4058c039683a69dc1082a39861a6652b0852cf61c5d1b6ae47f7988575b05d4f

Sharing

Copy URL

Twitter E-mail

General

Target

4058c039683a69dc1082a39861a6652b0852cf61c5d1b6ae47f7988575b05d4f
Size

9.1MB
MD5

50964a876d43591a3201b3fdcb0bf634
SHA1

9b5fe1b112b8db8deecd6478365c22b1f6a9f9c1
SHA256

4058c039683a69dc1082a39861a6652b0852cf61c5d1b6ae47f7988575b05d4f
SHA512

f4ff8dc6c61212d3321cf357abbe554b2ac001bfba2687b626c5004d9eff21b356eb943b578a356550bca1bdb8e7037afb3ecd3ce9fdbf0a1a80d96c95da7ee1
SSDEEP

196608:wSE5lssDV/mgWz4aiY/VPDnDpK9Ig3sZCm:wLOsDV/kz4tY/VPDD0Ig3sZCm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4058c039683a69dc1082a39861a6652b0852cf61c5d1b6ae47f7988575b05d4f

Files

4058c039683a69dc1082a39861a6652b0852cf61c5d1b6ae47f7988575b05d4f
.exe windows x64

124f3fffcafd419a21020e5eff9b2dd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

htons
getsockopt
getsockname
getpeername
connect
bind
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
ntohs
setsockopt
WSAIoctl
inet_pton
recv
send
socket
ntohl
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
WSAStartup
WSACleanup
accept
sendto
ioctlsocket
gethostname
gethostbyname
GetAddrInfoW
WSASocketW
shutdown
WSASend
FreeAddrInfoW
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
closesocket

crypt32

CertCloseStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertOpenStore
CertFindCertificateInStore
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore

kernel32

DeleteFiber
CreateFiberEx
ConvertFiberToThread
InitOnceComplete
InitOnceBeginInitialize
SetFileAttributesW
RtlUnwind
MoveFileExW
SwitchToFiber
VirtualFree
AcquireSRWLockShared
ReleaseSRWLockShared
ReadConsoleA
ConvertThreadToFiberEx
GetSystemTime
AllocConsole
LockFileEx
GetFileSizeEx
CreateFileA
UnlockFile
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
VerifyVersionInfoW
VerSetConditionMask
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
GetSystemTimeAsFileTime
WriteConsoleW
WaitForSingleObject
TerminateProcess
GetCurrentProcess
HeapFree
SetConsoleMode
CompareFileTime
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObjectEx
MoveFileExA
FormatMessageW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
SetLastError
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
QueryPerformanceCounter
CompareStringW
GetSystemPowerStatus
CreateThread
K32GetModuleFileNameExW
CreateDirectoryW
DeleteFileW
CreateEventW
SetEvent
WaitForMultipleObjects
Sleep
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
SetPriorityClass
CreateMutexW
SetCurrentDirectoryW
GetModuleFileNameW
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionEx
GetModuleFileNameA
FreeLibrary
CreateFileW
LocalAlloc
GetModuleHandleW
CreateProcessW
GetProcessHeap
WTSGetActiveConsoleSessionId
LocalFree
GetProcAddress
HeapAlloc
LoadLibraryW
CloseHandle
Process32FirstW
Process32NextW
GetLastError
CreateToolhelp32Snapshot
OpenProcess
ResumeThread
FormatMessageA
GetStringTypeW
SwitchToThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
EncodePointer
LCMapStringEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FlsAlloc
FlsSetValue
FlsFree
GetLocaleInfoEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
OutputDebugStringW
MulDiv
GetCurrentDirectoryW
GetFileSize
GlobalUnlock
GlobalLock
lstrlenW
GetACP
ExitProcess
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
GetFileAttributesW
LocalFileTimeToFileTime
SetFilePointer
IsValidCodePage
WriteFile
SystemTimeToFileTime
GlobalAlloc
GetLocalTime
lstrcpynW
lstrcmpiW
lstrcpyW
RemoveDirectoryW
SetEnvironmentVariableW
CreatePipe
GetEnvironmentVariableW
GetStartupInfoA
CreateProcessA
GetTempPathW
CreateDirectoryA
GetThreadUILanguage
SetThreadUILanguage
Module32FirstW
SetThreadPriority
GetSystemInfo
RtlUnwindEx
RtlPcToFileHeader
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileAttributesExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
FlushFileBuffers
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
HeapReAlloc
SetStdHandle
SetEndOfFile
GetFullPathNameW
SetConsoleCtrlHandler
FindFirstFileExW
SetFileTime

user32

IsWindowVisible
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
LoadImageW
MonitorFromWindow
GetMonitorInfoW
GetGestureInfo
CloseGestureInfoHandle
SetGestureConfig
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
ShowWindow
EnableWindow
SetPropW
GetPropW
GetWindowLongPtrW
SetWindowLongPtrW
LoadCursorW
SetCursor
InflateRect
SetWindowRgn
UpdateLayeredWindow
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
IsWindowEnabled
EqualRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
EnumWindows
EnumDisplaySettingsW
GetProcessWindowStation
GetUserObjectInformationW
CreateWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
ReleaseDC
GetDC
LoadStringW
ExitWindowsEx
PostQuitMessage
wsprintfW
PostMessageW
SetWindowPos
GetWindowRect
GetSystemMetrics
GetDpiForWindow
SendMessageW
LoadIconW
MessageBoxW
GetClassNameW
GetWindow
IsWindow
FindWindowW
EnumDisplayDevicesW
DestroyWindow
GetWindowThreadProcessId
GetShellWindow

gdi32

CreateRoundRectRgn
SetWindowOrgEx
TextOutW
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
GdiFlush
CreatePatternBrush
PtInRegion
GetBitmapBits
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
CreateDIBSection
CombineRgn
DeleteObject
CreatePen
CreateFontIndirectW
DeleteDC
GetDeviceCaps
AddFontResourceW
CreateDIBitmap
CreateCompatibleDC
CreateRectRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
BitBlt
SetTextColor
GetObjectA
GetTextExtentPointA
MoveToEx
CreateCompatibleBitmap
SetBitmapBits

advapi32

ControlService
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
LookupPrivilegeValueW
AdjustTokenPrivileges
CloseServiceHandle
OpenSCManagerW
SetTokenInformation
CreateProcessWithTokenW
OpenProcessToken
CreateProcessAsUserW
OpenServiceW
DuplicateTokenEx
GetTokenInformation
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyW
ImpersonateLoggedOnUser
RevertToSelf
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
DeregisterEventSource
CopySid
GetLengthSid
RegisterEventSourceW
ReportEventW
SetServiceObjectSecurity
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
CreateServiceW
DeleteService
StartServiceW
QueryServiceStatus
RegDeleteKeyExW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
DragQueryFileW
ord165
SHGetKnownFolderPath

ole32

CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
RegisterDragDrop
ReleaseStgMedium
DoDragDrop
OleDuplicateData
OleLockRunning
CreateStreamOnHGlobal
CLSIDFromString
CoInitialize
CLSIDFromProgID

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

PathIsRootA
PathRemoveBackslashA
PathRemoveFileSpecA
PathFileExistsW
SHCreateStreamOnFileEx
PathFileExistsA

api-ms-win-shcore-scaling-l1-1-1

SetProcessDpiAwareness

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

gdiplus

GdipRotateWorldTransform
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipGetPropertyItem
GdipDrawImageRectI
GdipGetPropertyItemSize
GdipTranslateWorldTransform
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

bcrypt

BCryptGenRandom

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

124f3fffcafd419a21020e5eff9b2dd2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wtsapi32

userenv

shlwapi

api-ms-win-shcore-scaling-l1-1-1

version

comctl32

gdiplus

imm32

bcrypt

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 67KB - Virtual size: 97KB

.pdata Size: 193KB - Virtual size: 193KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 10.2MB - Virtual size: 10.2MB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 67KB - Virtual size: 97KB

.pdata
Size: 193KB - Virtual size: 193KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 10.2MB - Virtual size: 10.2MB

.reloc
Size: 61KB - Virtual size: 60KB