cbb3eb29a2b18c61005383ec6434f5a07e7fb241e955c34bea24134f81816113

Sharing

Copy URL Twitter E-mail

General

Target

cbb3eb29a2b18c61005383ec6434f5a07e7fb241e955c34bea24134f81816113
Size

10.0MB
MD5

d926e1f3cf5bf20b79acbf30b8114e4c
SHA1

7058db07ff7830530ae0f7c06bdbfc34f93e6b9e
SHA256

cbb3eb29a2b18c61005383ec6434f5a07e7fb241e955c34bea24134f81816113
SHA512

535729cf369b47e71f3df86ba309f5c30bebcf9155ddb0c4a21ec2f4a0df99633c5decffdc429538202ddc9a73bdaed8b7db925ae034573ffb6225a4696f9040
SSDEEP

196608:VZcy0/kU8t9xy8gRff0L4eOBNzWkomfE3XvonKkbA25IFmQ/EX6YdoyqV:b8Mn2ff0sDoNyc25+tEX6YkV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbb3eb29a2b18c61005383ec6434f5a07e7fb241e955c34bea24134f81816113

Files

cbb3eb29a2b18c61005383ec6434f5a07e7fb241e955c34bea24134f81816113
.exe windows:5 windows x86

000935a8cddb62ca66a715bb925facab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
gethostbyname
__WSAFDIsSet
select
inet_ntoa
recv
WSAGetLastError
htonl
ioctlsocket
setsockopt
inet_addr
socket
htons
connect
send
WSACleanup
closesocket

shlwapi

PathStripToRootW
SHSetValueW
PathIsDirectoryW
StrStrIW
StrStrA
PathRemoveBackslashW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathRemoveExtensionA
PathFindFileNameA
StrStrIA
SHGetValueW
PathFindFileNameW
SHDeleteKeyW
PathCombineW

kernel32

lstrcpynA
FlushFileBuffers
GetTickCount
GetCommandLineW
GetCurrentProcessId
SetFileValidData
LoadLibraryW
FreeLibrary
GetProcAddress
GetCurrentProcess
GetFileAttributesW
FindFirstFileW
RemoveDirectoryW
lstrcmpiW
FindNextFileW
DeleteFileW
FindClose
GetModuleHandleA
SetErrorMode
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
GetDriveTypeW
GetTempPathW
lstrcpyW
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
Sleep
GetUserDefaultUILanguage
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
CreateMutexW
WritePrivateProfileStringW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetSystemInfo
GetModuleHandleW
lstrcmpW
LocalFree
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetProcessHeap
HeapDestroy
DecodePointer
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetConsoleCP
ReadConsoleW
lstrcpynW
SetFilePointerEx
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
HeapReAlloc
LockResource
GetPrivateProfileStringW
HeapSize
FreeResource
InitializeCriticalSectionAndSpinCount
HeapFree
SizeofResource
lstrlenW
MultiByteToWideChar
GetModuleFileNameA
GetModuleHandleExW
WaitForMultipleObjects
GetExitCodeThread
SetThreadPriority
ResumeThread
TerminateThread
GetCurrentThreadId
SetEndOfFile
lstrlenA
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSection
SetFileAttributesW
SetFileTime
CreateDirectoryW
DeleteCriticalSection
LeaveCriticalSection
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
TlsGetValue
GetStdHandle
EnterCriticalSection
GetVersionExW
VirtualAlloc
VirtualFree
GetFileSize
CloseHandle
GetLastError
TlsAlloc
SetLastError
GetCPInfo
EncodePointer
GetSystemTimeAsFileTime
FindFirstFileExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
InterlockedPushEntrySList
CreateFileW
SetFilePointer
WriteFile
ReadFile
TlsSetValue
TlsFree
GetPrivateProfileIntW
GetLocalTime
GetConsoleMode
WideCharToMultiByte
CompareStringW
GlobalUnlock
GlobalLock
GlobalAlloc
DosDateTimeToFileTime
DuplicateHandle
GetFileType
MulDiv
GetACP
ExitProcess
GetCurrentDirectoryW
OutputDebugStringW
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetStringTypeW

user32

IsWindow
FindWindowW
MessageBoxW
PostMessageW
KillTimer
SetTimer
DispatchMessageW
TranslateMessage
GetMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
ShowWindow
IsWindowVisible
IsIconic
SetFocus
SetPropW
GetPropW
GetClientRect
GetWindowLongW
SetWindowLongW
GetWindowRect
GetWindow
LoadCursorW
DestroyIcon
MonitorFromWindow
GetMonitorInfoW
DestroyWindow
UpdateLayeredWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
CharNextW
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
IntersectRect
UnionRect
IsRectEmpty
PtInRect
IsZoomed
SetWindowRgn
SetCursor
InflateRect
OffsetRect
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
GetSysColor
EqualRect
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
MapWindowPoints
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
RegisterWindowMessageW
PeekMessageW
PostThreadMessageW
SetWindowPos
EnableWindow
SendMessageW
BeginPaint
PostQuitMessage
GetParent

advapi32

LookupAccountNameW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
AddAccessAllowedAceEx
SetSecurityDescriptorControl
GetExplicitEntriesFromAclW
DeleteAce
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetUserNameW
GetFileSecurityW

shell32

ord680
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

OleUninitialize
OleInitialize
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysStringLen
SysFreeString
SysAllocString
VarUI4FromStr
VariantInit
VariantClear

userenv

CreateEnvironmentBlock

comctl32

ord17
_TrackMouseEvent

wininet

InternetCrackUrlW
InternetTimeToSystemTimeA
InternetGetCookieA
InternetSetCookieA

urlmon

ObtainUserAgentString
UrlMkGetSessionOption

gdi32

MoveToEx
StretchBlt
SetBkMode
TextOutW
SetStretchBltMode
SetTextColor
SetBkColor
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
CreateDIBSection
GetObjectW
CreateRoundRectRgn
GetDeviceCaps
CreateRectRgn
PtInRegion
CombineRgn
ExtSelectClipRgn
SelectClipRgn
RoundRect
Rectangle
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreatePenIndirect
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

gdiplus

GdipCreatePen1
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipDeletePen
GdipFillEllipse
GdipDrawArc
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipFillRectangleI
GdipCreateFontFromDC
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 145.5MB - Virtual size: 145.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

000935a8cddb62ca66a715bb925facab

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

userenv

comctl32

wininet

urlmon

gdi32

imm32

gdiplus

Sections

.text Size: 675KB - Virtual size: 675KB

.rdata Size: 188KB - Virtual size: 187KB

.data Size: 10KB - Virtual size: 26KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 1024B - Virtual size: 992B

.rsrc Size: 145.5MB - Virtual size: 145.5MB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 675KB - Virtual size: 675KB

.rdata
Size: 188KB - Virtual size: 187KB

.data
Size: 10KB - Virtual size: 26KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 1024B - Virtual size: 992B

.rsrc
Size: 145.5MB - Virtual size: 145.5MB

.reloc
Size: 39KB - Virtual size: 39KB