8a40dd0397c97822358d0baf5ecef10a5e62a148d1501a095d2e5a690a5cbbbc

Sharing

Copy URL

Twitter E-mail

General

Target

8a40dd0397c97822358d0baf5ecef10a5e62a148d1501a095d2e5a690a5cbbbc
Size

11.7MB
MD5

36fc4ec9eaeb5a5b581c8df72602eb01
SHA1

7e94bb9dfcadad94451fcd00ac026f0d1494899f
SHA256

8a40dd0397c97822358d0baf5ecef10a5e62a148d1501a095d2e5a690a5cbbbc
SHA512

d514646c2ad0919d60171e9be2fd5ce6d5735058b4a52c5de32106010516931d8b119b304ec2ca3c5757c656a8a6f39c40128589b7e853493c379e4e8ee8b683
SSDEEP

196608:9hpnuJC5jcOtHkMcHZv3T356NFLOyomFHKnP:9nnuJC5j7t1c5v3z5QF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a40dd0397c97822358d0baf5ecef10a5e62a148d1501a095d2e5a690a5cbbbc

Files

8a40dd0397c97822358d0baf5ecef10a5e62a148d1501a095d2e5a690a5cbbbc
.exe windows x64

b386f6504fc904811fe90a6e6484073f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

EnumProcesses
GetModuleFileNameExA
EnumProcessModules

kernel32

GetUserDefaultUILanguage
GlobalFlags
GetThreadLocale
lstrcpyA
VerifyVersionInfoA
GetOEMCP
GetCPInfo
DuplicateHandle
lstrcmpiA
SetErrorMode
GetFileAttributesExA
GetFileTime
SetFileTime
GetTickCount64
GetProfileIntA
SearchPathA
FindResourceExW
GetWindowsDirectoryA
GetTempFileNameA
GetUserDefaultLCID
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
SetStdHandle
HeapQueryInformation
SetFilePointerEx
SetConsoleCtrlHandler
GetTimeZoneInformation
FreeLibraryAndExitThread
ExitThread
GetDriveTypeW
RtlUnwind
RtlUnwindEx
CreateProcessW
VirtualQueryEx
VirtualProtectEx
CompareStringEx
GetLocaleInfoW
FileTimeToLocalFileTime
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceBeginInitialize
InitOnceComplete
RtlPcToFileHeader
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryAcquireSRWLockExclusive
GetFileInformationByHandleEx
SetFileInformationByHandle
SetFileAttributesW
GetFinalPathNameByHandleW
GetFileInformationByHandle
FindFirstFileExW
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
SuspendThread
SetThreadPriority
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
EncodePointer
FindResourceA
MulDiv
GlobalFree
GlobalUnlock
GlobalSize
CompareStringA
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
CreateFileMappingA
MapViewOfFile
OpenFileMappingA
OutputDebugStringA
GetSystemDefaultUILanguage
FileTimeToSystemTime
GetStringTypeW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetSystemTime
OutputDebugStringW
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
RemoveDirectoryA
CreateProcessA
GetSystemInfo
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
GetCurrentDirectoryA
GetComputerNameA
GetVolumeInformationA
CreateThread
WaitForSingleObject
Sleep
CreateFileA
GetFileSize
ReadFile
CloseHandle
WriteFile
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceW
SetCurrentDirectoryA
SetDllDirectoryA
GetPrivateProfileStringA
CreateMutexA
GetLastError
TerminateProcess
FlsFree
GetModuleFileNameW
InitializeCriticalSection
WinExec
ExitProcess
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryExW
GetModuleHandleExW
GetCurrentThread
TryEnterCriticalSection
AreFileApisANSI
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
GetFileAttributesW
HeapValidate
GetTempPathA
GetFileAttributesExW
FlushViewOfFile
DeleteFileW
HeapCompact
UnlockFile
LockFileEx
FlushFileBuffers
SystemTimeToFileTime
GetFileSizeEx
CreateFileW
VerifyVersionInfoW
VerSetConditionMask
SleepEx
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExW
FormatMessageW
LoadLibraryW
GetSystemDirectoryW
FindNextFileW
FindFirstFileW
ConvertThreadToFiberEx
ConvertFiberToThread
ReadConsoleW
CreateDirectoryA
GetCommandLineA
GetStartupInfoA
SystemTimeToTzSpecificLocalTime
ReadConsoleA
SetConsoleMode
GetConsoleMode
RtlVirtualUnwind
CreateFiberEx
DeleteFiber
SwitchToFiber
GetSystemTimeAsFileTime
GetACP
GetFileType
GetEnvironmentVariableW
VirtualFree
VirtualAlloc
GetSystemDirectoryA
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
QueryPerformanceFrequency
QueryPerformanceCounter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileAttributesA
GetLocalTime
LoadLibraryExA
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
RaiseException
FormatMessageA
SetLastError
LocalFree
PeekNamedPipe
GetStdHandle
CreatePipe
ResetEvent
Process32NextW
Process32FirstW
GetShortPathNameA
SetEvent
WaitForMultipleObjects
CreateEventA
ResumeThread
VirtualAllocEx
WriteProcessMemory
QueryFullProcessImageNameA
UnmapViewOfFile
CreateFileMappingW
Process32Next
lstrcmpA
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetProcessHeap
HeapDestroy
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
HeapFree
ReadProcessMemory
LoadLibraryA
GetVersionExA
InitializeCriticalSectionEx
MoveFileA
GetNativeSystemInfo
GetTickCount
SetWaitableTimer
CreateWaitableTimerA
DeviceIoControl
GetExitCodeProcess
CopyFileA
GetCommandLineW
WritePrivateProfileStringA
DeleteCriticalSection
GetModuleHandleA
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntA

