2910cb526438a7fdf4d019814bd857441b840b851ce3ae93bfed0e053d2dc675

Sharing

Copy URL

Twitter E-mail

General

Target

2910cb526438a7fdf4d019814bd857441b840b851ce3ae93bfed0e053d2dc675
Size

840KB
MD5

db903235f56f106172f7ae18c729fb17
SHA1

b3d58227a5167e590d5ca9c52a862781f43665c3
SHA256

2910cb526438a7fdf4d019814bd857441b840b851ce3ae93bfed0e053d2dc675
SHA512

5a2b5c97587bac82abffbf89d9d88de2ed6a6fcc35659abd7d7795c47d5ef9335d8b825ead0d011f6a004d6664aee3faf88876151ebbf6c3ad0d6243ecb9df1b
SSDEEP

3072:JcaoKXB/58HMRsIDlwTgnFQyqRXIQlNtNfTfmmG09JsYFGROWDMqAiW7DYlaYA29:RoaB/wMRjSwYmmDzX5mln5ZEUMj+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2910cb526438a7fdf4d019814bd857441b840b851ce3ae93bfed0e053d2dc675

Files

2910cb526438a7fdf4d019814bd857441b840b851ce3ae93bfed0e053d2dc675
.exe windows:6 windows x86

5feb40de6a28cad7f0e96185f695188e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

netapi32

NetLocalGroupGetMembers
NetApiBufferFree

ws2_32

closesocket
inet_addr
ntohs
inet_ntoa
InetPtonW
htons
getsockname
bind
WSAAsyncSelect
WSACleanup
WSAStartup
socket
send
recv
ioctlsocket
connect

winhttp

WinHttpCloseHandle
WinHttpDetectAutoProxyConfigUrl
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen

secur32

GetUserNameExW

comctl32

PropertySheetW
InitMUILanguage

crypt32

CryptStringToBinaryA
CryptProtectData
CertGetNameStringW
CryptBinaryToStringA
CertCreateCertificateContext
CertFreeCertificateContext
CryptUnprotectData

shlwapi

PathIsRelativeW
StrTrimA
UrlUnescapeA

advapi32

RegOpenKeyExW
LookupAccountNameW
LookupAccountSidW
GetTokenInformation
EqualSid
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCopyTreeW
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
CryptGenRandom
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegGetValueW
RegSetKeyValueW
RegDeleteKeyValueW
CreateWellKnownSid
CopySid
OpenProcessToken
RegCreateKeyExW
RegDeleteValueW
DeregisterEventSource
RegCloseKey

shell32

SHCreateItemFromParsingName
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

gdi32

GetObjectW
CreateFontIndirectW
SetPixel
SelectObject
GetPixel
DeleteObject
DeleteDC
CreateCompatibleDC
LPtoDP
SetTextColor
GetTextExtentPoint32W
GetDeviceCaps
GetStockObject

comdlg32

GetOpenFileNameW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize

cryptui

CryptUIDlgViewContext

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetSetOptionA
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoA
HttpQueryInfoW

libcrypto-3

PEM_read_PrivateKey
X509_alias_get0
X509_free
PEM_write_PrivateKey
EVP_PKEY_new
PEM_write_PKCS8PrivateKey
ERR_get_error
PKCS12_free
PKCS12_parse
EVP_aes_256_cbc
i2d_PKCS12_fp
PKCS12_create
EVP_PKEY_free
EVP_default_properties_is_fips_enabled
OPENSSL_sk_pop_free
OPENSSL_init_crypto
OSSL_PROVIDER_load
OSSL_PROVIDER_unload
OSSL_PROVIDER_available
d2i_PKCS12_fp

kernel32

GetStartupInfoW
OpenProcess
GetTickCount
FindClose
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
ExpandEnvironmentStringsW
ExitThread
IsDebuggerPresent
CreateProcessW
LocalFree
GetTempPathW
FormatMessageW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WriteFile
ReadFileEx
ReadFile
GetStdHandle
WideCharToMultiByte
ResumeThread
TerminateThread
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcessId
CreateEventW
SetEvent
CancelIo
PeekNamedPipe
SetNamedPipeHandleState
CreatePipe
GetWindowsDirectoryW
SetHandleInformation
QueryPerformanceCounter
GetSystemTimeAsFileTime
MultiByteToWideChar
CopyFileW
GetExitCodeProcess
CreateSemaphoreW
GetFileAttributesW
InitializeSListHead
GlobalFree
CreateFileW
CreateDirectoryW
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
Sleep
GetCommandLineW
VerSetConditionMask
GetLocaleInfoEx
GetUserDefaultUILanguage
LCIDToLocaleName
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
EnumResourceLanguagesW
FindResourceW
SizeofResource
LoadResource
GetModuleFileNameW
FindResourceExW
FileTimeToLocalFileTime
CompareStringOrdinal
FreeEnvironmentStringsW
GetEnvironmentStringsW
MulDiv
GetSystemDirectoryW
GetCurrentProcess
WaitForSingleObject
ReleaseSemaphore
GetLastError
CloseHandle

