873e1bfd835a69e91a5bdd3f73917db7b73663edf3ef640047ed0b9326f4797e

Sharing

Copy URL Twitter E-mail

General

Target

873e1bfd835a69e91a5bdd3f73917db7b73663edf3ef640047ed0b9326f4797e
Size

1.5MB
MD5

32f1ecc690863f09fbca28bb883decc4
SHA1

4b4b9b3a41dbc5a5e1530c7e778428b5b2b714fc
SHA256

873e1bfd835a69e91a5bdd3f73917db7b73663edf3ef640047ed0b9326f4797e
SHA512

d35fe5a3d5ebc2e291f5620cebb4c67ba1f7b224dc15e24b7032487bbfc8855b8280794981c6f1797139332849215f91a412f51f82b3bda9eac0a2ad7ebd3d67
SSDEEP

49152:vtvCE1wXcY2VlY0tJFfx/NYUpUAJKYN/98a:vtvCEOXcY2VlYeFfxKUNb8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
873e1bfd835a69e91a5bdd3f73917db7b73663edf3ef640047ed0b9326f4797e

Files

873e1bfd835a69e91a5bdd3f73917db7b73663edf3ef640047ed0b9326f4797e
.exe windows:6 windows x86

d45a29df577293ce013ff01463a4ac63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcurl

curl_easy_cleanup
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_reset
curl_easy_setopt
curl_escape
curl_formadd
curl_formfree
curl_free
curl_global_cleanup
curl_global_init
curl_slist_append
curl_slist_free_all
curl_version

kernel32

FindClose
CreateDirectoryA
GetProcessId
CopyFileW
GetFileAttributesExW
GetSystemInfo
OutputDebugStringA
FormatMessageA
SetLastError
GetCurrentDirectoryW
GetModuleHandleW
ExitProcess
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
OutputDebugStringW
FindNextFileA
ReadFile
GetFileType
SetFilePointer
SetFileTime
WriteFile
DuplicateHandle
DosDateTimeToFileTime
SystemTimeToFileTime
MulDiv
GetLocalTime
InitializeCriticalSectionAndSpinCount
FindFirstFileA
GetModuleFileNameA
CreateMutexW
SignalObjectAndWait
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
TerminateProcess
GetFileSize
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
VirtualAlloc
VirtualFree
CreateTimerQueue
LocalFree
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
GetStdHandle
WaitForSingleObjectEx
CreateFileW
GetModuleFileNameW
GetCurrentProcess
VirtualProtect
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
ResetEvent
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentThread
SetUnhandledExceptionFilter
GetVersionExW
DeviceIoControl
CreateFileA
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
MultiByteToWideChar
GetLastError
DeleteFileA
CreateProcessW
CreateDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetExitCodeProcess
SetEvent
GetThreadId
CreateEventW
CreateThread
GetTickCount
CloseHandle
WaitForSingleObject
Sleep
CopyFileA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetExitCodeThread
TryEnterCriticalSection
EncodePointer
DecodePointer
RaiseException
QueryPerformanceCounter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetCurrentProcessId
SwitchToThread

user32

LoadImageW
GetPropW
SetPropW
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
SetWindowRgn
SetWindowLongW
MapWindowPoints
ScreenToClient
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
CharPrevW
DrawTextW
FillRect
SetRect
CreateCaret
HideCaret
ShowCaret
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetFocus
SetFocus
DestroyWindow
CreateWindowExW
DispatchMessageW
TranslateMessage
IsRectEmpty
IntersectRect
CharNextW
LoadCursorW
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
SetWindowTextW
GetWindowTextLengthW
PostMessageW
PtInRect
PostThreadMessageW
PeekMessageW
GetMessageW
PostQuitMessage
ShowWindow
GetCursorPos
GetWindowRect
GetParent
GetWindow
GetMonitorInfoW
MonitorFromWindow
SetWindowPos
MoveWindow
CreateAcceleratorTableW
InvalidateRgn
SendMessageW
IsIconic
EnableWindow
IsWindow
IsZoomed
BringWindowToTop
GetKeyState
wsprintfW
MessageBoxW
FindWindowW
OffsetRect
InflateRect
SetCursor
wvsprintfW
GetWindowLongW
GetSystemMetrics
GetWindowTextW
SetForegroundWindow

gdi32

SetWindowOrgEx
CreateRoundRectRgn
GetObjectA
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
GetObjectW
ExtSelectClipRgn
SetBkColor
SetBkMode
SetStretchBltMode
SetTextColor
CreateDIBSection
MoveToEx
TextOutW
ExtTextOutW
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
Rectangle
RestoreDC
SaveDC
SelectObject
SelectClipRgn
StretchBlt
GetTextMetricsW

comdlg32

GetOpenFileNameW

advapi32

RegOpenKeyExA
OpenProcessToken
RegCloseKey
RegQueryValueExA
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

