8bfe9651adacf32458dbc2390f010fd3db867e3910f04aa4ba44d2892ce63b7f

Sharing

Copy URL Twitter E-mail

General

Target

8bfe9651adacf32458dbc2390f010fd3db867e3910f04aa4ba44d2892ce63b7f
Size

4.1MB
MD5

3c14948d17b7430e8eeaef1fc4a1b206
SHA1

98b81ca6b95bae6171bba4d689c9af9911278ddc
SHA256

8bfe9651adacf32458dbc2390f010fd3db867e3910f04aa4ba44d2892ce63b7f
SHA512

8aa25d7327fb542d709595cb4e68d0857c83141edd2164032beb94771e4861997dd5c0f58cca860d5c3ec2d8154645ea9d721ddb2735c092278eccef13024c30
SSDEEP

98304:lrG043Wmb0FK2L6jDAMKTUCJ4oX/4ScRqXNrAvKH:l602Dywa4ov4ScRqXN+K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bfe9651adacf32458dbc2390f010fd3db867e3910f04aa4ba44d2892ce63b7f

Files

8bfe9651adacf32458dbc2390f010fd3db867e3910f04aa4ba44d2892ce63b7f
.exe windows x86

df99e512fe7ce5d1b8367adfa5a32680

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOverlappedResult
CreateNamedPipeW
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
PulseEvent
ReleaseMutex
ResetEvent
GetStartupInfoW
CreateProcessW
CreateMutexW
GetCommandLineW
ExpandEnvironmentStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalLock
GlobalUnlock
GlobalSize
GetSystemDirectoryW
GetTickCount
GetProcessId
GetCurrentThread
WaitForMultipleObjects
Sleep
CreateEventW
SetEvent
OutputDebugStringW
WriteFile
SetFileAttributesW
SetEndOfFile
ReadFile
GetFileSize
GetFileAttributesW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetStdHandle
EnumSystemLocalesW
CreateFileW
DeleteFileW
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryW
FreeLibrary
GetCurrentProcess
IsBadReadPtr
GetProcAddress
GetModuleHandleW
VirtualProtect
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject
SetUnhandledExceptionFilter
CloseHandle
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
ExitThread
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
GetFileAttributesExW
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
SetProcessAffinityMask
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
InitializeCriticalSection
GetProcessHeap
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetSystemWindowsDirectoryW
InterlockedCompareExchange
CreateFileA
lstrcmpiA
lstrcmpA
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
DeviceIoControl
TerminateProcess
UnhandledExceptionFilter
GetLocalTime
ResumeThread
RaiseException
DecodePointer
GetTempFileNameW
GlobalFree
GlobalAlloc
GetVersion
SystemTimeToFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTime
SetFileTime
LocalFileTimeToFileTime
GetFileTime
FileTimeToLocalFileTime
lstrcmpW
OpenProcess
FreeResource
ExitProcess
MulDiv
GetCurrentDirectoryW
SetCurrentDirectoryW
GetACP
FlushFileBuffers
GetTempPathW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
InterlockedDecrement
InterlockedIncrement
LocalFree
SetFilePointer
GetFileSizeEx
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetVersionExW
LoadLibraryExW
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetNativeSystemInfo
RtlCaptureStackBackTrace
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
FormatMessageW
GetStringTypeW
LoadLibraryExA
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree

user32

PostMessageW
SetFocus
EnableWindow
IsWindow
SendMessageW
DefWindowProcW
CallWindowProcW
CreateWindowExW
DestroyWindow
GetFocus
DrawTextW
GetWindowDC
BeginPaint
EndPaint
InvalidateRect
SetCaretPos
GetCaretPos
FillRect
FrameRect
OffsetRect
UnregisterClassA
IsWindowEnabled
FindWindowExW
RemovePropW
InvalidateRgn
CreateAcceleratorTableW
GetWindowTextLengthW
SendMessageTimeoutW
MapVirtualKeyW
FindWindowW
GetKeyNameTextW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
SystemParametersInfoW
GetWindow
GetWindowThreadProcessId
GetParent
GetWindowLongW
PtInRect
IntersectRect
CopyRect
MapWindowPoints
GetWindowRect
UnregisterClassW
AttachThreadInput
ShowWindow
MoveWindow
GetClientRect
SetForegroundWindow
GetForegroundWindow
GetClipboardData
CloseClipboard
OpenClipboard
BringWindowToTop
SetWindowPos
ShowCursor
GetWindowTextW
GetSystemMetrics
KillTimer
SetTimer
ClientToScreen
IsWindowVisible
ScreenToClient
GetCursorPos
PostQuitMessage
SetWindowLongW
wsprintfW
wvsprintfW
SetCursor
InflateRect
UnionRect
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
IsChild
UpdateLayeredWindow
IsZoomed
SetWindowTextW
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
GetUpdateRect
CreateCaret
GetCaretBlinkTime
IsRectEmpty
GetClassNameW
RegisterClassW
RegisterClassExW
GetClassInfoExW
GetMenu
SetPropW
GetPropW
AdjustWindowRectEx
LoadImageW
IsIconic
SetWindowRgn
MessageBoxW
MonitorFromPoint
CopyImage
CharPrevW
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
HideCaret
ShowCaret
GetSysColor
CharNextW

