d0a584b70718217e537657c2bf58552d61aaf67d27149e7cbfd51fa4095221b5

Sharing

Copy URL Twitter E-mail

General

Target

d0a584b70718217e537657c2bf58552d61aaf67d27149e7cbfd51fa4095221b5
Size

2.5MB
MD5

f9a0d815cff16591410976c05f8f9092
SHA1

540b43354e734b973834a3c09e616eca72794c63
SHA256

d0a584b70718217e537657c2bf58552d61aaf67d27149e7cbfd51fa4095221b5
SHA512

df3e7dd7e8b8a84c6f3e169c1e8c5666b586a3c2b2d1c22d5704cbb08a3fd457810b3bc07dd22aabb6ade5f104ac41a596d32d8407fbb4fdf93cedcce3ec29dd
SSDEEP

49152:/tdiajpN3NZXChEr9VJjs9FCJ3tTUTa34I:1gajpN3N8hi+CJd34I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0a584b70718217e537657c2bf58552d61aaf67d27149e7cbfd51fa4095221b5

Files

d0a584b70718217e537657c2bf58552d61aaf67d27149e7cbfd51fa4095221b5
.exe windows:5 windows x86

3a12027eee700357c7330a9f33f8670f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

DeleteIpNetEntry
GetIpNetTable
GetAdaptersInfo
GetNetworkParams

kernel32

GetStartupInfoW
RtlUnwind
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
RaiseException
UnhandledExceptionFilter
IsDebuggerPresent
MoveFileA
CreateDirectoryA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
FindFirstFileA
FindNextFileA
HeapReAlloc
GetDriveTypeA
ExitProcess
ExitThread
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetCurrentDirectoryW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
DebugBreak
FatalAppExitA
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
SetStdHandle
SetConsoleCtrlHandler
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
InitializeCriticalSectionAndSpinCount
GetProcessHeap
LCMapStringA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFileTime
GetFileSizeEx
GetFileAttributesW
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
SetErrorMode
SystemTimeToFileTime
GetAtomNameW
GlobalGetAtomNameW
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
ReleaseMutex
CreateMutexW
ReleaseSemaphore
CreateSemaphoreW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetThreadLocale
GetStringTypeExW
MoveFileW
SuspendThread
ResumeThread
SetThreadPriority
InterlockedDecrement
lstrcmpA
GlobalSize
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FreeLibrary
CompareStringW
lstrcmpW
GetVersionExA
WritePrivateProfileStringW
RemoveDirectoryW
CopyFileW
CreateDirectoryW
SetPriorityClass
TerminateThread
ResetEvent
GetPrivateProfileIntW
CreateEventW
WaitForSingleObject
Sleep
SetEvent
GlobalFree
SetUnhandledExceptionFilter
GetModuleFileNameA
TerminateProcess
LoadLibraryA
WriteProcessMemory
CreateFileA
GetCurrentThreadId
GetCurrentProcess
GetModuleFileNameW
WaitForMultipleObjects
GetCurrentProcessId
GetTickCount
CreateThread
GetPrivateProfileStringW
DeleteFileW
OutputDebugStringW
CreateFileW
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
CloseHandle
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetLastError
SetLastError
lstrcmpiW
FreeResource
GetCPInfo
GetVersion
GetVersionExW
LoadResource
LockResource
SizeofResource
FindResourceW
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
GetStartupInfoA
InterlockedCompareExchange

user32

GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
LoadMenuW
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
EndDialog
LoadIconW
IsIconic
GetSystemMenu
DrawIcon
GetWindowTextW
MessageBoxW
IsWindowVisible
UpdateWindow
SetWindowLongW
ScreenToClient
IsZoomed
SetRectEmpty
PtInRect
IsRectEmpty
GetCursorPos
GetWindow
SetCapture
KillTimer
SetTimer
ReleaseCapture
SetScrollPos
LoadCursorW
GetLastActivePopup
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
DrawFocusRect
DrawStateW
FrameRect
OffsetRect
InflateRect
LoadImageW
GetIconInfo
CreateIconIndirect
PostMessageW
SetCursor
IsMenu
DestroyCursor
GetDesktopWindow
ReleaseDC
GetDC
RemoveMenu
ModifyMenuW
InsertMenuW
GetSubMenu
GetMenuState
GetMenuItemID
GetWindowRect
EnableWindow
SendMessageW
GetMenuItemInfoW
GetMenuItemCount
AppendMenuW
DeleteMenu
CreatePopupMenu
CreateMenu
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DrawEdge
LoadBitmapW
CopyRect
SetRect
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
TrackPopupMenu
TrackPopupMenuEx
ScrollWindow
MapWindowPoints
PeekMessageW
GetMessagePos
GetSysColorBrush
FillRect
GetSystemMetrics
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
LoadCursorFromFileW
DispatchMessageW
GetSysColor
SystemParametersInfoW
DestroyIcon
DrawIconEx
GetForegroundWindow
GetWindowTextLengthW
PostThreadMessageW
RegisterClipboardFormatW
LockWindowUpdate
GetDCEx
UnionRect
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
WaitMessage
UnregisterClassW
SetParent
UnpackDDElParam
ReuseDDElParam
GetMenuBarInfo
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
GetDialogBaseUnits
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
MsgWaitForMultipleObjects
CharUpperW
GetWindowThreadProcessId
GetMessageW
TranslateMessage
ValidateRect
MapVirtualKeyW
GetKeyNameTextW
DestroyMenu
GetMenuStringW
EndPaint
BeginPaint
GetWindowDC
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
SetFocus
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowLongW
GetFocus
GetMenuCheckMarkDimensions

