93e8237bf9105f6ee6edcc2ae4397c4c67ff374a56b3969cd7008eea4d428c69

Sharing

Copy URL

Twitter E-mail

General

Target

93e8237bf9105f6ee6edcc2ae4397c4c67ff374a56b3969cd7008eea4d428c69
Size

2.6MB
MD5

56c40132dc6be906b9ff7f8430e89afe
SHA1

2d4563dc0a880b26a2ac1f0337c2f382a1b6ae2e
SHA256

93e8237bf9105f6ee6edcc2ae4397c4c67ff374a56b3969cd7008eea4d428c69
SHA512

fc2085f75e792ad58ad3f681de5fda21add82b2f24a7a7fe04a1a4ab1cd93b8f3d047c4ff93fad507584a181efb760ff5f8f6c4b22625820e3da1a7ac6e1ffc2
SSDEEP

49152:SUsSMlEc30glL5W0Ay3GCeT4VrZ3cEpXhEQTZ1lsc07POtQJoa+EnQZoq5:tvi0glt6y39jl3f2C8SF5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93e8237bf9105f6ee6edcc2ae4397c4c67ff374a56b3969cd7008eea4d428c69

Files

93e8237bf9105f6ee6edcc2ae4397c4c67ff374a56b3969cd7008eea4d428c69
.dll windows:5 windows x86

81f79861a220aca54a755b3d205bc6b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntW
OutputDebugStringA
SetFilePointer
WaitForSingleObject
CreateFileW
GetCurrentThreadId
ReleaseMutex
GetPrivateProfileStringW
Sleep
OutputDebugStringW
LockResource
CloseHandle
FindResourceExW
LoadResource
FindResourceW
GetLocalTime
GetCurrentProcessId
lstrcmpiW
lstrcmpW
CreateDirectoryW
FindFirstFileW
FindNextFileW
GetCurrentProcess
RemoveDirectoryW
WaitForMultipleObjects
GetEnvironmentVariableW
FindClose
GetFileAttributesW
DuplicateHandle
FormatMessageW
DeleteFileW
LoadLibraryW
GetCurrentDirectoryW
GetProcAddress
LocalFree
GetModuleHandleW
FreeLibrary
GetTempFileNameW
OpenMutexW
GetTickCount
LoadLibraryExW
WriteFile
ReadFile
CompareFileTime
SetEndOfFile
SetFileAttributesW
GetFileAttributesExW
FileTimeToSystemTime
MoveFileExW
GetFileSize
CopyFileW
GetSystemTimeAsFileTime
GetFileTime
FlushFileBuffers
lstrcpynW
ExitProcess
IsDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
GetTempPathW
GetSystemDirectoryW
GetCurrentThread
GetComputerNameW
VirtualQuery
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
CreateEventW
SetEvent
ResetEvent
GetLongPathNameW
SetPriorityClass
lstrlenW
WaitForMultipleObjectsEx
OpenProcess
CreateToolhelp32Snapshot
ProcessIdToSessionId
GetSystemDefaultLangID
WaitForSingleObjectEx
Process32FirstW
ReadProcessMemory
SetHandleInformation
CreatePipe
GetSystemPowerStatus
GlobalMemoryStatusEx
CreateProcessW
SetProcessWorkingSetSize
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
LocalAlloc
HeapSetInformation
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetStdHandle
QueryDosDeviceW
GetLogicalDriveStringsW
OpenEventW
CreateThread
SetCurrentDirectoryW
OpenThread
QueryPerformanceCounter
lstrcmpA
GetCommandLineW
GetThreadLocale
GetStringTypeExA
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
EncodePointer
GetCPInfo
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetSystemInfo
VirtualAlloc
VirtualProtect
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
GetConsoleCP
GetConsoleMode
WriteConsoleW
QueueUserWorkItem
Thread32First
Thread32Next
SetProcessShutdownParameters
GetProcessShutdownParameters
SetLastError
SizeofResource
GetProcessId
ReleaseSemaphore
RtlCaptureContext
DeleteTimerQueueTimer
CreateTimerQueueTimer
ReadConsoleW
LoadLibraryExA
VirtualFree
FlushInstructionCache
InterlockedPopEntrySList
MulDiv
GlobalHandle
CreateTimerQueue
TerminateProcess
CreateSemaphoreW
VirtualQueryEx
SetNamedPipeHandleState
TransactNamedPipe
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
DeleteTimerQueueEx
GetUserDefaultLangID
GetComputerNameExW
DeviceIoControl
GetSystemTime
GetFileSizeEx
GetStringTypeExW
QueryPerformanceFrequency
UnregisterWaitEx
Process32NextW
RegisterWaitForSingleObject
GetExitCodeProcess
HeapFree
WaitNamedPipeW

