c4d7040ad4a17f72cb94617fd2a5e11efe3537b7151951f31e6795a8717d5d38

Sharing

Copy URL

Twitter E-mail

General

Target

c4d7040ad4a17f72cb94617fd2a5e11efe3537b7151951f31e6795a8717d5d38
Size

1.3MB
MD5

0155c45be14f525dafcd8954e161a909
SHA1

78547fc3ae8365157546a4ad2d04eee7987cab67
SHA256

c4d7040ad4a17f72cb94617fd2a5e11efe3537b7151951f31e6795a8717d5d38
SHA512

cf68b9c330de54d50d46db55929731839cf2e2122724e27c7cfdf16baad74e73d5a5ee5a837e8e72bf5779ff05ab4fdef471d17f5d3758fef7321f81bd063c8d
SSDEEP

24576:16242Z9pwkudetRTcitssO/U2x7c4t3ibY9nUNGBjrhwdcJ0kzAw:1T42Z9iATcwD4t3ibGUIxrACH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4d7040ad4a17f72cb94617fd2a5e11efe3537b7151951f31e6795a8717d5d38

Files

c4d7040ad4a17f72cb94617fd2a5e11efe3537b7151951f31e6795a8717d5d38
.exe windows:4 windows x86

657a5557bb85bbc21b4ae4d1a02c0819

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedCompareExchange
GetSystemInfo
GetProcessId
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetComputerNameA
lstrcmpW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
GetExitCodeProcess
GetLogicalDriveStringsW
QueryDosDeviceW
ExpandEnvironmentStringsW
Sleep
TerminateProcess
CreateThread
SetFileAttributesW
MoveFileW
CreateProcessW
WriteFile
RemoveDirectoryW
CreateEventW
SetEvent
ResetEvent
WaitForSingleObject
MoveFileExW
LoadLibraryExW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
OpenMutexW
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcessId
Process32NextW
OpenProcess
GetCommandLineW
GetTickCount
GetSystemDirectoryW
GetWindowsDirectoryW
GetTempPathW
GetVersionExW
OutputDebugStringW
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
lstrcatW
lstrcpyW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteCriticalSection
GetModuleHandleW
DeleteFileW
CreateDirectoryW
InitializeCriticalSection
GetLocalTime
FindFirstFileW
CopyFileW
FindNextFileW
FindClose
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetFileAttributesW
GetPrivateProfileStringW
GetModuleFileNameW
CreateFileW
GetFileSize
ReadFile
CloseHandle
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrlenA
WideCharToMultiByte
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
GetPrivateProfileIntW
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource

user32

OffsetRect
IsWindowVisible
ShowWindow
InvalidateRect
UpdateWindow
GetClientRect
BringWindowToTop
MoveWindow
GetWindowTextLengthW
EqualRect
DrawTextW
SetRect
GetParent
DestroyWindow
ClientToScreen
UnregisterClassA
CopyRect
DestroyIcon
PtInRect
LoadIconW
DrawIconEx
KillTimer
IntersectRect
GetWindowTextW
GetWindowRect
ScreenToClient
SetCapture
SetFocus
GetNextDlgTabItem
MapWindowPoints
SystemParametersInfoW
GetWindow
IsWindow
GetDlgCtrlID
PostThreadMessageW
SetRectEmpty
RegisterClassExW
CreateWindowExW
GetDlgItem
CallWindowProcW
DestroyCursor
SetWindowTextW
SetWindowLongW
SendMessageW
SetCursor
LoadBitmapW
GetMonitorInfoW
MonitorFromWindow
UpdateLayeredWindow
ReleaseCapture
GetCursorPos
GetDesktopWindow
IsChild
IsDialogMessageW
GetFocus
DispatchMessageW
EndPaint
BeginPaint
DefWindowProcW
LoadCursorW
GetClassInfoExW
GetWindowLongW
SetWindowPos
DrawFrameControl
RegisterWindowMessageW
wsprintfW
LoadStringW
CharNextW
GetActiveWindow
EnableWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
SetActiveWindow
TranslateMessage
GetMessageW
PeekMessageW
IsWindowEnabled
InflateRect
SetTimer
UnionRect
LoadImageW
GetDC
ReleaseDC
PostMessageW

gdi32

CreateRoundRectRgn
SetViewportOrgEx
GetClipRgn
RoundRect
OffsetRgn
ExtSelectClipRgn
GetViewportOrgEx
GetObjectA
GetTextExtentPoint32W
TextOutW
LineTo
MoveToEx
GetCurrentObject
RectInRegion
GetTextColor
SaveDC
RestoreDC
SelectClipRgn
Rectangle
ExtTextOutW
SetBkColor
CreateRectRgn
DeleteObject
CreatePen
SelectObject
GetStockObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
CreateFontIndirectW
GetObjectW
SetTextColor
StretchBlt
BitBlt
CreateBitmap
CreateCompatibleBitmap
SetStretchBltMode
SetBkMode
CreateSolidBrush
CombineRgn
CreateRectRgnIndirect
CreateBrushIndirect

advapi32

ControlService
QueryServiceStatus
StartServiceW
DeleteService
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerW
OpenServiceW
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
GetUserNameW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW
ord680
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateGuid
CLSIDFromProgID

