bfa4c5d8ad56b950c701b40984d1e0c07591fda5aba1093072786286b241c77c

Sharing

Copy URL Twitter E-mail

General

Target

bfa4c5d8ad56b950c701b40984d1e0c07591fda5aba1093072786286b241c77c
Size

637KB
MD5

20aa83b0dec15a86c5a98515cf5de010
SHA1

59b4147e3bf420b1e7d8c919ccd838dbf451268e
SHA256

bfa4c5d8ad56b950c701b40984d1e0c07591fda5aba1093072786286b241c77c
SHA512

af94f5ecc31ee3033f0ecb11db367023a1ea5022eed575d538f52da039cbfdfa6a15f669bac986e17c67b043ea417017f49def013d88866a84e764bdd44717cc
SSDEEP

12288:gfxYN9MbhCt8LTS6rBmJFhbHCZtWit9hZcXCNZlBofTjPmiLi:gfxYN9MbhUzFhbiZgit98XUZlBCTL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfa4c5d8ad56b950c701b40984d1e0c07591fda5aba1093072786286b241c77c

Files

bfa4c5d8ad56b950c701b40984d1e0c07591fda5aba1093072786286b241c77c
.dll regsvr32 windows:6 windows x64

2be83e76d0c5f2e2ea7ce3e870c5d2c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
AllocConsole
lstrcmpW
VirtualQuery
LoadLibraryExW
GetTempPathA
GetTempFileNameA
SizeofResource
RemoveVectoredExceptionHandler
WriteFile
GetTimeFormatEx
GetUserDefaultUILanguage
LocalAlloc
GetDateFormatEx
FreeResource
MultiByteToWideChar
LockResource
DeleteFileW
LoadResource
FindResourceW
AddVectoredExceptionHandler
GetFileSize
SetThreadContext
GetProcessTimes
GetExitCodeProcess
DuplicateHandle
QueueUserAPC
GetSystemDirectoryA
GetWindowsDirectoryA
CreateDirectoryA
SwitchToThread
ReadFile
GetFileSizeEx
WriteConsoleW
HeapSize
GetStringTypeW
FlushFileBuffers
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
CreateFileMappingW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetEndOfFile
SetStdHandle
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
HeapReAlloc
GetStdHandle
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetFileType
ExitProcess
RtlPcToFileHeader
RaiseException
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedFlushSList
RtlUnwindEx
GetModuleHandleExA
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryFullProcessImageNameW
lstrcpyW
GetThreadId
GetWindowsDirectoryW
GetCurrentDirectoryW
K32GetModuleInformation
GetSystemInfo
FreeConsole
Process32FirstW
DeleteFileA
DisableThreadLibraryCalls
CreateFileA
Process32NextW
GetFileAttributesExW
GetTickCount64
CreateToolhelp32Snapshot
GetModuleHandleA
UnmapViewOfFile
IsBadCodePtr
GetUserPreferredUILanguages
FreeLibraryAndExitThread
CreateFileW
FindClose
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetModuleFileNameW
TerminateProcess
VirtualAlloc
GetModuleHandleExW
GetCurrentProcess
VirtualFree
EnterCriticalSection
SetLastError
VirtualProtect
FindFirstFileA
FindFirstFileW
TryEnterCriticalSection
CreateDirectoryW
CreateProcessW
MulDiv
GetTickCount
QueryPerformanceCounter
ResetEvent
CreateThread
QueryPerformanceFrequency
SetEvent
Sleep
GetCurrentThreadId
WaitForSingleObject
CompareStringOrdinal
CreateWaitableTimerW
MapViewOfFile
SetWaitableTimer
GetSystemTimeAsFileTime
CompareFileTime
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryW
GetLastError
CreateEventW
GetModuleHandleW
GetSystemDirectoryW
K32GetModuleFileNameExW
FormatMessageA
GetCurrentProcessId
LocalFree
CloseHandle
GetCurrentThread
OpenProcess
RtlCaptureContext
GetCPInfo
RtlUnwind

