a95251ff1838d3b165e8338761437ca9b12b0d5aea6d5dcce29ec4c3d4af499a

Sharing

Copy URL Twitter E-mail

General

Target

a95251ff1838d3b165e8338761437ca9b12b0d5aea6d5dcce29ec4c3d4af499a
Size

7.4MB
MD5

0d96fb0787fd31dd8803f7a056e2f2d0
SHA1

305905c49c51a3efcf970f35a621d24e3ac0f506
SHA256

a95251ff1838d3b165e8338761437ca9b12b0d5aea6d5dcce29ec4c3d4af499a
SHA512

306335095f771d6782f912f5004bfbea6098f965dba7a09d3579e5d818fe6a1b5724f51babd23f7c8eac56b4c57f6e92197598b8dcba1d1835246f1da5ab3ce1
SSDEEP

98304:8oCX+GEq2QjFPmAWxV6UIOeTDps4dfpHR4hdJrKUd/uJE56iFqj:WE6mAWLheT+4dfpHR4h7rKUdmDk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a95251ff1838d3b165e8338761437ca9b12b0d5aea6d5dcce29ec4c3d4af499a

Files

a95251ff1838d3b165e8338761437ca9b12b0d5aea6d5dcce29ec4c3d4af499a
.exe windows:5 windows x86

90e237332a0d36c1649501e286358782

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libeay32

ord254
ord181
ord2442
ord578
ord566
ord579
ord657
ord2623
ord1186
ord909
ord1653
ord1654
ord3050
ord1178
ord544
ord364
ord363
ord648
ord652
ord641
ord680
ord84
ord1022
ord1016
ord202
ord200
ord66
ord395
ord82
ord204
ord484
ord485
ord222
ord2291
ord227
ord248
ord223
ord2254
ord1017
ord1015
ord118
ord365
ord3353
ord3422
ord205
ord640
ord78
ord53
ord98
ord1804
ord197
ord2415
ord2416
ord2412
ord298
ord224
ord3188
ord3226
ord52
ord95
ord129
ord119
ord2023
ord2075
ord9
ord656
ord653
ord2431
ord581
ord1958
ord1216
ord469
ord467
ord3212
ord2206
ord89
ord109

ssleay32

ord82
ord86
ord125
ord155
ord8
ord76
ord48
ord182
ord96
ord242
ord166
ord43
ord77
ord90
ord61
ord157
ord83
ord42
ord75
ord225
ord21
ord24
ord17
ord235
ord222
ord142
ord73
ord16
ord141
ord111
ord12
ord74
ord183
ord6
ord78
ord58
ord108
ord45
ord341
ord343
ord314
ord315
ord172
ord171
ord110
ord112
ord31
ord15

