28e8ebefe7378481b7d69922c6acd746be3c90c3a2808f96dee16b0d8819780c

Sharing

Copy URL Twitter E-mail

General

Target

28e8ebefe7378481b7d69922c6acd746be3c90c3a2808f96dee16b0d8819780c
Size

1.5MB
MD5

f7786cdd08a75b139649722c3580e769
SHA1

fd33826d71e63befd4cc0092577b902bdde0ceb3
SHA256

28e8ebefe7378481b7d69922c6acd746be3c90c3a2808f96dee16b0d8819780c
SHA512

76dfea1719eed7f8425b46951d0ef38c0d97d8691665b971afdb272edede9082aa769ed88917c05e5972aa2adb84a30ec105a676a6049942ade66537a13466ee
SSDEEP

24576:7M1JyglFwf6XkL/f7ku1tFKj//ABoew6gtVz9:UFwf6s79Y6gt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28e8ebefe7378481b7d69922c6acd746be3c90c3a2808f96dee16b0d8819780c

Files

28e8ebefe7378481b7d69922c6acd746be3c90c3a2808f96dee16b0d8819780c
.exe windows:4 windows x86

c4f9c2c3ab10205613ab4e9cf3c8d656

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

shlwapi

PathIsDirectoryW
StrStrIW
SHDeleteValueW

netapi32

NetFileEnum
NetSessionEnum
NetShareEnum
NetGetJoinInformation
NetApiBufferFree
NetUserGetInfo

ws2_32

recv
setsockopt
connect
closesocket
gethostbyaddr
send
inet_addr
gethostname
inet_ntoa
WSAGetLastError
shutdown
WSAStartup
htons
WSACleanup
socket
bind
listen
gethostbyname
accept

rpcrt4

UuidFromStringW

iphlpapi

GetAdaptersInfo
GetNetworkParams

psapi

GetProcessMemoryInfo
GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules
EnumProcesses

setupapi

CM_Enumerate_Classes
SetupDiClassNameFromGuidW
SetupDiGetClassDevsW
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiClassGuidsFromNameW
SetupDiOpenClassRegKeyExW
SetupDiSetClassInstallParamsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

pdh

PdhGetFormattedCounterValue
PdhCollectQueryData
PdhOpenQueryW
PdhEnumObjectItemsW
PdhAddCounterW
PdhCloseQuery

highgui100

cvDestroyAllWindows
cvSaveImage

cvcam100

cvcamSetProperty
cvcamInit
cvcamStart
cvcamStop
cvcamExit
cvcamGetCamerasCount

mfc42u

ord2810
ord860
ord3785
ord5706
ord5679
ord3991
ord3087
ord2634
ord4124
ord3871
ord922
ord823
ord6211
ord341
ord654
ord5854
ord665
ord1971
ord6381
ord5180
ord354
ord861
ord3332
ord3806
ord5438
ord3313
ord941
ord5604
ord6139
ord924
ord3579
ord543
ord803
ord2755
ord4197
ord2910
ord5647
ord3122
ord3611
ord3658
ord350
ord1567
ord5769
ord2756
ord6874
ord926
ord6006
ord6279
ord6278
ord5857
ord6868
ord668
ord1972
ord3173
ord4053
ord2773
ord2762
ord356
ord551
ord4273
ord6865
ord536
ord1131
ord2550
ord4282
ord1989
ord5461
ord798
ord3993
ord533
ord2078
ord5852
ord6655
ord6451
ord4155
ord1197
ord3566
ord3614
ord3568
ord3621
ord750
ord1985
ord5442
ord3317
ord3790
ord2175
ord458
ord5869
ord5785
ord2235
ord5781
ord2406
ord640
ord1634
ord1633
ord323
ord6168
ord6654
ord5641
ord6388
ord1155
ord2606
ord5783
ord283
ord5806
ord5477
ord2023
ord4405
ord4441
ord4329
ord4857
ord4969
ord5792
ord5474
ord1963
ord966
ord3565
ord278
ord605
ord4913
ord3983
ord6773
ord6640
ord6136
ord713
ord414
ord5855
ord6137
ord5805
ord2069
ord1099
ord5977
ord4294
ord2746
ord6867
ord802
ord542
ord2836
ord2769
ord2099
ord6565
ord5597
ord5446
ord5436
ord6379
ord6390
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord2613
ord1244
ord2859
ord3775
ord1560
ord273
ord268
ord524
ord2021
ord957
ord2793
ord603
ord5304
ord5807
ord5478
ord2024
ord5793
ord5475
ord1987
ord967
ord3712
ord523
ord791
ord1631
ord4773
ord1730
ord2732
ord1863
ord6567
ord1252
ord3457
ord5828
ord879
ord882
ord6898
ord1165
ord1143
ord693
ord3635
ord3365
ord4396
ord2574
ord942
ord940
ord927
ord2854
ord2371
ord4847
ord470
ord755
ord4704
ord6195
ord4229
ord2294
ord324
ord567
ord641
ord656
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4370
ord5261
ord3605
ord4418
ord3397
ord5286
ord2377
ord1768
ord6051
ord925
ord540
ord541
ord538
ord535
ord858
ord800
ord537
ord801
ord1105
ord825
ord5188
ord1569

msvcrt

_wtoi64
strncpy
_CxxThrowException
printf
_wcsnicmp
_ftol
_wfindfirst
_wfindnext
_findclose
strstr
_access
wcsncpy
free
atof
wcscat
fopen
fwrite
fclose
atoi
_iob
fprintf
_wsplitpath
sprintf
swprintf
wcsstr
wcscpy
time
srand
rand
exit
_wtoi
_waccess
wcscmp
wcslen
wcsncmp
__CxxFrameHandler
strncmp
memmove
realloc
strchr
localtime
tolower
_purecall
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
malloc
_stricmp
_wcslwr
_memicmp
_controlfp

