9ca6bef7d3bb0b80fcbcc5c20c4a1f8500e4f5e45dde398a0ddac418efb5807d

Sharing

Copy URL Twitter E-mail

General

Target

9ca6bef7d3bb0b80fcbcc5c20c4a1f8500e4f5e45dde398a0ddac418efb5807d
Size

4.4MB
MD5

c875de9035edf1dcb9e731af82ab8498
SHA1

c1b058b0eddecf7a0d91e6e3a56397f5c6fc3aee
SHA256

9ca6bef7d3bb0b80fcbcc5c20c4a1f8500e4f5e45dde398a0ddac418efb5807d
SHA512

4cfd836c4e616c89fd66812ed09366f94bcbde75637d5a45fbb289b8ab3f45a85d5e01dc5cb7a86fdaa66b8cc2f1d76ce5a8ea900383adf9580409589fbae987
SSDEEP

98304:sqwmdBQth++3KVqrKL9ohJx+CrE+FkAdTD12nI:sgethhKVSvkAdTDYn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ca6bef7d3bb0b80fcbcc5c20c4a1f8500e4f5e45dde398a0ddac418efb5807d

Files

9ca6bef7d3bb0b80fcbcc5c20c4a1f8500e4f5e45dde398a0ddac418efb5807d
.exe windows x86

d5d335abce008d340e58d6c5ce9594d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

SearchPathW
GetProfileIntW
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetWindowsDirectoryW
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
SetFilePointerEx
VirtualQuery
HeapQueryInformation
GetCommandLineW
GetCommandLineA
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
ExitProcess
SetStdHandle
RtlUnwind
OutputDebugStringW
FindResourceExW
GetTempFileNameW
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetCurrentDirectoryW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
GlobalHandle
GlobalReAlloc
GlobalGetAtomNameW
GetThreadLocale
lstrcmpiW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
ResumeThread
SuspendThread
SetThreadPriority
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcpyW
GetVersionExW
GetCurrentThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
lstrcmpA
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleA
FreeResource
EncodePointer
OutputDebugStringA
FormatMessageW
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
InitializeCriticalSectionAndSpinCount
FindNextFileW
FindFirstFileW
FindClose
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetCurrentProcessId
GetACP
GetEnvironmentVariableW
GetModuleHandleExW
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
GetFileType
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
IsWow64Process
CreateIoCompletionPort
QueryPerformanceCounter
FormatMessageA
GetOverlappedResult
CancelIoEx
QueryPerformanceFrequency
GetVersionExA
LoadLibraryA
GetSystemDirectoryA
PostQueuedCompletionStatus
GetQueuedCompletionStatus
VerifyVersionInfoA
GetSystemTimeAsFileTime
SetEvent
CreateEventW
CancelWaitableTimer
WaitForMultipleObjects
CreateWaitableTimerW
SetWaitableTimer
TlsFree
TlsAlloc
InitializeConditionVariable
WakeAllConditionVariable
TlsSetValue
TryEnterCriticalSection
SleepConditionVariableCS
CopyFileW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetNativeSystemInfo
GetCurrentProcess
GetTempPathW
WriteFile
GetFileAttributesW
CreateFileA
LocalFree
LocalAlloc
GlobalFree
GlobalAlloc
ReleaseMutex
SleepEx
GetCurrentThreadId
InitializeCriticalSection
TlsGetValue
DeviceIoControl
SetLastError
VerifyVersionInfoW
CreateMutexW
ResetEvent
VerSetConditionMask
GetTickCount
GetStdHandle
CreateDirectoryW
GetLocalTime
TerminateThread
GetExitCodeThread
WideCharToMultiByte
TerminateProcess
ReadFile
GetStartupInfoW
Sleep
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessW
CreateFileW
GetSystemDirectoryW
MultiByteToWideChar
WriteConsoleW
DeleteFileW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW

