4a547c9ce4be4e37821c96ae3d6bdd7e191d02cbab9c3930ce90a9c6f701378f

Sharing

Copy URL

Twitter E-mail

General

Target

4a547c9ce4be4e37821c96ae3d6bdd7e191d02cbab9c3930ce90a9c6f701378f
Size

11.2MB
MD5

00bf3ea3d72536a484589702348b2117
SHA1

21a0a054d779fb5e2bda024c4cc789b182f7d8e9
SHA256

4a547c9ce4be4e37821c96ae3d6bdd7e191d02cbab9c3930ce90a9c6f701378f
SHA512

7b559cfe58afc61cf95550cfd0600b7d066c4627991478af58d0ee379304bd9380b3f63951444a0cb27fc655d891da957288b59a908c26f53f123e5d7e75c9e5
SSDEEP

196608:4Lxnu4tc8zfYDPD1eIr664OPexNFkxNhHL3ViRV+UKi+FNdTO2vG/6wmEnQS:4VlaKfYzxeROPexNFkNpiRV+UKFN5O2e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a547c9ce4be4e37821c96ae3d6bdd7e191d02cbab9c3930ce90a9c6f701378f

Files

4a547c9ce4be4e37821c96ae3d6bdd7e191d02cbab9c3930ce90a9c6f701378f
.exe windows x86

15b5604b26cd24ef1258ae0ec19ce548

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
lstrcmpiW
GetTempPathW
Sleep
OutputDebugStringW
CreateMutexW
FreeResource
ExpandEnvironmentStringsW
DeleteFileW
RemoveDirectoryW
TerminateProcess
OpenProcess
GetPrivateProfileStringW
GetModuleFileNameW
FindNextFileW
FindClose
lstrlenW
FindFirstFileW
CloseHandle
GetDiskFreeSpaceExW
CreateToolhelp32Snapshot
Process32NextW
Module32FirstW
DeviceIoControl
Process32FirstW
GetProcAddress
SetLastError
GetLastError
MultiByteToWideChar
CreateFileW
GetVersionExW
WideCharToMultiByte
WriteFile
GetModuleHandleW
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalFree
FormatMessageW
SetFileAttributesW
SetFileTime
GetFileAttributesW
MoveFileExW
LocalFileTimeToFileTime
VirtualAlloc
VirtualFree
GetSystemInfo
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
GetFileSize
GetCurrentDirectoryW
LoadLibraryW
GetACP
MulDiv
ExitProcess
SetFilePointer
SystemTimeToFileTime
lstrcpynW
GetLocalTime
ExitThread
CreateThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
RtlUnwind
LCMapStringW
GetTimeFormatW
GetDateFormatW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
GetStdHandle
SetHandleCount
GetFileType
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
CreateDirectoryW
GetLogicalDriveStringsW
GetCurrentProcess
GetDriveTypeW
LockResource
SizeofResource
LoadResource
FindResourceW
FindResourceExW

user32

GetActiveWindow
IsIconic
GetParent
DispatchMessageW
TranslateMessage
GetMessageW
InflateRect
SetCursor
LoadCursorW
DefWindowProcW
EnableWindow
GetSystemMetrics
CallWindowProcW
GetPropW
SetPropW
RegisterClassW
RegisterClassExW
GetClassInfoExW
SetWindowRgn
MessageBoxW
GetWindowRgn
UpdateLayeredWindow
IsWindowEnabled
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
DestroyMenu
TrackPopupMenu
EnableMenuItem
AppendMenuW
CreatePopupMenu
GetCaretBlinkTime
UpdateWindow
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
SetWindowTextW
SetForegroundWindow
DrawTextA
wsprintfA
InvalidateRgn
GetGUIThreadInfo
CreateAcceleratorTableW
GetWindowTextW
GetWindowTextLengthW
EqualRect
PtInRect
CharNextW
SetRect
CharPrevW
FillRect
IntersectRect
OffsetRect
CharPrevExA
DrawTextW
GetKeyState
SetWindowPos
SendMessageW
MoveWindow
GetClientRect
FindWindowW
PostMessageW
PostQuitMessage
GetWindow
BeginPaint
EndPaint
GetUpdateRect
IsWindowVisible
MonitorFromWindow
GetMonitorInfoW
GetSysColor
MapWindowPoints
CreateWindowExW
GetFocus
SetFocus
ClientToScreen
ShowWindow
SetWindowLongW
GetWindowLongW
InvalidateRect
UnionRect
SetTimer
KillTimer
IsWindow
IsZoomed
DestroyWindow
GetCursorPos
LoadImageW
GetWindowRect
ScreenToClient
wsprintfW
GetDC
ReleaseDC
ReleaseCapture
SetCapture
IsRectEmpty

gdi32

GetTextMetricsW
CreateFontIndirectW
GetObjectW
GetStockObject
PlayEnhMetaFile
GetDeviceCaps
GetEnhMetaFileHeader
CreateDIBitmap
CreatePen
AddFontMemResourceEx
RemoveFontMemResourceEx
SetWindowOrgEx
TextOutW
CreateEnhMetaFileW
Rectangle
RestoreDC
SaveDC
GdiFlush
CreateRectRgn
CreatePenIndirect
MoveToEx
LineTo
CreateCompatibleBitmap
CreateSolidBrush
SetStretchBltMode
SelectClipRgn
CreateDIBSection
SelectObject
StretchBlt
GetObjectA
SetBkMode
SetTextColor
SetBkColor
CreatePatternBrush
GetTextExtentPointA
SetBitmapBits
GetBitmapBits
DeleteObject
GetCharABCWidthsW
PtInRegion
GetTextExtentPoint32W
BitBlt
DeleteDC
CreateRoundRectRgn
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
CloseEnhMetaFile
CreateCompatibleDC

advapi32

RegCreateKeyW
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
ChangeServiceConfig2W
QueryServiceStatus
ChangeServiceConfigW
ControlService
AdjustTokenPrivileges

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
DragQueryFileW
SHFileOperationW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
OleLockRunning
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CreateStreamOnHGlobal
CoCreateGuid

oleaut32

SysFreeString
VariantInit
SysAllocStringLen
VariantCopy
VariantClear
SysAllocString

shlwapi

SHCreateStreamOnFileEx
PathFileExistsW
PathAddBackslashW
PathCombineW
PathFindFileNameW

wininet

InternetOpenW
InternetConnectW
HttpSendRequestW
HttpOpenRequestW

ws2_32

gethostbyname
gethostname
WSAStartup

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

gdiplus

GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCreatePath
GdipDeletePath
GdipDeleteGraphics
GdipDeleteFont
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCreateSolidFill
GdipSetPenMode
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipAddPathLine
ord1
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipTranslateWorldTransform
GdipRotateWorldTransform

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 847KB - Virtual size: 846KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83.8MB - Virtual size: 83.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15b5604b26cd24ef1258ae0ec19ce548

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

ws2_32

comctl32

gdiplus

imm32

Sections

.text Size: 847KB - Virtual size: 846KB

.rdata Size: 170KB - Virtual size: 169KB

.data Size: 16KB - Virtual size: 53KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 83.8MB - Virtual size: 83.8MB

.reloc Size: 272KB - Virtual size: 272KB

.text
Size: 847KB - Virtual size: 846KB

.rdata
Size: 170KB - Virtual size: 169KB

.data
Size: 16KB - Virtual size: 53KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 83.8MB - Virtual size: 83.8MB

.reloc
Size: 272KB - Virtual size: 272KB