03fe9c759246ced7862047fdae54f23f7bebb4c6740bd457beb10191145bb637

Sharing

Copy URL

Twitter E-mail

General

Target

03fe9c759246ced7862047fdae54f23f7bebb4c6740bd457beb10191145bb637
Size

6.1MB
MD5

4e9c419bc85ada4817cab493082f673b
SHA1

e689e5912fa9c2e7c00d386a071cf4ead83f0366
SHA256

03fe9c759246ced7862047fdae54f23f7bebb4c6740bd457beb10191145bb637
SHA512

86f092f3309d7a3b92b5b2636c5ad51e3e12993f08676f35f261859382d13226506f6049753f4cdf9062a4e0fa89b34bad9984bf4fda39f9633a77983047884e
SSDEEP

196608:MECo4vhOmuK/Ib7YJAoiIotr8POlShXx/6:IvhO6X6o3oHluhy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03fe9c759246ced7862047fdae54f23f7bebb4c6740bd457beb10191145bb637

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

03fe9c759246ced7862047fdae54f23f7bebb4c6740bd457beb10191145bb637
.exe windows x86

8c44e4131c8985df29de5a7e49eac789

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFileExistsA
UrlUnescapeA
StrStrA
PathFindFileNameA

crypt32

CertCreateCertificateContext
CertFreeCertificateContext
CertNameToStrA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

InternetGetConnectedState
DeleteUrlCacheEntry
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpQueryInfoA
InternetQueryDataAvailable
InternetCrackUrlA
InternetCanonicalizeUrlA

kernel32

GetCPInfo
GetOEMCP
WritePrivateProfileStringA
SetErrorMode
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
VirtualQuery
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapReAlloc
ExitProcess
SetStdHandle
GetFileType
HeapSize
HeapCreate
VirtualFree
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetStdHandle
SetHandleCount
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GlobalFlags
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetVersion
lstrcpyW
DisconnectNamedPipe
CreateEventW
GetOverlappedResult
ClearCommError
PurgeComm
OutputDebugStringW
GetCommState
SetCommState
SetupComm
SetCommTimeouts
EscapeCommFunction
SetConsoleTextAttribute
GetSystemDirectoryW
CreateFileW
OutputDebugStringA
lstrcatW
GetPrivateProfileStringW
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetTickCount
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetThreadLocale
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
FreeResource
GetModuleFileNameW
LocalAlloc
GetCurrentProcessId
SetLastError
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetDiskFreeSpaceA
CreateThread
TerminateThread
GetExitCodeThread
GetExitCodeProcess
CreateProcessA
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
InitializeCriticalSection
GetPrivateProfileStringA
DeleteCriticalSection
LoadLibraryExA
RaiseException
lstrlenW
IsDBCSLeadByte
ReleaseMutex
WaitForSingleObject
CreateMutexA
LoadLibraryW
Sleep
DeviceIoControl
GetTempPathA
GetVersionExA
CreateToolhelp32Snapshot
GetModuleHandleA
GetModuleFileNameA
GetSystemInfo
Process32Next
TerminateProcess
OpenProcess
WriteFile
GetWindowsDirectoryA
GetProcessHeap
Process32First
HeapFree
GetCurrentProcess
HeapAlloc
CreateFileA
CopyFileA
DeleteFileA
lstrlenA
GetSystemDirectoryA
CloseHandle
OpenMutexA
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FormatMessageA
GlobalMemoryStatus

user32

PostThreadMessageA
DestroyMenu
UnregisterClassA
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
MessageBeep
GetNextDlgGroupItem
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatA
CharUpperA
GetProcessWindowStation
GetUserObjectInformationW
wsprintfW
GetSystemMetrics
PostQuitMessage
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
SetRect
IsRectEmpty
CopyAcceleratorTableA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
DispatchMessageA
wsprintfA
MessageBoxA
EnableWindow
CharNextA
RegisterWindowMessageA
PostMessageA
CharNextW
GetKeyState
GetAsyncKeyState
LoadIconA
SendMessageA
GetClientRect
IsIconic
DrawIcon
SetWindowPos
GetDesktopWindow
RegisterDeviceNotificationA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
GetWindowThreadProcessId
UnhookWindowsHookEx
EndDialog
GetNextDlgTabItem
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetWindow
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect

gdi32

DeleteObject
GetMapMode
DeleteDC
ExtSelectClipRgn
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetDeviceCaps
GetClipBox
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
SaveDC
RestoreDC
SetMapMode

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
CloseServiceHandle
ControlService
OpenServiceA
OpenSCManagerA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidA
GetTokenInformation
OpenProcessToken
CryptGetKeyParam
CryptGetUserKey
CryptReleaseContext
CryptGetProvParam
CryptAcquireContextA
RegQueryValueExA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
OleInitialize
CoCreateInstance
StringFromGUID2
CoUninitialize
CoInitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
IIDFromString

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantCopy
VarUI4FromStr
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi
VariantChangeType
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy

urlmon

URLDownloadToFileA

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces

ws2_32

htons
WSACleanup
recv
WSAStartup
closesocket
inet_addr
socket
connect
send

hid

HidD_SetNumInputBuffers
HidD_GetFeature
HidD_SetFeature
HidD_GetHidGuid
HidD_GetAttributes
HidD_FlushQueue

winscard

SCardTransmit
SCardDisconnect
SCardEstablishContext
SCardConnectW
SCardListReadersW
SCardStatusW
g_rgSCardT0Pci
SCardReleaseContext
SCardReconnect
g_rgSCardT1Pci

Sections

.text
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35.8MB - Virtual size: 35.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c44e4131c8985df29de5a7e49eac789

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

crypt32

version

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

urlmon

setupapi

ws2_32

hid

winscard

Sections

.text Size: 531KB - Virtual size: 530KB

.rdata Size: 119KB - Virtual size: 119KB

.data Size: 108KB - Virtual size: 150KB

.rsrc Size: 35.8MB - Virtual size: 35.8MB

.reloc Size: 154KB - Virtual size: 153KB

.text
Size: 531KB - Virtual size: 530KB

.rdata
Size: 119KB - Virtual size: 119KB

.data
Size: 108KB - Virtual size: 150KB

.rsrc
Size: 35.8MB - Virtual size: 35.8MB

.reloc
Size: 154KB - Virtual size: 153KB