3f8d9e0dad2c4de2bf77a0e5f1881bac43145832a935abd5d50f35a9de9d549f

Sharing

Copy URL Twitter E-mail

General

Target

3f8d9e0dad2c4de2bf77a0e5f1881bac43145832a935abd5d50f35a9de9d549f
Size

5.7MB
MD5

9b59ab358932cea31cc2956763805873
SHA1

88afddf3cd9ebb497790bab217883703170718df
SHA256

3f8d9e0dad2c4de2bf77a0e5f1881bac43145832a935abd5d50f35a9de9d549f
SHA512

2d5b810f2c3ca0f17a15ed29bec707192a6ea45ba87696f1eb45f90468fafa0cb98f9ad7ed6ed3d59cdc44442cc9c23be49d92eafcf4c050bc788413fef01b9f
SSDEEP

98304:WmPrdFHvL+pJ8OBP6DZEt3LIPKnrYjmdD0VW4eI:WwWP6Dquwdf4e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f8d9e0dad2c4de2bf77a0e5f1881bac43145832a935abd5d50f35a9de9d549f

Files

3f8d9e0dad2c4de2bf77a0e5f1881bac43145832a935abd5d50f35a9de9d549f
.exe windows:6 windows x86

9e8eab50adfb5081aab860d765e0d501

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleProcessList
GetProcessAffinityMask
SetThreadAffinityMask
TerminateProcess
GlobalMemoryStatus
GetCurrentThread
SetThreadPriority
GlobalDeleteAtom
GlobalAddAtomW
MulDiv
OutputDebugStringW
FormatMessageW
SetEvent
ResetEvent
WaitForSingleObject
CreateThread
WaitForMultipleObjects
DecodePointer
RaiseException
InitializeCriticalSectionEx
GetVersionExA
MultiByteToWideChar
LoadLibraryExW
SearchPathW
GetSystemDirectoryW
GetWindowsDirectoryW
GlobalLock
GlobalUnlock
CreateEventW
GetThreadPriority
ExitThread
SuspendThread
ResumeThread
GetSystemInfo
SetThreadIdealProcessor
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
LocalSize
GetTickCount64
CreateFileA
GetFileSizeEx
HeapReAlloc
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LoadLibraryA
SetFilePointerEx
SetErrorMode
SetThreadExecutionState
ExitProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreW
GetEnvironmentVariableA
SetEnvironmentVariableA
IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
VerSetConditionMask
DeviceIoControl
GetOverlappedResult
CancelIo
VerifyVersionInfoW
TlsAlloc
TlsGetValue
TlsSetValue
GetConsoleMode
GetModuleHandleExW
WideCharToMultiByte
GetSystemPowerStatus
GetLocaleInfoA
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEnvironmentVariableW
HeapSize
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
GetFileAttributesExW
GetExitCodeProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
SetConsoleCtrlHandler
GetCommandLineW
GetCommandLineA
RtlUnwind
FreeLibraryAndExitThread
GetThreadTimes
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
SetLastError
EncodePointer
GetStringTypeW
lstrcmpW
VirtualFree
VirtualAlloc
WriteConsoleW
SetConsoleTitleW
GetConsoleTitleW
AttachConsole
FreeConsole
GetLocalTime
GetNativeSystemInfo
CreateMutexW
HeapQueryInformation
HeapWalk
GetProcessHeaps
HeapCompact
IsBadReadPtr
FindResourceW
SetProcessAffinityMask
GlobalFree
SizeofResource
LockResource
LoadResource
VirtualQuery
GetVersionExW
GetSystemTime
GlobalMemoryStatusEx
OpenProcess
GetCurrentThreadId
GlobalAlloc
Sleep
HeapSetInformation
GetProcessHeap
GetFullPathNameW
SetCurrentDirectoryW
LocalFree
LocalUnlock
LocalLock
GetTickCount
GetCurrentProcessId
GetTempPathW
SetFilePointer
SetEndOfFile
RemoveDirectoryW
GetVolumeInformationW
GetFileSize
GetFileAttributesW
GetDriveTypeW
DeleteFileW
CreateFileW
CreateDirectoryW
GetModuleFileNameW
CreateProcessW
GetCurrentProcess
CreatePipe
DuplicateHandle
CloseHandle
WriteFile
ReadFile
FlushFileBuffers
SetStdHandle
GetStdHandle
LoadLibraryW
GetProcAddress
FreeLibrary
FindNextFileW
FindFirstFileW
FindClose
GetModuleHandleW
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CompareStringA
InitializeCriticalSection

