2b34a1bf7f21d3a7c49623b63effd35e11b5ac87be61a1c88449f21999f6ac0f

Sharing

Copy URL

Twitter E-mail

General

Target

2b34a1bf7f21d3a7c49623b63effd35e11b5ac87be61a1c88449f21999f6ac0f
Size

4.8MB
MD5

3eda89a2fde6903cd32d3160d9decc46
SHA1

6c50e8e23228b4c020387b594abe3a9b86892b2e
SHA256

2b34a1bf7f21d3a7c49623b63effd35e11b5ac87be61a1c88449f21999f6ac0f
SHA512

f32bd42f0f390f46e6deb647289f2f914ec2df4b4b3d0bc028b1dffd6d90865b67d9574f3ad15e59dbf34dce3be812991c98409dde040c958af3b6ff483943dc
SSDEEP

98304:mL/OuKTFsVACYXvCjQEa84NP+/nj3LgB4fqrgY1Nrq8Iq6zmNZZT1eTXXZ:SmuO6YXpjWgB4fqrrVIq6aNbs7XZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b34a1bf7f21d3a7c49623b63effd35e11b5ac87be61a1c88449f21999f6ac0f

Files

2b34a1bf7f21d3a7c49623b63effd35e11b5ac87be61a1c88449f21999f6ac0f
.exe windows:5 windows x86

65dde391ff02705960f9883363f3caff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown
WSACleanup
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
WSAStartup
getservbyname
gethostbyname
htonl

kernel32

GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
QueryPerformanceCounter
ExitProcess
VirtualQuery
VirtualAlloc
GetSystemInfo
QueryPerformanceFrequency
HeapQueryInformation
SetStdHandle
GetStartupInfoW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
RtlUnwind
LCMapStringW
GetCPInfo
GetStringTypeW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
SetFilePointerEx
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetProfileIntW
SearchPathW
FindResourceExW
SetErrorMode
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetThreadLocale
lstrcmpiW
DuplicateHandle
UnlockFile
LockFile
GetFullPathNameW
FlushFileBuffers
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
CreateEventW
SetEvent
GetVersionExW
GetCurrentThread
lstrcmpA
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcessId
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleA
FreeResource
GetCurrentThreadId
EncodePointer
OutputDebugStringA
GlobalFree
GlobalSize
VerifyVersionInfoW
VerSetConditionMask
FormatMessageA
PeekNamedPipe
GetFileType
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetTickCount
SleepEx
InitializeCriticalSection
GetFileSize
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetLastError
CreateFileA
GetModuleFileNameA
GetTempPathA
ReadFile
GetModuleHandleW
GetCurrentProcess
GlobalUnlock
GlobalLock
MoveFileExW
CopyFileW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
FormatMessageW
SetThreadExecutionState
GetLocalTime
Sleep
WaitForSingleObject
GetTempFileNameW
GetTempPathW
GetWindowsDirectoryW
GetSystemDirectoryW
GetDiskFreeSpaceExW
GetVolumeInformationW
DeviceIoControl
CreateDirectoryW
FindVolumeClose
FindNextVolumeW
GetDriveTypeW
GetVolumePathNamesForVolumeNameW
QueryDosDeviceW
FindFirstVolumeW
MulDiv
WriteFile
GetStdHandle
WriteConsoleW
OutputDebugStringW
CloseHandle
SetEndOfFile
SetFilePointer
CreateFileW
MoveFileW
DeleteFileW
GlobalAlloc
FindClose
FindNextFileW
FindFirstFileW
SetConsoleMode
LocalFree
LocalAlloc
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
HeapFree
GetLastError
WritePrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetCurrentDirectoryW
GetModuleFileNameW
WinExec
lstrlenW
lstrcatW
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedDecrement
lstrcpyW
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
GetSystemTime
FlushConsoleInputBuffer
GlobalMemoryStatus
ReadConsoleInputA
GetACP