gdi32

GetBkMode
PtVisible
RectVisible
Ellipse
Rectangle
PatBlt
GetPixel
SetPixel
TextOutW
ExtTextOutW
Escape
GetStockObject
SetTextColor
SetBkColor
CreateBitmap
GetCurrentObject
StretchBlt
CreateFontW
GetDCOrgEx
GetClipBox
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
CreatePen
SetColorAdjustment
GetDeviceCaps
GetClipRgn
CreateRectRgn
SelectClipPath
CreateCompatibleBitmap
GetWindowExtEx
StartDocW
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ExtCreatePen
CopyMetaFileW
CreateDCW
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetCharWidthW
StretchDIBits
GetBkColor
GetTextMetricsW
GetTextColor
GetRgnBox
SelectClipRgn
GetObjectW
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
CreateSolidBrush
DeleteObject
DeleteDC
CreateFontIndirectW
GetViewportExtEx
CreateHatchBrush
SetArcDirection
GetTextExtentPoint32W

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegDeleteValueW
RegCreateKeyW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegSetValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW

shell32

DragQueryFileW
ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ExtractIconW
ShellExecuteW
DragFinish

comctl32

ImageList_GetIconSize
_TrackMouseEvent

shlwapi

PathIsUNCW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW

oledlg

OleUIBusyW

ole32

WriteFmtUserTypeStg
ReadClassStg
CoTaskMemFree
CreateStreamOnHGlobal
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
CoTreatAsClass
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx
CoDisconnectObject
StringFromGUID2
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleRun
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
SetConvertStg

oleaut32

SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
VarUdateFromDate
SystemTimeToVariantTime
SysAllocStringByteLen
OleLoadPicture
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
OleCreateFontIndirect
SysAllocString
SysStringByteLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VarDateFromStr
VariantTimeToSystemTime
VarCyFromStr
SysReAllocStringLen

netsdk

ord99
ord57
ord88
ord132
ord19
ord6
ord52
ord89
ord13
ord62
ord92
ord32
ord93
ord33
ord140
ord28
ord66
ord127
ord76
ord41
ord58
ord1
ord91
ord17
ord31
ord25

h264play

ord4
ord17
ord33
ord3
ord18
ord19
ord82

ws2_32

select
__WSAFDIsSet
recv
gethostname
socket
bind
WSAGetLastError
getprotobyname
WSACleanup
ioctlsocket
htons
WSASocketW
setsockopt
closesocket
sendto
recvfrom
WSAStartup
gethostbyname
inet_ntoa
connect
inet_addr

dbghelp

MiniDumpWriteDump

libxl

xlCreateBookW

Sections

.textbss
Size: - Virtual size: 973KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 192.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1024B - Virtual size: 793B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a12027eee700357c7330a9f33f8670f

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

netsdk

h264play

ws2_32

dbghelp

libxl

Sections

.textbss Size: - Virtual size: 973KB

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 262KB - Virtual size: 261KB

.data Size: 41KB - Virtual size: 192.1MB

.idata Size: 19KB - Virtual size: 18KB

.didat Size: 1024B - Virtual size: 793B

.rsrc Size: 190KB - Virtual size: 190KB

.textbss
Size: - Virtual size: 973KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 262KB - Virtual size: 261KB

.data
Size: 41KB - Virtual size: 192.1MB

.idata
Size: 19KB - Virtual size: 18KB

.didat
Size: 1024B - Virtual size: 793B

.rsrc
Size: 190KB - Virtual size: 190KB