067b0b8634fc2ed18e8e79be992f7977378c12dda364d9d9e2d6b05361ebb203

Sharing

Copy URL

Twitter E-mail

General

Target

067b0b8634fc2ed18e8e79be992f7977378c12dda364d9d9e2d6b05361ebb203
Size

3.5MB
MD5

f4e0cb566a639e03b7d6f701f36fb19f
SHA1

d27a34f7e500b88cf884dfca2fe31d08f6ee48ac
SHA256

067b0b8634fc2ed18e8e79be992f7977378c12dda364d9d9e2d6b05361ebb203
SHA512

2d8cbc57e58d7a00e59a33deb61531d28a32afcf391504636c21b4863f431eb185e0e8949f10b070e271dc48cb5a21062b1552c558ee00a42610ee21225a4923
SSDEEP

49152:yxN4yXof2zAeIsZ/SyrAZPq86Fr5cAEEf/BVd:u+7eXNqy86FyAEgZL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
067b0b8634fc2ed18e8e79be992f7977378c12dda364d9d9e2d6b05361ebb203

Files

067b0b8634fc2ed18e8e79be992f7977378c12dda364d9d9e2d6b05361ebb203
.exe windows:6 windows x86

8a30e350464214bd5390d311d8b86a1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
GetLocalTime
GetSystemTimeAsFileTime
VerSetConditionMask
VerifyVersionInfoW
lstrcmpiW
LoadLibraryExW
SetFileTime
InitializeCriticalSectionEx
SetFileAttributesW
CreateIoCompletionPort
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
VirtualQuery
CompareStringW
GetFileType
GetStdHandle
GetTimeZoneInformation
GetCommandLineA
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
LCMapStringEx
LocalFree
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
CreateProcessW
SetCurrentDirectoryW
GetSystemInfo
GlobalFlags
FindClose
GetCurrentProcess
FindNextFileW
GetCommandLineW
CreateDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetUserDefaultLCID
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
GlobalReAlloc
MulDiv
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
TerminateProcess
OpenProcess
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateThread
GetExitCodeThread
SetWaitableTimer
CreateWaitableTimerW
OpenEventW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetFileAttributesW
GetQueuedCompletionStatus
SetEvent
CreateThread
WaitForSingleObject
CreateEventW
PostQueuedCompletionStatus
ExitProcess
GetModuleHandleW
SetLastError
LeaveCriticalSection
GetCurrentThreadId
IsDebuggerPresent
WriteFile
SetFilePointerEx
ReadFile
HeapFree
SetFilePointer
CreateFileW
CloseHandle
CopyFileW
GetModuleFileNameW
GetTempPathW
GetSystemDirectoryW
GetWindowsDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
Sleep
MoveFileW
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
LCMapStringW

user32

SetCapture
PtInRect
ReleaseCapture
BeginPaint
EndPaint
PostMessageW
IsWindowVisible
RegisterClassExW
GetClassInfoExW
InflateRect
FillRect
WindowFromPoint
OffsetRect
CopyRect
ClientToScreen
DrawStateW
FrameRect
DrawFocusRect
DrawTextW
GetNextDlgTabItem
wsprintfW
GetWindowThreadProcessId
MonitorFromWindow
SetActiveWindow
WaitForInputIdle
OpenClipboard
GetMonitorInfoW
CloseClipboard
EmptyClipboard
CharNextW
CreateMenu
PostQuitMessage
AppendMenuW
TranslateAcceleratorW
DestroyMenu
CreateAcceleratorTableW
DestroyAcceleratorTable
GetSubMenu
UnregisterClassW
DestroyWindow
DestroyIcon
DestroyCursor
MessageBoxW
GetWindowLongW
SetWindowPos
SetWindowLongW
TrackPopupMenu
GetWindowTextW
CreatePopupMenu
DeleteMenu
GetDlgItem
SetPropW
RedrawWindow
RemovePropW
GetPropW
FindWindowExW
IsIconic
GetClassNameW
IntersectRect
IsRectEmpty
SetMenu
IsWindowEnabled
IsChild
GetDlgCtrlID
IsDialogMessageW
DrawIcon
SetWindowRgn
GetWindow
GetSystemMenu
GetLastActivePopup
SetParent
MessageBeep
SetRect
ChildWindowFromPointEx
MoveWindow
EnumWindows
SetClipboardData
EnumDisplaySettingsW
GetWindowTextLengthW
ShowWindow
SetFocus
GetActiveWindow
DefWindowProcW
CallWindowProcW
WinHelpW
SendMessageW
SetScrollRange
GetScrollRange
GetScrollPos
GetSysColor
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SetWindowTextW
EnableWindow
LoadCursorW
GetCursorPos
SetCursorPos
GetWindowRect
GetParent
GetTopWindow
ScreenToClient
GetFocus
IsWindow
GetClientRect
GetKeyState
SetCursor
AdjustWindowRectEx
CheckMenuItem
GetMenuState
GetMenuStringW
SetTimer
KillTimer
MsgWaitForMultipleObjects
ReleaseDC
GetWindowDC
GetSystemMetrics
GetDC
LoadImageW
GetDesktopWindow
LoadIconW
RegisterClassW
GetClassInfoW
LoadStringW
CreateWindowExW
GetMessagePos
SetScrollPos
IsZoomed
MessageBoxA
InvalidateRect