oleaut32

SysAllocStringByteLen
SysStringByteLen
SystemTimeToVariantTime
LoadRegTypeLi
LoadTypeLi
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
VarUI4FromStr
VariantChangeType
VarBstrCmp
SafeArrayRedim
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayGetLBound
SafeArrayCopy
SafeArrayGetVartype
SafeArrayLock
SafeArrayCreate
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
OleCreateFontIndirect
SysAllocString

user32

GetWindowThreadProcessId
GetMessageW
GetWindowLongW
wsprintfW
UnregisterClassW
wvsprintfW
MessageBoxW
CharLowerBuffW
CharLowerW
CharUpperW
FlashWindow
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
LoadImageW
EnumWindows
GetSystemMetrics
SendMessageW
GetMenuState
InflateRect
SetActiveWindow
OffsetRect
IsMenu
CopyRect
FrameRect
IsRectEmpty
GetSysColorBrush
SystemParametersInfoW
UpdateWindow
GetCursorPos
EnumChildWindows
EnableMenuItem
EnableWindow
IsDialogMessageW
SendDlgItemMessageW
GetWindowTextLengthW
GetSystemMenu
GetFocus
GetDC
FillRect
ScreenToClient
EndDialog
SetWindowTextW
ShowWindow
InvalidateRgn
RedrawWindow
DestroyIcon
ClientToScreen
DestroyAcceleratorTable
IsChild
GetTopWindow
GetSysColor
MoveWindow
CreateAcceleratorTableW
SetLayeredWindowAttributes
SetForegroundWindow
GetParent
PostQuitMessage
GetClientRect
TranslateMessage
MapWindowPoints
PeekMessageW
GetMonitorInfoW
DispatchMessageW
CreateWindowExW
SetFocus
SetWindowContextHelpId
GetClassNameW
SetCapture
MapDialogRect
RemoveMenu
GetDlgItem
GetDesktopWindow
MonitorFromWindow
SetWindowPos
DestroyWindow
GetWindowRect
GetWindow
CharNextA
CharLowerBuffA
IsWindow
LoadStringW
CharNextW
PostThreadMessageW
AllowSetForegroundWindow
IsWindowVisible
PostMessageW
WaitForInputIdle
GetClassInfoExW
KillTimer
SetWindowLongW
LoadCursorW
SetTimer
RegisterClassExW
CallWindowProcW
DefWindowProcW
CharUpperBuffW
GetWindowTextW
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
ReleaseCapture
RegisterWindowMessageW
CreateDialogIndirectParamW

iphlpapi

GetIfTable

netapi32

NetGetJoinInformation
NetApiBufferFree
NetWkstaUserGetInfo
NetWkstaGetInfo

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules

shlwapi

PathAddExtensionW
UrlCombineW
PathFindExtensionW
UrlIsW
SHQueryValueExW
PathFileExistsW
PathCreateFromUrlW
PathCanonicalizeW
PathAppendA
PathAppendW
PathIsRelativeW
PathFindFileNameW
PathIsDirectoryW
UrlEscapeW
UrlUnescapeA
PathAddBackslashW
PathCommonPrefixW
PathStripPathW
PathRemoveFileSpecW
PathRemoveExtensionW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

userenv

ExpandEnvironmentStringsForUserW
DestroyEnvironmentBlock
UnloadUserProfile
GetProfileType
CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

advapi32

RegNotifyChangeKeyValue
ControlService
QueryServiceStatus
SystemFunction036
DuplicateToken
RegOverridePredefKey
GetUserNameW
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptVerifySignatureW
CryptDestroyKey
RegEnumValueW
LookupPrivilegeValueW
RegOpenCurrentUser
IsTextUnicode
ImpersonateLoggedOnUser
DeregisterEventSource
GetSecurityInfo
CryptGenRandom
CryptAcquireContextW
CreateServiceW
SetServiceStatus
ChangeServiceConfig2W
DeleteService
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
QueryServiceConfigW
ChangeServiceConfigW
QueryServiceConfig2W
RegisterEventSourceW
ReportEventW
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RevertToSelf
AllocateAndInitializeSid
ImpersonateSelf
FreeSid
CheckTokenMembership
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
MakeSelfRelativeSD
RegQueryValueExW
GetSecurityDescriptorLength
GetLengthSid
RegOpenKeyExW
InitializeAcl
AddAce
IsValidSid
GetSecurityDescriptorOwner
InitializeSid
CopySid
GetSecurityDescriptorControl
SetNamedSecurityInfoW
GetSidLengthRequired
GetSidSubAuthority
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
OpenServiceW
InitializeSecurityDescriptor
StartServiceW
OpenProcessToken
ConvertStringSidToSidW
GetNamedSecurityInfoW
OpenSCManagerW
CloseServiceHandle
EqualSid
GetAce
SetSecurityDescriptorOwner
GetAclInformation
SetSecurityDescriptorDacl
OpenThreadToken
DuplicateTokenEx
ConvertSidToStringSidW
CreateProcessAsUserW
AdjustTokenPrivileges

ole32

CoCreateGuid
CoInitializeSecurity
IIDFromString
CoGetObject
CoImpersonateClient
CoGetCallContext
CoRevertToSelf
CoTaskMemFree
CoAddRefServerProcess
StringFromGUID2
CoTaskMemAlloc
CoUninitialize
CoRegisterClassObject
CoResumeClassObjects
CoSuspendClassObjects
CoTaskMemRealloc
CoInitializeEx
CoRevokeClassObject
CoRegisterPSClsid
CoSetProxyBlanket
OleSaveToStream
ReadClassStm
WriteClassStm
CoReleaseServerProcess
CreateStreamOnHGlobal
CoGetClassObject
OleUninitialize
CLSIDFromProgID
OleInitialize
CLSIDFromString
CoCreateInstance
OleLockRunning

shell32

CommandLineToArgvW
ShellExecuteExW
ord680
SHGetFolderPathW

comctl32

InitCommonControlsEx
_TrackMouseEvent

crypt32

CryptProtectData
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CertFreeCertificateContext
CertEnumCertificatesInStore
CryptQueryObject
CertDuplicateCertificateContext
CertCloseStore
CertGetNameStringW
CryptHashCertificate
CryptUnprotectData

msimg32

GradientFill

uxtheme

SetWindowTheme

wininet

InternetCrackUrlW
HttpSendRequestW
InternetCloseHandle
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetReadFile
HttpAddRequestHeadersW
InternetQueryDataAvailable
HttpQueryInfoW

wintrust

WinVerifyTrust

gdi32

DPtoLP
CreateFontIndirectW
CreateSolidBrush
DeleteObject
GetObjectW
DeleteDC
GetDeviceCaps
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
ExtTextOutW
FillRgn
CombineRgn
SetBkColor
SetViewportOrgEx
GetRegionData
SetTextColor
CreateRectRgn
OffsetRgn
GetTextMetricsW
CreateRectRgnIndirect

Exports

Exports

DllEntry

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 865KB - Virtual size: 868KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81f79861a220aca54a755b3d205bc6b1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

user32

iphlpapi

netapi32

psapi

shlwapi

version

userenv

wtsapi32

advapi32

ole32

shell32

comctl32

crypt32

msimg32

uxtheme

wininet

wintrust

gdi32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 316KB - Virtual size: 315KB

.data Size: 22KB - Virtual size: 37KB

.rsrc Size: 50KB - Virtual size: 50KB

.reloc Size: 865KB - Virtual size: 868KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 316KB - Virtual size: 315KB

.data
Size: 22KB - Virtual size: 37KB

.rsrc
Size: 50KB - Virtual size: 50KB

.reloc
Size: 865KB - Virtual size: 868KB