124d00a756d00d52c8ba8c11741b9d5394e7fff3686889196833db83ae0a69d9

Sharing

Copy URL

Twitter E-mail

General

Target

124d00a756d00d52c8ba8c11741b9d5394e7fff3686889196833db83ae0a69d9
Size

4.8MB
MD5

ac910b9a35cfa65956171276fce43bd8
SHA1

645912baeb6d58357cdd71dd7c8681600137c4a7
SHA256

124d00a756d00d52c8ba8c11741b9d5394e7fff3686889196833db83ae0a69d9
SHA512

d5531a822ceaa5879c2e71cc961e968fafe6338f174174f14e06767d49d023b943ff2921cc29ce1a326b4423651bda069632a9428368c5938bbda6282339c1f7
SSDEEP

98304:xdr/+yYWSBwG5KOq+aMH4NH3JFCESl4s0iOpJErOSgob:Tgq+eBJFCEdZD1ob

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
124d00a756d00d52c8ba8c11741b9d5394e7fff3686889196833db83ae0a69d9

Files

124d00a756d00d52c8ba8c11741b9d5394e7fff3686889196833db83ae0a69d9
.exe windows x86

60bdc84471c2399fa854dcee937f390e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

lstrcpyW
lstrlenW
GetProcessId
Module32FirstW
Module32NextW
lstrcmpA
WTSGetActiveConsoleSessionId
GetThreadLocale
SetThreadLocale
GetSystemInfo
GetWindowsDirectoryW
GetSystemDirectoryW
GetEnvironmentVariableW
GlobalLock
GlobalUnlock
DeviceIoControl
GetFileAttributesExW
lstrlenA
SetFileAttributesW
MoveFileExW
lstrcpynA
InitializeCriticalSection
FlushViewOfFile
UnmapViewOfFile
SetEndOfFile
CreateFileMappingW
MapViewOfFile
GetFileSizeEx
GetLongPathNameW
IsBadReadPtr
GetDriveTypeW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetVolumeInformationW
ResetEvent
SetEvent
PostQueuedCompletionStatus
GetExitCodeThread
TerminateThread
CreateEventW
CreateIoCompletionPort
InterlockedExchange
GetQueuedCompletionStatus
SetErrorMode
WriteConsoleW
FlushFileBuffers
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
ReadProcessMemory
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
WriteProcessMemory
DeleteFileW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetStdHandle
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
QueryPerformanceFrequency
InterlockedFlushSList
RtlUnwind
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
FormatMessageW
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
CreateRemoteThread
GetOEMCP
VirtualFreeEx
DecodePointer
LockResource
VirtualAllocEx
GetCurrentProcess
Thread32Next
Thread32First
GetSystemTime
GetNativeSystemInfo
HeapDestroy
HeapAlloc
LocalFileTimeToFileTime
SystemTimeToFileTime
GetVersionExW
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
GetFileSize
CreateFileA
OpenEventW
LocalAlloc
ReadFile
GetStartupInfoW
CreatePipe
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CopyFileW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
WritePrivateProfileStringW
Sleep
CreateThread
OutputDebugStringW
SetFilePointer
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileTime
GetTimeZoneInformation
SetFileTime
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
LoadLibraryW
GetTickCount
MulDiv
SizeofResource
GetCurrentProcessId
OpenProcess
GetModuleHandleA
VerifyVersionInfoW
VerSetConditionMask
FreeResource
GlobalFree
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
GetProcAddress
FreeLibrary
GetVersion
GetModuleHandleW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
EnumSystemLocalesW

user32

wsprintfW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
FindWindowW
FindWindowExW
WaitForInputIdle
UnregisterClassW
GetDlgItem
GetWindowLongW
SetWindowLongW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
UpdateWindow
UpdateLayeredWindow
CallWindowProcW
BringWindowToTop
AttachThreadInput
KillTimer
LoadCursorW
PostQuitMessage
SetTimer
MoveWindow
SetWindowPos
GetClientRect
GetWindowRect
MapWindowPoints
GetParent
GetWindow
LoadIconW
MonitorFromWindow
GetMonitorInfoW
MessageBoxW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
SetRectEmpty
EqualRect
SetCursor
ClientToScreen
GetCursorPos
PtInRect
ScreenToClient
GetDoubleClickTime
CopyRect
IntersectRect
PostMessageW
SystemParametersInfoW
BeginPaint
EndPaint
IsIconic
InvalidateRect
TrackMouseEvent
SetFocus
SetCapture
GetWindowThreadProcessId
MonitorFromPoint
ReleaseDC
GetDC
GetFocus
GetWindowTextLengthW
ReleaseCapture
SetWindowRgn
EnableWindow
GetForegroundWindow
GetWindowTextW
SetForegroundWindow
IsWindowVisible
IsZoomed
MonitorFromRect
OffsetRect
SetLayeredWindowAttributes
DrawTextW
ShowWindow
DestroyWindow
DefWindowProcW
SendMessageW
SetActiveWindow
FillRect
LoadImageW
IsRectEmpty
GetIconInfo
SetWindowTextW

