a599777310ce2e4baa6eb8cdbb0bcdf7fcc048abba505b9af41d08d8ac98c019

Sharing

Copy URL Twitter E-mail

General

Target

a599777310ce2e4baa6eb8cdbb0bcdf7fcc048abba505b9af41d08d8ac98c019
Size

4.5MB
MD5

86c0ff602a6eeccf20ed79b0124a106f
SHA1

53f5c21bdf52fac917a89255ca85aa84ace532e3
SHA256

a599777310ce2e4baa6eb8cdbb0bcdf7fcc048abba505b9af41d08d8ac98c019
SHA512

06dd1c1cd87a9517ff3ba47cfb5130c7c1856909d1e756f658143e20ab69976cafef99e627c282d6bb8a138175524e2f323f0744226ccd95d89cc0091ba55350
SSDEEP

98304:PBvMro5ixUUMn8bNLVNq2tG+RqpdrHQJ9n:aIcM8wmG+RK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a599777310ce2e4baa6eb8cdbb0bcdf7fcc048abba505b9af41d08d8ac98c019

Files

a599777310ce2e4baa6eb8cdbb0bcdf7fcc048abba505b9af41d08d8ac98c019
.exe windows:5 windows x86

96d2d5c46f1837d7574eea0ce7c74510

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
MulDiv
FreeResource
GetTickCount
GetUserDefaultLCID
FreeLibrary
CreateDirectoryW
GetCommandLineW
GetCurrentProcess
TerminateProcess
CreatePipe
PeekNamedPipe
OpenProcess
GetFileAttributesExW
GlobalFlags
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateProcessW
CopyFileW
VirtualQuery
GenerateConsoleCtrlEvent
GetExitCodeProcess
SetLocalTime
FileTimeToSystemTime
GetLocalTime
GetSystemTimeAsFileTime
lstrcmpiW
LoadLibraryExW
CreateFileA
DeleteFileA
InitializeCriticalSectionAndSpinCount
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
GetDateFormatW
GetTimeFormatW
InitializeCriticalSection
EnterCriticalSection
TryEnterCriticalSection
DeleteFileW
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
Sleep
FindFirstFileW
FindClose
GetFileAttributesW
SetFileAttributesW
FindNextFileW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetFileSizeEx
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetConsoleCP
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
RtlUnwind
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
VerifyVersionInfoW
GetModuleHandleA
VerSetConditionMask
CompareFileTime
CreateFileMappingA
MapViewOfFile
GetEnvironmentVariableA
MoveFileExW
QueryPerformanceFrequency
SleepEx
SystemTimeToFileTime
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
LoadLibraryA
ConvertThreadToFiber
ConvertFiberToThread
QueryPerformanceCounter
FormatMessageW
CreateFiber
DeleteFiber
SwitchToFiber
GetFileType
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleExW
RemoveDirectoryW
MoveFileW
LoadLibraryW
GetProcAddress
GetPrivateProfileStringW
HeapFree
WritePrivateProfileStringW
GetModuleFileNameW
CloseHandle
CreateFileW
SetFilePointer
ReadFile
InterlockedExchangeAdd
WaitForMultipleObjects
MapViewOfFileEx
CreateFileMappingW
GetFileSize
UnmapViewOfFile
CreateIoCompletionPort
ResetEvent
GetSystemInfo
GetExitCodeThread
PostQueuedCompletionStatus
GetQueuedCompletionStatus
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
GetNativeSystemInfo
CreateSemaphoreW
SwitchToThread
ReleaseSemaphore
GetCurrentProcessId
SetLastError
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
HeapCreate
GetSystemDirectoryW
Process32NextW
Process32FirstW
QueryDosDeviceW
GetLogicalDriveStringsW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
OutputDebugStringW
GetCurrentThreadId
GetModuleHandleW
IsDebuggerPresent
CreateEventW
ResumeThread
CreateThread
WaitForSingleObject
SetEvent
WriteFile
SetFilePointerEx

