557be3ff2ab2f04fe7268e7ef613192f81e311561a7d82e3d53f25ba34066814

Sharing

Copy URL Twitter E-mail

General

Target

557be3ff2ab2f04fe7268e7ef613192f81e311561a7d82e3d53f25ba34066814
Size

26.1MB
MD5

c1538030aa554068991e3f21b62c5bbd
SHA1

caff519aa62b6f0d1c3f0bfa98520a0c7d704c08
SHA256

557be3ff2ab2f04fe7268e7ef613192f81e311561a7d82e3d53f25ba34066814
SHA512

423f50c14e1172e96964f7ea444e4ba82b596a17dad3df7534bb891b5591a32444a672adf07be9e9769680dcd512a1de09a3b82cbed9c1d18d6793781b74a9db
SSDEEP

393216:MnV4kwkGIz6IL55H184kFEiJzCDSPMICC47URP4+buj3OrzTxgrJsv6tWKFdu9CO:lU+QC4dHjePy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
557be3ff2ab2f04fe7268e7ef613192f81e311561a7d82e3d53f25ba34066814

Files

557be3ff2ab2f04fe7268e7ef613192f81e311561a7d82e3d53f25ba34066814
.exe windows x64

ea844d728d37484c4e009a12b7d80cd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

GetThemeBool
SetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
GetCurrentThemeName
IsAppThemed
OpenThemeData
GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
ord47
IsThemeActive

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute

oleaut32

SafeArrayPutElement
SafeArrayCreateVector
SysAllocString
SysFreeString

imm32

ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetCompositionStringW
ImmAssociateContext
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetOpenStatus
ImmAssociateContextEx

gdi32

CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
GetDeviceCaps
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
CombineRgn
SetLayout
OffsetRgn
BitBlt
CreateCompatibleBitmap
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
DeleteDC
RemoveFontMemResourceEx
CreateRectRgn
CreateCompatibleDC

iphlpapi

ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToGuid
GetAdaptersAddresses
ConvertInterfaceNameToLuidW

crypt32

CertCreateCertificateContext
CertOpenSystemStoreW
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertGetCertificateChain
CertFreeCertificateChain
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore

user32

GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetMenu
GetSystemMenu
DrawIconEx
MessageBoxW
ChangeWindowMessageFilterEx
RealGetWindowClassW
EnumWindows
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
EnumDisplayDevicesW
RegisterClassW
MessageBeep
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
IsWindow
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
DestroyCursor
GetDoubleClickTime
GetDesktopWindow
GetSysColor
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSystemMetrics
GetWindow
GetWindowThreadProcessId
GetTopWindow
SetParent
GetParent
wsprintfA
GetCursorInfo
DestroyIcon
MonitorFromPoint
GetAncestor
GetKeyboardLayoutList
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
PostThreadMessageW
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetProcessWindowStation
GetUserObjectInformationW
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
UnregisterClassW
GetClassInfoW
RegisterClassExW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus

ws2_32

gethostname
accept
bind
closesocket
connect
getsockname
WSACleanup
listen
recv
recvfrom
select
send
setsockopt
shutdown
socket
WSAStartup
WSAGetLastError
getaddrinfo
freeaddrinfo
inet_ntoa
getpeername
WSAIoctl
__WSAFDIsSet
htonl
htons
ntohs
inet_addr
ntohl
getnameinfo
WSAAccept
WSAConnect
WSAHtonl
WSANtohl
WSANtohs
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketW
WSAAsyncSelect
WSASetLastError
getsockopt

advapi32

RegOpenKeyExW
RegNotifyChangeKeyValue
RegCloseKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
SystemFunction036
RegQueryValueExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
AccessCheck
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetShareEnum
NetApiBufferFree

