e9c4cbabfc16537e343e5b1c9859c29c894498b1d1c53449360daa39363ce39e

Sharing

Copy URL Twitter E-mail

General

Target

e9c4cbabfc16537e343e5b1c9859c29c894498b1d1c53449360daa39363ce39e
Size

2.2MB
MD5

cd97e08bc1a76e74d6dfc59f233c3722
SHA1

e7467483e2c1a5bf02793a19be44b044d59e329b
SHA256

e9c4cbabfc16537e343e5b1c9859c29c894498b1d1c53449360daa39363ce39e
SHA512

e2ae87394d250b1c85367249cc010e103b8d8382661d103ef0c87dd078e75ef7fcec362625baea2dd2fc944e51c310ec2539a1e7c40c20fdafa350b14b475470
SSDEEP

24576:zfrf0iV3a96+SaGNOeigxM4STCTSZt9iVIjC58vCJqjuhG+ClBEjmpi/gAgIzqz6:zQiVTaGAvyx+AmpG5ETvVXwk0+7w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9c4cbabfc16537e343e5b1c9859c29c894498b1d1c53449360daa39363ce39e

Files

e9c4cbabfc16537e343e5b1c9859c29c894498b1d1c53449360daa39363ce39e
.exe windows x86

8f3c47344e11d693670876e36cc0774f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRenameExtensionA
PathFindFileNameA
PathFindExtensionA
PathMakeSystemFolderA
PathIsDirectoryEmptyA
PathIsDirectoryA
StrToInt64ExA
PathFileExistsA
PathUnmakeSystemFolderA
PathRemoveBlanksA
PathIsSystemFolderA
StrFormatByteSize64A

kernel32

HeapFree
HeapAlloc
VirtualProtectEx
GetStartupInfoA
WriteFile
InterlockedIncrement
GetDriveTypeA
DeviceIoControl
GetLogicalDriveStringsA
GetExitCodeThread
CreateRemoteThread
CreateFileA
MapViewOfFile
IsDebuggerPresent
RtlFillMemory
TerminateThread
DebugActiveProcess
GlobalReAlloc
CopyFileA
VirtualQueryEx
InterlockedDecrement
_lclose
GlobalLock
MoveFileA
LoadLibraryA
VirtualAlloc
lstrcpynA
VirtualFree
ResumeThread
SuspendThread
EnterCriticalSection
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
GlobalDeleteAtom
lstrcmpA
lstrcpyA
OpenThread
LeaveCriticalSection
GlobalFree
GetCurrentThreadId
Thread32First
GetLongPathNameA
GetCurrentProcess
VirtualFreeEx
WaitForSingleObject
GetProcAddress
InitializeCriticalSection
GetFileSize
DeleteCriticalSection
GetEnvironmentVariableA
RemoveDirectoryA
CreateDirectoryA
GetCommandLineA
FlushInstructionCache
lstrcmpiA
ExitProcess
SetFileAttributesA
GetModuleFileNameA
GetUserDefaultLCID
GlobalAlloc
LCMapStringA
GetVersionExA
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
OpenProcess
GetTempPathA
GetWindowsDirectoryA
SetProcessWorkingSetSize
RtlMoveMemory
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
HeapReAlloc
GetTickCount
VirtualAllocEx
QueryDosDeviceA
SetEndOfFile
Thread32Next
GetLastError
GetModuleHandleA
GetCurrentThread
GetTimeFormatA
GetDateFormatA
WriteProcessMemory
GetProcessHeap
lstrcpyn
CreateThread
CreatePipe
CreateProcessA
FlushFileBuffers
GetProcessVersion
FindResourceA
DeleteFileA
ReadProcessMemory
IsDBCSLeadByteEx
GetCurrentProcessId
RtlZeroMemory
GlobalUnlock
Sleep
lstrlenA
LocalFree
LocalAlloc
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
Module32Next
Module32First
CreateEventA
FindFirstFileA
FindNextFileA
GetLocalTime
GetPrivateProfileStringA
IsBadReadPtr
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
PeekNamedPipe
ReadFile
GlobalFlags
MulDiv
GetVersion
GetExitCodeProcess
CreateWaitableTimerA
SetWaitableTimer
VirtualProtect
SetFilePointer
OpenEventA
WritePrivateProfileStringA
FindClose
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
GetUserDefaultLCID
SetStdHandle
CompareStringW
CompareStringA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
GetModuleHandleA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
InterlockedIncrement
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
GetVolumeInformationA
SetCurrentDirectoryA
GetFileAttributesA
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
EnterCriticalSection
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrlenW
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
WriteFile
GetProfileStringA
LeaveCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesA

advapi32

CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LookupAccountSidA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
GetUserNameA
CryptDecrypt
SetSecurityInfo
InitializeAcl
CryptDestroyKey
CryptEncrypt
RegDeleteKeyA
CryptDeriveKey
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

