f68bb09766ebb6df48db5456a692c61b61bf892761fb67c1ecab546572ba20ca

Sharing

Copy URL Twitter E-mail

General

Target

f68bb09766ebb6df48db5456a692c61b61bf892761fb67c1ecab546572ba20ca
Size

1.6MB
MD5

fc3ff676830dcc137a758607fcbaf19a
SHA1

70cc2034e9144bf390e42a053248c9644bddb981
SHA256

f68bb09766ebb6df48db5456a692c61b61bf892761fb67c1ecab546572ba20ca
SHA512

d536449e75a8f2609b15e2287f8fa50866b683bcce36eee23753a8a4856b9e3c4daa125915ea0045a72b2aa92d3ab209db16c489407ed63a2c69e7150e866df8
SSDEEP

24576:XAZvp88/l+Z9itNe+dn7zqSSptCtvB2M58FrsGJlh9:X+p/lgee+VfxItIgf+GJlh9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f68bb09766ebb6df48db5456a692c61b61bf892761fb67c1ecab546572ba20ca

Files

f68bb09766ebb6df48db5456a692c61b61bf892761fb67c1ecab546572ba20ca
.exe windows:6 windows x86

f19010697e70ced9acb792f9ddd864a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
VirtualQuery
CreateEventW
SetEvent
ResetEvent
GetSystemTimeAsFileTime
lstrcmpiW
LoadLibraryExW
WriteConsoleW
CreateFileW
FlushFileBuffers
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCurrentProcessId
LCMapStringW
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetFileType
SetFilePointerEx
WriteFile
GetStdHandle
GetCommandLineA
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemInfo
CloseHandle
GlobalFlags
MultiByteToWideChar
GetFileAttributesW
WaitForSingleObject
FindClose
TerminateProcess
GetCurrentProcess
FindNextFileW
GetCommandLineW
ReadFile
CreateProcessW
FreeLibrary
LoadLibraryW
GetTickCount
ExitProcess
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
SetLastError
LeaveCriticalSection
GetCurrentThreadId
IsDebuggerPresent
GetModuleFileNameW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcAddress
HeapFree
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
SetEndOfFile

user32

FillRect
GetDlgItem
PostMessageW
DeleteMenu
RedrawWindow
TranslateAcceleratorW
PostQuitMessage
CharNextW
RegisterClassExW
DestroyIcon
GetSysColor
FindWindowExW
EnableWindow
EndPaint
GetNextDlgTabItem
BeginPaint
IsIconic
SetFocus
UnregisterClassW
PeekMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
MessageBoxW
GetWindowLongW
SetWindowPos
SetWindowLongW
InvalidateRect
GetActiveWindow
IntersectRect
IsRectEmpty
SetMenu
IsWindowEnabled
IsChild
GetDlgCtrlID
IsDialogMessageW
DrawIcon
SetWindowRgn
IsWindowVisible
GetFocus
GetWindow
GetSystemMenu
GetLastActivePopup
PtInRect
SetParent
ClientToScreen
OffsetRect
ShowWindow
MessageBeep
ScreenToClient
DrawTextW
SetRect
IsZoomed
GetTopWindow
GetClassNameW
GetClassInfoExW
GetPropW
RemovePropW
IsWindow
SetPropW
wsprintfW
GetWindowThreadProcessId
DefWindowProcW
CallWindowProcW
WinHelpW
SendMessageW
GetMessageW
SetActiveWindow
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetKeyState
SetCursor
AdjustWindowRectEx
ReleaseDC
GetClientRect
GetWindowDC
GetSystemMetrics
GetDC
GetWindowRect
LoadImageW
GetParent
GetDesktopWindow
LoadCursorW
LoadIconW
RegisterClassW
GetClassInfoW
LoadStringW
CreateWindowExW
EnumWindows
MoveWindow
GetMonitorInfoW
WaitForInputIdle
MonitorFromWindow

gdi32

GetClipBox
ExcludeClipRect
GetTextMetricsW
SetBkMode
CombineRgn
CreateSolidBrush
CreateRoundRectRgn
SetBkColor
CreateEllipticRgn
SetTextColor
CreateFontIndirectW
SelectObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
DeleteObject
SetStretchBltMode
GetObjectW
DeleteDC
GetDeviceCaps
CreateRectRgn
GdiAlphaBlend
GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW

shell32

ShellExecuteW
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VarUI4FromStr

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
InitCommonControlsEx

libcurl

curl_easy_cleanup
curl_slist_append
curl_easy_pause
curl_slist_free_all
curl_easy_perform
curl_easy_getinfo
curl_easy_init
curl_easy_setopt
curl_global_cleanup
curl_global_init

ws2_32

ioctlsocket
htons
recv
connect
socket
WSAAsyncSelect
gethostbyname
WSAStartup
closesocket
inet_addr
WSACleanup

gdiplus

GdipCreateBitmapFromFile
GdipGetImageWidth
GdipSetCompositingMode
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipGetImagePaletteSize
GdipCloneImage
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipAlloc
GdipGetImagePalette
GdipDrawImageRectI
GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 704KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 902KB - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f19010697e70ced9acb792f9ddd864a4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

libcurl

ws2_32

gdiplus

msvcrt

iphlpapi

psapi

Sections

.text Size: 704KB - Virtual size: 704KB

.sedata Size: 902KB - Virtual size: 904KB

.idata Size: 7KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 704KB - Virtual size: 704KB

.sedata
Size: 902KB - Virtual size: 904KB

.idata
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB