bfa32e353c58cc7806ab45537db4c272de0d8057b49b2aecd3b55f0fed7cbec4

Sharing

Copy URL

Twitter E-mail

General

Target

bfa32e353c58cc7806ab45537db4c272de0d8057b49b2aecd3b55f0fed7cbec4
Size

1.0MB
MD5

2a9b045a36f3f09a6bf146bdb297e612
SHA1

378f3ab33e146aaaa8ceaa97233a077b267065c1
SHA256

bfa32e353c58cc7806ab45537db4c272de0d8057b49b2aecd3b55f0fed7cbec4
SHA512

fabc0dfa89eee3c0f56639ff5170b1d909c9fbad1395cfed2c4454e4aa78ffa64d93fcd97d0e41293f3a7b347edfb5ffdf84a7d8e2ccf90524200eecf6d47dd1
SSDEEP

24576:dxy2f/TBypeljDI9GKFV+eee12Frp/s69c:/yQTBplMGKFVSeEAp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfa32e353c58cc7806ab45537db4c272de0d8057b49b2aecd3b55f0fed7cbec4

Files

bfa32e353c58cc7806ab45537db4c272de0d8057b49b2aecd3b55f0fed7cbec4
.exe windows:5 windows x86

aeed0fc9d9d4ea38315a34df4c8c1429

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
WaitForSingleObject
CreateThread
GetVersion
ReadFile
GetWindowsDirectoryW
GetStartupInfoW
GetEnvironmentVariableW
GlobalFree
GlobalAlloc
GetUserDefaultLangID
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Module32NextW
Module32FirstW
lstrcmpW
GlobalUnlock
GlobalLock
GlobalHandle
lstrcpynW
GetTickCount
DeviceIoControl
InitializeCriticalSection
GlobalMemoryStatus
TerminateThread
SuspendThread
SetEvent
SetCurrentDirectoryW
CreateEventW
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesW
GetCurrentDirectoryW
SetFileTime
FileTimeToSystemTime
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
lstrcmpA
lstrcmpiA
SetProcessWorkingSetSize
CreateProcessW
GetVersionExW
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
MulDiv
GetLocaleInfoW
GetSystemInfo
FatalAppExitA
HeapSize
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetCurrentThread
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetCPInfo
LCMapStringW
HeapReAlloc
ExitProcess
RtlUnwind
HeapSetInformation
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
TlsGetValue
GetSystemTime
FormatMessageW
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
GetSystemTimeAsFileTime
CreateFileA
DecodePointer
EncodePointer
InterlockedExchange
Sleep
LocalFree
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetLocalTime
SetFilePointer
GetCurrentProcessId
SetConsoleCtrlHandler
OpenProcess
WideCharToMultiByte
lstrcpyW
GetCommandLineW
CopyFileW
GetTempPathW
GetTempFileNameW
DeleteFileW
LoadLibraryExW
MultiByteToWideChar
FindNextFileW
FindFirstFileW
FindClose
lstrlenA
SetLastError
lstrcmpiW
GetModuleHandleW
CreateDirectoryW
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
CreateFileW
WriteFile
CloseHandle
GetCurrentThreadId
CreateMutexW
GetProcAddress
FreeLibrary
GetModuleFileNameW
LoadLibraryW
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetConsoleCP
VirtualQuery

user32

PeekMessageW
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowW
IsIconic
SetForegroundWindow
GetClassInfoW
RegisterClassW
LoadStringW
UnregisterClassA
ShowWindow
PostMessageW
SetWindowLongW
GetCursorPos
LoadCursorW
RegisterClassExW
CreateAcceleratorTableW
GetWindowTextLengthW
RegisterWindowMessageW
DialogBoxIndirectParamW
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
HideCaret
DestroyMenu
LoadMenuW
GetSubMenu
EnableMenuItem
GetKeyState
IsDialogMessageW
PostQuitMessage
LoadImageW
UpdateWindow
SetRect
IsRectEmpty
CreateCaret
GetClassInfoExW
DestroyAcceleratorTable
GetDesktopWindow
FillRect
ReleaseCapture
GetClassNameW
DestroyWindow
MessageBoxW
GetActiveWindow
CreateDialogParamW
DefWindowProcW
SendMessageW
CreateWindowExW
GetClientRect
RedrawWindow
GetParent
OffsetRect
DrawTextW
IsWindow
PtInRect
ReleaseDC
GetDC
BeginPaint
EndPaint
DialogBoxParamW
GetWindowLongW
CallWindowProcW
EnumDisplayDevicesW
GetSystemMetrics
SetLayeredWindowAttributes
SetTimer
KillTimer
SetWindowRgn
SetWindowPos
GetWindowRect
IsChild
SetCapture
ShowCaret
SetCaretPos
wsprintfW
SetCursor
InvalidateRgn
ClientToScreen
GetSysColor
MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageW
SetWindowTextW
GetWindow
MonitorFromWindow
GetMonitorInfoW
EndDialog
GetFocus
EnableWindow
GetWindowTextW
FindWindowExW
SetDlgItemTextW
SetFocus
MoveWindow
CharLowerW
IsWindowEnabled
SendMessageTimeoutW
ExitWindowsEx
ScreenToClient
MapWindowPoints
GetDlgItem
IsWindowVisible
InvalidateRect

gdi32

EnumFontFamiliesW
GetStockObject
GetObjectW
CreateSolidBrush
CreateRectRgn
CreatePolygonRgn
CombineRgn
SetTextColor
CreateFontIndirectW
BitBlt
CreatePen
SelectObject
Rectangle
ExtTextOutW
SetBkColor
CreateCompatibleDC
SetViewportOrgEx
CreateCompatibleBitmap
GetDeviceCaps
CreateFontW
DeleteObject
DeleteDC
SetBkMode

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ExtractIconExW
ShellExecuteW
SHCreateDirectoryExW

ole32

CoTaskMemAlloc
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoInitialize
OleInitialize
CoUninitialize
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
VariantChangeType
SysAllocStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocString

shlwapi

PathIsRelativeW
PathFileExistsW
SHGetValueW
PathAppendW
PathRemoveFileSpecW
SHSetValueW
StrCmpNA
PathRemoveBackslashW
StrCmpNIW
StrCmpNW
PathIsDirectoryW
PathCanonicalizeW
PathFindExtensionW
PathRemoveExtensionW
PathRenameExtensionW
PathFindFileNameW
StrCmpW
StrToIntExW
SHSetValueA
SHGetValueA
StrRChrA
PathCombineW

comctl32

_TrackMouseEvent
InitCommonControlsEx

iphlpapi

GetAdaptersInfo
GetNetworkParams

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

HttpQueryInfoW
HttpQueryInfoA
InternetErrorDlg
InternetOpenUrlW
InternetCrackUrlW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetQueryOptionW
InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetOpenW
InternetCloseHandle

urlmon

URLDownloadToCacheFileW

ws2_32

gethostname
gethostbyname
inet_ntoa

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

riched20

ord4

netapi32

Netbios

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 43KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 238KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aeed0fc9d9d4ea38315a34df4c8c1429

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

iphlpapi

version

wininet

urlmon

ws2_32

wintrust

crypt32

riched20

netapi32

Sections

.text Size: 612KB - Virtual size: 612KB

.rdata Size: 133KB - Virtual size: 132KB

.data Size: 43KB - Virtual size: 64KB

.rsrc Size: 238KB - Virtual size: 240KB

.text
Size: 612KB - Virtual size: 612KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 43KB - Virtual size: 64KB

.rsrc
Size: 238KB - Virtual size: 240KB