gdi32

MoveToEx
CreatePen
LineTo
SetBkMode
GetPixel
CreateEllipticRgn
CreateRoundRectRgn
GetClipBox
ExcludeClipRect
GetTextMetricsW
DPtoLP
SetROP2
SetMapMode
LPtoDP
GetViewportExtEx
Rectangle
SetBkColor
SetPolyFillMode
CreateDCW
PatBlt
GetWindowExtEx
GetViewportOrgEx
CombineRgn
SetViewportOrgEx
CreateRectRgn
CreatePatternBrush
GetWindowOrgEx
SetWindowExtEx
SetWindowOrgEx
CreateHatchBrush
CreateBrushIndirect
CreateSolidBrush
CreateBitmap
ExtTextOutW
RoundRect
BitBlt
CreateCompatibleBitmap
SelectObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GdiAlphaBlend
StretchBlt
RealizePalette
DeleteObject
CreateFontIndirectW
SetStretchBltMode
GetObjectW
CreatePalette
SelectPalette
DeleteDC
GetSystemPaletteEntries
GetDeviceCaps
GetDIBits
SetTextColor
GetStockObject

comdlg32

GetOpenFileNameW
ChooseFontW
GetSaveFileNameW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW

shell32

DragQueryFileW
DragFinish
ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
OleRun
CLSIDFromString
CoTaskMemAlloc
CLSIDFromProgID
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysFreeString
VariantClear
VariantTimeToSystemTime
VarUI4FromStr
VarUdateFromDate
SystemTimeToVariantTime
LHashValOfNameSys
VariantInit
LoadTypeLi
VariantCopyInd
RegisterTypeLi
SysAllocString
VariantCopy
VarCmp
VariantChangeType

comctl32

InitCommonControlsEx
ImageList_AddMasked
ImageList_Create
_TrackMouseEvent
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_Destroy

libcrypto-1_1

CONF_modules_unload
OPENSSL_init_crypto
EVP_CIPHER_CTX_new
EVP_CipherInit_ex
EVP_CIPHER_CTX_set_padding
EVP_CipherUpdate
EVP_CIPHER_CTX_free
EVP_rc4

sqlite3

sqlite3_close_v2
sqlite3_open_v2
sqlite3_exec
sqlite3_free
sqlite3_prepare_v2
sqlite3_last_insert_rowid
sqlite3_step
sqlite3_column_int
sqlite3_column_text
sqlite3_finalize

libcurl

curl_easy_cleanup
curl_slist_append
curl_easy_pause
curl_slist_free_all
curl_easy_perform
curl_easy_getinfo
curl_easy_init
curl_global_cleanup
curl_global_init
curl_easy_setopt

cximagecrt

?RotateLeft@CxImage@@QAE_NPAV1@@Z
?RotateRight@CxImage@@QAE_NPAV1@@Z
?Crop@CxImage@@QAE_NHHHHPAV1@@Z
?Expand@CxImage@@QAE_NHHHHUtagRGBQUAD@@PAV1@@Z
??0CxImage@@QAE@I@Z
?Destroy@CxImage@@QAE_NXZ
?DestroyFrames@CxImage@@QAE_NXZ
?Size@CxMemFile@@UAEHXZ
?GetWidth@CxImage@@QBEIXZ
?GetHeight@CxImage@@QBEIXZ
?GetType@CxImage@@QBEIXZ
?GrayScale@CxImage@@QAE_NXZ
?RedEyeRemove@CxImage@@QAE_NM@Z
?Save@CxImage@@QAE_NPB_WI@Z
??1CxMemFile@@UAE@XZ
?GetBuffer@CxMemFile@@QAEPAE_N@Z
?Load@CxImage@@QAE_NPB_WI@Z
?Encode@CxImage@@QAE_NPAVCxFile@@I@Z
?Decode@CxImage@@QAE_NPAVCxFile@@I@Z
?Open@CxMemFile@@QAE_NXZ
??0CxMemFile@@QAE@PAEI@Z

skinhu

SkinH_AttachEx
SkinH_Detach

shlwapi

PathFindExtensionW
SHCreateStreamOnFileEx
PathFindFileNameW

ws2_32

WSACleanup

gdiplus

GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipGetImagePaletteSize
GdipCloneImage
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipSetCompositingMode
GdipGetImagePalette
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipCreateBitmapFromStream
GdipBitmapUnlockBits

winmm

PlaySoundW

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a30e350464214bd5390d311d8b86a1e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

libcrypto-1_1

sqlite3

libcurl

cximagecrt

skinhu

shlwapi

ws2_32

gdiplus

winmm

imm32

msvcrt

iphlpapi

psapi

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.sedata Size: 1.0MB - Virtual size: 1.0MB

.idata Size: 11KB - Virtual size: 12KB

.rsrc Size: 10KB - Virtual size: 12KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.sedata
Size: 1.0MB - Virtual size: 1.0MB

.idata
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 10KB - Virtual size: 12KB

.sedata
Size: 4KB - Virtual size: 4KB