30339e41f22dc43125ae74f9a1837453c320c54fea8e8be2bd19be7a99024daf

Sharing

Copy URL

Twitter E-mail

General

Target

30339e41f22dc43125ae74f9a1837453c320c54fea8e8be2bd19be7a99024daf
Size

11.5MB
MD5

6f3bfd31a00d98c8b60c1bea586de3df
SHA1

1b3016b9e72e6846162c31cf14554dafc74f3198
SHA256

30339e41f22dc43125ae74f9a1837453c320c54fea8e8be2bd19be7a99024daf
SHA512

6a2dfca07d27253b04b0bee98993f2d308d035322c591e96f054646e3c513f5955a97a0c18fc6159ffcad70295ac7fc2185ad2e400657a2447474fec22a8bde5
SSDEEP

196608:/0QrMZENUGuswGcRWf080f9mcrJaJsv6tWKFdu9Cjf33vYT:/nLNUPsCDsJsv6tWKFdu9CT33vYT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30339e41f22dc43125ae74f9a1837453c320c54fea8e8be2bd19be7a99024daf

Files

30339e41f22dc43125ae74f9a1837453c320c54fea8e8be2bd19be7a99024daf
.exe windows x86

449b9a89874802270c118dbbe182a348

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
GetLongPathNameW
RemoveDirectoryW
GetTempPathW
DeviceIoControl
CopyFileW
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileExW
FindNextFileW
FreeLibrary
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ExitProcess
DisconnectNamedPipe
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
SetHandleInformation
lstrcmpW
GetVolumeInformationW
GetDriveTypeW
EncodePointer
DecodePointer
RaiseException
WriteFile
GetCurrencyFormatW
HeapFree
HeapAlloc
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
AreFileApisANSI
ExitThread
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
SetFileAttributesW
GetConsoleMode
ReadConsoleW
GetConsoleCP
HeapSize
SetLastError
GetProcessHeap
GetStdHandle
DeleteCriticalSection
GetModuleFileNameA
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetEnvironmentVariableA
WriteConsoleW
LCMapStringW
EnumSystemLocalesW
GetStringTypeW
CancelIo
PeekNamedPipe
ReadFileEx
VirtualFree
VirtualAlloc
CreateMutexW
ReleaseMutex
InitializeCriticalSection
SetFilePointerEx
SetEndOfFile
GetLogicalDrives
ReadFile
GetFileType
FlushFileBuffers
CreateFileW
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameW
GetStartupInfoW
RtlUnwind
GetUserDefaultUILanguage
GetTimeFormatW
GetDateFormatW
ResetEvent
LoadLibraryW
GetSystemDirectoryW
WaitForSingleObjectEx
GetConsoleWindow
OutputDebugStringW
WaitForMultipleObjects
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DuplicateHandle
GetLocalTime
GetSystemTime
GetCommandLineW
GetUserDefaultLCID
CompareStringW
GetCurrentProcessId
GlobalSize
FindNextChangeNotification
LoadLibraryA
GetLocaleInfoW
GlobalUnlock
GlobalLock
GlobalAlloc
OpenProcess
CheckRemoteDebuggerPresent
GetUserDefaultLangID
CreateProcessW
ExpandEnvironmentStringsW
IsValidLocale
IsValidLanguageGroup
LocalFree
FormatMessageW
GetModuleHandleW
GetCurrentThreadId
GetLastError
SleepEx
WriteFileEx
FindCloseChangeNotification
FindFirstChangeNotificationW
GetVolumeInformationA
CreateProcessA
GetModuleHandleA
lstrlenA
CloseHandle
ResumeThread
SuspendThread
SetThreadContext
GetThreadContext
WriteProcessMemory
VirtualProtectEx
FlushInstructionCache
GetProcAddress
SetUnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetCurrentProcess

user32

DrawIconEx
MessageBoxW
FindWindowA
CharNextExA
CallNextHookEx
GetDoubleClickTime
MessageBeep
GetCaretBlinkTime
GetDesktopWindow
SystemParametersInfoW
SendMessageW
PostMessageW
AttachThreadInput
DefWindowProcW
CreateWindowExW
IsChild
DestroyWindow
ShowWindow
UnhookWindowsHookEx
MoveWindow
SetWindowPos
TrackMouseEvent
GetClipboardFormatNameW
RegisterClassW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
NotifyWinEvent
SetMenuItemInfoW
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
SetCaretPos
HideCaret
DestroyCaret
CreateCaret
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
GetCapture
SetWindowsHookExW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
TranslateMessage
RealGetWindowClassW
EnumWindows
GetWindowTextW
FlashWindowEx
GetMessageExtraInfo
SetCapture
ReleaseCapture
GetSystemMetrics
GetSystemMenu
EnableMenuItem
GetClientRect
GetForegroundWindow
SetForegroundWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
RegisterWindowMessageW
GetKeyboardLayout
GetAsyncKeyState
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
LoadIconW
GetSysColor
EnumDisplayMonitors
GetMonitorInfoW
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
DestroyIcon
DestroyCursor
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect

netapi32

Netbios

shell32

SHGetMalloc
Shell_NotifyIconW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoTaskMemAlloc
StringFromGUID2
CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoCreateGuid
CoInitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoUninitialize

advapi32

RegCloseKey
RegQueryValueExW
OpenProcessToken
CopySid
FreeSid
GetLengthSid
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegOpenKeyExW

ws2_32

WSASendTo
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAHtonl
WSAConnect
WSAAccept
setsockopt
select
listen
htons
getsockname
WSASocketW
closesocket
bind
__WSAFDIsSet
WSAGetLastError
gethostbyname
gethostbyaddr
ntohl
inet_addr
getsockopt
htonl
WSAAsyncSelect
WSACleanup
WSAStartup
gethostname
getpeername
WSAIoctl

gdi32

BitBlt
CreateRectRgn
DeleteObject
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
SelectObject
EnumFontFamiliesExW
CreateFontIndirectW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetObjectW
GetTextFaceW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
CreateDIBSection
GdiFlush
GetBitmapBits
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
CreateBitmap
GetDIBits
GetRegionData
SelectClipRgn
CombineRgn

oleaut32

SysStringLen
VariantInit
VariantChangeType
SystemTimeToVariantTime
SysFreeString
SysAllocStringLen
SysAllocString

imm32

ImmGetDefaultIMEWnd
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetContext

winmm

PlaySoundW

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

449b9a89874802270c118dbbe182a348

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

netapi32

shell32

ole32

advapi32

ws2_32

gdi32

oleaut32

imm32

winmm

iphlpapi

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 3.9MB - Virtual size: 3.9MB

.data Size: 55KB - Virtual size: 100KB

.qtmetad Size: 512B - Virtual size: 272B

_RDATA Size: 512B - Virtual size: 292B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 222KB - Virtual size: 222KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 55KB - Virtual size: 100KB

.qtmetad
Size: 512B - Virtual size: 272B

_RDATA
Size: 512B - Virtual size: 292B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 222KB - Virtual size: 222KB