d2f802a44f244dd34fc835d2d1d054a76bbc213ab5afecad66356218c8124ea5

Sharing

Copy URL Twitter E-mail

General

Target

d2f802a44f244dd34fc835d2d1d054a76bbc213ab5afecad66356218c8124ea5
Size

1.7MB
MD5

41f93862eccd823e86856a78c88307b7
SHA1

9e6b685757541e150f64fa37076f0fabb3d22fbf
SHA256

d2f802a44f244dd34fc835d2d1d054a76bbc213ab5afecad66356218c8124ea5
SHA512

ca4f7553c3d7e0926c1f6075cf3e8ccb738f5389e5fcca32e68c69d6830cc5d893d68bd5dd716680d5a7c5431cc6ad9777193914218f899dd43ad84ef7b74f4a
SSDEEP

49152:OgrJmJKTzl7athGTqlUnj9P1IVLeQ1j/o:OYJm4TZmhEnj9P1gLzS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2f802a44f244dd34fc835d2d1d054a76bbc213ab5afecad66356218c8124ea5

Files

d2f802a44f244dd34fc835d2d1d054a76bbc213ab5afecad66356218c8124ea5
.exe windows x86

859034ec5286d9f4198a18c1862fc3e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

kernel32

ExpandEnvironmentStringsW
lstrlenW
DeviceIoControl
GetFullPathNameW
GetModuleHandleA
MapViewOfFile
UnmapViewOfFile
GetLogicalDriveStringsW
GetCurrentDirectoryW
GetFileAttributesExW
GetVolumeInformationW
GetNativeSystemInfo
RegisterWaitForSingleObject
UnregisterWaitEx
CreateMutexW
OutputDebugStringA
ReleaseMutex
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToSystemTime
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
DuplicateHandle
GetFileInformationByHandle
GetUserDefaultLangID
IsDebuggerPresent
SetThreadPriority
GetThreadPriority
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetModuleHandleExW
WaitForMultipleObjects
GlobalMemoryStatusEx
GetSystemInfo
GetComputerNameA
TerminateThread
GetModuleFileNameA
CreateFileMappingA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTempPathA
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
GetTempPathW
FlushInstructionCache
SetPriorityClass
SwitchToThread
lstrlenA
FormatMessageW
SleepEx
GetExitCodeThread
lstrcatW
lstrcpyW
CreateFileA
InterlockedCompareExchange
SetEnvironmentVariableA
GetDriveTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateSemaphoreW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetStringTypeW
GetTimeZoneInformation
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
ExitThread
GetConsoleMode
GetConsoleCP
GetFileType
SetStdHandle
VirtualQuery
VirtualProtect
AreFileApisANSI
ExitProcess
RtlUnwind
EncodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CreateEventW
MoveFileW
ResetEvent
SetEvent
InitializeCriticalSection
CreateThread
MoveFileExW
SetFileAttributesW
QueryDosDeviceW
GetDiskFreeSpaceExW
lstrcmpW
SetFilePointer
Sleep
GetCurrentThread
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
LocalAlloc
CreateMutexA
GetEnvironmentVariableW
LoadLibraryExW
ResumeThread
SetErrorMode
GetCurrentThreadId
GetShortPathNameW
GetPrivateProfileStringW
GetLocalTime
CreateProcessW
WaitForSingleObject
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ProcessIdToSessionId
SetLastError
OpenProcess
LocalFree
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileIntW
GetWindowsDirectoryW
GetTickCount
GetSystemDirectoryW
MultiByteToWideChar
ReadFile
GetFileSize
WriteFile
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
FindClose
LoadLibraryW
WideCharToMultiByte
CreateFileW
PeekNamedPipe
LoadLibraryA
FreeLibrary
WTSGetActiveConsoleSessionId
CloseHandle
FindResourceExW
FindResourceW
GetModuleHandleW
SizeofResource
LoadResource
GetCurrentProcess
GetProcAddress
LockResource
GetVersionExW
GetCommandLineW
GetModuleFileNameW
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
SetThreadAffinityMask
UnregisterWait
InterlockedFlushSList
QueryDepthSList
GetThreadTimes
FreeLibraryAndExitThread
ReleaseSemaphore
FileTimeToLocalFileTime
DeleteFileA

