfA
DispatchMessageA
GetMessageA
PeekMessageA
LoadBitmapA
IsWindow
GetDlgItem

gdi32

DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
BitBlt
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
CreateRectRgn
GetDeviceCaps
CreateRoundRectRgn
GetDIBits
GetObjectA
GetStockObject
SetBkColor
RestoreDC
SaveDC
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
GetUserNameA
RegCreateKeyExA

shell32

ShellExecuteA
Shell_NotifyIconW

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
StringFromGUID2
CLSIDFromString

gdiplus

GdipSetStringFormatHotkeyPrefix
GdipCreateStringFormat
GdipDrawImageRect
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDrawString
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipFillPath
GdipGetStringFormatAlign
GdipClosePathFigure
GdipAddPathArc
GdipCreatePath
GdipDeletePath
GdipDeleteStringFormat
GdipCreateRegionHrgn
GdipDeleteRegion
GdipGetRegionBounds
GdipMeasureCharacterRanges
GdipCreateRegion
GdipSetStringFormatMeasurableCharacterRanges
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipLoadImageFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetStringFormatFlags
GdipGetStringFormatTrimming
GdipGraphicsClear
GdipSetSmoothingMode
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipDeleteBrush
GdipGetFontHeight
GdipDrawPath
GdipCreateSolidFill
GdipGetSmoothingMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipResetClip
GdipSetPenDashStyle
GdipDeletePen
GdipDrawRectangle
GdipSetClipRect
GdipSetClipRegion
GdipCreateImageAttributes
GdiplusStartup
GdipDisposeImage
GdipDrawImageRectRect
GdipGetImageHeight
GdipGetImageWidth
GdipCloneBitmapArea
GdipGetImagePixelFormat
GdipMeasureString
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateFont
GdipGetFontStyle
GdipGetFontSize
GdipGetFamilyName
GdipCreateLineBrush
GdipCreatePen2
GdipFillPolygon
GdipDrawPolygon
GdipCreatePathGradientFromPath
GdipGetCompositingQuality
GdipCreateHBITMAPFromBitmap
GdipSetStringFormatFlags

oleaut32

VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
OleLoadPicture

imm32

ImmAssociateContext
ImmGetContext

oledlg

ord8

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comctl32

ord17

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile

rasapi32

RasHangUpA
RasGetConnectStatusA

Sections

.text
Size: 852KB - Virtual size: 849KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Unlockn
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_MEM_EXECUTE

Sharing

General

Malware Config

Signatures

Files

393584b0c349db4b4c4d1ef8cd8e2e16

Headers

File Characteristics

Imports

kernel32

shlwapi

ws2_32

user32

gdi32

advapi32

shell32

ole32

gdiplus

oleaut32

imm32

oledlg

winspool.drv

comctl32

wininet

rasapi32

Sections

.text Size: 852KB - Virtual size: 849KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 212KB - Virtual size: 372KB

.rsrc Size: 4KB - Virtual size: 624B

.Unlockn Size: 3.6MB - Virtual size: 3.6MB

.text
Size: 852KB - Virtual size: 849KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 212KB - Virtual size: 372KB

.rsrc
Size: 4KB - Virtual size: 624B

.Unlockn
Size: 3.6MB - Virtual size: 3.6MB