ad994e4371c891f20fe131d40871447af2f7757cf4baa780c58c38955907bdbd

Sharing

Copy URL

Twitter E-mail

General

Target

ad994e4371c891f20fe131d40871447af2f7757cf4baa780c58c38955907bdbd
Size

3.0MB
MD5

270a3a8b1adaa53523847a10b97ced58
SHA1

c61d0741e9a90cc58d0c65c68f8c61a2ff50a8d1
SHA256

ad994e4371c891f20fe131d40871447af2f7757cf4baa780c58c38955907bdbd
SHA512

ed4875720e9d1a0fa5dcd905439b93142e0d678c4084f1a6d68f6e219e50a3fb461492ff942d449307e6a2eb69aac78e10609a2b8c48058789696340ade55414
SSDEEP

49152:ssk4VFTecDauJJRSggggMiy5tq/Lr5IyxEPmrxZ+2dQgKP/hm5XNxzmH:ssH+uJJRKygLm3PmtLDghIXNxzmH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad994e4371c891f20fe131d40871447af2f7757cf4baa780c58c38955907bdbd

Files

ad994e4371c891f20fe131d40871447af2f7757cf4baa780c58c38955907bdbd
.exe windows x86

bfbe3513593fe2fd3c22069c33c89b9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
SetErrorMode
ResetEvent
VirtualAlloc
VirtualFree
VirtualProtect
SetLastError
LoadLibraryA
IsBadReadPtr
SetCurrentDirectoryA
CreateMutexW
SetFileTime
SetFilePointer
WriteFile
VerifyVersionInfoW
MulDiv
OpenProcess
VerSetConditionMask
ExitProcess
MultiByteToWideChar
GetACP
WideCharToMultiByte
CreateFileW
GetCurrentDirectoryW
GetModuleHandleW
lstrlenW
ConvertThreadToFiber
ConvertFiberToThread
GlobalMemoryStatus
CreateFiber
DeleteFiber
SwitchToFiber
SetConsoleMode
ReadConsoleA
ReleaseMutex
GetCommandLineW
GetSystemDirectoryA
DeviceIoControl
GetSystemDirectoryW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetTickCount
FindFirstFileExW
GetFullPathNameW
SetConsoleCtrlHandler
WriteConsoleW
SetEndOfFile
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetFileAttributesExW
GetModuleHandleExW
ExitThread
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
RtlUnwind
GetNativeSystemInfo
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
PeekNamedPipe
GetStdHandle
GetEnvironmentVariableA
CompareFileTime
SleepEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
TlsFree
GetSystemTime
MoveFileExW
FindNextFileW
FindFirstFileW
SetFileAttributesW
CreateFileA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetEnvironmentVariableW
FindClose
GetVersionExW
CreateProcessW
GetLogicalDriveStringsW
TerminateProcess
GetCurrentProcess
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
MoveFileW
VirtualQuery
lstrcpyW
InterlockedDecrement
InterlockedIncrement
lstrcpynW
lstrcmpiW
GetLocalTime
GetModuleHandleA
GlobalAlloc
FormatMessageW
LocalFree
GetFileAttributesW
ReadFile
GetFileSize
GlobalUnlock
GlobalLock
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
GetModuleFileNameW
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
GetModuleFileNameA
DeleteFileW
WaitForSingleObject
GetLongPathNameW
GetTempPathW
FreeLibrary
GetProcAddress
LoadLibraryW
CopyFileW
Sleep
SetEvent
GetLastError
OpenEventW
CloseHandle
CreateEventW
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
GetStringTypeW
OutputDebugStringW
IsDebuggerPresent
WaitForMultipleObjects
GetFileType
CreateDirectoryW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetCurrentThreadId
GetCurrentProcessId
IsValidCodePage

user32

GetClassInfoExW
GetUserObjectInformationW
GetProcessWindowStation
CreateWindowExW
SetWindowPos
SetFocus
GetSystemMetrics
SetPropW
GetPropW
GetClientRect
GetWindowRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadCursorW
LoadImageW
RegisterClassW
CallWindowProcW
SendMessageW
DispatchMessageW
MonitorFromWindow
GetMonitorInfoW
TranslateMessage
IsIconic
IsZoomed
CharNextW
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
ScreenToClient
GetMessageW
wsprintfW
PostMessageW
EnableWindow
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
SetCursor
InflateRect
SetWindowRgn
MessageBoxW
MonitorFromPoint
UpdateLayeredWindow
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
IsWindowVisible
IsWindow
ShowWindow
PostQuitMessage
DefWindowProcW
FindWindowW
RegisterClassExW
DestroyWindow
AppendMenuW
GetCursor
PeekMessageW
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
SetForegroundWindow
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
IsWindowEnabled
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
DrawIconEx
DestroyIcon
PrivateExtractIconsW
UpdateWindow
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu

gdi32

SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
MoveToEx
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectA
TextOutW
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
GetTextMetricsW

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
RegCreateKeyExW
GetUserNameW
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
RegCloseKey
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegOpenKeyExW
RegSetValueExW
CryptCreateHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptGenRandom

shell32

CommandLineToArgvW
SHGetFileInfoW
SHGetFolderPathW
ShellExecuteExW
DragQueryFileW

ole32

CoCreateInstance
DoDragDrop
CoInitialize
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CLSIDFromProgID
OleLockRunning

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

shlwapi

PathCombineW
SHDeleteKeyW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW
PathIsDirectoryW

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipStringFormatGetGenericTypographic
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipImageGetFrameCount
GdipDeletePath
GdipAddPathLine
ord1
GdipCreateFontFromDC
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

ws2_32

WSAStartup
getnameinfo
gethostname
gethostbyname
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
shutdown

psapi

GetProcessImageFileNameW
EnumProcesses

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

urlmon

ObtainUserAgentString

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty

wldap32

ord46
ord167
ord142
ord79
ord133
ord127
ord27
ord26
ord117
ord147
ord219
ord301
ord41
ord14
ord216
ord208
ord145

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 570KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bfbe3513593fe2fd3c22069c33c89b9b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

imm32

ws2_32

psapi

dbghelp

version

urlmon

crypt32

wldap32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 570KB - Virtual size: 570KB

.data Size: 49KB - Virtual size: 75KB

.rsrc Size: 243KB - Virtual size: 244KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 570KB - Virtual size: 570KB

.data
Size: 49KB - Virtual size: 75KB

.rsrc
Size: 243KB - Virtual size: 244KB