user32

RemovePropW
GetPropW
SetPropW
IsWindowEnabled
EnableWindow
MsgWaitForMultipleObjectsEx
SetFocus
GetDlgCtrlID
EndDialog
GetClientRect
PostMessageW
PeekMessageW
GetWindowTextLengthW
ReleaseDC
GetDC
keybd_event
SetDlgItemTextA
SetCursor
GetIconInfo
GetCursorPos
SetMenuInfo
TrackPopupMenu
GetSysColor
EnumThreadWindows
IsDialogMessageW
SetDlgItemInt
GetDlgItemInt
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
GetWindowTextW
MoveWindow
LoadCursorW
FindWindowW
GetMenuInfo
GetMenuItemID
KillTimer
SetTimer
GetDlgItemTextW
SetDlgItemTextW
DestroyWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
LoadImageW
CreateIconFromResourceEx
LookupIconIdFromDirectory
MessageBoxExW
IsDlgButtonChecked
CheckMenuItem
SetForegroundWindow
MessageBoxW
SendMessageW
SendMessageTimeoutW
ShowWindow
SetWindowPos
GetDlgItem
GetSystemMetrics
InvalidateRect
SetWindowTextW
GetWindowRect
HideCaret
ShowCaret
OffsetRect
GetWindowLongW
SetWindowLongW
CreateDialogIndirectParamW
DialogBoxIndirectParamW
CheckRadioButton
SetMenuItemBitmaps

vcruntime140

_except_handler4_common
__current_exception_context
__current_exception
wcschr
strstr
wcsrchr
memmove
memcpy
memchr
strchr
memset
wcsstr

api-ms-win-crt-string-l1-1-0

wcsncat
wcstok_s
_wcsdup
strtok
wcsspn
strncpy
strncpy_s
iswctype
wcsncpy_s
isxdigit
strncmp
_stricmp
_strdup
_wcsicmp
wcsncpy
strspn
wcscspn
isalnum
_wcsnicmp
wcsncmp
wcspbrk

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc
calloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

fgets
fclose
_wfopen
__stdio_common_vsprintf
__stdio_common_vfwprintf
__stdio_common_vswscanf
_set_fmode
__stdio_common_vswprintf
__p__commode
__acrt_iob_func
clearerr
feof
ferror
fflush
_fileno
fopen
fread
__stdio_common_vsscanf
ftell
fwrite
rewind
__stdio_common_vfprintf
fseek
_close
_lseek
_read
_setmode
_write
_open

api-ms-win-crt-time-l1-1-0

_time64
_wctime64

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-convert-l1-1-0

mbstowcs
wcstol
strtod
_wtoi
atoi
strtol
strtoul

api-ms-win-crt-runtime-l1-1-0

_c_exit
_exit
_initterm_e
_initterm
_initialize_onexit_table
exit
_get_wide_winmain_command_line
_register_thread_local_exe_atexit_callback
_initialize_wide_environment
_configure_wide_argv
_register_onexit_function
_set_app_type
_crt_atexit
_controlfp_s
terminate
_cexit
_seh_filter_exe

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32
_wsplitpath
_wunlink

api-ms-win-crt-environment-l1-1-0

_wgetenv_s
_wputenv_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

OPENSSL_Applink
aslr_workaround

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 705KB - Virtual size: 705KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5feb40de6a28cad7f0e96185f695188e

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

netapi32

ws2_32

winhttp

secur32

comctl32

crypt32

shlwapi

advapi32

shell32

gdi32

comdlg32

ole32

cryptui

wininet

libcrypto-3

kernel32

user32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 1024B - Virtual size: 9KB

.rsrc Size: 705KB - Virtual size: 705KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 1024B - Virtual size: 9KB

.rsrc
Size: 705KB - Virtual size: 705KB

.reloc
Size: 8KB - Virtual size: 7KB