b61d5817cd50f83dd87e43c8c32ccb38df35083161c84e13020f7e93eb86172f

Sharing

Copy URL Twitter E-mail

General

Target

b61d5817cd50f83dd87e43c8c32ccb38df35083161c84e13020f7e93eb86172f
Size

12.7MB
MD5

6b60b581432649cb59af3829ae26a4c7
SHA1

f27b9a9a4afc3157b7e30db5008d4128cca7ceea
SHA256

b61d5817cd50f83dd87e43c8c32ccb38df35083161c84e13020f7e93eb86172f
SHA512

f5b460964a6cf8d255d63ee34141ca09f18edfb9e7c8fcfbfd3c9b5967ea3a29172db3d8957de8f10e0b1c8e684ec89c92d515839b1630bea15e484c9aef45b8
SSDEEP

196608:2mouwg1/yVQLXrLKvZnvJsv6tWKFdu9CbPcCP:2Xqf2nvJsv6tWKFdu9Cbh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b61d5817cd50f83dd87e43c8c32ccb38df35083161c84e13020f7e93eb86172f

Files

b61d5817cd50f83dd87e43c8c32ccb38df35083161c84e13020f7e93eb86172f
.exe windows:6 windows x86

a1ba42ae0aadc6e2078c13418cf373b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

GetThemeInt
GetThemePartSize
GetThemeMargins
GetThemePropertyOrigin
OpenThemeData
GetThemeEnumValue
GetThemeColor
GetCurrentThemeName
IsAppThemed
IsThemeActive
GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow

oleaut32

SafeArrayPutElement
SysAllocString
SafeArrayCreateVector

imm32

ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd

gdi32

GetDIBits
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
RemoveFontMemResourceEx
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetShareEnum
NetApiBufferFree

ws2_32

WSAAsyncSelect

advapi32

MapGenericMask
RegSetValueExW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
RegCloseKey
GetTokenInformation
GetLengthSid
FreeSid
DuplicateToken
CopySid
AllocateAndInitializeSid
AccessCheck
OpenProcessToken
SystemFunction036
RegQueryValueExW
RegOpenKeyExW

kernel32

InitializeSListHead
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
RaiseException
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
VirtualFree
VirtualAlloc
CreateMutexW
ReleaseMutex
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetStdHandle
GetStdHandle
HeapFree
HeapAlloc
IsValidLocale
EnumSystemLocalesW
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
CompareStringW
TerminateProcess
CreateDirectoryW
CreateFileW
GetDiskFreeSpaceExW
GetDriveTypeW
QueryDosDeviceW
SetFileAttributesW
CloseHandle
GetLastError
DeviceIoControl
Sleep
GlobalAlloc
GetFileAttributesW
GetExitCodeProcess
CreateProcessW
GetFileSizeEx
GetSystemInfo
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileExW
CopyFileW
CreateProcessA
lstrcmpW
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
LocalFree
FormatMessageW
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CheckRemoteDebuggerPresent
OpenProcess
GlobalUnlock
GlobalLock
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetCurrentProcessId
GetUserDefaultLangID
ReadFile
WriteFile
WideCharToMultiByte
GetVolumeInformationW
GetLongPathNameW
GetConsoleWindow
ExitProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CompareStringEx
GetSystemTime
GetLocalTime
OutputDebugStringW
GetCurrentProcess
IsProcessorFeaturePresent
DuplicateHandle
SetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
SwitchToThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCommandLineW
WaitForSingleObjectEx
GetFileAttributesExW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetSystemDirectoryW
LoadLibraryW
ResetEvent
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetCurrentDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointerEx
GetStartupInfoW
GetModuleFileNameW
VirtualQuery
OpenFileMappingW
UnregisterWaitEx
RegisterWaitForSingleObject
MultiByteToWideChar
HeapSize
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
FindNextFileW
FreeLibrary
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ReleaseSemaphore
CreateSemaphoreW

ole32

OleUninitialize
CoUninitialize
CoInitializeEx
CoInitialize
OleSetClipboard
OleInitialize
RevokeDragDrop
OleIsCurrentClipboard
CoCreateInstance
DoDragDrop
CoTaskMemFree
ReleaseStgMedium
CoGetMalloc
CoCreateGuid
StringFromGUID2
RegisterDragDrop
OleFlushClipboard
OleGetClipboard
CoLockObjectExternal

shell32

CommandLineToArgvW
SHGetKnownFolderPath
SHCreateItemFromParsingName
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHCreateItemFromIDList
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHChangeNotify
SHGetFileInfoW
ShellExecuteExA
SHGetStockIconInfo
ord727
ShellExecuteW

user32

MsgWaitForMultipleObjectsEx
KillTimer
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetQueueStatus
DispatchMessageW
SetTimer
IsWindow
IsWindowVisible
GetAsyncKeyState
IsWindowEnabled
GetWindowTextW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetSystemMetrics
SystemParametersInfoW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
GetAncestor
GetKeyboardLayoutList
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
UnregisterClassW
GetClassInfoW
RegisterClassExW
GetFocus
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
RegisterClassW
EnumDisplayDevicesW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetTouchInputInfo
CloseTouchInputHandle
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
MessageBoxW
DrawIconEx
TranslateMessage

winmm

timeKillEvent
PlaySoundW
timeSetEvent

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Get_Parent
CM_Get_Device_IDW
SetupDiGetClassDevsW

Sections

.text
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1ba42ae0aadc6e2078c13418cf373b8

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wtsapi32

uxtheme

dwmapi

oleaut32

imm32

gdi32

userenv

version

netapi32

ws2_32

advapi32

kernel32

ole32

shell32

user32

winmm

setupapi

Sections

.text Size: 8.2MB - Virtual size: 8.2MB

.rdata Size: 4.0MB - Virtual size: 4.0MB

.data Size: 97KB - Virtual size: 185KB

.qtmetad Size: 1KB - Virtual size: 1KB

_RDATA Size: 1024B - Virtual size: 548B

.rsrc Size: 113KB - Virtual size: 112KB

.reloc Size: 283KB - Virtual size: 283KB

.text
Size: 8.2MB - Virtual size: 8.2MB

.rdata
Size: 4.0MB - Virtual size: 4.0MB

.data
Size: 97KB - Virtual size: 185KB

.qtmetad
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 1024B - Virtual size: 548B

.rsrc
Size: 113KB - Virtual size: 112KB

.reloc
Size: 283KB - Virtual size: 283KB