user32

SendMessageW
MessageBoxW
GetWindowThreadProcessId
DefWindowProcW
CallWindowProcW
DestroyWindow
EnumDisplayDevicesA
GetDlgItem
GetSystemMetrics
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
SetWindowLongW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
ShowWindow
MoveWindow
IsWindowVisible
SetFocus
DrawTextW
GetClientRect
FillRect
InflateRect
LoadCursorW
GetDC
InvalidateRect
GetWindowRect
EnumWindows
GetClassNameW
IsWindow
CreateDialogParamW
ScreenToClient
KillTimer
PostQuitMessage
SetTimer
SetWindowPos
MapWindowPoints
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindow
LoadImageW
GetWindowDC
ReleaseDC
IsIconic
GetWindowPlacement
OffsetRect
wsprintfW
CharNextW
SetCursor
EnableWindow
BringWindowToTop
SetWindowTextW
UnregisterClassW
UpdateLayeredWindow
GetCursorPos

gdi32

SetBkMode
SelectObject
DeleteDC
CreateCompatibleDC
SetViewportOrgEx
BitBlt
SetTextColor
DeleteObject
CreateSolidBrush
CreateFontIndirectW
CreateDIBSection
GetStockObject
CreateCompatibleBitmap
GetObjectA

advapi32

RegEnumKeyExW
SetThreadToken
ImpersonateSelf
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetAce
AddAce
GetAclInformation
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
IsValidSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
OpenThreadToken
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
DuplicateTokenEx
LookupPrivilegeValueW
CopySid
GetLengthSid
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegOpenCurrentUser
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA

shell32

CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW
SHChangeNotify

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoCreateGuid
PropVariantClear
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
SafeArrayLock
SafeArrayUnlock
VariantInit
VariantCopy
VarUI4FromStr

shlwapi

StrStrW
PathFindFileNameW
SHDeleteValueW
AssocCreate
StrCmpNW
PathRemoveFileSpecW
SHStrDupW
SHGetValueA
SHSetValueA
PathFindFileNameA
PathRemoveFileSpecA
ord12
PathIsDirectoryW
PathAddBackslashW
PathFileExistsA
PathAppendW
StrStrIW
SHSetValueW
SHGetValueW
PathRemoveBackslashW
StrToIntW
PathFileExistsW
StrCmpNIW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdiplusStartup
GdipGetImagePixelFormat
GdipDrawImage
GdipGetFamily
GdipSetSolidFillColor
GdipDrawImageI
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateFontFromLogfontA
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImagePointRectI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipMeasureString
GdipDeleteStringFormat
GdipCreateStringFormat
GdipRestoreGraphics
GdipTranslateWorldTransform
GdipSaveGraphics
GdipLoadImageFromStream
GdipSetImageAttributesColorMatrix
GdipCreateFontFromDC
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdiplusShutdown
GdipAlloc
GdipFree
GdipGraphicsClear
GdipSetClipRectI
GdipGetLogFontW
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage

ws2_32

WSACleanup
WSAStartup
inet_addr
getsockname
ntohl
closesocket
ioctlsocket
select
__WSAFDIsSet
WSASetLastError
gethostbyname
socket
setsockopt
ntohs
htons
getsockopt
connect
bind
send
recv
WSAGetLastError

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

GetAdaptersInfo

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

userenv

UnloadUserProfile

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 898KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 537KB - Virtual size: 537KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

859034ec5286d9f4198a18c1862fc3e0

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

ws2_32

version

iphlpapi

wtsapi32

urlmon

wininet

userenv

Exports

Exports

Sections

.text Size: 898KB - Virtual size: 897KB

.rdata Size: 208KB - Virtual size: 207KB

.data Size: 19KB - Virtual size: 46KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 537KB - Virtual size: 537KB

.reloc Size: 106KB - Virtual size: 108KB

.text
Size: 898KB - Virtual size: 897KB

.rdata
Size: 208KB - Virtual size: 207KB

.data
Size: 19KB - Virtual size: 46KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 537KB - Virtual size: 537KB

.reloc
Size: 106KB - Virtual size: 108KB