a424c359f919c1e1ae4830ba0c82ee1c32b57d82a75ee80810f091ba5ded3285

Sharing

Copy URL Twitter E-mail

General

Target

a424c359f919c1e1ae4830ba0c82ee1c32b57d82a75ee80810f091ba5ded3285
Size

1.6MB
MD5

82a3924b5cbf2dde0992e79d78240b50
SHA1

9751bcfb3ff328b84c470d543746094d730f27f7
SHA256

a424c359f919c1e1ae4830ba0c82ee1c32b57d82a75ee80810f091ba5ded3285
SHA512

16048c85597dfb3dd6925c768d831cfdffface66f6eb4711a07102317c42cd42122799cbea555dd1ee79484a2c615a6f4f74a6858d5e084f58a965e31a22034c
SSDEEP

24576:a6RypO+xQWA8dkUNUt5gW6gtNnyDKcBn3kBkD+o0Or/ESeiFKS+cnwrjTig5Ki:PRYeZUw5hyD7+7SE6+cnwPTig51

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a424c359f919c1e1ae4830ba0c82ee1c32b57d82a75ee80810f091ba5ded3285

Files

a424c359f919c1e1ae4830ba0c82ee1c32b57d82a75ee80810f091ba5ded3285
.exe windows x86

63196b3f0031ac9a44cbc9bf8cfe87d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gxiapi

ord200
ord100
ord201
ord404
ord406
ord405
ord709
ord400
ord301
ord302
ord412
ord407
ord421
ord408
ord411
ord409
ord410
ord501
ord101
ord500

avifil32

AVIStreamRelease
AVIStreamGetFrameOpen
AVIFileExit
AVIFileInit
AVIStreamInfoW
AVIStreamRead
AVIFileInfoW
AVIStreamSetFormat
AVIFileCreateStreamW
AVIFileOpenW
AVIStreamWrite
AVIFileRelease
AVIStreamGetFrame
AVIStreamGetFrameClose
AVIFileGetStream

zlib

ord8
ord6
ord19
ord22
ord20
ord4

mfc42u

ord3621
ord2406
ord4128
ord4292
ord5784
ord1634
ord4273
ord6655
ord2756
ord4197
ord2813
ord3614
ord5857
ord5568
ord2910
ord2914
ord610
ord6135
ord287
ord5706
ord4272
ord551
ord4124
ord6921
ord6919
ord665
ord1971
ord5438
ord3313
ord5180
ord354
ord6381
ord6874
ord4155
ord2057
ord536
ord2606
ord3716
ord795
ord1143
ord1165
ord755
ord470
ord2371
ord5977
ord5852
ord2294
ord4294
ord6871
ord2078
ord3397
ord3084
ord927
ord922
ord5679
ord812
ord5858
ord5853
ord559
ord6640
ord2812
ord537
ord1137
ord3014
ord361
ord293
ord3494
ord355
ord4199
ord554
ord807
ord3566
ord686
ord6437
ord5878
ord5651
ord2444
ord2445
ord5879
ord6142
ord6617
ord2088
ord384
ord2795
ord2385
ord2854
ord3711
ord3688
ord6107
ord4688
ord389
ord3210
ord2131
ord5918
ord5307
ord668
ord3176
ord2773
ord2762
ord356
ord3012
ord2550
ord3290
ord6150
ord2522
ord4360
ord4051
ord5467
ord4116
ord2381
ord5080
ord1703
ord1708
ord5230
ord6365
ord5275
ord5058
ord5244
ord2436
ord3725
ord4263
ord4158
ord5880
ord2916
ord5881
ord4279
ord2915
ord1775
ord2350
ord2478
ord2293
ord2567
ord4390
ord3569
ord609
ord556
ord809
ord1088
ord2114
ord6354
ord713
ord414
ord6137
ord3983
ord5855
ord3979
ord4118
ord4667
ord5215
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord5214
ord617
ord2613
ord5208
ord296
ord2717
ord2755
ord4198
ord5579
ord353
ord2356
ord2362
ord6330
ord2858
ord6140
ord4215
ord2576
ord3649
ord2430
ord6266
ord1637
ord6597
ord956
ord773
ord5596
ord2768
ord1083
ord1183
ord501
ord6773
ord2574
ord4396
ord3365
ord3635
ord693
ord6688
ord6898
ord3993
ord3991
ord5949
ord1764
ord6362
ord2405
ord2016
ord4395
ord3634
ord692
ord323
ord1633
ord640
ord4270
ord616
ord567
ord3577
ord4418
ord5286
ord4392
ord1768
ord6051
ord2570
ord4213
ord2015
ord2403
ord2634
ord6211
ord2859
ord3871
ord6278
ord6279
ord2637
ord6390
ord5446
ord6379
ord5436
ord3658
ord3806
ord3332
ord1197
ord925
ord859
ord942
ord940
ord538
ord823
ord2806
ord535
ord858
ord6868
ord541
ord6139
ord801
ord2810
ord4704
ord6195
ord3087
ord4229
ord641
ord324
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord825
ord540
ord861
ord800
ord790
ord1569

