4fd5bbce5b6bf8c660ae44d88c1b430ad40e0da3a6a656d4f3501ea200ea410e

Sharing

Copy URL

Twitter E-mail

General

Target

4fd5bbce5b6bf8c660ae44d88c1b430ad40e0da3a6a656d4f3501ea200ea410e
Size

5.1MB
MD5

8317b4e82510946e1916a38601e41b62
SHA1

018d134e03c0119ffbfaeac19eb6afbd9490f618
SHA256

4fd5bbce5b6bf8c660ae44d88c1b430ad40e0da3a6a656d4f3501ea200ea410e
SHA512

0a5942ba0cf82e65cd4469000149d5e33123cbbdbee6057575f666e5c31d006a2e13afd0c6cbd7f5227c166643724aad0f2908c2c8ca39a61a767c8095024b35
SSDEEP

98304:BqriwhBIJwF42EGaQEnKv0GdTRl8XVtZVnU0:mzBxMxKv0UTRqnJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fd5bbce5b6bf8c660ae44d88c1b430ad40e0da3a6a656d4f3501ea200ea410e

Files

4fd5bbce5b6bf8c660ae44d88c1b430ad40e0da3a6a656d4f3501ea200ea410e
.exe windows:5 windows x86

6086824da3c0b0a37d3d2eca9359d839

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

_TrackMouseEvent
InitCommonControlsEx

ws2_32

WSASetLastError
bind
__WSAFDIsSet
listen
getpeername
getsockname
getsockopt
ntohl
ntohs
recvfrom
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
sendto
WSACleanup
WSAEventSelect
getaddrinfo
socket
connect
closesocket
freeaddrinfo
accept
gethostname
gethostbyname
shutdown
select
recv
WSAGetLastError
send
setsockopt
ioctlsocket
htons
WSAStartup
inet_addr
inet_ntoa
WSACreateEvent

kernel32

GetDriveTypeW
GetModuleFileNameW
GetCommandLineW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetFileAttributesW
DeleteFileW
GetFileAttributesExA
DeleteFileA
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetExitCodeProcess
OpenProcess
TerminateProcess
GetLocaleInfoW
GetEnvironmentVariableW
GetSystemDirectoryW
GetSystemTime
SystemTimeToFileTime
GetModuleFileNameA
WideCharToMultiByte
GetTickCount
WriteFile
SetFilePointer
ReadFile
GetFileAttributesExW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetLocalTime
InterlockedExchangeAdd
MoveFileW
GetCurrentThreadId
FormatMessageW
GetSystemInfo
GlobalMemoryStatusEx
OutputDebugStringW
LoadLibraryExW
MoveFileExW
CopyFileW
VirtualAlloc
VirtualFree
ExpandEnvironmentStringsW
GetLongPathNameW
CreateDirectoryW
GetFileSize
lstrcmpW
LocalFileTimeToFileTime
SetFileTime
FileTimeToSystemTime
InitializeCriticalSection
SearchPathW
lstrcpynW
VirtualQuery
GetCurrentProcessId
WriteProcessMemory
SetUnhandledExceptionFilter
Thread32First
Thread32Next
OpenThread
SuspendThread
DuplicateHandle
Module32FirstW
Module32NextW
SetErrorMode
WaitForMultipleObjects
ReadProcessMemory
VirtualAllocEx
RaiseException
GetTempPathW
GetVersionExW
SetLastError
OutputDebugStringA
GetACP
DecodePointer
FreeResource
PeekNamedPipe
LocalFree
GlobalFree
LoadLibraryA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
OpenEventW
OpenFileMappingW
GetSystemDefaultLangID
SwitchToThread
SleepEx
GetLogicalDrives
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
K32GetModuleFileNameExA
CreateDirectoryA
CreateFileA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetEndOfFile
CreateMutexA
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
GetVersionExA
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
GetSystemTimeAsFileTime
QueryPerformanceCounter
FlushFileBuffers
GetModuleHandleA
GlobalMemoryStatus
FlushConsoleInputBuffer
FlushInstructionCache
SetThreadContext
GetThreadContext
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
SetEnvironmentVariableA
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
ExitProcess
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
ResetEvent
LCMapStringW
CompareStringW
GetCPInfo
QueryPerformanceFrequency
EncodePointer
IsProcessorFeaturePresent
QueueUserWorkItem
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
SetFilePointerEx
FindFirstFileExW
GetStringTypeW
CreateFileW
GetDiskFreeSpaceExW
FormatMessageA
DeviceIoControl
OpenMutexW
GetLastError
CloseHandle
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
CreateProcessW
InterlockedCompareExchange
InterlockedExchange
Sleep
SizeofResource
LockResource
LoadResource
GetCurrentProcess
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
UnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
WaitForSingleObject
CreateFileMappingW
WaitForSingleObjectEx
ReleaseMutex
CreateMutexW
SetEvent
CreateEventW
DeleteCriticalSection
FindResourceExW
FindResourceW