gdi32

CreateRoundRectRgn
GetDeviceCaps
CombineRgn
CreateRectRgnIndirect
GetStockObject
GetClipBox
GetTextExtentPoint32W
SelectClipRgn
ExtSelectClipRgn
StretchBlt
SetStretchBltMode
SetWindowOrgEx
SetDIBColorTable
TextOutW
GdiFlush
CreateDCW
GetDIBits
SetDIBitsToDevice
Rectangle
SelectObject
SetBkColor
SetBkMode
SetTextColor
ExtTextOutW
GetObjectW
GetTextMetricsW
SaveDC
RestoreDC
CreateFontIndirectW
DeleteObject
CreateCompatibleBitmap
BitBlt
CreatePen
CreateSolidBrush
CreateDIBSection
DeleteDC
CreateCompatibleDC
GetCharABCWidthsW

advapi32

CryptDecrypt
CryptContextAddRef
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
CryptGetHashParam
CryptCreateHash
CryptEncrypt
RegSetValueExW
RegDeleteValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegGetValueW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptHashData
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash
RegCreateKeyW

shell32

SHGetFileInfoW
SHBindToParent
SHGetFolderLocation
ord155
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW
ord165

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateGuid
StringFromGUID2
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
OleInitialize
OleUninitialize
CoSetProxyBlanket

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
SysFreeString
VariantClear
VariantInit
SafeArrayPutElement
SafeArrayCreate
SysAllocString
GetErrorInfo

shlwapi

SHSetValueA
SHGetValueA
StrToIntExW
PathCompactPathW
StrCmpNIW
StrTrimA
SHAutoComplete
PathIsRootW
StrStrIA
StrStrIW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
wnsprintfW
PathCombineW
StrRetToBufW
PathAddBackslashW
PathFindExtensionW
PathFindFileNameW
PathIsDirectoryW
PathRemoveExtensionW
PathAppendA
StrCmpIW
PathIsRelativeW

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

ws2_32

ntohs
htonl
htons
ntohl

imm32

ImmAssociateContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

dxva2

GetPhysicalMonitorsFromHMONITOR
GetNumberOfPhysicalMonitorsFromHMONITOR
SetVCPFeature

crypt32

CryptStringToBinaryW
CryptBinaryToStringA
CryptStringToBinaryA
CryptBinaryToStringW
CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDrawImageRectRect
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillEllipseI
GdipClosePathFigure
GdipCreateTexture
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGraphicsClear
GdipFillPath
GdipDrawImagePointsI
GdipDrawImageRectRectI
GdipAddPathArc
GdipDrawEllipseI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipGetImagePixelFormat
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI

comctl32

InitCommonControlsEx
ImageList_DrawEx
_TrackMouseEvent
ord17

msimg32

AlphaBlend
GradientFill

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df99e512fe7ce5d1b8367adfa5a32680

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

ws2_32

imm32

version

dxva2

crypt32

wintrust

wininet

iphlpapi

gdiplus

comctl32

msimg32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 426KB - Virtual size: 426KB

.data Size: 30KB - Virtual size: 62KB

.msvcjmc Size: 3KB - Virtual size: 2KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 111KB - Virtual size: 111KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 426KB - Virtual size: 426KB

.data
Size: 30KB - Virtual size: 62KB

.msvcjmc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 111KB - Virtual size: 111KB