user32

UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
UpdateLayeredWindow
GetUpdateRect
DestroyAcceleratorTable
ModifyMenuA
SetMenuDefaultItem
GetMenuDefaultItem
CopyIcon
GetDoubleClickTime
EnableScrollBar
LockWindowUpdate
BringWindowToTop
UnionRect
SetCursorPos
CharUpperW
ReuseDDElParam
GetClassInfoA
NotifyWinEvent
GetSystemMenu
GetAsyncKeyState
CharUpperA
IsZoomed
MonitorFromPoint
LoadImageW
LoadImageA
DestroyIcon
FrameRect
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
CopyImage
LoadCursorW
LoadCursorA
WindowFromPoint
WaitMessage
SetParent
IntersectRect
CreatePopupMenu
ReleaseCapture
SetCapture
SetClassLongPtrA
GetIconInfo
TrackMouseEvent
GetMenuItemInfoA
DestroyMenu
IsDialogMessageA
SetWindowTextA
PostThreadMessageA
RegisterClipboardFormatA
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
MapVirtualKeyA
LoadAcceleratorsW
CreateAcceleratorTableA
GetKeyNameTextA
SubtractRect
CharUpperBuffA
IsClipboardFormatAvailable
IsCharLowerA
MapVirtualKeyExA
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
CheckDlgButton
TranslateMDISysAccel
GetComboBoxInfo
HideCaret
InvertRect
CreateMenu
GetWindowRgn
DestroyCursor
EmptyClipboard
FindWindowA
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
LoadIconW
SendMessageA
SetRect
InvalidateRect
GetDC
GetWindowLongA
SetWindowLongA
SystemParametersInfoA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetWindowRect
MoveWindow
PostMessageA
keybd_event
ClientToScreen
ScreenToClient
OffsetRect
GetCursorPos
LoadMenuW
SetForegroundWindow
GetSubMenu
PostQuitMessage
PtInRect
ReleaseDC
EnableWindow
MessageBoxA
GetParent
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
GetWindowThreadProcessId
MapWindowPoints
FillRect
UnregisterClassA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetMenuStringA
GetMenuState
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
SetWindowPos
SetWindowContextHelpId
GetWindow
MapDialogRect
RegisterWindowMessageA
DrawEdge
DrawFrameControl
IsWindowVisible
GetFocus
DrawStateA
SetWindowRgn
RedrawWindow
GetSysColor
GetSysColorBrush
DrawFocusRect
InflateRect
IsRectEmpty
DrawIconEx
UnhookWindowsHookEx
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoExA
CreateWindowExA
IsWindow
IsMenu
IsChild
DestroyWindow
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
SetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
SetRectEmpty
SendDlgItemMessageA
SetCursor
ShowOwnedPopups
GetMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
GetDesktopWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
EqualRect
CopyRect
ShowWindow
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
BeginPaint
EndPaint
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetWindowTextLengthA
AdjustWindowRectEx

