a31aad8fbf3ae77215ab3f65fc30558ba0c0bc39119b382e47ef51ad2824c75e

Sharing

Copy URL Twitter E-mail

General

Target

a31aad8fbf3ae77215ab3f65fc30558ba0c0bc39119b382e47ef51ad2824c75e
Size

3.8MB
MD5

eb98a33911060d1a83381f04fe49d3fc
SHA1

fecfdc3444d801e902c581e858081b2ed83266ce
SHA256

a31aad8fbf3ae77215ab3f65fc30558ba0c0bc39119b382e47ef51ad2824c75e
SHA512

c478f7e197f2af6c607106af23fcda0da42efc94a4c0a7a4c97ae75a90a7d791bfa8bccc3ec931de2e430adb1b1956e32c71aa9b7946ffce5439605e4be06934
SSDEEP

98304:OcLoLaFRl7uZKXMTQRvdNtr7udrR+zvlQRvdNtr7udrR+zvF:OGGQpNtr7u7O8Ntr7u7O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a31aad8fbf3ae77215ab3f65fc30558ba0c0bc39119b382e47ef51ad2824c75e

Files

a31aad8fbf3ae77215ab3f65fc30558ba0c0bc39119b382e47ef51ad2824c75e
.exe windows x86

df15cfa1b725a379997d139d597ce4a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
GetCurrentDirectoryW
GetModuleHandleA
FindClose
DuplicateHandle
DeleteVolumeMountPointW
SetVolumeMountPointW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetStdHandle
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FlushFileBuffers
GetCurrentDirectoryA
FileTimeToLocalFileTime
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
HeapCreate
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
GetCPInfo
GetStartupInfoA
SetHandleCount
HeapSize
HeapReAlloc
RaiseException
RtlUnwind
DeleteFileA
GetDriveTypeA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileAttributesA
GetDateFormatA
GetTimeFormatA
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetSystemDirectoryA
GetVolumeInformationA
FindResourceA
GetDriveTypeW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
CancelIo
DosDateTimeToFileTime
GetFileType
GetTickCount
GetACP
GetFullPathNameA
CompareStringA
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
GetVersionExA
SystemTimeToFileTime
FileTimeToSystemTime
lstrcmpA
CompareStringW
InterlockedIncrement
GetCurrentThreadId
MulDiv
lstrlenW
GetCurrentProcessId
FreeLibrary
InterlockedDecrement
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalReAlloc
GlobalLock
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
SetLastError
RemoveDirectoryW
SetFilePointerEx
GetTempPathW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemTime
CreateFileA
LoadLibraryW
GetStartupInfoW
lstrcmpW
OutputDebugStringW
lstrlenA
GlobalUnlock
GetPrivateProfileStringW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
ExitProcess
CreateTimerQueueTimer
DeleteTimerQueueTimer
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetModuleFileNameA
GetPrivateProfileIntW
CreateMutexW
GetExitCodeProcess
GetVolumeInformationW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
SetEndOfFile
CreateDirectoryW
OutputDebugStringA
GetLocalTime
GetFileAttributesW
CreateThread
DeleteFileW
LockResource
SizeofResource
CreateFileW
FreeResource
LoadResource
FindResourceW
LocalFree
FormatMessageW
WriteFile
MultiByteToWideChar
WideCharToMultiByte
SetFilePointer
GetModuleFileNameW
CreateProcessW
GetStdHandle
WaitForSingleObject
GetSystemDirectoryW
Sleep
GetLastError
DeviceIoControl
CloseHandle
ReadFile
GetFileSize
FreeEnvironmentStringsW

user32

SetFocus
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
ShowWindow
MessageBoxW
LoadStringW
MessageBoxExW
IsWindow
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetWindowLongW
SetWindowLongW
GetClientRect
SetWindowPos
CreateAcceleratorTableW
GetGUIThreadInfo
InvalidateRgn
CharPrevW
GetCaretBlinkTime
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CreateCaret
LoadImageW
CharNextW
GetUpdateRect
wvsprintfW
PostQuitMessage
IsIconic
DestroyMenu
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
BeginPaint
EndPaint
GetCapture
SetCursor
ReleaseCapture
SetRect
SetTimer
KillTimer
IsRectEmpty
UnionRect
SetForegroundWindow
ScreenToClient
GetWindowRect
SetWindowRgn
GetMonitorInfoW
MonitorFromWindow
IsZoomed
ExitWindowsEx
FindWindowW
SendMessageW
UnhookWindowsHookEx
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetParent
GetWindowThreadProcessId
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
LoadCursorW
GetWindowTextW
PostMessageW
CreateWindowExW
WinHelpW
LoadIconW
RegisterWindowMessageW
SetWindowTextW
MoveWindow
ClientToScreen
InvalidateRect
SetCapture
RegisterClassExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextLengthW

gdi32

SetMapMode
LineTo
MoveToEx
SelectClipRgn
PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetStretchBltMode
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
CreatePen
CreateSolidBrush
CreateCompatibleBitmap
CreateRectRgnIndirect
CombineRgn
GetTextMetricsW
SetBkMode
RestoreDC
CreateRoundRectRgn
DeleteObject
GetDeviceCaps
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectW
CreateFontIndirectW
CreateCompatibleDC
BitBlt
ExtTextOutW
GetTextExtentPoint32W
SetWindowExtEx
SaveDC
Rectangle
GetObjectA
StretchBlt
CreateDIBSection
CreatePenIndirect
RoundRect
GetCharABCWidthsW
GdiFlush

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

comdlg32

GetOpenFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyW
RegSetValueExW
RegQueryValueExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromString
CreateStreamOnHGlobal
CLSIDFromProgID
OleLockRunning

oleaut32

VariantChangeType
SysFreeString
VariantClear
VariantInit
SysAllocString

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipCloneImage
GdipCloneBrush
GdipGetFamily
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectI
GdipDrawImage
GdipDrawString
GdipGraphicsClear
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipImageGetFrameCount
GdipSetCompositingQuality
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipSetTextRenderingHint

iphlpapi

GetAdaptersInfo

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInfo
CM_Get_Device_IDW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Registry_PropertyW
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiGetClassDevsW

shlwapi

PathFileExistsW

oleacc

LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 753KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df15cfa1b725a379997d139d597ce4a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

iphlpapi

setupapi

shlwapi

oleacc

imm32

Sections

.text Size: 753KB - Virtual size: 752KB

.rdata Size: 179KB - Virtual size: 178KB

.data Size: 14KB - Virtual size: 31KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 64KB - Virtual size: 63KB

.text
Size: 753KB - Virtual size: 752KB

.rdata
Size: 179KB - Virtual size: 178KB

.data
Size: 14KB - Virtual size: 31KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 64KB - Virtual size: 63KB