f4a4d823df9f181439042e62c776f49a801907228264a44766f985ac4166e74e

Sharing

Copy URL

Twitter E-mail

General

Target

f4a4d823df9f181439042e62c776f49a801907228264a44766f985ac4166e74e
Size

3.4MB
MD5

e1e941b059b42eac91aa6d202f25cea4
SHA1

9491962bb2dc1dae6ffd30b444ee307db31869b0
SHA256

f4a4d823df9f181439042e62c776f49a801907228264a44766f985ac4166e74e
SHA512

3e2e28d1d6e50330dfddab02ae52f51d685e3b6c45e9200b9a1ff95f7dcf5188f18a8a64c10bf68969517a59e001895add9602b206e4ce6686c3a54fb2ee98ff
SSDEEP

49152:uUlKbsdQz7kD/PVTmTN9JgrgNTcFJD+UUL3qFgxhOO23TSUh1P65Cfcg/zd:plKYdc0nVacFJRFAhUhU5CfJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4a4d823df9f181439042e62c776f49a801907228264a44766f985ac4166e74e

Files

f4a4d823df9f181439042e62c776f49a801907228264a44766f985ac4166e74e
.exe windows x86

94dba2f4ff2c9056ff74589fb5461e44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
GetDiskFreeSpaceExW
DecodePointer
InterlockedIncrement
InterlockedDecrement
RaiseException
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
lstrcmpiW
LoadLibraryExW
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
GetTempFileNameW
WriteFile
WideCharToMultiByte
GetModuleHandleW
LoadLibraryW
Sleep
GetCurrentProcess
GetProcAddress
FreeLibrary
MoveFileExW
FindNextFileW
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
lstrlenW
FindClose
SetLastError
DeleteFileW
GetLocalTime
GetFileSizeEx
SystemTimeToFileTime
GetDriveTypeW
GetFullPathNameA
GetCurrentDirectoryW
SetCurrentDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GlobalMemoryStatus
ReadConsoleA
SetConsoleMode
GetEnvironmentVariableW
SwitchToThread
DeleteCriticalSection
MultiByteToWideChar
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetCurrentProcessId
GetFileAttributesExW
CreateFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
SetFilePointer
FindResourceExW
FindResourceW
GetModuleFileNameW
GetSystemTime
GetLogicalDriveStringsW
SizeofResource
LoadResource
GetProcessHeap
HeapSize
VerifyVersionInfoA
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LocalFree
LockResource
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerSetConditionMask
PeekNamedPipe
ExpandEnvironmentStringsA
QueryPerformanceFrequency
FormatMessageA
SleepEx
FormatMessageW
ReleaseMutex
SetEndOfFile
ReadConsoleW
WriteConsoleW
SetFilePointerEx
SetStdHandle
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
IsDebuggerPresent
OutputDebugStringW
GetVersionExW
OpenFileMappingW
ReadFile
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetFileSize
FlushFileBuffers
GetModuleFileNameA
InterlockedExchange
InterlockedCompareExchange
GetTickCount
GlobalAlloc
GlobalFree
DeviceIoControl
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
FreeResource
GetSystemWindowsDirectoryW
FindFirstFileA
FindNextFileA
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetCurrentThread
GetStringTypeW
GetFileType
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExA
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo

user32

DefWindowProcW
UnregisterClassA
DestroyWindow
GetWindowThreadProcessId
FindWindowExW
CharNextW
UnregisterClassW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW

advapi32

CryptDestroyHash
CryptSignHashW
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptContextAddRef
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
CryptSetHashParam
ReportEventW
RegEnumKeyExA
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
CryptEnumProvidersW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
DeregisterEventSource
RegisterEventSourceW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW

shell32

ord165
SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHFileOperationW
ShellExecuteW
SHCreateDirectoryExW

ole32

CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemRealloc

oleaut32

VariantInit
VariantClear
VarUI4FromStr
SysFreeString
SysAllocString

shlwapi

PathFindExtensionW
PathCombineW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathFindFileNameW
PathIsRootW
PathIsRelativeW
StrCmpIW
StrStrIW
StrTrimA
SHSetValueA
SHGetValueA
StrCmpNIW
StrToIntExW
PathRemoveFileSpecA
PathIsDirectoryW
PathFileExistsA
PathAppendA
StrStrIA
PathIsPrefixW
SHGetValueW
wnsprintfW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

recvfrom
sendto
ioctlsocket
gethostname
accept
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
send
recv
WSAStartup
WSACleanup
gethostbyname
getnameinfo
listen
socket
shutdown

setupapi

SetupIterateCabinetW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW
CertEnumCertificatesInStore

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

wldap32

ord217
ord79
ord211
ord60
ord30
ord22
ord35
ord33
ord32
ord27
ord41
ord301
ord200
ord46
ord26
ord143
ord50

rasapi32

RasGetConnectStatusW
RasEnumConnectionsW

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94dba2f4ff2c9056ff74589fb5461e44

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

ws2_32

setupapi

iphlpapi

wininet

urlmon

crypt32

wintrust

wldap32

rasapi32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 548KB - Virtual size: 548KB

.data Size: 48KB - Virtual size: 68KB

.rsrc Size: 354KB - Virtual size: 354KB

.reloc Size: 104KB - Virtual size: 103KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 548KB - Virtual size: 548KB

.data
Size: 48KB - Virtual size: 68KB

.rsrc
Size: 354KB - Virtual size: 354KB

.reloc
Size: 104KB - Virtual size: 103KB