user32

RegisterClassW
DestroyMenu
InsertMenuW
wsprintfW
MonitorFromWindow
GetMonitorInfoW
DefWindowProcW
CreatePopupMenu
GetMessageW
SetCursorPos
GetAncestor
GetDpiForSystem
PtInRect
CascadeWindows
GetParent
SystemParametersInfoForDpi
PostThreadMessageW
RemoveMenu
TrackPopupMenuEx
GetSystemMetricsForDpi
SetWindowLongW
SetWindowsHookExW
EnumThreadWindows
SetPropW
SendNotifyMessageW
UnhookWindowsHookEx
GetSysColor
GetDoubleClickTime
MapWindowPoints
WindowFromDC
EnumPropsA
GetSystemMenu
SendMessageCallbackW
KillTimer
DrawIconEx
IsHungAppWindow
DestroyIcon
SetTimer
DrawIcon
SetMenuItemInfoW
ClientToScreen
InSendMessage
GetSubMenu
TileWindows
GetWindowLongPtrW
SendMessageW
GetIconInfo
CopyIcon
GetPropW
CharLowerW
GetWindowThreadProcessId
TranslateMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
GetWindowTextW
RegisterWindowMessageW
SystemParametersInfoW
GetDesktopWindow
DrawTextW
FindWindowW
IsRectEmpty
EnumWindows
IsWindow
LoadStringW
GetShellWindow
IsWindowVisible
SendMessageTimeoutW
GetWindowRect
FindWindowExW
GetWindow
GetClassWord
GetLastActivePopup
GetWindowLongW
EndPaint
WindowFromPoint
GetSystemMetrics
RemovePropW
CallNextHookEx
DeleteMenu
SetWindowRgn
GetMenuItemCount
MonitorFromRect
MessageBoxW
InsertMenuItemW
SetProcessDpiAwarenessContext
GetMessagePos
LoadMenuW
ModifyMenuW
TrackPopupMenu
BeginPaint
GetCursorPos
ReleaseDC
InvalidateRect
SetForegroundWindow
UnhookWinEvent
SetWinEventHook
PostQuitMessage
SetRect
UpdateLayeredWindow
GetClientRect
GetClassNameW
LoadCursorW
GetForegroundWindow
RegisterHotKey
LoadKeyboardLayoutW
SwitchToThisWindow
MapVirtualKeyExW
RedrawWindow
UnregisterHotKey
GetKeyState
RegisterShellHookWindow
EndTask
PostMessageW
MapVirtualKeyW
MonitorFromPoint
DestroyWindow
GetDC
SetWindowPos
SetWindowLongPtrW
EnumDisplayMonitors
CreateWindowExW
UnregisterClassW
SetWindowTextW
NotifyWinEvent
GetAsyncKeyState
ShowWindow
GetThreadDesktop
SetThreadDesktop
RegisterClassExW
GetDpiForWindow
MoveWindow
EnableWindow
SendDlgItemMessageW
FindWindowExA
GetDlgCtrlID
GetActiveWindow
ScreenToClient
LoadIconW
ToUnicode
EnableMenuItem
GetMenuItemInfoW
SendInput
GetMenuItemInfoA
AllowSetForegroundWindow

gdi32

ExtTextOutW
GetBkColor
GetTextColor
GetStockObject
GdiAlphaBlend
GetObjectW
CreateSolidBrush
CreateDIBSection
SetTextColor
SetBkMode
SetBkColor
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
StretchDIBits
GetDIBits
DeleteDC
CreateFontIndirectW
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteKeyValueW
CryptGetHashParam
CryptReleaseContext
RegQueryValueExA
OpenProcessToken
ConvertSidToStringSidW
GetTokenInformation
RegQueryValueW
RegDeleteValueW
RegEnumValueW
RegSetKeyValueW
RegDeleteKeyExW
AllocateAndInitializeSid
RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
FreeSid
CryptAcquireContextW
CryptCreateHash
CryptHashData
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegGetValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyW
CheckTokenMembership
RegCopyTreeW
CryptDestroyHash

