4ec27225e8007674cabeeb54387d1c78111ad611f4d56e651d2f3e92469eafca

Sharing

Copy URL

Twitter E-mail

General

Target

4ec27225e8007674cabeeb54387d1c78111ad611f4d56e651d2f3e92469eafca
Size

1.5MB
MD5

ea7eb3c64813d8b147e3220ed9981ec3
SHA1

5deceebaf2572d4cc7ccf725aaedf534ddb6a4e8
SHA256

4ec27225e8007674cabeeb54387d1c78111ad611f4d56e651d2f3e92469eafca
SHA512

22d9901d49d4aaac8270f17248cf843cb3067651497490a8068804ae14693fa18c04f2a81107e7e2a38b649a7e68b6fe55b68e92f26baa64c7f2f97b81b45884
SSDEEP

24576:AbR6R145jpnjhYeSCUegjJYNT5ExTLhFYOOoilG:J1inG86cT5ExTLhFROoilG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ec27225e8007674cabeeb54387d1c78111ad611f4d56e651d2f3e92469eafca

Files

4ec27225e8007674cabeeb54387d1c78111ad611f4d56e651d2f3e92469eafca
.exe windows:5 windows x86

9715d838cbf9501c816ff444b458b256

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipAlloc
GdipDeleteMatrix
GdipDeleteBrush
GdipSetTextureTransform
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdiplusShutdown
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipCloneImage
GdipCloneBrush
GdipFillPath
GdipFillEllipseI
GdipFillRectangleI
GdipDrawPath
GdipDrawEllipseI
GdipDrawRectangleI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipAddPathLine2I
GdipSetPenBrushFill
GdipSetPenLineJoin
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenWidth
GdipCreateTexture2I
GdipCreateSolidFill
GdipTranslateMatrix
GdipCreateMatrix
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipFree

kernel32

FlushInstructionCache
FindNextFileW
FindClose
MulDiv
GetModuleHandleExW
GetLocalTime
SetLastError
FindFirstFileW
lstrcpyW
GetCurrentThreadId
lstrcpynW
GlobalUnlock
GetCommandLineW
GetTickCount
GlobalLock
GetSystemDirectoryW
GlobalAddAtomW
WaitForSingleObject
FreeLibrary
LoadLibraryW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetProcessHeap
SetEndOfFile
SetStdHandle
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
GetTimeZoneInformation
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
HeapSize
ExitProcess
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetFileType
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
GetDriveTypeW
FileTimeToLocalFileTime
GetStartupInfoW
GetFullPathNameW
ResumeThread
RtlUnwind
UnhandledExceptionFilter
HeapFree
HeapAlloc
HeapReAlloc
FindResourceExW
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseMutex
OpenMutexW
CreateMutexW
FlushFileBuffers
ReadFile
GetFileSize
LocalAlloc
OpenEventW
CreateEventW
CreateThread
LocalFree
ExitThread
MultiByteToWideChar
WideCharToMultiByte
SetFileAttributesW
DeleteFileW
FileTimeToSystemTime
EnterCriticalSection
RaiseException
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
OpenProcess
GetModuleHandleW
GetProcAddress
CloseHandle
GetModuleFileNameW
GetVersionExW
GetCurrentThread
FindResourceW
GetLastError
SizeofResource
LoadResource
LockResource
GlobalFree
SetThreadContext
GetThreadContext
SuspendThread
Sleep
IsDebuggerPresent
lstrcatW
lstrlenW
CreateFileW
FormatMessageW
WriteFile
OutputDebugStringW
SetUnhandledExceptionFilter
CreateProcessW
VirtualQuery
VirtualProtect
IsProcessorFeaturePresent
InterlockedCompareExchange
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetFilePointer
InterlockedDecrement
LoadLibraryA
LeaveCriticalSection
GetDriveTypeA
WriteConsoleA
CreateFileA
WriteConsoleW
GetConsoleOutputCP

user32

UnregisterClassA
GetFocus
SetTimer
IsIconic
NotifyWinEvent
IsWindowEnabled
SetPropW
GetPropW
PostThreadMessageW
wvsprintfW
GetCursor
MoveWindow
UpdateLayeredWindow
MonitorFromRect
SubtractRect
PeekMessageW
TrackMouseEvent
BeginPaint
EndPaint
ReleaseCapture
EnumDisplayMonitors
SetCapture
RegisterHotKey
CallWindowProcW
GetClipboardData
GetKeyState
SetCursorPos
FillRect
DrawTextW
GetSystemMetrics
IntersectRect
GetForegroundWindow
ChildWindowFromPointEx
RegisterClassExW
GetCursorInfo
GetIconInfo
DrawIcon
DefWindowProcW
MessageBoxW
SetCursor
EmptyClipboard
SetClipboardData
CloseClipboard
ClientToScreen
UnionRect
InflateRect
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
CopyRect
LoadCursorW
GetClassInfoExW
HideCaret
KillTimer
IsWindowVisible
ShowWindow
InvalidateRect
UpdateWindow
ScreenToClient
GetWindowRect
SetWindowPos
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DestroyWindow
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
WaitForInputIdle
UnregisterHotKey
SetForegroundWindow
SetFocus
FindWindowW
GetParent
PostQuitMessage
IsClipboardFormatAvailable
OpenClipboard
GetDesktopWindow
GetDC
ReleaseDC
SendMessageW
IsWindow
SetWindowLongW
GetWindowLongW
PostMessageW
GetClientRect
GetWindow

gdi32

GetFontData
EnumFontFamiliesExW
SetViewportOrgEx
GetClipBox
GetTextExtentExPointW
GetTextExtentPointW
SetBkMode
GetPixel
StretchBlt
CreateSolidBrush
SetTextColor
GetStockObject
CreateFontIndirectW
GetBitmapDimensionEx
CreateCompatibleBitmap
StrokeAndFillPath
StrokePath
EndPath
CreatePen
MoveToEx
LineTo
GetDeviceCaps
CreateCompatibleDC
GetObjectW
SelectObject
CreateDIBSection
BitBlt
DeleteDC
DeleteObject

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

shell32

ShellExecuteW
SHFileOperationW
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize

oleaut32

VariantClear
SysAllocString
VariantInit

wininet

InternetErrorDlg
InternetSetOptionW
InternetCloseHandle
InternetOpenUrlW
InternetOpenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msimg32

TransparentBlt
AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow

advapi32

RegCreateKeyExW
RegQueryValueExW
GetSecurityDescriptorSacl
GetSidLengthRequired
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
RegCloseKey
RegOpenKeyExW

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 703KB - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9715d838cbf9501c816ff444b458b256

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

wininet

version

msimg32

oleacc

advapi32

Sections

.text Size: 568KB - Virtual size: 567KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 15KB - Virtual size: 32KB

.rsrc Size: 703KB - Virtual size: 702KB

.reloc Size: 114KB - Virtual size: 116KB

.text
Size: 568KB - Virtual size: 567KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 15KB - Virtual size: 32KB

.rsrc
Size: 703KB - Virtual size: 702KB

.reloc
Size: 114KB - Virtual size: 116KB