user32

DrawIconEx
IsRectEmpty
InflateRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
OffsetRect
SetRectEmpty
SendDlgItemMessageA
ClientToScreen
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
SetDlgItemTextW
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetMessageW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
SetCursorPos
BringWindowToTop
PostMessageW
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
TrackMouseEvent
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
TranslateMessage
ShowOwnedPopups
SetCursor
GetNextDlgGroupItem
SetCapture
ReleaseCapture
WindowFromPoint
DestroyIcon
LoadImageW
CopyImage
GetIconInfo
GetKeyNameTextW
MapVirtualKeyW
DestroyMenu
IsWindow
CreateWindowExW
GetMenuItemInfoW
SystemParametersInfoW
CharUpperW
SetLayeredWindowAttributes
LoadCursorW
EnumDisplayMonitors
RealChildWindowFromPoint
GetAsyncKeyState
GetParent
IntersectRect
LockWindowUpdate
GetDoubleClickTime
CopyIcon
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
RegisterClipboardFormatW
CharUpperBuffW
LoadIconW
TranslateAcceleratorW
GetSystemMenu
AppendMenuW
SendMessageW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SetTimer
KillTimer
LoadMenuW
GetSubMenu
GetCursorPos
UnregisterClassW
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
DrawStateW
UpdateWindow
InvalidateRect
FillRect
GetClassNameW
LoadBitmapW
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
RegisterWindowMessageW
DispatchMessageW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
IsZoomed
DeleteMenu
MessageBeep
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
WaitMessage
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetScrollRange
SetRect
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
FrameRect
PostThreadMessageW
HideCaret
InvertRect
GetWindowRgn
DestroyCursor
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
IsClipboardFormatAvailable
GetUpdateRect
EnableWindow
SubtractRect

gdi32

SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32W
PatBlt
CreatePolygonRgn
Polygon
Polyline
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
GetMapMode
SetRectRgn
CreateRoundRectRgn
CreateDIBSection
GetRgnBox
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
OffsetRgn
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCW
CopyMetaFileW
GetStockObject
DeleteObject
CreateSolidBrush
CreateFontIndirectW
GetObjectW
DPtoLP
BitBlt
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

CryptDestroyHash
RegQueryValueExW
RegCloseKey
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
CryptEnumProvidersW
CryptSignHashW
RegOpenKeyExW
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
StartServiceW
QueryServiceStatus

shell32

DragFinish
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHGetFileInfoW
SHAppBarMessage
ShellExecuteW
DragQueryFileW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
StrCpyNW
StrStrIW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
IsAppThemed

ole32

OleLockRunning
RevokeDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRevokeClassObject
CoRegisterMessageFilter
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SysFreeString
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysAllocString
SysStringLen

oledlg

OleUIBusyW

gdiplus

GdipCreateFromHDC
GdipDrawImageI
GdipDrawImageRectI
GdipDeleteGraphics
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipBitmapUnlockBits
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

setupapi

CM_Get_Parent
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
CM_Reenumerate_DevNode
SetupDiEnumDeviceInterfaces
SetupDiDeleteDeviceInterfaceData
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
CM_Get_Device_IDW

ws2_32

setsockopt
shutdown
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
htonl
gethostbyname
ntohs
getsockopt
WSAGetLastError
WSACleanup
WSAStartup
socket
send
select
recv
inet_addr
ioctlsocket
connect
closesocket
__WSAFDIsSet
htons

bcrypt

BCryptGenRandom

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 843KB - Virtual size: 843KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5d335abce008d340e58d6c5ce9594d2

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

crypt32

setupapi

ws2_32

bcrypt

oleacc

imm32

winmm

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 843KB - Virtual size: 843KB

.data Size: 130KB - Virtual size: 164KB

.gfids Size: 107KB - Virtual size: 106KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 205KB - Virtual size: 205KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 843KB - Virtual size: 843KB

.data
Size: 130KB - Virtual size: 164KB

.gfids
Size: 107KB - Virtual size: 106KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 205KB - Virtual size: 205KB