gdi32

CreatePolygonRgn
ExtTextOutA
GetTextExtentPoint32A
GetTextColor
GetBkColor
Ellipse
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
CombineRgn
CreateDCA
CopyMetaFileA
GetDIBColorTable
StretchBlt
BitBlt
CreateCompatibleBitmap
CreateDIBSection
GetObjectA
CreateCompatibleDC
SetDIBColorTable
SelectObject
DeleteDC
DeleteObject
PatBlt
GetDeviceCaps
CreateFontIndirectA
GetRgnBox
GetMapMode
SetRectRgn
DPtoLP
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
RealizePalette
SetPixel
Polygon
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
LPtoDP
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceA
Polyline
GetTextMetricsA
SetBkColor
CreateBitmap
CreatePen
CreatePatternBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
CreateRoundRectRgn
SetTextColor
ScaleWindowExtEx

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

CryptEncrypt
RegQueryValueExA
RegCloseKey
GetUserNameA
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyA
RegEnumKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetKeyValueA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
CryptImportKey
CryptHashData
CryptGetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteExA
SHGetFolderPathA
SHGetMalloc
SHBrowseForFolderA
SHGetDesktopFolder
DragFinish
DragQueryFileA
SHGetFileInfoA
SHAppBarMessage

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA
PathFileExistsW
PathIsDirectoryA
PathRemoveFileSpecA
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA

uxtheme

GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeParentBackground
DrawThemeText
IsAppThemed
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData

ole32

CoRegisterMessageFilter
CoRevokeClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CoGetObjectContext
CoGetApartmentType

oleaut32

SysAllocStringLen
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayPutElement
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysFreeString
SysStringLen

oledlg

ord8

gdiplus

GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePalette
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipGetImagePixelFormat

ws2_32

select
getaddrinfo
freeaddrinfo
inet_pton
inet_ntop
recvfrom
sendto
WSAPoll
gethostbyname
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
WSASetLastError
bind
WSACloseEvent
WSACreateEvent
listen
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAIoctl
setsockopt
gethostname
htons
accept
getsockopt
WSAStartup
WSACleanup
__WSAFDIsSet
getsockname
getpeername
ioctlsocket
socket
closesocket
recv
send
ntohs
htonl
WSAEnumNetworkEvents
connect
shutdown
WSAGetLastError

wininet

InternetQueryOptionA

iphlpapi

GetTcpTable

bcrypt

BCryptGenRandom

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundA

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b386f6504fc904811fe90a6e6484073f

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

ws2_32

wininet

iphlpapi

bcrypt

oleacc

imm32

winmm

crypt32

Sections

.text Size: 7.2MB - Virtual size: 7.2MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 101KB - Virtual size: 145KB

.pdata Size: 304KB - Virtual size: 303KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 112KB - Virtual size: 112KB

.text
Size: 7.2MB - Virtual size: 7.2MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 101KB - Virtual size: 145KB

.pdata
Size: 304KB - Virtual size: 303KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 112KB - Virtual size: 112KB