9872c48d81a02df8d115cab056445388dc032ed2960d1ea21678e2a2eaf0eca1

Sharing

Copy URL Twitter E-mail

General

Target

9872c48d81a02df8d115cab056445388dc032ed2960d1ea21678e2a2eaf0eca1
Size

5.2MB
MD5

e160ecd0e700946052a2c8355e786376
SHA1

cfaf551bffa69089f1fe4ff64e2b564074caa9ea
SHA256

9872c48d81a02df8d115cab056445388dc032ed2960d1ea21678e2a2eaf0eca1
SHA512

b27ed839f047333c49244a4bcc03696bf31f9b7c4192ce6aafd0c818e12d007dee5b4cd5a347d3ab3182f56fcfd3bcc58f3c84f86e3916e9e66f07b682c8022c
SSDEEP

98304:Tg4raacYk0Kvjl6ywr0g9cNwyod1BCdmlqQiGzcG5:Tg4CuKp6ywSK3dHCdcn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9872c48d81a02df8d115cab056445388dc032ed2960d1ea21678e2a2eaf0eca1

Files

9872c48d81a02df8d115cab056445388dc032ed2960d1ea21678e2a2eaf0eca1
.exe windows x86

cecd410b2c68c6b678ec4a309d6e1abe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOverlappedResult
CreateNamedPipeW
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
PulseEvent
ReleaseMutex
ResetEvent
GetStartupInfoW
CreateProcessW
CreateMutexW
GetCommandLineW
ExpandEnvironmentStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalLock
GlobalUnlock
GlobalSize
GetSystemDirectoryW
GetTickCount
GetProcessId
GetCurrentThread
WaitForMultipleObjects
Sleep
CreateEventW
SetEvent
OutputDebugStringW
WriteFile
SetFileAttributesW
SetEndOfFile
ReadFile
GetFileSize
GetFileAttributesW
CreateFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
DeleteFileW
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryW
FreeLibrary
GetCurrentProcess
IsBadReadPtr
GetProcAddress
GetModuleHandleW
VirtualProtect
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject
SetUnhandledExceptionFilter
CloseHandle
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ReadConsoleW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapQueryInformation
SetConsoleCtrlHandler
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
ExitThread
WriteConsoleW
GetFileType
GetStdHandle
GetFileAttributesExW
GetSystemInfo
HeapValidate
GetModuleHandleExW
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
SetProcessAffinityMask
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
GetProcessHeap
HeapSize
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
CreateTimerQueue
GetSystemWindowsDirectoryW
InterlockedCompareExchange
CreateFileA
lstrcmpiA
RaiseException
DecodePointer
lstrcmpA
DeviceIoControl
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
GetLocalTime
ResumeThread
GetTempFileNameW
GlobalFree
GlobalAlloc
GetVersion
SystemTimeToFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTime
SetFileTime
LocalFileTimeToFileTime
GetFileTime
FileTimeToLocalFileTime
lstrcmpW
OpenProcess
FreeResource
ExitProcess
MulDiv
GetCurrentDirectoryW
SetCurrentDirectoryW
GetACP
IsBadStringPtrW
IsBadStringPtrA
IsBadWritePtr
FlushFileBuffers
GetTempPathW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
InterlockedDecrement
InterlockedIncrement
LocalFree
SetFilePointer
GetFileSizeEx
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetVersionExW
LoadLibraryExW
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetNativeSystemInfo
GetExitCodeThread
WaitForSingleObjectEx
DuplicateHandle
RtlCaptureStackBackTrace
GetSystemTimeAsFileTime
TlsFree
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
FormatMessageW
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue

