7a543501987cd3b0c629216dbbcf93591c96c9bc62c28f65397a2e561dd0c09e

Sharing

Copy URL

Twitter E-mail

General

Target

7a543501987cd3b0c629216dbbcf93591c96c9bc62c28f65397a2e561dd0c09e
Size

14.9MB
MD5

3af0ac0b239d9d944412991242519d9d
SHA1

b5e3263e9eacc91d58ebdf5bce1d613ae9c40e95
SHA256

7a543501987cd3b0c629216dbbcf93591c96c9bc62c28f65397a2e561dd0c09e
SHA512

66a51798a57f8842cebeaa3fcb5f4f73992e300b71514592f001321248af0c00b2f4b919dbff7072038947d8688035c2d21d8d9aaf6978950bce3a7cf002b0be
SSDEEP

393216:Z8u9sIaXIPJibJ4g/soH90yOyCW9VfLBtI0:uu1a4Yb6g/Hd0nCfN20

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a543501987cd3b0c629216dbbcf93591c96c9bc62c28f65397a2e561dd0c09e

Files

7a543501987cd3b0c629216dbbcf93591c96c9bc62c28f65397a2e561dd0c09e
.exe windows x86

519bb9cc95dc5189562c76eb8cfa3d51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
GetCurrentProcess
TerminateProcess
PeekNamedPipe
GetFileAttributesExW
GlobalFlags
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateProcessW
CopyFileW
VirtualQuery
FileTimeToSystemTime
GetSystemTimeAsFileTime
lstrcmpW
lstrcmpiW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
TryEnterCriticalSection
DeleteFileW
ResetEvent
WaitForSingleObject
CreateProcessA
GetThreadContext
VirtualAllocEx
Sleep
SetEvent
ExitProcess
GetDriveTypeW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
GetModuleFileNameW
FindClose
FindNextFileW
FindFirstFileW
CloseHandle
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
SetStdHandle
FlushFileBuffers
GetFileSizeEx
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
RtlUnwind
LocalFree
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
lstrlenA
VerifyVersionInfoW
GetModuleHandleA
VerSetConditionMask
CompareFileTime
CreateFileMappingA
MapViewOfFile
GetEnvironmentVariableA
MoveFileExW
QueryPerformanceFrequency
SleepEx
SystemTimeToFileTime
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
LoadLibraryA
ConvertThreadToFiber
ConvertFiberToThread
QueryPerformanceCounter
FormatMessageW
CreateFiber
DeleteFiber
SwitchToFiber
GetFileType
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleExW
CreateFileW
SetFilePointer
SetFilePointerEx
ReadFile
WriteFile
CreateThread
ResumeThread
CreateEventW
IsDebuggerPresent
HeapFree
lstrlenW
GetModuleHandleW
GetCurrentThreadId
LeaveCriticalSection
CreateDirectoryA
GetFileAttributesW
SetFileAttributesW
FreeLibrary
LoadLibraryW
GetTickCount
FreeResource
GlobalReAlloc
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
WaitForMultipleObjects
MapViewOfFileEx
CreateFileMappingW
GetFileSize
GetProcAddress
MultiByteToWideChar
UnmapViewOfFile
GetSystemInfo
WideCharToMultiByte
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
CreateSemaphoreW
SwitchToThread
GetCurrentProcessId
SetLastError
CreateDirectoryW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
HeapCreate
CreateFileA
GetLogicalDriveStringsW
RemoveDirectoryW

