4c9a7319c30d572b6501bc1d75152ef8f3765420e1ed1d640cef80dc40d0cfff

Sharing

Copy URL Twitter E-mail

General

Target

4c9a7319c30d572b6501bc1d75152ef8f3765420e1ed1d640cef80dc40d0cfff
Size

3.4MB
MD5

bfb33737ab4a3c5e463ba24add2ce9f8
SHA1

f0a68ea1ab3b74fc011335ef3119ec03560d3c2f
SHA256

4c9a7319c30d572b6501bc1d75152ef8f3765420e1ed1d640cef80dc40d0cfff
SHA512

93b5e7a63d8c1b41c52e054ae5c171a4d89099a2b2846c3dae4f1e443bbc5082df3a29ab9c473dae13a36b6dd4674bcc58eab4615ecd23fb30bc8d0a14bdc4e6
SSDEEP

98304:tU3jLUaAT7ndYEtaK0OM+SXLDE1SHQAv8jgmVszh9JXD:gLGd0ySE1jVszh9d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c9a7319c30d572b6501bc1d75152ef8f3765420e1ed1d640cef80dc40d0cfff

Files

4c9a7319c30d572b6501bc1d75152ef8f3765420e1ed1d640cef80dc40d0cfff
.dll windows x86

479a5eb32c3e10e2df6d86b91e2f2cb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

codec

DecryptData

channel9

ReleaseChannel
CreateChannel

kernel32

GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetStdHandle
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
ExitProcess
GetFileType
FreeEnvironmentStringsW
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStringTypeW
LCMapStringW
SwitchToThread
GetCPInfo
OutputDebugStringW
GetEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleCtrlHandler
SetStdHandle
CreateDirectoryA
CreateDirectoryW
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSizeEx
ReadFile
SetFilePointer
CloseHandle
LoadResource
LockResource
GetModuleHandleW
SizeofResource
FindResourceW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WriteFile
Sleep
WaitForSingleObject
CreateThread
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
GetLocalTime
GetTickCount
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
SetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
MulDiv
FormatMessageW
CopyFileW
GetCurrentThreadId
SetThreadPriority
SuspendThread
ResumeThread
OutputDebugStringA
GetCurrentThread
GetVersionExW
FreeLibrary
GetModuleHandleA
WriteConsoleW
GetProcAddress
LoadLibraryExW
LoadLibraryW
GlobalDeleteAtom
lstrcmpA
lstrcmpW
CompareStringA
GetPrivateProfileStringW
GlobalAddAtomW
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
SetErrorMode
CompareStringW
GlobalGetAtomNameW
GetAtomNameW
FileTimeToSystemTime
SystemTimeToFileTime
GetThreadLocale
EncodePointer
GetSystemDirectoryW
LoadLibraryA
GlobalFindAtomW
GlobalFlags
GetCurrentDirectoryW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
DeleteFileW
FindClose
FindFirstFileW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetShortPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW
MoveFileW
GetStringTypeExW
VirtualProtect
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SetFileTime
SystemTimeToTzSpecificLocalTime
lstrcpyW
FindResourceExW
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetTempPathW
GetProfileIntW
SearchPathW
GetDiskFreeSpaceW
GetTempFileNameW
ReplaceFileW
GetUserDefaultLCID
LocalLock
LocalUnlock
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead

user32

GetDialogBaseUnits
LoadImageW
TrackMouseEvent
IntersectRect
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
InflateRect
GetMenuItemInfoW
DestroyMenu
CharUpperW
DestroyIcon
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SystemParametersInfoW
CopyImage
RealChildWindowFromPoint
GetDesktopWindow
ClientToScreen
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
IsRectEmpty
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DrawIconEx
GetIconInfo
SetCapture
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
SetClassLongW
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
GetMenuBarInfo
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
ReleaseCapture
UnhookWindowsHookEx
SendMessageW
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetParent
LoadBitmapW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
PostMessageW
PostQuitMessage
ShowOwnedPopups
SetCursor
EnableWindow
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetWindowThreadProcessId
GetLastActivePopup
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
GetMessageW
GetNextDlgGroupItem
WindowFromPoint
MessageBeep
DrawFocusRect
PeekMessageW
PostThreadMessageW
UnregisterClassW
GetMenuStringW
GetSubMenu
GetTabbedTextExtentW
GetDCEx
DestroyCursor
GetWindowRgn
WindowFromDC
CreateMenu
InSendMessage
MonitorFromRect
SendNotifyMessageW
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
EnumChildWindows
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
EndPaint
GetMenuState

gdi32

GetTextFaceW
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DeleteMetaFile
CreateMetaFileW
CloseMetaFile
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
StretchDIBits
GetCharWidthW
CreateFontW
GetCurrentObject
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetDIBits
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CombineRgn
GetTextExtentPoint32W
CreateFontIndirectW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolylineTo
PolyBezierTo
ExtTextOutW
TextOutW
MoveToEx
ExtCreatePen
SetArcDirection
SelectClipPath
PolyDraw
ArcTo
StartDocW
SetColorAdjustment
ModifyWorldTransform
SetWorldTransform
EnumMetaFile
PlayMetaFileRecord
SetTextJustification
SetTextAlign
SetTextCharacterExtra
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
SetMapperFlags
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
CreateCompatibleDC
BitBlt
DeleteObject
GetObjectW
SetTextColor
SetBkColor
DeleteDC
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetJobW

advapi32

RegQueryValueW
RegSetValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
SetFileSecurityW
GetFileSecurityW
RegEnumKeyExW
RegEnumValueW
RegCloseKey
RegEnumKeyW
RegSetValueExW
RegDeleteValueW

shell32

SHAddToRecentDocs
ExtractIconW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHGetMalloc
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteExW

shlwapi

PathCanonicalizeA
PathCanonicalizeW
PathFileExistsA
PathFileExistsW
PathIsRelativeA
PathIsRelativeW
PathIsRootA
PathIsRootW
PathRemoveBackslashA
PathRemoveFileSpecA
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
StrFormatKBSizeW
PathIsUNCW
PathStripToRootW
PathRemoveBackslashW

uxtheme

GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName

ole32

OleSetMenuDescriptor
PropVariantCopy
RevokeDragDrop
CLSIDFromProgID
CoRevokeClassObject
StgCreateDocfile
StgOpenStorage
StgOpenStorageOnILockBytes
StgIsStorageFile
CreateILockBytesOnHGlobal
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
StgCreateDocfileOnILockBytes
WriteClassStm
GetHGlobalFromILockBytes
CreateGenericComposite
CreateItemMoniker
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLockRunning
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CreateStreamOnHGlobal
OleLoad
OleSave
CoInitializeEx
CLSIDFromString
CoDisconnectObject
StringFromGUID2
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
OleRun
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoGetClassObject
CoRegisterClassObject
CoRegisterMessageFilter

oleaut32

SysReAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SysAllocString
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantClear
VariantCopy
VariantChangeType
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
VariantInit
SysAllocStringByteLen
RegisterTypeLi
SysStringByteLen
LoadRegTypeLi
SafeArrayAccessData
LoadTypeLi
SafeArrayUnlock
SysFreeString

oledlg

OleUIBusyW

sparce2raw

?Simg2Img@CSparce2Raw@@QAE?AW4S2R_RESULT@@PAX0@Z
??0CSparce2Raw@@QAE@XZ
??1CSparce2Raw@@QAE@XZ

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Exports

Exports

CreateBMObject
ReleaseBMObject

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

479a5eb32c3e10e2df6d86b91e2f2cb3

Headers

DLL Characteristics

File Characteristics

Imports

codec

channel9

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

sparce2raw

gdiplus

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 604KB - Virtual size: 604KB

.data Size: 40KB - Virtual size: 59KB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 207KB - Virtual size: 207KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 604KB - Virtual size: 604KB

.data
Size: 40KB - Virtual size: 59KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 207KB - Virtual size: 207KB