kernel32

ReadFile
QueryPerformanceCounter
LockFileEx
LockFile
LoadLibraryA
HeapValidate
SetFilePointer
SystemTimeToFileTime
UnlockFile
UnlockFileEx
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExA
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
FormatMessageA
FlushFileBuffers
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileA
AreFileApisANSI
InterlockedCompareExchange
GetCommandLineW
GetStartupInfoW
SetEndOfFile
CopyFileW
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryW
WinExec
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindClose
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileW
GetTickCount
lstrlenW
CloseHandle
TerminateProcess
OpenProcess
GetDiskFreeSpaceExW
SetFileAttributesW
GetComputerNameW
InterlockedDecrement
GetWindowsDirectoryW
CreateDirectoryW
CreateThread
GetFileAttributesW
GetDriveTypeW
LocalFree
LocalAlloc
CreateEventW
GetVersionExW
GetVolumeInformationW
ProcessIdToSessionId
GetCurrentProcessId
GetModuleFileNameW
GetSystemDefaultLCID
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetSystemDirectoryW
GetCurrentProcess
GetVersion
SetCurrentDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
WaitForSingleObject
CreateProcessW
RemoveDirectoryW
SizeofResource
LoadResource
FindResourceW
GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
GetLastError
QueryDosDeviceW
GetLogicalDriveStringsW
GetLogicalDrives
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
DeviceIoControl
CreateFileW
GetModuleHandleW
MapViewOfFile
UnmapViewOfFile
FormatMessageW
WaitForMultipleObjects
ResetEvent
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MoveFileW
GlobalMemoryStatus
GetProcessHeap
OutputDebugStringW
OutputDebugStringA
WriteFile
DeleteFileW

user32

GetClientRect
keybd_event
mouse_event
SetCursorPos
InvalidateRect
MapVirtualKeyW
VkKeyScanW
FillRect
SetRect
IsIconic
GetParent
ReleaseDC
PostMessageW
GetWindowRect
GetSystemMetrics
FrameRect
GetDlgItem
ChangeClipboardChain
GetPriorityClipboardFormat
OffsetRect
LoadCursorW
DrawIcon
SetCursor
IsClipboardFormatAvailable
RegisterClipboardFormatW
SendMessageTimeoutW
EnumWindows
OpenDesktopA
EnumDesktopWindows
CloseDesktop
IsWindowVisible
ExitWindowsEx
DeregisterShellHookWindow
UnhookWindowsHookEx
GetKeyboardState
ToAscii
GetKeyState
EmptyClipboard
SetWindowPos
ShowWindow
OpenClipboard
GetClipboardData
CloseClipboard
KillTimer
UnregisterHotKey
SetClipboardViewer
MessageBoxW
FindWindowW
GetWindowLongW
GetClassNameW
GetCursorPos
SystemParametersInfoW
GetWindowThreadProcessId
GetForegroundWindow
GetWindowTextW
GetLastInputInfo
PeekMessageW
PtInRect
DispatchMessageW
MsgWaitForMultipleObjects
GetDC
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplaySettingsW
SetTimer
SendMessageW
LoadIconW
EnableWindow
IsWindow
GetWindowDC

gdi32

PatBlt
CreateDCW
CreateCompatibleDC
BitBlt
CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap

winspool.drv

FindFirstPrinterChangeNotification
EnumPrintersW
FreePrinterNotifyInfo
ClosePrinter
GetPrinterW
OpenPrinterW
FindClosePrinterChangeNotification
EnumJobsW
FindNextPrinterChangeNotification

advapi32

OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
GetTokenInformation
LookupAccountSidW
RegEnumKeyExW
RegQueryValueW
RegSetValueExW
RegOpenKeyW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegCreateKeyW

shell32

SHGetPathFromIDListW
ord2
SHGetSpecialFolderLocation
ord4
ShellExecuteW
DragQueryFileW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
OleRun
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SysFreeString
GetErrorInfo
VariantInit
VariantClear
SysAllocString

gdiplus

GdipCreateBitmapFromStreamICM
GdipCloneImage
GdipDrawImageI
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipCreateBitmapFromFile
GdipSetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipCloneBrush
GdipGetImageEncodersSize
GdipCreateFontFamilyFromName
GdipCreateFont
GdipCreateStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateSolidFill
GdipDrawString
GdipDeleteBrush
GdipDeleteStringFormat
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFromHDC
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipSetSmoothingMode
GdipAlloc
GdipSaveImageToFile
GdipSaveImageToStream

oleacc

GetStateTextW
WindowFromAccessibleObject
AccessibleObjectFromWindow
AccessibleObjectFromPoint

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 756KB - Virtual size: 753KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 15.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 568KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4f9c2c3ab10205613ab4e9cf3c8d656

Headers

File Characteristics

Imports

wtsapi32

shlwapi

netapi32

ws2_32

rpcrt4

iphlpapi

psapi

setupapi

version

pdh

highgui100

cvcam100

mfc42u

msvcrt

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

gdiplus

oleacc

msvcp60

Sections

.text Size: 756KB - Virtual size: 753KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 80KB - Virtual size: 15.2MB

.rsrc Size: 568KB - Virtual size: 564KB

.text
Size: 756KB - Virtual size: 753KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 80KB - Virtual size: 15.2MB

.rsrc
Size: 568KB - Virtual size: 564KB