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
VariantClear

shlwapi

StrToIntA
PathRemoveFileSpecW
PathAppendW
StrToIntW
PathFindFileNameW
PathFileExistsW
PathAddBackslashW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

msvcp80

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?good@ios_base@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

gdiplus

GdipDeleteGraphics
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipImageRotateFlip
GdipDrawImageRectI
GdipDrawImageRectRect
GdipCreateImageAttributes
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdiplusShutdown
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteFont
GdipAlloc
GdipFree
GdipDrawImagePointsRectI
GdipCreateSolidFill
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipFillRectangleI
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipCloneBrush
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipAddPathArcI
GdipFillPath
GdipCreatePen1
GdipDeletePen
GdipSetSmoothingMode
GdipDrawPath
GdipDeleteFontFamily
GdipCreateBitmapFromScan0
GdipAddPathStringI
GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipGraphicsClear
GdipDrawImageI
GdipCreateFontFromLogfontA
GdipGetFamily
GdipGetFontSize
GdipSetPenDashStyle
GdipDrawLinesI
GdipFillRectangle
GdipSetPenStartCap
GdipSetPenEndCap
GdipSetPenMode
GdipDrawLine
GdipAddPathRectangleI
GdipAddPathPieI
GdipSetClipPath
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawLineI
GdipSetClipRectI
GdipCreateBitmapFromStream
GdipDisposeImageAttributes

msvcr80

strerror
_exit
_cexit
__wgetmainargs
_amsg_exit
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
strtol
getenv
_localtime64_s
_mktime64
wcsncmp
_wtol
strcpy_s
__iob_func
_local_unwind4
qsort
__sys_nerr
_gmtime64
_stat64
memchr
_errno
fputs
fopen
fgets
_strtoi64
strrchr
isxdigit
sscanf
memmove
strtoul
_lrotl
_lrotr
strstr
strncpy
sprintf
wcscpy
_wcslwr
_time32
isdigit
_wcsupr_s
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
realloc
tolower
isspace
_strdup
strchr
strncmp
isalnum
isalpha
fseek
fread
_vsnprintf_s
_stricmp
fprintf
sscanf_s
fputc
_vsnprintf
fwrite
_beginthreadex
memcmp
wcspbrk
_wrename
setlocale
vsprintf_s
_vscprintf
_mbsicmp
__RTDynamicCast
abs
wcscspn
wcsspn
atoi
floor
ceil
_wfopen
fflush
fclose
wcscat_s
_mbschr
_wcsicmp
wcscat
swprintf_s
srand
rand
_wtoi64
_wtoi
_time64
_waccess
memcpy
labs
??_V@YAXPAX@Z
malloc
_recalloc
calloc
wcscpy_s
_mbscmp
strlen
strcmp
_purecall
free
wcsncpy_s
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_wcsnicmp
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
memset
memcpy_s
_CxxThrowException
memmove_s
_invalid_parameter_noinfo
iswspace
wcscmp
wcsstr
wcschr
wcsrchr
_wcslwr_s
_vscwprintf
vswprintf_s
wcslen
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
GetProcessMemoryInfo
GetProcessImageFileNameW
QueryWorkingSet

ws2_32

WSAGetLastError
closesocket
WSASetLastError
getaddrinfo
ntohs
getsockname
WSACleanup
WSAStartup
freeaddrinfo
recv
send
ioctlsocket
bind
htons
getsockopt
getpeername
setsockopt
connect
socket
__WSAFDIsSet
select

Sections

.text
Size: 446KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 782KB - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

657a5557bb85bbc21b4ae4d1a02c0819

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

msvcp80

gdiplus

msvcr80

version

psapi

ws2_32

Sections

.text Size: 446KB - Virtual size: 446KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 10KB - Virtual size: 13KB

.rsrc Size: 782KB - Virtual size: 784KB

.text
Size: 446KB - Virtual size: 446KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 10KB - Virtual size: 13KB

.rsrc
Size: 782KB - Virtual size: 784KB