user32

GetMenuItemInfoW
DestroyMenu
CharUpperW
ShowOwnedPopups
TranslateMessage
GetMessageW
EnumDisplayMonitors
SystemParametersInfoW
GetSysColorBrush
SetLayeredWindowAttributes
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
MapVirtualKeyW
GetKeyNameTextW
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DrawStateW
GetCursorPos
GetDesktopWindow
GetWindowDC
GetWindowThreadProcessId
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
CopyImage
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
SetCursorPos
SetParent
WindowFromPoint
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
LoadMenuW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
SendDlgItemMessageA
RealChildWindowFromPoint
GetAsyncKeyState
TrackMouseEvent
IsZoomed
SetCapture
GetSystemMenu
TranslateMDISysAccel
DeleteMenu
SetWindowRgn
MessageBeep
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
IsRectEmpty
GetNextDlgGroupItem
ReleaseCapture
GetCapture
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
RemovePropW
ClientToScreen
GetWindowLongW
wsprintfA
BringWindowToTop
LockWindowUpdate
SetClassLongW
DestroyIcon
LoadImageW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClipboardFormatW
CharUpperBuffW
ModifyMenuW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
CopyIcon
FrameRect
PostThreadMessageW
WaitMessage
GetDoubleClickTime
GetIconInfo
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
DefMDIChildProcW
GetWindowRgn
GetComboBoxInfo
DestroyCursor
InvertRect
HideCaret
CreateMenu
EnableWindow
GetSysColor
InflateRect
DrawTextW
IntersectRect
InvalidateRect
GetWindowRect
GetParent
SetTimer
GetMessagePos
ScreenToClient
GetClientRect
PtInRect
KillTimer
CopyRect
FillRect
LoadCursorW
SendMessageW
SetWindowLongW
SetCursor
IsWindow
GetDC
ReleaseDC
UnregisterClassW
RedrawWindow
PostMessageW
wsprintfW
LoadIconW
IsIconic
GetSystemMetrics
DrawIcon
IsWindowVisible
SetRectEmpty
GetScrollInfo
UpdateWindow
OffsetRect
TabbedTextOutW
DrawTextExW
GrayStringW
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
ToUnicodeEx

gdi32

SetMapMode
SetLayout
GetLayout
SetROP2
SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateRectRgnIndirect
SetRectRgn
DPtoLP
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
SelectPalette
CreateDIBSection
GetBkColor
GetTextColor
GetRgnBox
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
EnumFontFamiliesExW
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceW
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateBitmap
SetBkColor
GetDeviceCaps
CreateDCW
CopyMetaFileW
PatBlt
Escape
ExtTextOutW
RectVisible
PtVisible
TextOutW
GetMapMode
Rectangle
CreatePen
DeleteDC
GetTextExtentPoint32W
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
CreateSolidBrush
SetBkMode
SetTextColor
SelectObject
CreateFontIndirectW
CreateRoundRectRgn
SetPolyFillMode
GetObjectW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegCloseKey
SetEntriesInAclW
CryptEnumProvidersA
CryptSignHashA
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
GetSecurityInfo
SetSecurityInfo
RegEnumKeyExW
InitializeAcl
ConvertStringSidToSidW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
GetUserNameW
RegOpenKeyExW
CryptDecrypt
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegDeleteKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
LookupAccountSidW
ConvertSidToStringSidW
LookupAccountNameW

shell32

SHGetDesktopFolder
SHGetSpecialFolderLocation
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW
ShellExecuteA
SHGetFileInfoW
SHGetPathFromIDListW
SHAppBarMessage
DragQueryFileW
DragFinish
SHBrowseForFolderW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathCombineW
PathIsDirectoryW
PathRemoveExtensionW
PathFindExtensionW
PathFileExistsA
UrlUnescapeW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathFileExistsW

uxtheme

IsAppThemed
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
DrawThemeParentBackground
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetThemeSysColor

ole32

CoInitializeEx
CoUninitialize
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
OleInitialize
CoFreeUnusedLibraries
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
StringFromGUID2
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CoCreateInstance
OleUninitialize

oleaut32

VariantChangeType
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysAllocStringLen
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SysAllocString
VariantClear
VariantInit
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipSetInterpolationMode
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipLoadImageFromStream
GdiplusStartup
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipGetDpiY
GdipDeleteStringFormat
GdipCreateStringFormat
GdipGraphicsClear
GdipDrawPath
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipDeletePen
GdipCreatePen1
GdipDeletePath
GdipCreatePath
GdipFillPath
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipReleaseDC
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCloneImage
GdipDisposeImage
GdipDrawImageRectI
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipFree

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

wininet

InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetSetOptionW
InternetGetLastResponseInfoW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetSetStatusCallbackW
HttpSendRequestW
HttpQueryInfoW

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 773KB - Virtual size: 773KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65dde391ff02705960f9883363f3caff

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

wininet

imm32

winmm

crypt32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 773KB - Virtual size: 773KB

.data Size: 68KB - Virtual size: 107KB

.gfids Size: 107KB - Virtual size: 107KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 198KB - Virtual size: 197KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 773KB - Virtual size: 773KB

.data
Size: 68KB - Virtual size: 107KB

.gfids
Size: 107KB - Virtual size: 107KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 198KB - Virtual size: 197KB