user32

UnregisterClassW
MessageBoxW
SetWindowLongW
GetSystemMetrics
DestroyWindow
SendMessageW
GetWindowLongW
UpdateWindow
GetCapture
WindowFromPoint
SetRect
IsZoomed
GetTopWindow
InvalidateRect
MessageBeep
OffsetRect
SetParent
PtInRect
GetLastActivePopup
GetSystemMenu
SetWindowRgn
DrawIcon
IsDialogMessageW
GetDlgCtrlID
DrawTextW
SetWindowPos
IsWindowEnabled
EnableWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
GetSysColor
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
IsWindowVisible
ShowWindow
GetWindowRect
GetParent
ScreenToClient
GetFocus
IsWindow
SetFocus
FindWindowA
SendMessageA
GetUserObjectInformationW
GetProcessWindowStation
EqualRect
MoveWindow
PostMessageW
GetKeyState
SetCursor
AdjustWindowRectEx
MsgWaitForMultipleObjects
ReleaseDC
GetClientRect
GetWindowDC
GetDC
LoadImageW
GetDesktopWindow
LoadCursorW
LoadIconW
RegisterClassW
GetClassInfoW
GetActiveWindow
LoadStringW
CreateWindowExW
EnumWindows
GetMonitorInfoW
WaitForInputIdle
SetActiveWindow
MonitorFromWindow
GetWindowThreadProcessId
wsprintfW
EndPaint
BeginPaint
ReleaseCapture
RegisterWindowMessageW
GetClassInfoExW
GetDlgItem
GetPropW
SetCapture
GetClassNameW
CharNextW
CreateAcceleratorTableW
IsChild
DestroyAcceleratorTable
ClientToScreen
RedrawWindow
InvalidateRgn
RegisterClassExW
FillRect
GetWindow
CallWindowProcW
GetCursorPos
KillTimer
DestroyIcon
SetTimer
PostQuitMessage
TranslateAcceleratorW
DeleteMenu
SetPropW
SetMenu
WinHelpW
IsRectEmpty
IntersectRect
IsIconic
GetNextDlgTabItem
FindWindowExW
RemovePropW

gdi32

GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
SetWinMetaFileBits
ExtTextOutW
SetEnhMetaFileBits
DeleteEnhMetaFile
SetPixel
GetPixel
ExtCreateRegion
CreateRectRgn
CombineRgn
PatBlt
SetBkMode
GetTextMetricsW
ExcludeClipRect
GetClipBox
CreateRoundRectRgn
CreateEllipticRgn
SetTextColor
SetBkColor
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
SelectObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GdiAlphaBlend
StretchBlt
RealizePalette
GetStockObject
GetDIBits
GetDeviceCaps
DeleteDC
SelectPalette
CreatePalette
GetObjectW
SetStretchBltMode
CreateFontIndirectW
DeleteObject

advapi32

RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyExW

shell32

Shell_NotifyIconW
DragFinish
DragQueryFileW
SHGetMalloc
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHBrowseForFolderW
ShellExecuteW

ole32

CoTaskMemRealloc
OleLockRunning
OleInitialize
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

VarUI4FromStr
SafeArrayDestroy
LoadRegTypeLi
SafeArrayUnlock
DispCallFunc
SysStringLen
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
LoadTypeLi
OleCreateFontIndirect
SysAllocString
VariantChangeType
VariantClear
SysFreeString

comctl32

InitCommonControlsEx
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_LoadImageW
ImageList_GetImageCount
ImageList_GetImageInfo

shlwapi

StrChrW
StrPBrkW
PathIsDirectoryA

wldap32

ord41
ord117
ord26
ord27
ord127
ord208
ord142
ord145
ord133
ord147
ord301
ord216
ord14
ord46
ord167
ord219
ord79

ws2_32

ntohs
WSAGetLastError
htons
setsockopt
ioctlsocket
gethostname
select
__WSAFDIsSet
accept
getnameinfo
recvfrom
listen
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
recv
WSAEnumNetworkEvents
WSACleanup
bind
WSAStartup
socket
connect
WSAIoctl
closesocket
ntohl
shutdown
WSASetLastError
WSAStringToAddressW
getaddrinfo
getpeername
getsockname
send
WSAAddressToStringW
getsockopt
htonl
freeaddrinfo
sendto

uxtheme

SetWindowTheme

winmm

timeGetTime
timeEndPeriod
timeGetDevCaps
timeBeginPeriod

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipSetCompositingMode
GdipGetImagePalette
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenStore

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

519bb9cc95dc5189562c76eb8cfa3d51

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

wldap32

ws2_32

uxtheme

winmm

gdiplus

crypt32

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 47KB - Virtual size: 115KB

.rsrc Size: 10.2MB - Virtual size: 10.2MB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 47KB - Virtual size: 115KB

.rsrc
Size: 10.2MB - Virtual size: 10.2MB