4137132f1609f11be0270963000169b5448177cdc78de41a8e5d2bb2b1dfb4a3

Sharing

Copy URL

Twitter E-mail

General

Target

4137132f1609f11be0270963000169b5448177cdc78de41a8e5d2bb2b1dfb4a3
Size

2.4MB
MD5

611f20578e4592cce15f3e67919e90df
SHA1

0015e9fb936dd9100ad5ee5921b4d099e9020545
SHA256

4137132f1609f11be0270963000169b5448177cdc78de41a8e5d2bb2b1dfb4a3
SHA512

91aaaa5263f569cad85664b2f16f44bf3629677a033c986397cc03bb2a76a91694ef8ff21631ead8568e75bc6cc9784c2402ba1dbb8ad491065ca01196840797
SSDEEP

49152:zdCCMb0bljXPznMoH44/g51p7KieVcOxaRjDROOs:zUK5Px44/aKieJIRY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4137132f1609f11be0270963000169b5448177cdc78de41a8e5d2bb2b1dfb4a3

Files

4137132f1609f11be0270963000169b5448177cdc78de41a8e5d2bb2b1dfb4a3
.exe windows x86

04982533b8e120784d9f62ccef93091e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleExW
GetModuleFileNameA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
ExpandEnvironmentStringsA
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
GetCommandLineW
ReadProcessMemory
GlobalUnlock
GlobalLock
GetCurrentProcessId
GetComputerNameExA
CreateEventW
TerminateThread
OpenProcess
GetModuleHandleA
DuplicateHandle
CreateProcessW
Sleep
CopyFileW
ExpandEnvironmentStringsW
GetLocalTime
OpenMutexW
GetFileSizeEx
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
GetProcessTimes
CreateMutexW
GetEnvironmentVariableW
GetCurrentThreadId
lstrcmpiW
GetModuleFileNameW
WaitForSingleObject
SetEvent
MultiByteToWideChar
CreateFileW
CloseHandle
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
FlushInstructionCache
WideCharToMultiByte
GlobalAlloc
TerminateProcess
InterlockedDecrement
GetTickCount
ExitProcess
SetErrorMode
DosDateTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFilePointer
MulDiv
lstrlenW
WriteConsoleW
ConnectNamedPipe
WaitNamedPipeW
TransactNamedPipe
GetOverlappedResult
ResetEvent
DeleteCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
LoadLibraryExW
CreateThread
GetProcAddress
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
FindFirstFileW
WaitForSingleObjectEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
SetStdHandle
FlushFileBuffers
SetConsoleCtrlHandler
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
DeleteFileW
MoveFileExW
RemoveDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableA
GetFullPathNameW
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
GetSystemInfo
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
FormatMessageW
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
LocalFree
VerSetConditionMask
VerifyVersionInfoA
SleepEx
FormatMessageA
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
SetUnhandledExceptionFilter
FreeResource
IsWow64Process
lstrcpyW
WriteProcessMemory
InterlockedIncrement
GetFileSize
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
ResumeThread
SetThreadAffinityMask
GetVolumeInformationW
DeviceIoControl
GetSystemDirectoryW
CreateFileA
GetCurrentThread
GetComputerNameW
GetVersionExW
DisconnectNamedPipe
WriteFile
GetFileAttributesW
SetNamedPipeHandleState
CreateNamedPipeW
RtlUnwind

user32

DestroyIcon
SetRect
FillRect
DrawTextW
DispatchMessageW
PeekMessageW
TranslateMessage
GetWindowThreadProcessId
SetForegroundWindow
GetWindowLongW
SetWindowLongW
SetTimer
IsWindowVisible
ShowWindow
CallWindowProcW
GetWindowRect
SetCursor
GetLastInputInfo
DefWindowProcW
LoadCursorW
RegisterClassExW
CreateWindowExW
UpdateWindow
GetShellWindow
KillTimer
LoadImageW
GetCursorPos
DestroyWindow
EnableWindow
PostQuitMessage
TrackMouseEvent
LoadMenuW
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
DrawIconEx
GetSystemMetrics
IsWindow
IsIconic
IsZoomed
FindWindowExW
SetWindowPos
GetDesktopWindow
GetMonitorInfoW
MonitorFromWindow
PostMessageW
CharPrevW
MessageBoxW
SetWindowRgn
RegisterWindowMessageW
GetWindowRgn
MoveWindow
UpdateLayeredWindow
ClientToScreen
WindowFromPoint
PtInRect
IsRectEmpty
GetKeyboardLayout
IntersectRect
GetParent
GetIconInfo
HideCaret
ShowCaret
GetCaretPos
CreateAcceleratorTableW
InvalidateRgn
SendMessageW
OffsetRect
GetGUIThreadInfo
GetSysColor
MapWindowPoints
ScreenToClient
SetCaretPos
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IsWindowEnabled
wsprintfW
GetUpdateRect
MapVirtualKeyExW
GetKeyNameTextW
InflateRect
UnionRect
GetMessageW
RegisterClassW
GetClassInfoExW
SetFocus
GetMenu
SetPropW
GetPropW
GetClientRect
AdjustWindowRectEx
GetWindow
CharNextW
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetCaretBlinkTime
InvalidateRect
CreateCaret

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
LookupAccountNameW
ConvertSidToStringSidA
EnumServicesStatusW
OpenSCManagerW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetUserNameA
RegOpenCurrentUser
RegQueryInfoKeyW

ole32

CLSIDFromString
DoDragDrop
RegisterDragDrop
CLSIDFromProgID
OleDuplicateData
ReleaseStgMedium
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoInitialize
StringFromCLSID
CreateStreamOnHGlobal
CoCreateGuid
OleLockRunning

oleaut32

VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocString
SysFreeString

shlwapi

PathAppendA
PathFindFileNameA
PathFileExistsA
PathAppendW
PathRemoveFileSpecW
StrStrIW
StrIsIntlEqualW
StrStrW
StrCpyW
PathFindFileNameW
StrStrIA

gdiplus

GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromFile
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipFree
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillRectangleI
GdipDrawRectangleI
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipAlloc
GdipStringFormatGetGenericTypographic
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawImageRectI

imagehlp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo

ws2_32

getaddrinfo
gethostname
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
gethostbyname
WSAIoctl
socket
setsockopt
ntohs
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
htons
htonl
ntohl

wldap32

ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

msimg32

AlphaBlend

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdi32

CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRectRgn
PtInRegion
CreateDIBSection
CreateRoundRectRgn
CombineRgn
SelectObject
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
GetBitmapBits
SetBitmapBits
SaveDC
RestoreDC
CreatePenIndirect
GetStockObject

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 160KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 166KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

04982533b8e120784d9f62ccef93091e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

gdiplus

imagehlp

iphlpapi

ws2_32

wldap32

msimg32

version

gdi32

imm32

comctl32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 337KB - Virtual size: 337KB

.data Size: 160KB - Virtual size: 183KB

.gfids Size: 1KB - Virtual size: 1KB

.rsrc Size: 91KB - Virtual size: 91KB

.reloc Size: 166KB - Virtual size: 168KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 337KB - Virtual size: 337KB

.data
Size: 160KB - Virtual size: 183KB

.gfids
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 91KB - Virtual size: 91KB

.reloc
Size: 166KB - Virtual size: 168KB