zlibwapi

ord20
ord19
ord21

kernel32

GetProcessHeap
SetLastError
FormatMessageA
GlobalSize
FormatMessageW
OutputDebugStringA
GetModuleHandleA
LoadLibraryA
SetThreadPriority
SuspendThread
EncodePointer
GetSystemDirectoryW
LoadLibraryExW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
lstrcmpA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentThread
CompareStringA
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
MoveFileW
GetThreadLocale
GetFileAttributesExW
GetFileSizeEx
GetFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SetFileTime
GlobalFlags
GlobalGetAtomNameW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
FindResourceExW
VerSetConditionMask
VerifyVersionInfoW
GetTempFileNameW
GetProfileIntW
SearchPathW
DecodePointer
GetUserDefaultLCID
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetCommModemStatus
GetCommTimeouts
lstrcmpW
WaitForMultipleObjects
RaiseException
FindClose
FindNextFileW
FindFirstFileW
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
WinExec
lstrcatW
lstrcpyW
GetWindowsDirectoryW
GetDiskFreeSpaceExW
GetFileAttributesW
CopyFileW
RemoveDirectoryW
ReleaseMutex
CreateMutexW
SetUnhandledExceptionFilter
SetErrorMode
OutputDebugStringW
GetTempPathW
GetCurrentThreadId
SystemTimeToFileTime
GetLocalTime
GetCurrentProcessId
LocalAlloc
LocalFree
GetDriveTypeW
GetLogicalDriveStringsW
HeapAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
WriteConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
SetEnvironmentVariableA
GetACP
GetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetSystemInfo
SetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleCP
FreeLibraryAndExitThread
ExitThread
GetFileType
GetModuleHandleExW
ExitProcess
InterlockedPushEntrySList
RtlUnwind
GetVersionExA
GetStringTypeW
LCMapStringW
GetPrivateProfileIntW
SetCurrentDirectoryW
GetModuleFileNameW
SetThreadExecutionState
TerminateThread
GetExitCodeThread
DeleteFileW
WideCharToMultiByte
TerminateProcess
CreateProcessW
CreatePipe
SetEvent
HeapReAlloc
HeapSize
GetComputerNameW
HeapFree
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateDirectoryW
GetCurrentDirectoryW
GetModuleHandleW
GetTickCount
WriteFile
Sleep
ReadFile
ClearCommError
GetOverlappedResult
WaitForSingleObject
ResetEvent
WaitCommEvent
CreateEventW
SetCommTimeouts
SetupComm
CreateFileW
SetCommState
GetCommState
PurgeComm
SetCommMask
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryW
CloseHandle
GetCurrentProcess
lstrcmpiW
lstrlenW
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
GetVersion
GetVersionExW
MultiByteToWideChar
GetCPInfo
CreateThread

user32

SystemParametersInfoW
DrawIconEx
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
DrawTextW
GetMenuItemInfoW
SetRect
TrackMouseEvent
SetParent
GetClassLongW
GetTopWindow
UnhookWindowsHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
CheckMenuItem
SetMenuItemBitmaps
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetMenuCheckMarkDimensions
DrawEdge
FillRect
GetSysColor
CopyRect
SetMenuItemInfoW
ShowWindow
MoveWindow
SetDlgItemTextW
DestroyIcon
GetSystemMetrics
GetDesktopWindow
GetDC
ReleaseDC
AppendMenuW
InsertMenuW
ModifyMenuW
GetMenuState
GetMenuItemID
CreateMenu
CreatePopupMenu
GetSysColorBrush
LoadBitmapW
RemoveMenu
TranslateAcceleratorW
GetSubMenu
EnableWindow
TabbedTextOutW
DrawTextExW
GrayStringW
DestroyCursor
GetWindowLongW
SendMessageW
IsMenu
GetNextDlgTabItem
GetParent
SetCursor
InvalidateRect
ClientToScreen
WindowFromPoint
GetActiveWindow
GetWindowRect
PostMessageW
FrameRect
InflateRect
OffsetRect
DrawFocusRect
GetClientRect
DrawStateW
GetIconInfo
LoadImageW
GetFocus
GetKeyState
PtInRect
IsWindow
GetWindowDC
IsIconic
GetWindow
GetClassNameW
SetWindowLongW
LoadCursorW
SetTimer
PostThreadMessageW
KillTimer
PeekMessageW
TranslateMessage
DispatchMessageW
LoadIconW
UpdateWindow
GetDlgCtrlID
DrawIcon
PostQuitMessage
MessageBoxA
GetMessagePos
ScreenToClient
CopyIcon
MessageBeep
GetSystemMenu
EnableMenuItem
SetWindowRgn
MessageBoxW
UnregisterClassW
SetRectEmpty
BeginPaint
EndPaint
IsWindowEnabled
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringW
GetKeyNameTextW
MapVirtualKeyW
DestroyMenu
IntersectRect
GetMessageW
IsWindowVisible
ValidateRect
CheckDlgButton
SetCapture
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
UnionRect
LockWindowUpdate
GetMenuDefaultItem
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawFrameControl
IsZoomed
SetCursorPos
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
SetMenuDefaultItem
GetDoubleClickTime
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
SetWindowTextW
IsDialogMessageW
LoadMenuW
CreateDialogIndirectParamW
EndDialog
SendDlgItemMessageA
WaitMessage
CharUpperW
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
RealChildWindowFromPoint
BringWindowToTop
ReleaseCapture
GetMenuItemCount
LoadAcceleratorsW
GetCursorPos
SetWindowsHookExW
CallNextHookEx
RegisterWindowMessageW
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
GetWindowRgn
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetAsyncKeyState
CopyImage
DeleteMenu
IsRectEmpty