user32

GetSysColor
ChangeDisplaySettingsW
ReleaseDC
GetDC
KillTimer
SetTimer
GetPriorityClipboardFormat
IsClipboardFormatAvailable
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
LoadStringW
SystemParametersInfoW
LoadCursorFromFileW
EnumDisplaySettingsW
MessageBoxA
GetMessageW
CallWindowProcW
GetUpdateRect
ValidateRect
GetPropW
GetClipCursor
ClipCursor
EnumDisplayMonitors
CopyImage
CreateIconIndirect
RegisterRawInputDevices
AttachThreadInput
MsgWaitForMultipleObjects
IsRectEmpty
RegisterWindowMessageW
PostThreadMessageW
GetRawInputDeviceList
RegisterClassW
SetWindowPos
GetWindowRect
DialogBoxIndirectParamW
GetRawInputData
ToUnicode
GetParent
PostMessageW
DefWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
DestroyWindow
GetWindowLongW
SetWindowLongW
SendMessageW
GetCursorPos
EnumWindows
GetWindowThreadProcessId
GetAsyncKeyState
GetSystemMetrics
TranslateMessage
DispatchMessageW
PeekMessageW
WaitMessage
ShowWindow
IsIconic
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
TranslateAcceleratorW
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemTextW
EnableWindow
FlashWindowEx
SetForegroundWindow
CallNextHookEx
GetQueueStatus
DestroyIcon
SystemParametersInfoA
IntersectRect
MoveWindow
GetMonitorInfoW
MonitorFromWindow
EnumDisplaySettingsExW
ClientToScreen
SetCaretPos
DestroyCaret
CreateCaret
SetCursorPos
SetWindowRgn
GetForegroundWindow
SetCapture
GetFocus
RegisterWindowMessageA
GetDoubleClickTime
RegisterDeviceNotificationW
UnregisterDeviceNotification
UnregisterClassA
RegisterClassExA
CreateWindowExA
GetClipboardSequenceNumber
SetLayeredWindowAttributes
GetKeyboardState
SetCursor
GetCursor
ChangeDisplaySettingsExW
MapVirtualKeyW
EnumDisplayDevicesW
MonitorFromPoint
RemovePropW
PtInRect
SetWindowsHookExW
DrawTextW
MessageBoxW
GetRawInputDeviceInfoA
GetDesktopWindow
MonitorFromRect
CreateIconFromResource
PostQuitMessage
UnhookWindowsHookEx
SetFocus
GetKeyboardLayout
LoadIconW
SetRect
ScreenToClient
AdjustWindowRectEx
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetPropW
InvalidateRect
EndPaint
BeginPaint
SetActiveWindow
UpdateWindow
GetMenuItemCount
GetSystemMenu
GetMenu
IsWindowEnabled
ReleaseCapture
GetCapture
GetKeyState
IsWindowVisible
UnregisterClassW
GetMessageExtraInfo
TrackMouseEvent
LoadCursorW
WindowFromPoint
EmptyClipboard

gdi32

ExtCreateRegion
CreateFontIndirectW
GetFontData
SelectObject
GetTextMetricsW
CreateCompatibleDC
DeleteDC
EnumFontFamiliesExW
EnumFontsW
GetStockObject
CreateDIBSection
GetObjectW
CreateDIBitmap
CreateCompatibleBitmap
GetPixel
SetPixel
DeleteObject
CreateDCW
GetDIBits
CreateBitmap
GetICMProfileW
GetDeviceGammaRamp
SetDeviceGammaRamp
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
BitBlt
GetTextExtentPoint32A
CreateRectRgn
CombineRgn
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetGlyphOutlineW
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

DragFinish
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHBrowseForFolderW
SHGetFolderPathW
ExtractIconExW
DragAcceptFiles
SHGetPathFromIDListW
DragQueryFileW
ShellExecuteW

ole32

GetRunningObjectTable
CreateItemMoniker
CoInitialize
CoInitializeEx
PropVariantClear
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
StringFromGUID2
CoFreeUnusedLibraries
CLSIDFromString

oleaut32

VariantClear
SysFreeString

winmm

timeSetEvent
waveInReset
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
timeKillEvent
waveInGetDevCapsW
waveInGetNumDevs
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetErrorTextW
waveOutGetDevCapsW
waveOutGetNumDevs
timeGetTime
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
waveInOpen

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

mpr

WNetGetUniversalNameW

shlwapi

PathFileExistsW
PathIsDirectoryW

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmIsIME
ImmAssociateContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetIMEFileNameA
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW
ImmNotifyIME
ImmSetCandidateWindow
ImmGetContext

setupapi

CM_Locate_DevNodeA
CM_Get_Parent
CM_Get_Device_IDA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

dbghelp

MiniDumpWriteDump

quartz

AMGetErrorTextW

propsys

PropVariantToDouble

mfplat

MFFrameRateToAverageTimePerFrame
MFCreateSourceResolver
MFShutdown
MFStartup

mf

MFCreateTopologyNode
MFCreateTopology
MFCreateMediaSession
MFCreateAudioRendererActivate
MFCreateVideoRendererActivate

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 741KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e8eab50adfb5081aab860d765e0d501

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winmm

version

mpr

shlwapi

imm32

setupapi

dbghelp

quartz

propsys

mfplat

mf

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.adata Size: 512B - Virtual size: 80B

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 94KB - Virtual size: 741KB

.rsrc Size: 182KB - Virtual size: 182KB

.reloc Size: 180KB - Virtual size: 180KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.adata
Size: 512B - Virtual size: 80B

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 94KB - Virtual size: 741KB

.rsrc
Size: 182KB - Virtual size: 182KB

.reloc
Size: 180KB - Virtual size: 180KB