gdi32

CreateRectRgnIndirect
SaveDC
GetDeviceCaps
GetStockObject
SetBkColor
GetBitmapBits
StretchBlt
SetStretchBltMode
SetPixel
GetObjectW
ExtSelectClipRgn
CreateSolidBrush
SetTextColor
SetBkMode
CreateRectRgn
CombineRgn
CreateRoundRectRgn
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
RestoreDC
CreatePen
Rectangle
CreateFontIndirectW
SetBitmapBits
GetTextColor
GetCurrentObject
CreateDIBSection
SetTextCharacterExtra

advapi32

RegQueryValueExW
AccessCheck
MapGenericMask
DuplicateToken
GetFileSecurityW
RegNotifyChangeKeyValue
RegConnectRegistryW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
LookupAccountNameW
GetUserNameW
GetUserNameA
LookupAccountNameA
GetSidIdentifierAuthority
IsValidSid
GetLengthSid
SetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
EnumServicesStatusExW
CreateProcessAsUserW
DuplicateTokenEx
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeleteService
ControlService
ChangeServiceConfigW
QueryServiceConfigW
QueryServiceStatus
RegEnumKeyW
CloseServiceHandle
CreateServiceW
StartServiceW
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteExW
SHGetMalloc
SHGetSpecialFolderPathW
SHChangeNotify
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
ShellExecuteW
SHGetFolderPathW
ord165
SHCreateDirectoryExW
CommandLineToArgvW

ole32

CoCreateGuid
OleRun
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx

oleaut32

VariantClear
VariantTimeToSystemTime
VariantCopy
VarDateFromStr
VariantInit
SysStringByteLen
SysAllocStringByteLen
SystemTimeToVariantTime
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
VarBstrCmp
SysAllocStringLen
SysAllocString
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysFreeString

shlwapi

PathIsDirectoryW
PathRemoveBackslashW
StrFormatByteSizeW
PathRelativePathToW
PathCommonPrefixW
PathIsPrefixW
PathCanonicalizeW
PathIsRootW
StrCpyNW
UrlGetPartW
StrToIntExW
SHDeleteValueW
SHGetValueW
SHSetValueW
PathSearchAndQualifyW
ord176
AssocQueryStringW
SHDeleteKeyW
PathFindFileNameW
PathRemoveExtensionW
PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW
PathAppendW
PathCombineW
StrCmpIW

comctl32

ord17
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipSetTextRenderingHint
GdipCreateSolidFill
GdipCloneBrush
GdipCreateFont
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapLockBits
GdipDeleteFont
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup
GdipDeleteBrush
GdipCreateHBITMAPFromBitmap

crypt32

CertGetNameStringW
CryptBinaryToStringA
CryptBinaryToStringW
CryptStringToBinaryA
CryptStringToBinaryW

wininet

InternetCloseHandle
HttpQueryInfoW
InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetSetFilePointer

dbghelp

ImageDirectoryEntryToData
ImageNtHeader

psapi

GetModuleFileNameExW
EnumProcessModules

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

netapi32

Netbios

iphlpapi

GetAdaptersInfo
GetIpAddrTable

secur32

GetUserNameExW

wintrust

WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
WTHelperProvDataFromStateData

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15.3MB - Virtual size: 15.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60bdc84471c2399fa854dcee937f390e

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

crypt32

wininet

dbghelp

psapi

wtsapi32

userenv

netapi32

iphlpapi

secur32

wintrust

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 222KB - Virtual size: 222KB

.data Size: 13KB - Virtual size: 33KB

.gfids Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 15.3MB - Virtual size: 15.3MB

.reloc Size: 62KB - Virtual size: 61KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 222KB - Virtual size: 222KB

.data
Size: 13KB - Virtual size: 33KB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 15.3MB - Virtual size: 15.3MB

.reloc
Size: 62KB - Virtual size: 61KB