user32

UnregisterClassW
PostMessageW
DestroyWindow
MessageBoxW
GetWindowLongW
SetRect
IsZoomed
GetTopWindow
DestroyIcon
SetWindowPos
MessageBeep
OffsetRect
RedrawWindow
ClientToScreen
SetParent
SetWindowLongW
InvalidateRect
SendMessageW
DefWindowProcW
DispatchMessageW
DrawTextW
ScreenToClient
TranslateMessage
GetMessageW
PeekMessageW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
ShowWindow
GetFocus
IsWindow
SetFocus
GetKeyState
SetCursor
AdjustWindowRectEx
GetWindowThreadProcessId
FindWindowA
SendMessageA
GetUserObjectInformationW
GetProcessWindowStation
GetWindowRect
FindWindowExA
IsWindowEnabled
MsgWaitForMultipleObjects
ReleaseDC
GetClientRect
GetWindowDC
GetSystemMetrics
GetDC
LoadImageW
GetParent
GetDesktopWindow
LoadCursorW
LoadIconW
RegisterClassW
GetClassInfoW
GetActiveWindow
LoadStringW
CreateWindowExW
SetClipboardData
EnumWindows
MoveWindow
EmptyClipboard
CloseClipboard
GetMonitorInfoW
OpenClipboard
WaitForInputIdle
SetActiveWindow
MonitorFromWindow
wsprintfW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
CharNextW
GetCursorPos
CreateMenu
PostQuitMessage
AppendMenuW
TranslateAcceleratorW
DestroyMenu
CreateAcceleratorTableW
DestroyAcceleratorTable
GetSubMenu
TrackPopupMenu
CreatePopupMenu
GetLastActivePopup
DeleteMenu
GetDlgItem
GetSysColor
FillRect
EnableWindow
EndPaint
GetNextDlgTabItem
BeginPaint
IsIconic
GetClassNameW
IntersectRect
IsRectEmpty
WinHelpW
SetMenu
IsChild
GetDlgCtrlID
IsDialogMessageW
DrawIcon
SetWindowRgn
IsWindowVisible
GetWindow
GetSystemMenu
PtInRect

gdi32

CreateRectRgn
CombineRgn
SetBkMode
GetTextMetricsW
ExcludeClipRect
GetClipBox
CreateRoundRectRgn
CreateEllipticRgn
SetTextColor
SetBkColor
CreateSolidBrush
CreateFontIndirectW
SelectObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GdiAlphaBlend
GetStockObject
GetDeviceCaps
DeleteDC
GetObjectW
SetStretchBltMode
DeleteObject

advapi32

CryptAcquireContextW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegDeleteKeyW
RegQueryInfoKeyW

shell32

DragQueryFileW
DragFinish
ShellExecuteW
Shell_NotifyIconW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
SystemTimeToVariantTime
VariantTimeToSystemTime

comctl32

InitCommonControlsEx
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

psapi

GetProcessImageFileNameW

shlwapi

StrPBrkW
StrChrW

wldap32

ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord216
ord133
ord147
ord301
ord145
ord219
ord46
ord14
ord208
ord79

ws2_32

ntohs
WSAGetLastError
htons
setsockopt
ioctlsocket
gethostname
select
__WSAFDIsSet
accept
getnameinfo
recvfrom
listen
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
recv
WSAEnumNetworkEvents
WSACleanup
bind
WSAStartup
socket
connect
WSAGetOverlappedResult
WSAIoctl
closesocket
WSASend
ntohl
shutdown
WSASetLastError
WSAStringToAddressW
getaddrinfo
getpeername
getsockname
send
WSAAddressToStringW
WSARecv
getsockopt
htonl
freeaddrinfo
sendto

uxtheme

SetWindowTheme

winmm

timeGetDevCaps
timeEndPeriod
timeGetTime
timeBeginPeriod

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipSetCompositingMode
GdipGetImagePalette
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 521KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96d2d5c46f1837d7574eea0ce7c74510

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

psapi

shlwapi

wldap32

ws2_32

uxtheme

winmm

gdiplus

crypt32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 30KB - Virtual size: 51KB

.rsrc Size: 521KB - Virtual size: 520KB

.reloc Size: 157KB - Virtual size: 156KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 30KB - Virtual size: 51KB

.rsrc
Size: 521KB - Virtual size: 520KB

.reloc
Size: 157KB - Virtual size: 156KB