ef3ebd9bdc91c73ecd5d019308c7b00c848d2e3029d79d0d476eca02179fb93e

Sharing

Copy URL Twitter E-mail

General

Target

ef3ebd9bdc91c73ecd5d019308c7b00c848d2e3029d79d0d476eca02179fb93e
Size

1.1MB
MD5

799e9f8b65df7a0b4c528a401dfe7552
SHA1

f0dc23169a0aead19c28bde60bc8aa72a47341a7
SHA256

ef3ebd9bdc91c73ecd5d019308c7b00c848d2e3029d79d0d476eca02179fb93e
SHA512

a00e4f039ad8feae54d415fe7746bc6aee16d85950ae33483f3fbfba04895c93dead4d5e83828c69aee9bbb2697278bd87dba32fd3adc502b47f9fe3ff5fe1b6
SSDEEP

24576:ex15H+Ugj7we1Ie7CSUsxUEtF9ZQLk2CTGIQdAOWP:eJ+UgjXIe7ntn5ZQLndA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef3ebd9bdc91c73ecd5d019308c7b00c848d2e3029d79d0d476eca02179fb93e

Files

ef3ebd9bdc91c73ecd5d019308c7b00c848d2e3029d79d0d476eca02179fb93e
.exe windows:6 windows x86

423fb301fa515ca8c6c9fc32ca6f8619

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
DecodePointer
GetLastError
MultiByteToWideChar
InitializeCriticalSectionEx
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
WideCharToMultiByte
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetFileType
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleExW
GetFullPathNameW
GetDriveTypeW
LoadLibraryExW
SetLastError
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCPInfo
GetStringTypeW
LCMapStringEx
EncodePointer
GetEnvironmentVariableW
GetFileSize
SetFilePointer
GlobalSize
MulDiv
GetCurrentProcessId
GetModuleHandleA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
GetCurrentDirectoryW
CreateFileW
FindClose
lstrlenW
WriteFile
GetModuleFileNameW
GetFileAttributesW
LoadLibraryW
GetProcAddress
FreeLibrary
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
GetCurrentThreadId
Sleep
TerminateThread
RaiseException
SizeofResource
GetCurrentProcess
GetStdHandle
LoadResource
FindResourceW
VirtualQuery
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetModuleHandleW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
LocalFileTimeToFileTime
QueryPerformanceFrequency
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
ReadFile

user32

MessageBoxA
GetParent
MapWindowPoints
GetDesktopWindow
FindWindowW
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
PostQuitMessage
GetAsyncKeyState
GetSysColor
ClientToScreen
CharNextW
SetCursor
UnionRect
SetForegroundWindow
IsWindowVisible
UnregisterClassW
SetWindowRgn
OffsetRect
MonitorFromPoint
IsZoomed
PtInRect
UpdateLayeredWindow
IntersectRect
IsRectEmpty
GetClientRect
GetUpdateRect
MoveWindow
EndPaint
BeginPaint
ReleaseCapture
SetCapture
GetFocus
GetCursorPos
GetKeyState
ScreenToClient
InvalidateRect
SetWindowTextW
GetDC
GetPropW
SetPropW
CallWindowProcW
SendMessageW
GetSystemMetrics
SetWindowPos
IsIconic
MonitorFromWindow
MessageBoxW
GetMonitorInfoW
GetWindowRect
ShowWindow
SetFocus
EnableWindow
GetWindow
GetWindowLongW
IsWindow
SetWindowLongW
GetClassInfoExW
RegisterClassW
LoadCursorW
ReleaseDC
DefWindowProcW
PostMessageW
DestroyWindow
CreateWindowExW
WaitMessage
RegisterClassExW
DispatchMessageW
SetTimer
PeekMessageW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetQueueStatus
TranslateMessage
KillTimer

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey

winmm

timeKillEvent
timeSetEvent
timeGetTime

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipGetImagePalette
GdipCreateMatrix
GdipDeleteMatrix
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipScaleMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipCreatePen1
GdipDeletePen
GdipDrawArc
GdipCreateLineBrushFromRect
GdipDeleteBrush
GdipCloneBrush
GdipSetLineBlend
GdipCreatePen2
GdipTranslateMatrix
GdipRotateMatrix
GdipSetWorldTransform
GdipDrawImageRect
GdipImageRotateFlip
GdipLoadImageFromFile
GdipClonePen
GdipSetPenWidth
GdipGetPenWidth
GdipSetPenColor
GdipSetPenStartCap
GdipSetPenEndCap
GdipSetPenDashCap197819
GdipGetPenStartCap
GdipGetPenEndCap
GdipGetPenDashCap197819
GdipSetPenLineJoin
GdipGetPenLineJoin
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipCreateSolidFill
GdipCreateBitmapFromHBITMAP
GdipCreateTexture
GdipCreatePath
GdipClonePath
GdipGetImageHeight
GdipSetPathFillMode
GdipGetPathFillMode
GdipStartPathFigure
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathLine2I
GdipAddPathBezierI
GdipAddPathCurveI
GdipAddPathRectangleI
GdipAddPathEllipseI
GdipAddPathArcI
GdipAddPathPieI
GdipAddPathPolygonI
GdipGetPathWorldBoundsI
GdipIsVisiblePathPointI
GdipIsOutlineVisiblePathPointI
GdipTransformPath
GdipDeletePath
GdipFillRectangle
GdipDrawLineI
GdipDrawBezierI
GdipDrawRectangleI
GdipDrawPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdiplusShutdown
GdiplusStartup
GdipResetPath
GdipImageSelectActiveFrame
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawString
GdipDrawEllipseI
GdipFillEllipseI
GdipFillPath
GdipMeasureString

shlwapi

PathFileExistsW
PathIsRelativeW

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

msimg32

AlphaBlend

gdi32

CreateRoundRectRgn
CreateRectRgnIndirect
SelectObject
DeleteObject
CreateFontIndirectW
GetStockObject
GetObjectA
GetObjectW
SetStretchBltMode
ExtSelectClipRgn
SetWindowOrgEx
GetWindowOrgEx
RestoreDC
SaveDC
GetDeviceCaps
CreateDIBSection
StretchBlt
CreateCompatibleDC
DeleteDC
BitBlt

shell32

ShellExecuteW

ole32

CreateStreamOnHGlobal
CoCreateInstance

Sections

.text
Size: 521KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

423fb301fa515ca8c6c9fc32ca6f8619

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winmm

comctl32

gdiplus

shlwapi

imm32

msimg32

gdi32

shell32

ole32

Sections

.text Size: 521KB - Virtual size: 520KB

.rdata Size: 107KB - Virtual size: 106KB

.data Size: 14KB - Virtual size: 18KB

.rsrc Size: 492KB - Virtual size: 491KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 521KB - Virtual size: 520KB

.rdata
Size: 107KB - Virtual size: 106KB

.data
Size: 14KB - Virtual size: 18KB

.rsrc
Size: 492KB - Virtual size: 491KB

.reloc
Size: 28KB - Virtual size: 27KB