8448fb4ae4453f32d1f6280de3afd5b789bedfe86e65c9c6df92eb831b54b876

Sharing

Copy URL

Twitter E-mail

General

Target

8448fb4ae4453f32d1f6280de3afd5b789bedfe86e65c9c6df92eb831b54b876
Size

2.8MB
MD5

57d27b239ac09140ce8680eccc887f5c
SHA1

efb9e21faa9ce2c80a941ac4d91243f4be5de997
SHA256

8448fb4ae4453f32d1f6280de3afd5b789bedfe86e65c9c6df92eb831b54b876
SHA512

0faf5f20ef8cb36019ffae87823e571cde82d5dbbd678c6e408422880a7826fcc6177c62a02b7a620ce3594e45cf131dbaa317ea881edf4913a6f0b27bfb0ab0
SSDEEP

49152:O5pZzRSCStEWRzcUHOQgHHGlNW8g9ov3clJV8Vw6RwCg:upZauWR3PvNW8hVw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8448fb4ae4453f32d1f6280de3afd5b789bedfe86e65c9c6df92eb831b54b876

Files

8448fb4ae4453f32d1f6280de3afd5b789bedfe86e65c9c6df92eb831b54b876
.exe windows x86

ff5d6addcd863c2639982082968e1f43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
WaitForMultipleObjects
GetOverlappedResult
CreateNamedPipeW
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
PulseEvent
CreateEventW
ReleaseMutex
ResetEvent
SetEvent
GetStartupInfoW
CreateProcessW
CreateMutexW
GetCommandLineW
ExpandEnvironmentStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalLock
GlobalUnlock
GlobalSize
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetSystemDirectoryW
GetProcessId
GetCurrentThread
Sleep
OutputDebugStringW
WriteFile
SetFileAttributesW
SetEndOfFile
ReadFile
GetFileSize
GetFileAttributesW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
CreateFileW
WideCharToMultiByte
lstrlenW
lstrcpynW
FreeLibrary
GetCurrentProcess
MultiByteToWideChar
LoadLibraryW
IsBadReadPtr
GetProcAddress
GetModuleHandleW
VirtualProtect
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject
SetUnhandledExceptionFilter
CloseHandle
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
ExitThread
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
GetFileAttributesExW
RtlUnwind
WaitForMultipleObjectsEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
InitializeCriticalSection
GetProcessHeap
SignalObjectAndWait
GetSystemWindowsDirectoryW
InterlockedCompareExchange
CreateFileA
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
lstrcmpiA
lstrcmpA
DeviceIoControl
UnhandledExceptionFilter
WaitForSingleObjectEx
RaiseException
DecodePointer
GetLocalTime
ResumeThread
GetTempFileNameW
GlobalFree
GlobalAlloc
GetVersion
SystemTimeToFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTime
SetFileTime
LocalFileTimeToFileTime
GetFileTime
FileTimeToLocalFileTime
lstrcmpW
OpenProcess
FreeResource
ExitProcess
MulDiv
GetCurrentDirectoryW
SetCurrentDirectoryW
GetACP
FlushFileBuffers
GetTempPathW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
InterlockedDecrement
InterlockedIncrement
LocalFree
SetFilePointer
GetFileSizeEx
MapViewOfFile
GetVersionExW
LoadLibraryExW
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TlsFree
RtlCaptureStackBackTrace
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
SetLastError
TryEnterCriticalSection
FormatMessageW
GetStringTypeW
LoadLibraryExA
VirtualFree
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc

user32

SetFocus
IsWindow
SendMessageW
DefWindowProcW
CallWindowProcW
CreateWindowExW
DestroyWindow
GetFocus
DrawTextW
GetWindowDC
BeginPaint
EndPaint
InvalidateRect
SetCaretPos
GetCaretPos
FillRect
FrameRect
UnregisterClassA
IsWindowEnabled
FindWindowExW
SendMessageTimeoutW
MapVirtualKeyW
PostMessageW
GetKeyNameTextW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
SystemParametersInfoW
GetWindow
GetWindowThreadProcessId
FindWindowW
GetParent
GetWindowLongW
PtInRect
IntersectRect
CopyRect
MapWindowPoints
ShowCursor
GetWindowRect
UnregisterClassW
AttachThreadInput
ShowWindow
MoveWindow
GetClientRect
SetForegroundWindow
GetForegroundWindow
GetSystemMetrics
GetClipboardData
CloseClipboard
OpenClipboard
BringWindowToTop
SetWindowPos
EnableWindow
RemovePropW
ClientToScreen
IsWindowVisible
ScreenToClient
GetCursorPos
KillTimer
SetTimer
PostQuitMessage
SetWindowLongW
OffsetRect
wsprintfW
wvsprintfW
SetCursor
InflateRect
UnionRect
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
IsChild
UpdateLayeredWindow
IsZoomed
InvalidateRgn
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
GetUpdateRect
CreateCaret
GetCaretBlinkTime
IsRectEmpty
GetClassNameW
RegisterClassW
RegisterClassExW
GetClassInfoExW
GetMenu
SetPropW
GetPropW
AdjustWindowRectEx
LoadImageW
IsIconic
SetWindowRgn
MessageBoxW
MonitorFromPoint
CopyImage
CharPrevW
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
HideCaret
ShowCaret
GetSysColor
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
CharNextW

gdi32

CreateRoundRectRgn
GetDeviceCaps
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
GetCharABCWidthsW
GetStockObject
SelectClipRgn
ExtSelectClipRgn
StretchBlt
SetStretchBltMode
SetWindowOrgEx
SetDIBColorTable
TextOutW
GdiFlush
CreateDCW
GetDIBits
SetDIBitsToDevice
Rectangle
SelectObject
SetBkColor
SetBkMode
SetTextColor
ExtTextOutW
GetObjectW
GetTextMetricsW
SaveDC
RestoreDC
CreateFontIndirectW
DeleteObject
CreateCompatibleBitmap
BitBlt
CreatePen
CreateSolidBrush
CreateDIBSection
DeleteDC
CreateCompatibleDC
GetClipBox

advapi32

CryptCreateHash
CryptHashData
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
CryptGetHashParam
CryptContextAddRef
CryptDecrypt
CryptDestroyHash
RegCreateKeyW
CryptEncrypt
RegSetValueExW
RegDeleteValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegGetValueW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExA
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteW
SHGetFileInfoW
SHBindToParent
SHGetFolderLocation
ord155
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderPathW
ord165

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateGuid
StringFromGUID2
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
OleInitialize
OleUninitialize
CoSetProxyBlanket

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantClear
VariantInit
SafeArrayPutElement
SafeArrayCreate
SysAllocString
SysFreeString
GetErrorInfo

shlwapi

SHSetValueA
SHGetValueA
StrCmpNIW
StrTrimA
StrToIntExW
PathCompactPathW
SHAutoComplete
PathIsRootW
StrStrIA
StrStrIW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathCombineW
wnsprintfW
StrRetToBufW
PathAddBackslashW
PathFindExtensionW
PathFindFileNameW
PathIsDirectoryW
PathRemoveExtensionW
PathAppendA
StrCmpIW
PathIsRelativeW

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

ws2_32

ntohl
htonl
ntohs
htons

imm32

ImmAssociateContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptStringToBinaryW
CryptStringToBinaryA
CertGetNameStringW
CryptBinaryToStringW
CryptBinaryToStringA

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

gdiplus

GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillEllipseI
GdipClosePathFigure
GdipCreateTexture
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipGraphicsClear
GdipFillPath
GdipDrawImagePointsI
GdipDrawImageRectRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipAddPathArc
GdipDrawEllipseI
GdipLoadImageFromFileICM
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipLoadImageFromFile

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent
ImageList_DrawEx

msimg32

AlphaBlend
GradientFill

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff5d6addcd863c2639982082968e1f43

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

ws2_32

imm32

version

crypt32

wintrust

wininet

iphlpapi

gdiplus

comctl32

msimg32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 430KB - Virtual size: 429KB

.data Size: 30KB - Virtual size: 62KB

.msvcjmc Size: 3KB - Virtual size: 3KB

.rsrc Size: 229KB - Virtual size: 228KB

.reloc Size: 112KB - Virtual size: 112KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 430KB - Virtual size: 429KB

.data
Size: 30KB - Virtual size: 62KB

.msvcjmc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 229KB - Virtual size: 228KB

.reloc
Size: 112KB - Virtual size: 112KB