user32

PostMessageW
SetFocus
SendMessageTimeoutW
ShowCursor
SendMessageW
DefWindowProcW
CallWindowProcW
CreateWindowExW
DestroyWindow
GetFocus
DrawTextW
GetWindowDC
BeginPaint
EndPaint
InvalidateRect
SetCaretPos
GetCaretPos
FillRect
FrameRect
OffsetRect
SetWindowLongW
UnregisterClassA
IsWindowEnabled
FindWindowExW
RemovePropW
InvalidateRgn
MapVirtualKeyW
GetKeyNameTextW
FindWindowW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
SystemParametersInfoW
GetWindow
GetWindowThreadProcessId
GetParent
GetWindowLongW
PtInRect
IntersectRect
CopyRect
MapWindowPoints
GetWindowRect
GetClientRect
UnregisterClassW
AttachThreadInput
IsWindow
ShowWindow
SetForegroundWindow
GetForegroundWindow
GetClipboardData
CloseClipboard
OpenClipboard
BringWindowToTop
SetWindowPos
MoveWindow
EnableWindow
CreateAcceleratorTableW
GetSystemMetrics
KillTimer
SetTimer
ClientToScreen
IsWindowVisible
PostQuitMessage
wsprintfW
wvsprintfW
SetCursor
InflateRect
UnionRect
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
IsChild
UpdateLayeredWindow
IsZoomed
CharNextW
GetKeyState
SetCapture
GetWindowTextLengthW
GetDC
ReleaseDC
GetUpdateRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
ScreenToClient
IsRectEmpty
GetClassNameW
RegisterClassW
RegisterClassExW
GetClassInfoExW
GetMenu
SetPropW
GetPropW
AdjustWindowRectEx
LoadImageW
IsIconic
SetWindowRgn
MessageBoxW
MonitorFromPoint
CopyImage
CharPrevW
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
HideCaret
ShowCaret
GetSysColor
SetWindowTextW
GetWindowTextW
ReleaseCapture

gdi32

CreateRoundRectRgn
GetDeviceCaps
CombineRgn
CreateRectRgnIndirect
GetCharABCWidthsW
GetClipBox
GetStockObject
GetTextExtentPoint32W
SelectClipRgn
ExtSelectClipRgn
StretchBlt
SetStretchBltMode
SetWindowOrgEx
SetDIBColorTable
TextOutW
GdiFlush
CreateDCW
GetDIBits
SetDIBitsToDevice
Rectangle
SelectObject
SetBkColor
SetBkMode
SetTextColor
ExtTextOutW
GetObjectW
GetTextMetricsW
SaveDC
RestoreDC
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreatePen
CreateSolidBrush
CreateDIBSection
DeleteDC
CreateFontIndirectW
GetObjectType

advapi32

CryptDecrypt
CryptContextAddRef
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
CryptGetHashParam
CryptCreateHash
CryptEncrypt
RegSetValueExW
RegDeleteValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegGetValueW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptHashData
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash
RegCreateKeyW

shell32

SHGetFileInfoW
SHBindToParent
SHGetFolderLocation
ord155
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
ord165

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateGuid
StringFromGUID2
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
CoSetProxyBlanket

oleaut32

SysFreeString
CreateErrorInfo
SetErrorInfo
SysAllocString
GetErrorInfo
VariantClear
VariantInit
SafeArrayPutElement
SafeArrayCreate
VariantChangeType

shlwapi

SHSetValueA
StrTrimA
StrToIntExW
PathCompactPathW
SHAutoComplete
SHGetValueA
StrCmpNIW
wvnsprintfW
StrStrIA
StrStrIW
PathAppendA
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
wnsprintfW
PathCombineW
StrRetToBufW
PathAddBackslashW
PathFindExtensionW
PathFindFileNameW
PathIsDirectoryW
PathRemoveExtensionW
PathIsRelativeW
StrCmpIW
PathIsRootW

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

ws2_32

ntohs
htonl
htons
ntohl

imm32

ImmAssociateContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

dxva2

GetPhysicalMonitorsFromHMONITOR
GetNumberOfPhysicalMonitorsFromHMONITOR
SetVCPFeature

crypt32

CryptStringToBinaryW
CryptBinaryToStringA
CryptStringToBinaryA
CryptBinaryToStringW
CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDrawImageRectRect
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillEllipseI
GdipClosePathFigure
GdipCreateTexture
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGraphicsClear
GdipFillPath
GdipDrawImagePointsI
GdipDrawImageRectRectI
GdipAddPathArc
GdipDrawEllipseI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize

comctl32

InitCommonControlsEx
ImageList_DrawEx
_TrackMouseEvent
ord17

msimg32

AlphaBlend
GradientFill

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 858KB - Virtual size: 857KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cecd410b2c68c6b678ec4a309d6e1abe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

ws2_32

imm32

version

dxva2

crypt32

wintrust

wininet

iphlpapi

gdiplus

comctl32

msimg32

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 858KB - Virtual size: 857KB

.data Size: 31KB - Virtual size: 71KB

.msvcjmc Size: 4KB - Virtual size: 3KB

.rsrc Size: 93KB - Virtual size: 92KB

.reloc Size: 177KB - Virtual size: 176KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 858KB - Virtual size: 857KB

.data
Size: 31KB - Virtual size: 71KB

.msvcjmc
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 93KB - Virtual size: 92KB

.reloc
Size: 177KB - Virtual size: 176KB