gdi32

GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
LPtoDP
Polyline
Polygon
CreatePolygonRgn
CreateEllipticRgn
SetDIBColorTable
StretchBlt
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetRgnBox
DPtoLP
SetRectRgn
GetMapMode
CreateRectRgnIndirect
CreateDCW
CopyMetaFileW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
SetTextAlign
SetTextCharacterExtra
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetClipBox
ExcludeClipRect
StretchDIBits
GetCharWidthW
GetTextColor
SetBrushOrgEx
GetBkColor
GetBrushOrgEx
CreatePatternBrush
SetPixelV
GetBitmapDimensionEx
CombineRgn
OffsetRgn
CreateRoundRectRgn
CreateRectRgn
GetTextMetricsW
CreateFontW
SetTextColor
SetBkColor
CreateBitmap
GetStockObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
Rectangle
CreateHatchBrush
PatBlt
SetPixel
GetPixel
GetObjectW
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
Ellipse
GetTextExtentPoint32W
CreateFontIndirectW
GetBkMode
CreatePen
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
RegEnumValueW
RegQueryValueW
RegSetValueW
RegEnumKeyExW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHFormatDrive
SHGetFileInfoW
DragQueryFileW
DragFinish
ExtractIconW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteW

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
InitCommonControlsEx
ImageList_Draw

shlwapi

PathFileExistsW
UrlUnescapeW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW
PathIsDirectoryW

uxtheme

GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeText
DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData

ole32

OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoInitializeEx
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
IsAccelerator
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoGetClassObject
CoDisconnectObject
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CoRevokeClassObject
CoRegisterClassObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

oleaut32

VarBstrFromDate
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantCopy
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysStringByteLen
SysFreeString
SysAllocStringLen
OleLoadPicture
SafeArrayDestroy

oledlg

OleUIBusyW

ws2_32

getaddrinfo
WSAPoll
freeaddrinfo
getnameinfo
WSARecv
WSARecvFrom
WSASend
WSAAsyncSelect
WSASetLastError
getsockname
getpeername
WSASendTo
listen
bind
htonl
shutdown
accept
__WSAFDIsSet
select
getsockopt
ioctlsocket
WSAGetLastError
WSASocketW
connect
closesocket
send
recv
gethostbyname
setsockopt
ntohl
ntohs
recvfrom
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
sendto
htons
WSACleanup
WSAEventSelect
WSACreateEvent
socket
WSAStartup
inet_addr
gethostname

makelicense

MakeLicFile

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

rpcrt4

UuidFromStringW

gdiplus

GdipAlloc
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdiplusShutdown
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipDeleteGraphics
GdipGetImagePaletteSize
GdipFree
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI

dbghelp

MiniDumpWriteDump

wininet

HttpQueryInfoW
InternetSetOptionW
InternetQueryOptionW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetGetLastResponseInfoW
InternetSetStatusCallbackW
HttpOpenRequestW
HttpSendRequestW

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 815KB - Virtual size: 815KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90e237332a0d36c1649501e286358782

Headers

DLL Characteristics

File Characteristics

Imports

libeay32

ssleay32

zlibwapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

ws2_32

makelicense

setupapi

rpcrt4

gdiplus

dbghelp

wininet

oleacc

imm32

winmm

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 815KB - Virtual size: 815KB

.data Size: 55KB - Virtual size: 100KB

.gfids Size: 109KB - Virtual size: 108KB

.giats Size: 512B - Virtual size: 20B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 815KB - Virtual size: 815KB

.data
Size: 55KB - Virtual size: 100KB

.gfids
Size: 109KB - Virtual size: 108KB

.giats
Size: 512B - Virtual size: 20B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2.2MB - Virtual size: 2.2MB