SHBrowseForFolderW
ShellExecuteExW
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderPathA
SHGetFolderPathW

ole32

CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoInitialize
OleLockRunning

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit

winhttp

WinHttpQueryHeaders
WinHttpOpen
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpSetOption
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpOpenRequest
WinHttpConnect

winmm

waveInGetNumDevs
waveInStart
waveInReset
waveInAddBuffer
waveInClose
waveInUnprepareHeader
waveInPrepareHeader
waveInOpen

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipCreateFromHDC
GdipSetTextRenderingHint
GdipCreateFontFromDC
GdipCreateLineBrushI
GdiplusShutdown
GdiplusStartup
GdipFillRectangle
GdipCloneBrush
GdipDeleteBrush
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateFontFromLogfontA
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteFont
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateSolidFill

userhttplib

?ReleaseUserlib@@YAXPAPAVCUserhttplib@@@Z
?CreateUserlib@@YAPAVCUserhttplib@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAUHWND__@@@Z

msc

ord20
ord24
ord1
ord21
ord23
ord2

fanplayer

player_seek
player_setparam
player_play
player_open
player_getparam
player_close
player_pause

shlwapi

wvnsprintfW
PathFileExistsW
PathFileExistsA

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
gethostbyname
inet_ntoa
WSACleanup

libusc

usc_create_service
usc_stop_recognizer
usc_get_result
usc_feed_buffer
usc_start_recognizer
usc_set_option
usc_release_service
usc_login_service

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

vcruntime140

wcsstr
__RTtypeid
__std_type_info_name
__std_exception_copy
__std_exception_destroy
_purecall
memchr
memmove
__std_terminate
strchr
wcsrchr
wcschr
strstr
_CxxThrowException
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
__CxxFrameHandler3
__RTDynamicCast
strrchr
memcpy
memcmp
__AdjustPointer
__processing_throw
__current_exception
__uncaught_exception
memset

api-ms-win-crt-runtime-l1-1-0

abort
_configure_narrow_argv
_errno
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
terminate
_invalid_parameter_noinfo
_c_exit
_initialize_narrow_environment
_exit
_invalid_parameter_noinfo_noreturn
exit
_register_onexit_function
_initterm_e
_wassert
_beginthreadex
system
_crt_atexit
_initterm
strerror
_get_narrow_winmain_command_line
_cexit
_set_app_type
_seh_filter_exe
_controlfp_s

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vswprintf
fread
fclose
fgetc
__stdio_common_vfprintf_s
__stdio_common_vswprintf_s
ftell
fputc
ungetc
fflush
__stdio_common_vsnprintf_s
fseek
fopen
__stdio_common_vfprintf
__stdio_common_vsprintf
setvbuf
__stdio_common_vsprintf_s
fsetpos
_fseeki64
fgetpos
_ftelli64
_set_fmode
fwrite
__p__commode
_fsopen
__stdio_common_vsscanf
_get_stream_buffer_pointers
fopen_s

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
free
_calloc_base
malloc
calloc
_malloc_base
_free_base
_callnewh

api-ms-win-crt-filesystem-l1-1-0

remove
_mkdir
_stat64i32
_access
_unlock_file
_unlink
_lock_file

api-ms-win-crt-string-l1-1-0

wcsncmp
isdigit
_wcslwr
toupper
tolower
isupper
_wcsdup
strncpy_s
strcspn
islower
wcscat_s
wcscpy_s
strncmp
strcpy_s
iswalnum
isprint
isspace
_wcsicmp
__strncnt
strncpy
wcsncpy
isalnum

api-ms-win-crt-time-l1-1-0

wcsftime
_localtime64
_localtime64_s
strftime
_time64
_mktime64
_gmtime64
_utime64

api-ms-win-crt-math-l1-1-0

_CIsqrt
_dtest
_CIexp
__setusermatherr
_dclass
_except1
_CIfmod
_libm_sse2_pow_precise
lrintf
lrint
floor
frexp
_libm_sse2_sqrt_precise
modf

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
___lc_locale_name_func
__pctype_func
_unlock_locales
_lock_locales
localeconv
_configthreadlocale
setlocale
___mb_cur_max_func

api-ms-win-crt-convert-l1-1-0

atoi
strtol
wcstol
wcstoul
strtod
atoll
_wtoll
_wtoi

api-ms-win-crt-multibyte-l1-1-0

_ismbblead

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d45a29df577293ce013ff01463a4ac63

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winhttp

winmm

comctl32

gdiplus

userhttplib

msc

fanplayer

shlwapi

iphlpapi

ws2_32

libusc

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 211KB - Virtual size: 210KB

.data Size: 28KB - Virtual size: 43KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 53KB - Virtual size: 52KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 211KB - Virtual size: 210KB

.data
Size: 28KB - Virtual size: 43KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 53KB - Virtual size: 52KB