3b7971d8a93fe7cf953b122dbc57e36bb97e1ab3e7081ba87987240298d2e635

Sharing

Copy URL Twitter E-mail

General

Target

3b7971d8a93fe7cf953b122dbc57e36bb97e1ab3e7081ba87987240298d2e635
Size

14.0MB
MD5

0a7008cca89c8be18eb35eb8781d2294
SHA1

45d9261c0eb1088b564e0fa91d577a1aebb28d22
SHA256

3b7971d8a93fe7cf953b122dbc57e36bb97e1ab3e7081ba87987240298d2e635
SHA512

20a5e79dde3d32a5c5b1dd618d93ca9434e46fa421f6b96bf47df6a06bd12b2a333e650a5cfe12134f915d44fe9feedf8ad5603be13f8fb41428949d7918b3c5
SSDEEP

393216:pX5ldzmaoFmx5nGQKNFXMicOnvev6PFz:pXdzs+GBLTnvjF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b7971d8a93fe7cf953b122dbc57e36bb97e1ab3e7081ba87987240298d2e635

Files

3b7971d8a93fe7cf953b122dbc57e36bb97e1ab3e7081ba87987240298d2e635
.exe windows x86

181621ec41876ca5ab83c91f6ee95617

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreatePipe
CreateProcessA
PeekNamedPipe
ReadFile
GetExitCodeProcess
CreateWaitableTimerA
SetWaitableTimer
lstrcpyA
ReadProcessMemory
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
ExitProcess
HeapReAlloc
IsBadReadPtr
GetUserDefaultLCID
GlobalFree
WriteProfileStringA
GlobalLock
GlobalAlloc
SetLocalTime
GetModuleFileNameA
GetCurrentDirectoryA
GetTickCount
WriteFile
GetFileSize
SetFilePointer
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetProfileStringA
GetProfileSectionA
WriteProfileSectionA
GetPrivateProfileStructA
WritePrivateProfileStructA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetCurrentProcessId
LocalSize
IsWow64Process
GetSystemInfo
GetProfileIntA
lstrcpynA
GetLocalTime
lstrcpyn
GetProcAddress
GetModuleHandleA
LocalFree
RtlFillMemory
LocalAlloc
CloseHandle
DeviceIoControl
CreateFileA
lstrlenA
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
HeapAlloc
HeapFree
GetProcessHeap
RtlMoveMemory
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GlobalUnlock
GetVersionExA
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery

shlwapi

PathFileExistsA

user32

GetWindowThreadProcessId
GetClassNameA
SetWindowTextA
ShowScrollBar
TranslateMessage
GetMessageA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
wsprintfA
MessageBoxA
IsWindow
FindWindowExA
UnregisterHotKey
GetClassInfoExA
PeekMessageA
DispatchMessageA
GetSystemMetrics
EndDialog
CreateWindowExA
SendMessageA
GetAncestor
SetForegroundWindow
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
MoveWindow
ShowWindowAsync
RegisterHotKey
SetWindowLongA
PostMessageA
CallWindowProcA
ShowWindow
GetKeyState
GetFocus
RegisterWindowMessageA
FindWindowA
MsgWaitForMultipleObjects
GetInputState
CreateIconFromResource
SetPropA
GetPropA
GetClientRect
CharUpperBuffW

gdi32

GetPixel
StretchBlt
BitBlt
DeleteDC
DeleteObject
Rectangle
SelectObject
SetBkColor
SetTextColor

advapi32

CryptHashData
CryptDeriveKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegCloseKey
CryptAcquireContextA
CryptImportKey
CryptReleaseContext
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptGetKeyParam
CryptEncrypt
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA

shell32

ShellExecuteA
SHGetFileInfo
Shell_NotifyIconA

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
OleRun
CoCreateInstance
CLSIDFromProgID
StringFromGUID2
CoUninitialize
CoInitialize
CLSIDFromString

wininet

HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetTimeToSystemTime

oleaut32

VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
OleLoadPicture
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpCheckPlatform
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpOpen

dbghelp

MakeSureDirectoryPathExists

gdiplus

GdipGetImageGraphicsContext
GdipDrawRectangleI
GdipDrawRectangle
GdipSetWorldTransform
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipGetSmoothingMode
GdipCreateBitmapFromStreamICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipGetImageRawFormat
GdipSaveImageToStream
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipCreateSolidFill
GdipCreateBitmapFromStream
GdipDeleteBrush
GdipSetSmoothingMode
GdipGetImageEncodersSize

msimg32

AlphaBlend
TransparentBlt

msvcrt

memmove
realloc
strrchr
__CxxFrameHandler
srand
floor
_CIfmod
malloc
free
strchr
modf
??2@YAPAXI@Z
strncmp
??3@YAXPAX@Z
strncpy
sprintf
_ftol
atoi
rand
_stricmp

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.LPw
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.n\#
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.o]o
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

181621ec41876ca5ab83c91f6ee95617

Headers

File Characteristics

Imports

kernel32

shlwapi

user32

gdi32

advapi32

shell32

ole32

wininet

oleaut32

winhttp

dbghelp

gdiplus

msimg32

msvcrt

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 168KB - Virtual size: 168KB

.LPw Size: 5.2MB - Virtual size: 5.2MB

.n\# Size: 4KB - Virtual size: 4KB

.o]o Size: 7.4MB - Virtual size: 7.4MB

.rsrc Size: 24KB - Virtual size: 24KB

.l1 Size: 14KB - Virtual size: 14KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 168KB - Virtual size: 168KB

.LPw
Size: 5.2MB - Virtual size: 5.2MB

.n\#
Size: 4KB - Virtual size: 4KB

.o]o
Size: 7.4MB - Virtual size: 7.4MB

.rsrc
Size: 24KB - Virtual size: 24KB

.l1
Size: 14KB - Virtual size: 14KB