kernel32

LCMapStringEx
DecodePointer
EncodePointer
RaiseException
RtlPcToFileHeader
SleepConditionVariableSRW
SleepConditionVariableCS
WakeConditionVariable
InitializeConditionVariable
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetExitCodeThread
InitializeSListHead
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
GetCPInfo
RtlUnwindEx
SetLastError
RtlUnwind
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
SetFileAttributesW
SetStdHandle
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
WriteConsoleW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
RtlVirtualUnwind
VirtualFree
VirtualAlloc
ReleaseMutex
WriteFileEx
SleepEx
CancelIoEx
PeekNamedPipe
ReadFileEx
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
GetModuleHandleExW
FindFirstFileExW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
LCMapStringW
CompareStringW
GetModuleFileNameW
GetStartupInfoW
RegisterWaitForSingleObject
UnregisterWaitEx
GetExitCodeProcess
CreateNamedPipeW
ConnectNamedPipe
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStdHandle
SetFilePointerEx
GetFileType
GetFileInformationByHandleEx
FileTimeToSystemTime
MoveFileExW
MoveFileW
CopyFileW
DeviceIoControl
SetErrorMode
GetVolumePathNamesForVolumeNameW
SetFileTime
RemoveDirectoryW
GetLogicalDrives
GetFileInformationByHandle
CreateDirectoryW
GetCurrentDirectoryW
GetTickCount64
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
SwitchToThread
DuplicateHandle
GetSystemDirectoryW
GetCommandLineW
GetLocalTime
IsProcessorFeaturePresent
GetCurrentProcess
CompareStringEx
LocalAlloc
ExitProcess
GetConsoleWindow
GetLongPathNameW
GetDriveTypeW
GetVolumeInformationW
GetUserDefaultLangID
GlobalSize
GetLocaleInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
OpenProcess
CheckRemoteDebuggerPresent
ConvertThreadToFiber
GetEnvironmentVariableW
SetConsoleMode
ReadConsoleA
SystemTimeToTzSpecificLocalTime
WakeAllConditionVariable
HeapDestroy
CreateProcessW
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
GetModuleHandleW
lstrcmpW
CreateProcessA
TerminateProcess
TzSpecificLocalTimeToSystemTime
SetHandleInformation
Sleep
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
CreateThread
GetSystemTime
FindClose
FindFirstFileW
FindNextFileW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
GetProcAddress
UnlockFile
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GlobalFree
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects

ole32

CoUninitialize
CoInitializeEx
CoInitialize
OleSetClipboard
RegisterDragDrop
OleUninitialize
OleIsCurrentClipboard
CoCreateInstance
DoDragDrop
CoTaskMemFree
ReleaseStgMedium
CoGetMalloc
CoCreateGuid
StringFromGUID2
CoLockObjectExternal
OleInitialize
RevokeDragDrop
OleFlushClipboard
OleGetClipboard

shell32

CommandLineToArgvW
Shell_NotifyIconGetRect
SHGetKnownFolderPath
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
Shell_NotifyIconW

winmm

timeKillEvent
timeSetEvent
PlaySoundW

bcrypt

BCryptGenRandom

Sections

.text
Size: 12.5MB - Virtual size: 12.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12.2MB - Virtual size: 12.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 446KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 614KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea844d728d37484c4e009a12b7d80cd2

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

uxtheme

dwmapi

oleaut32

imm32

gdi32

iphlpapi

crypt32

user32

ws2_32

advapi32

userenv

version

netapi32

kernel32

ole32

shell32

winmm

bcrypt

Sections

.text Size: 12.5MB - Virtual size: 12.5MB

.rdata Size: 12.2MB - Virtual size: 12.2MB

.data Size: 446KB - Virtual size: 552KB

.pdata Size: 614KB - Virtual size: 613KB

.qtmetad Size: 2KB - Virtual size: 1KB

.qtmimed Size: 315KB - Virtual size: 315KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 86KB - Virtual size: 86KB

.text
Size: 12.5MB - Virtual size: 12.5MB

.rdata
Size: 12.2MB - Virtual size: 12.2MB

.data
Size: 446KB - Virtual size: 552KB

.pdata
Size: 614KB - Virtual size: 613KB

.qtmetad
Size: 2KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 86KB - Virtual size: 86KB