shell32

SHChangeNotify
ShellExecuteW
ord526
SHAppBarMessage
SHGetFolderPathW
SHBindToObject
ShellExecuteExW
SHCreateItemInKnownFolder
SHOpenFolderAndSelectItems
SHCreateItemFromParsingName
SHGetPropertyStoreForWindow
ExtractIconW
ord85
SHGetFileInfoW
ShellExecuteA
SHParseDisplayName
SHBindToParent
Shell_NotifyIconW
ord680
SHGetFolderPathA
SHGetFolderLocation
SHGetDesktopFolder
SHFileOperationW

ole32

CLSIDFromString
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
VariantInit
VariantClear

dbghelp

SymGetModuleInfo64
SymGetLineFromAddr64
SymLoadModuleEx
SymInitialize
SymGetOptions
ImageDirectoryEntryToDataEx
SymEnumSymbols
SymInitializeW
SymSetOptions
StackWalk64
SymFunctionTableAccess64
SymUnloadModule64
SymGetModuleBase64
SymCleanup
SymGetSymFromAddr64
SymGetLineFromAddrW64

uxtheme

DrawThemeTextEx
DrawThemeBackground
GetThemeMargins
SetWindowThemeAttribute
GetThemeMetric
BeginBufferedPaint
IsThemeActive
EndBufferedPaint
CloseThemeData
BufferedPaintUnInit
OpenThemeData
OpenThemeDataForDpi
BufferedPaintInit

shlwapi

ord16
PathUnquoteSpacesW
PathStripPathW
ord487
ord176
SHGetValueW
PathFileExistsW
ord219
ord437
PathRemoveFileSpecA
PathRemoveFileSpecW
StrRetToBufW
PathRemoveExtensionW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

dwmapi

DwmUnregisterThumbnail
DwmRegisterThumbnail
DwmDefWindowProc
DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmUpdateThumbnailProperties
DwmExtendFrameIntoClientArea
DwmQueryThumbnailSourceSize
DwmSetWindowAttribute

comctl32

ImageList_Create
ImageList_Destroy
ord412
ImageList_GetIcon
ord334
ord339
ord336
ImageList_Add
ord338
ord329
ord386
ord328
ord413
ord410
ord335

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromScan0
GdipDrawImageRectI
GdipGetImageWidth

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

psapi

GetProcessImageFileNameW
EnumProcesses
GetMappedFileNameA

propsys

VariantToBuffer

wininet

InternetOpenUrlA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA

version

VerQueryValueW

rstrtmgr

RmGetList
RmShutdown
RmEndSession
RmRestart
RmStartSession
RmRegisterResources

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry

oleacc

AccessibleObjectFromWindow
AccessibleChildren

Exports

Exports

ApplyCompatResolutionQuirking
CompatString
CompatValue
CreateDXGIFactory
CreateDXGIFactory1
CreateDXGIFactory2
DXGID3D10CreateDevice
DXGID3D10CreateLayeredDevice
DXGID3D10GetLayeredDeviceSize
DXGID3D10RegisterLayers
DXGIDeclareAdapterRemovalSupport
DXGIDumpJournal
DXGIGetDebugInterface1
DXGIReportAdapterConfiguration
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
PIXBeginCapture
PIXEndCapture
PIXGetCaptureState
SetAppCompatStringPointer
UpdateHMDEmulationStatus
ZZGUI
ZZLaunchExplorer
ZZLaunchExplorerDelayed
ZZRestartExplorer
ZZTestBalloon
ZZTestToast
sws_WindowSwitcher_Clear
sws_WindowSwitcher_Initialize
sws_WindowSwitcher_RunMessageQueue

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2be83e76d0c5f2e2ea7ce3e870c5d2c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

dbghelp

uxtheme

shlwapi

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

dwmapi

comctl32

gdiplus

api-ms-win-shcore-scaling-l1-1-1

psapi

propsys

wininet

version

rstrtmgr

ntdll

oleacc

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 380KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 30KB - Virtual size: 38KB

.pdata Size: 14KB - Virtual size: 13KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 56KB - Virtual size: 56KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 380KB - Virtual size: 380KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 30KB - Virtual size: 38KB

.pdata
Size: 14KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 56KB - Virtual size: 56KB

.reloc
Size: 2KB - Virtual size: 1KB