3a53d77054fe33b0d8dc7583c62a5f2b9b8e48b7827325c170325acb8c0aaa85

Sharing

Copy URL Twitter E-mail

General

Target

3a53d77054fe33b0d8dc7583c62a5f2b9b8e48b7827325c170325acb8c0aaa85
Size

2.2MB
MD5

d96d7f31edf5c3c206587cb41fd114bd
SHA1

b58069caf34782b8e56b3fce93c388cc8e39e20d
SHA256

3a53d77054fe33b0d8dc7583c62a5f2b9b8e48b7827325c170325acb8c0aaa85
SHA512

30ad57a5b9d3efd1f9845ea1f4b36c1f59a2a29805153e31e28d05c37a66f6c087e201083c94c252c57d7991179f75b9d3ca01895d003b27eb50178a15621f2f
SSDEEP

49152:y240Cl2+1ozXYbXeN0vQj1szRw1dqUHrE6PoVNP+/:yAoeNjpsS17I+/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a53d77054fe33b0d8dc7583c62a5f2b9b8e48b7827325c170325acb8c0aaa85

Files

3a53d77054fe33b0d8dc7583c62a5f2b9b8e48b7827325c170325acb8c0aaa85
.dll windows x64

ea9b991454506cdcf7fc9a3eed61b1e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
lstrlenW
lstrcpynW
GetModuleHandleW
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
MoveFileExW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindClose
ReadConsoleW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetModuleHandleExW
ExitThread
RtlUnwindEx
RtlPcToFileHeader
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
GetProcAddress
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
OpenFileMappingW
CreateTimerQueue
GetFileType
GetStdHandle
GetVersionExW
GetSystemWindowsDirectoryW
LoadLibraryExW
CreateFileA
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
DeviceIoControl
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlushFileBuffers
GetFileSizeEx
CreateMutexW
ReleaseMutex
LocalFree
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceCounter
GetACP
GetLocalTime
ResetEvent
ResumeThread
GetTempPathW
GetTempFileNameW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetVersion
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteFile
SetFilePointer
SetEndOfFile
FindNextFileW
lstrcmpW
ReadFile
GetFileSize
IsBadReadPtr
GetCurrentProcessId
FreeResource
ExitProcess
MulDiv
GetTickCount
CreateFileW
GetModuleFileNameW
FreeLibrary
FindResourceExW
WaitForMultipleObjects
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
EncodePointer
TryEnterCriticalSection
GetExitCodeThread
CreateDirectoryW
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
FormatMessageW
GetStringTypeW
SignalObjectAndWait
HeapAlloc
HeapDestroy
GetLastError
RaiseException
CloseHandle
DecodePointer
SetFileAttributesW
DeleteFileW
VirtualAlloc

user32

KillTimer
EnableWindow
GetWindowRect
ScreenToClient
GetWindow
MonitorFromWindow
wvsprintfW
SetFocus
InflateRect
UnionRect
OffsetRect
LoadCursorW
SendMessageW
CreateWindowExW
IsChild
DestroyWindow
UpdateLayeredWindow
IsWindowVisible
IsZoomed
CharNextW
GetFocus
SetCapture
SetWindowPos
MoveWindow
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowThreadProcessId
SetForegroundWindow
GetForegroundWindow
SendInput
BringWindowToTop
ReleaseCapture
GetDC
ReleaseDC
AttachThreadInput
wsprintfW
SetTimer
ShowWindow
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
IsWindow
PostQuitMessage
PostMessageW
GetKeyState
SetCursor
MapWindowPoints
IsWindowEnabled
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindowDC
FillRect
InvalidateRgn
CreateAcceleratorTableW
GetSysColor
ClientToScreen
ShowCaret
HideCaret
GetIconInfo
DrawIconEx
DestroyIcon
SetRect
DrawTextW
CharPrevW
CopyRect
FindWindowExW
RemovePropW
GetMonitorInfoW
MessageBoxW
SetWindowRgn
IsIconic
SystemParametersInfoW
LoadImageW
SetWindowLongPtrW
GetWindowLongPtrW
GetPropW
SetPropW
GetSystemMetrics
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetClassNameW
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
IntersectRect

gdi32

CreateCompatibleBitmap
CreateSolidBrush
SetDIBitsToDevice
GetDIBits
CreateDCW
ExtTextOutW
TextOutW
SetDIBColorTable
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CombineRgn
CreateDIBSection
GetDeviceCaps
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
BitBlt

advapi32

RegEnumKeyExW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
RegQueryValueExA
RegGetValueW
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA

shell32

ord75
ShellExecuteExW
SHGetSpecialFolderPathW
ord165
ShellExecuteW

ole32

CLSIDFromString
CoCreateInstance
CLSIDFromProgID
CoCreateGuid
CreateStreamOnHGlobal
OleLockRunning

oleaut32

VariantInit
VariantClear
SysFreeString
SafeArrayPutElement
SysAllocString
SafeArrayCreate

shlwapi

SHSetValueA
StrCmpNIW
StrTrimA
StrStrIA
StrCmpIW
SHGetValueA
PathAppendW
PathCombineW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
StrStrIW
SHAutoComplete

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipDeletePath
GdipCreatePath
GdipAddPathArcI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipLoadImageFromFile
GdipDrawEllipseI
GdipAddPathArc
GdipGetImageEncoders
GdipFree
GdipDrawImageRectRectI
GdipDrawImagePointsI
GdipFillPath
GdipGraphicsClear
GdipSetInterpolationMode
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipCreateTexture
GdipClosePathFigure
GdipFillEllipseI
GdipDrawPath
GdipAddPathLineI
GdipAlloc
GdipGetImageEncodersSize
GdipDrawRectangleI
GdipDrawLineI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetPenDashStyle
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush

msimg32

GradientFill
AlphaBlend

comctl32

ord17
ImageList_DrawEx
InitCommonControlsEx
_TrackMouseEvent

crypt32

CertGetNameStringW

wininet

InternetGetConnectedState
DeleteUrlCacheEntryW

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Exports

Exports

CreateToolBox

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea9b991454506cdcf7fc9a3eed61b1e7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

gdiplus

msimg32

comctl32

crypt32

wininet

iphlpapi

urlmon

wintrust

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 482KB - Virtual size: 482KB

.data Size: 72KB - Virtual size: 96KB

.pdata Size: 70KB - Virtual size: 69KB

.rsrc Size: 137KB - Virtual size: 136KB

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 482KB - Virtual size: 482KB

.data
Size: 72KB - Virtual size: 96KB

.pdata
Size: 70KB - Virtual size: 69KB

.rsrc
Size: 137KB - Virtual size: 136KB

.reloc
Size: 27KB - Virtual size: 26KB