ca682ad2d2d2c0b188a65effbaee6a5a4e6fea6b8cacaa308193b15f331f2c0e

Sharing

Copy URL Twitter E-mail

General

Target

ca682ad2d2d2c0b188a65effbaee6a5a4e6fea6b8cacaa308193b15f331f2c0e
Size

1.5MB
MD5

8661bcb776f912928488d4a967f7cf34
SHA1

363937d31d66db8e0884f05c0ab0dd7fa79f0e27
SHA256

ca682ad2d2d2c0b188a65effbaee6a5a4e6fea6b8cacaa308193b15f331f2c0e
SHA512

1e5080a285e9383516de53d1db8823fba13e6e8fb17a6a5f0899485244b1c2d0a3bffef69d7a17a17daff37a40a53f51cf16ce5e79a9a4d9f8497c579f5559e9
SSDEEP

12288:dKfmGk5LXYkJ12Ui3/jDzX56zNa0o4mbWvymYKuC7rH2VnS+NJJ8KSxP:dKfKLXYkJ1G3/jP56zUVpIPCNiP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca682ad2d2d2c0b188a65effbaee6a5a4e6fea6b8cacaa308193b15f331f2c0e

Files

ca682ad2d2d2c0b188a65effbaee6a5a4e6fea6b8cacaa308193b15f331f2c0e
.exe windows x86

699350a9082e0937736c8ec0a8a4593a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
ioctlsocket
getpeername
getsockopt
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
gethostname
ntohl
inet_ntoa
WSAAccept
listen
bind
WSASocketA
WSAStartup
htons
htonl
WSASend
closesocket
shutdown
WSARecv
WSAGetLastError
socket
__WSAFDIsSet
WSASetLastError
WSACleanup

kernel32

InterlockedIncrement
GetCPInfo
GetOEMCP
GetThreadLocale
FileTimeToSystemTime
GetModuleHandleW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetTickCount
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
ExitThread
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetACP
IsValidCodePage
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsFree
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
CompareStringW
SetEnvironmentVariableA
GetDriveTypeA
GetFileInformationByHandle
ExpandEnvironmentStringsA
CloseHandle
GetProcAddress
GetModuleHandleA
GetCurrentProcess
WideCharToMultiByte
GetModuleFileNameA
lstrcpyA
lstrcatA
WritePrivateProfileStringA
CreateThread
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetQueuedCompletionStatus
GetLastError
EnterCriticalSection
HeapAlloc
GetProcessHeap
GetSystemTime
LeaveCriticalSection
CreateEventA
CreateIoCompletionPort
GetSystemInfo
SetEvent
ExitProcess
HeapFree
InitializeCriticalSection
QueryPerformanceCounter
DeleteCriticalSection
Sleep
LocalReAlloc
TlsSetValue
SleepEx
VerifyVersionInfoA
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
InterlockedDecrement
GetCurrentProcessId
VerSetConditionMask
GetSystemDirectoryA
PeekNamedPipe
WaitForMultipleObjects
FormatMessageA
LocalFree
MulDiv
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GlobalAlloc
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
CreateFileA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
LoadLibraryA
SetLastError
MultiByteToWideChar
lstrcmpW
GetVersionExA
SizeofResource
GlobalLock
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
LockResource
FreeResource
LocalFileTimeToFileTime
GetCurrentDirectoryA
CreateDirectoryA
ReadFile
GetFileAttributesA
WriteFile
SetFileTime
SystemTimeToFileTime
lstrlenA
SetFilePointer
DeleteFileA
FindClose
FindFirstFileA
UnmapViewOfFile

user32

RegisterClipboardFormatA
PostThreadMessageA
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
GetSysColorBrush
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetCursor
GetMessageA
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
CharUpperA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
KillTimer
SetTimer
LoadCursorA
LoadBitmapA
UpdateWindow
PostMessageA
wsprintfA
GetCursorPos
GetSubMenu
LoadMenuA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
LoadIconA
MessageBoxA
SendMessageA
GetWindowThreadProcessId
EnableWindow
GetTopWindow

gdi32

SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
BitBlt
CreateCompatibleDC
SetViewportExtEx
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

Shell_NotifyIconA
ShellExecuteA

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathStripPathA

oledlg

ord8

ole32

CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoRegisterMessageFilter
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysFreeString
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
OleCreateFontIndirect

wldap32

ord50
ord26
ord30
ord200
ord143
ord35
ord79
ord33
ord301
ord27
ord211
ord22
ord32
ord60
ord41
ord46

crypt32

CertFreeCertificateContext

Sections

.text
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 840KB - Virtual size: 840KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

699350a9082e0937736c8ec0a8a4593a

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

wldap32

crypt32

Sections

.text Size: 484KB - Virtual size: 484KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 840KB - Virtual size: 840KB

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 484KB - Virtual size: 484KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 840KB - Virtual size: 840KB

.reloc
Size: 48KB - Virtual size: 47KB