user32

PostQuitMessage
SetForegroundWindow
SetRect
UpdateWindow
SendMessageW
LoadImageW
GetWindowLongW
IsWindow
CallNextHookEx
GetClassInfoW
SetWindowsHookExW
ShowWindow
UnhookWindowsHookEx
DestroyWindow
ReleaseDC
GetDC
GetSystemMetrics
wsprintfW
SetWindowPos
GetParent
SetWindowLongW
LoadCursorW
RegisterClassExW
SetPropW
GetUserObjectInformationW
IntersectRect
SetCapture
ReleaseCapture
GetCapture
GetKeyState
CallWindowProcW
SendMessageTimeoutW
DispatchMessageW
TranslateMessage
GetMessageW
EnumDisplayDevicesW
FindWindowW
CreateWindowExA
RegisterClassExA
CreateWindowExW
DefWindowProcW
SetTimer
KillTimer
GetWindow
MapWindowPoints
FillRect
DrawTextW
FindWindowA
GetClientRect
CopyRect
EqualRect
RegisterWindowMessageW
UnionRect
InvalidateRect
IsRectEmpty
BeginPaint
UpdateLayeredWindow
FindWindowExW
IsWindowVisible
GetWindowRect
EndPaint
IsWindowUnicode
SetCursor
SetFocus
ClientToScreen
WindowFromPoint
ScreenToClient
GetCursorPos
GetClassNameW
GetClassInfoExW
DrawIconEx
GetMenuState
GetSystemMenu
GetWindowTextW
GetActiveWindow
SetWindowRgn
PostMessageW
SystemParametersInfoW
IsZoomed
GetPropW
RemovePropW
PtInRect
GetProcessWindowStation
MessageBoxA
OffsetRect

gdi32

SetTextColor
CreateSolidBrush
GetObjectA
CombineRgn
ExtCreateRegion
GetObjectW
Rectangle
CreateRectRgn
ExcludeClipRect
BitBlt
CreateCompatibleBitmap
CreatePen
GetTextExtentPoint32W
SetBkMode
GetStockObject
DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateFontIndirectW
SetPixelFormat
ChoosePixelFormat
GetDeviceCaps

advapi32

CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptGenRandom
RegOpenKeyExA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegCloseKey
DeleteService
ControlService
OpenServiceW
OpenSCManagerW
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupPrivilegeNameW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW

shell32

SHFileOperationW
ShellExecuteExW
SHCreateDirectoryExW
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathA
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateGuid

oleaut32

SysAllocString
SysStringLen
VariantInit
VariantClear
SysFreeString

shlwapi

SHGetValueW
PathIsDirectoryW
PathRemoveFileSpecA
SHDeleteKeyW
StrStrIW
PathFileExistsW
PathRemoveFileSpecW
StrStrIA
PathFindFileNameW
wnsprintfW
PathAppendW
SHSetValueW
SHDeleteValueW
PathAddBackslashW

d3d9

Direct3DCreate9

opengl32

wglMakeCurrent
glGetString
wglGetProcAddress
wglDeleteContext
wglCreateContext

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

HttpQueryInfoW
InternetCloseHandle
InternetReadFile
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW

psapi

GetModuleFileNameExW

winhttp

WinHttpWriteData
WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

gdiplus

GdipGraphicsClear
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipDeleteGraphics
GdipTranslateMatrix
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDisposeImage
GdipRotateMatrix
GdipSetWorldTransform
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipGetImageWidth
GdipCreateMatrix
GdipDeleteMatrix
GdipImageSelectActiveFrame
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipMeasureString
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneImage
GdipBitmapUnlockBits
GdipGetImageHeight

msimg32

AlphaBlend

netapi32

Netbios

wldap32

ord145
ord118
ord216
ord142
ord41
ord14
ord147
ord79
ord27
ord26
ord127
ord46
ord301
ord133
ord208
ord167

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 920KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 692KB - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6086824da3c0b0a37d3d2eca9359d839

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

d3d9

opengl32

version

wininet

psapi

winhttp

iphlpapi

gdiplus

msimg32

netapi32

wldap32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 656KB - Virtual size: 656KB

.data Size: 64KB - Virtual size: 92KB

Shared Size: 512B - Virtual size: 16B

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 21B

.QMGuid Size: 512B - Virtual size: 32B

.rsrc Size: 920KB - Virtual size: 920KB

.tvm0 Size: 46KB - Virtual size: 48KB

.reloc Size: 692KB - Virtual size: 696KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 656KB - Virtual size: 656KB

.data
Size: 64KB - Virtual size: 92KB

Shared
Size: 512B - Virtual size: 16B

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 21B

.QMGuid
Size: 512B - Virtual size: 32B

.rsrc
Size: 920KB - Virtual size: 920KB

.tvm0
Size: 46KB - Virtual size: 48KB

.reloc
Size: 692KB - Virtual size: 696KB