c7de53866ba6cebf044cdd71da5c65dc7f0936a70a2a82eaadfb4f6e6c70bea5

Sharing

Copy URL Twitter E-mail

General

Target

c7de53866ba6cebf044cdd71da5c65dc7f0936a70a2a82eaadfb4f6e6c70bea5
Size

10.1MB
MD5

619c41b7e439d4fe7d3eb98ebeb5ef89
SHA1

26ce2247fc3402fc9013c72b361e775b274a1d36
SHA256

c7de53866ba6cebf044cdd71da5c65dc7f0936a70a2a82eaadfb4f6e6c70bea5
SHA512

a78144d8386eec176a99eb2db7b4324276b1cb89d10d4467ecb7b19cda350506dd1cc7296d97c5842ab419c1c5cd4bd9f0274957a0c0ec0d2410b76dbab74a81
SSDEEP

196608:gtA94UdVEy9qMBNLtwIvjI3Be1Owcfx8L28ralpNkmPQfCcDjYQdyfp:D94UdVEy9qMBNLtwIvjI3BMlOV8GGacu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7de53866ba6cebf044cdd71da5c65dc7f0936a70a2a82eaadfb4f6e6c70bea5

Files

c7de53866ba6cebf044cdd71da5c65dc7f0936a70a2a82eaadfb4f6e6c70bea5
.exe windows:6 windows x86

e7663d3a19ebfdcf34b88dd692b60197

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
lstrcmpiW
WritePrivateProfileStringW
GetDriveTypeW
WaitForSingleObjectEx
RtlCaptureStackBackTrace
GetFileInformationByHandle
CompareFileTime
FindFirstChangeNotificationW
FindCloseChangeNotification
SetFileTime
CreateDirectoryW
SearchPathW
GetCurrentDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FlushFileBuffers
GetSystemTimeAsFileTime
lstrcpynW
GetLocalTime
WaitForMultipleObjects
Sleep
CreateEventW
WaitForSingleObject
SetEvent
VerifyVersionInfoW
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
VerSetConditionMask
K32GetProcessImageFileNameW
GetTickCount
GetCurrentProcess
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
GetFileSize
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetModuleFileNameExW
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
WriteConsoleW
SetEndOfFile
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
EnterCriticalSection
InitializeCriticalSection
CreateFileA
GetLongPathNameW
MoveFileExW
MoveFileW
GetCommandLineW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetWindowsDirectoryW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
GetCurrentThreadId
HeapAlloc
HeapDestroy
SetLastError
GetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CloseHandle
GetTempFileNameA
FindFirstFileExA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
GetTempPathA
WriteFile
DeleteFileA
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
lstrlenW
DecodePointer
SignalObjectAndWait
lstrcmpiA
lstrcmpA
GetSystemWindowsDirectoryW
FreeResource
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
GetFileAttributesExW
SetFilePointer
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
TerminateProcess
GetExitCodeProcess
CopyFileW
GetShortPathNameW
OutputDebugStringA
OutputDebugStringW
GetFileSizeEx
ResetEvent
GetSystemInfo
GetTempFileNameW
LocalFree
FormatMessageW
GetEnvironmentVariableW
GetVersionExW
GetDiskFreeSpaceExW
GetSystemDirectoryW
DeviceIoControl
LocalAlloc
GetPrivateProfileStringW
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
GetStartupInfoW

user32

UnregisterClassW
CallWindowProcW
DefWindowProcW
SendMessageW
GetShellWindow
LoadStringW
GetWindowThreadProcessId
FindWindowExW
PostMessageW
KillTimer
CreateWindowExW
LoadImageW
SetForegroundWindow
GetSystemMetrics
GetActiveWindow
DialogBoxParamW
IsIconic
IsWindowVisible
SetTimer
FindWindowW
CharNextW
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SendMessageTimeoutW
wsprintfW
MessageBoxW
SendNotifyMessageW
OffsetRect
UnionRect
EqualRect
DrawFocusRect
DestroyCursor
MoveWindow
UnregisterClassA
RegisterWindowMessageW
FillRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DrawTextW
GetFocus
ShowWindow
GetClassInfoExW
RegisterClassExW
MonitorFromWindow
IsDialogMessageW
GetWindow
IsWindow
MapWindowPoints
SetCursor
PtInRect
EndDialog
GetMonitorInfoW
CopyRect
SystemParametersInfoW
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
PostQuitMessage
SetFocus
DestroyWindow
UpdateLayeredWindow
SetWindowPos
GetAsyncKeyState

gdi32

CreateCompatibleBitmap
CreateRectRgnIndirect
DeleteDC
DeleteObject
RestoreDC
SaveDC
SelectClipRgn
BitBlt
CreateDIBSection
GetObjectW
SetViewportOrgEx
CreateFontW
GetStockObject
SetBkMode
SetTextColor
OffsetViewportOrgEx
EnumFontFamiliesW
SelectObject
CreateCompatibleDC
RectVisible

advapi32

StartServiceW
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
CryptContextAddRef
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
GetTrusteeNameW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
LookupAccountNameW
LookupAccountSidW
RegQueryValueExA
EqualSid
DeleteAce
GetUserNameW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CloseServiceHandle
CreateServiceW
OpenSCManagerW
OpenServiceW

shell32

SHChangeNotify
ShellExecuteExW
SHFileOperationW
ord165
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoInitializeEx
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
CreateStreamOnHGlobal
CoInitializeSecurity
OleRun
CLSIDFromProgID
CoSetProxyBlanket

oleaut32

VarBstrCmp
VariantClear
SysFreeString
SysAllocString
SysStringByteLen
VarUI4FromStr
SysStringLen
VariantInit
VariantChangeType
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
VariantCopy

shlwapi

PathIsPrefixW
SHSetValueW
PathIsDirectoryW
AssocQueryStringW
SHSetValueA
PathIsRootW
PathIsRelativeW
SHGetValueW
PathRemoveFileSpecW
wnsprintfW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCombineW
PathAppendW
PathRenameExtensionA
PathFindFileNameA
SHGetValueA
StrToIntExW
StrCmpIW
StrStrIW
StrStrIA
StrTrimA
StrCmpNIW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign

psapi

GetModuleFileNameExW
EnumProcesses
GetProcessImageFileNameW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

setupapi

SetupIterateCabinetW

Exports

Exports

InstallEntryW
_BasicEntry@12
_CreateApp@0
_Start@4
_Uninst@4

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7663d3a19ebfdcf34b88dd692b60197

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

version

iphlpapi

wininet

urlmon

setupapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 247KB - Virtual size: 247KB

.data Size: 32KB - Virtual size: 53KB

.rsrc Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 59KB - Virtual size: 59KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 247KB - Virtual size: 247KB

.data
Size: 32KB - Virtual size: 53KB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 59KB - Virtual size: 59KB