msvcrt

wcscpy
__CxxFrameHandler
_waccess
wcslen
wcscmp
_close
_filelength
_wopen
_ftol
_CIpow
memmove
wcstol
_wmkdir
_wsplitpath
_wcsicmp
wcstod
mbstowcs
wcstoul
rand
srand
time
_except_handler3
fclose
_wfopen
getc
_CIasin
free
wcsrchr
_CxxThrowException
wcsncmp
wcsstr
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__dllonexit
_onexit
_controlfp

kernel32

CloseHandle
GetVersionExA
DeviceIoControl
GlobalFree
CreateFileA
FreeLibrary
GetLastError
GetTickCount
GlobalAlloc
Sleep
GetSystemTime
LoadLibraryA
GetProcAddress
LocalLock
LocalAlloc
LocalFree
LocalUnlock
LoadLibraryW
InterlockedDecrement
lstrlenW
FormatMessageW
WideCharToMultiByte
GlobalUnlock
WriteFile
CreateFileW
GetSystemDefaultLangID
ReadFile
GetFileSize
MultiByteToWideChar
LockResource
SizeofResource
LoadResource
FindResourceW
GetSystemDirectoryW
GetModuleFileNameW
CopyFileW
GetLocalTime
FindClose
FindNextFileW
FindFirstFileW
CreateMutexW
GetCurrentProcess
GetModuleHandleW
GetVersionExW
GetLongPathNameW
GetCurrentThreadId
lstrcpynW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetStartupInfoW
lstrlenA
GlobalLock

user32

DrawIcon
LoadIconW
CallNextHookEx
GetClassNameW
GetWindowTextW
IsIconic
SetForegroundWindow
OpenInputDesktop
EnumDesktopWindows
CloseDesktop
FillRect
GetDlgCtrlID
InvalidateRect
SetParent
KillTimer
SetTimer
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetWindowPos
LoadBitmapW
FindWindowW
GetAsyncKeyState
SetWindowLongW
SetCursorPos
CreatePopupMenu
AppendMenuW
IsClipboardFormatAvailable
ClientToScreen
TrackPopupMenu
RedrawWindow
PostMessageW
SetCursor
GetClientRect
LoadCursorW
GetDesktopWindow
GetWindowRect
GetSysColor
GetDC
DrawTextW
GetParent
MessageBoxW
SendMessageW
CopyRect
wsprintfW
EnableWindow
SystemParametersInfoW
LoadMenuW
ModifyMenuW
CheckMenuItem
GetWindow
GetWindowLongW
IsWindowVisible
IsWindow
IsWindowEnabled
LoadImageW
DeleteMenu
UnhookWindowsHookEx
SetWindowsHookExW
SetActiveWindow
GetSystemMenu
EnableMenuItem
DrawMenuBar
GetMenu
GetSubMenu
ReleaseDC
GetSystemMetrics
SetRect

gdi32

GetTextColor
SetBkMode
ExcludeClipRect
CreateFontIndirectW
SetTextColor
CreatePen
GetTextExtentPoint32W
SelectObject
GetBkColor
Arc
LineTo
MoveToEx
DeleteDC
PatBlt
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateDIBitmap
GetDIBits
DeleteObject
SetBkColor
GetColorAdjustment
GetStretchBltMode
SetStretchBltMode
SetColorAdjustment
Ellipse
GetTextAlign
SetTextAlign
TextOutW
GetROP2
SetROP2
CreateFontW
GetObjectW
Polyline
PolyBezier
SetPixel
StretchBlt

advapi32

CryptAcquireContextW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptCreateHash

shell32

SHGetSpecialFolderPathW
DragQueryFileW
DragFinish
ShellExecuteExW

comctl32

ImageList_AddMasked

ole32

CoUninitialize
CoTaskMemFree
CoInitializeEx
OleRun
CoCreateInstance
GetHGlobalFromStream
CreateStreamOnHGlobal

olepro32

ord252

oleaut32

SafeArrayUnaccessData
SysAllocString
VariantCopy
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
CreateErrorInfo
SafeArrayAccessData
SysFreeString
VariantChangeType
GetErrorInfo
SetErrorInfo

gdiplus

GdiplusShutdown
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipSetSmoothingMode
GdiplusStartup
GdipDisposeImage
GdipDeleteGraphics
GdipDrawImageRectRect

Sections

.text
Size: 924KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_BSS
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 620KB - Virtual size: 617KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63196b3f0031ac9a44cbc9bf8cfe87d2

Headers

File Characteristics

Imports

gxiapi

avifil32

zlib

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

gdiplus

Sections

.text Size: 924KB - Virtual size: 920KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 32KB - Virtual size: 29KB

_BSS Size: 4KB - Virtual size: 16B

.rsrc Size: 620KB - Virtual size: 617KB

.text
Size: 924KB - Virtual size: 920KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 32KB - Virtual size: 29KB

_BSS
Size: 4KB - Virtual size: 16B

.rsrc
Size: 620KB - Virtual size: 617KB