user32

EnableMenuItem
EnableWindow
GetDlgItem
ClipCursor
SendMessageTimeoutA
CharUpperA
GetWindowInfo
OpenIcon
GetDesktopWindow
GetKeyState
CharLowerA
BlockInput
PostQuitMessage
SendMessageA
SetCursor
IsWindowEnabled
GetLastActivePopup
ValidateRect
GetActiveWindow
GetNextDlgTabItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
SetWindowLongA
UnregisterClassA
PtInRect
GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
GetDC
TabbedTextOutA
DrawTextA
GrayStringA
SendDlgItemMessageA
IsDialogMessageA
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
RedrawWindow
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
IsWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
SwapMouseButton
ChangeDisplaySettingsA
RegisterHotKey
GetWindow
ShowCursor
SetWindowRgn
GetFocus
GetParent
ReleaseCapture
ExitWindowsEx
EnumChildWindows
LockWorkStation
CallNextHookEx
SetWindowsHookExA
FindWindowA
MoveWindow
GetWindowRect
EnumDisplaySettingsA
EnumWindows
SetCursorPos
ClientToScreen
mouse_event
keybd_event
UnregisterHotKey
CallWindowProcA
GetAsyncKeyState
DispatchMessageA
TranslateMessage
PeekMessageA
ReleaseDC
SetActiveWindow
MessageBoxA
wsprintfA
GetMessageA
GetCursorPos
GetSystemMetrics
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
PostMessageA
LoadCursorFromFileA
SetClassLongA
UnhookWindowsHookEx
GetWindowLongA
SetLayeredWindowAttributes
GetWindowThreadProcessId
SetWindowPos
SetForegroundWindow
ShowWindow
GetClassNameA
GetWindowTextA
IsWindowVisible
MsgWaitForMultipleObjects
SetCapture
GetKeyboardState
SetTimer
CreateWindowExA
AttachThreadInput
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
UnregisterClassA
TranslateMessage
LoadIconA
InvalidateRect
SendMessageA

shell32

SHFileOperationA
SHBrowseForFolderA
ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderPathA
SHGetPathFromIDListA
Shell_NotifyIconA
ShellExecuteA

wininet

InternetTimeToSystemTime
InternetTimeFromSystemTime
InternetReadFile
HttpQueryInfoA
InternetGetCookieA
InternetOpenA
InternetSetCookieA
InternetGetCookieExA
InternetOpenUrlA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
HttpSendRequestA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ole32

CLSIDFromProgID
OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
OleUninitialize
OleFlushClipboard
CoRevokeClassObject
OleIsCurrentClipboard
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

oleaut32

VariantTimeToSystemTime
SafeArrayDestroyDescriptor
VariantClear
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SysAllocString
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SafeArrayDestroy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantClear
VariantChangeType
VariantInit
VariantCopyInd
SysAllocString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
UnRegisterTypeLi

dbghelp

MakeSureDirectoryPathExists

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

psapi

EnumProcesses
GetModuleFileNameExA
GetProcessMemoryInfo
GetProcessImageFileNameA

gdi32

GetObjectA
CreateFontIndirectA
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkColor
Escape
CreateRoundRectRgn
SelectObject
SetBkMode
SetTextColor
TextOutA
ScaleWindowExtEx
PtVisible
GetStockObject
RestoreDC
DeleteObject
SaveDC
ExtTextOutA
DeleteDC
CreateBitmap
RectVisible
GetDeviceCaps
GetClipBox
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
GetViewportOrgEx
GetWindowOrgEx
BeginPath
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
EndPath
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
FillRgn
CreateSolidBrush
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
GetStockObject
GetObjectA
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
CreatePen
PatBlt
CombineRgn
SetWindowOrgEx
CreateRectRgn

iphlpapi

IcmpCloseHandle
IcmpCreateFile
GetNetworkParams

winmm

mciSendStringA
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

powrprof

SetSuspendState

winhttp

WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime

ws2_32

WSAStartup
WSACleanup
inet_addr
gethostname
gethostbyname
connect
ioctlsocket
recvfrom
socket
htons
WSAAsyncSelect
closesocket
send
select
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
inet_addr
recv
getpeername
accept

setupapi

SetupDiEnumDeviceInterfaces
CM_Request_Device_EjectW
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA

comdlg32

ChooseColorA
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA
ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17
ImageList_Destroy
ord17

oledlg

ord8

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 504KB - Virtual size: 578KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f3c47344e11d693670876e36cc0774f

Headers

File Characteristics

Imports

shlwapi

kernel32

wtsapi32

advapi32

user32

shell32

wininet

version

ole32

oleaut32

dbghelp

crypt32

psapi

gdi32

iphlpapi

winmm

powrprof

winhttp

ws2_32

setupapi

comdlg32

winspool.drv

comctl32

oledlg

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 216KB - Virtual size: 214KB

.data Size: 504KB - Virtual size: 578KB

.rsrc Size: 96KB - Virtual size: 96KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 216KB - Virtual size: 214KB

.data
Size: 504KB - Virtual size: 578KB

.rsrc
Size: 96KB - Virtual size: 96KB