1f41c3c73789d05012e0c598c2367f5539b49bf474cfe691f2993bc0986b93bd

Sharing

Copy URL

Twitter E-mail

General

Target

1f41c3c73789d05012e0c598c2367f5539b49bf474cfe691f2993bc0986b93bd
Size

5.4MB
MD5

70b72f360eea7eb19b9a94064c3f8d0b
SHA1

877f1ebb3c1cf6b8c8d4d6152a4075edb61cc66f
SHA256

1f41c3c73789d05012e0c598c2367f5539b49bf474cfe691f2993bc0986b93bd
SHA512

62ced2d8aa2287d6ac2eccaf5d61076c74ec82945342ae8b0980d77665729baeff0af546f0bf263b904fa3a5c95153fcfc84bd7f4f3839de57caca3bfb7d2f73
SSDEEP

98304:N0yCKZoDmopET7w4necZwtibuNq9Oi6il0rImMMsY8yNUFLOAkGkzdnEVomFHKnn:N0yCbDm5wsZp+ImMMsYAFLOyomFHKnPf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f41c3c73789d05012e0c598c2367f5539b49bf474cfe691f2993bc0986b93bd

Files

1f41c3c73789d05012e0c598c2367f5539b49bf474cfe691f2993bc0986b93bd
.exe windows:6 windows x86

fbbb178b241b14cd46c463c11718c54d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

framework

gb_widget_del
gb_widget_adj_layer
gb_init
gb_init_widget_id_allocator
gb_set_entry_screen
?gb_get_widget_image_with_alpha@@YAHPAXAAVCImage@ATL@@_N@Z
gb_widget_get_id
gb_widget_set_property
gb_prop_transaction_begin
gb_widget_create
gb_export
gb_widget_switch_part
gb_widget_switch_state
gb_get_avi_info
gb_prop_transaction_commit
gb_widget_clear_image_list
gb_widget_add_reaction
gb_reaction_set_action
gb_widget_set_id
gb_deinit
gb_ftconv
gb_font_import
gb_font_del_by_name
gb_reaction_del
gb_get_font_alias
gb_get_image_size

kernel32

GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
SearchPathW
SetErrorMode
FindResourceExW
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateProcessW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetCPInfo
CompareStringEx
LCMapStringEx
GetLocaleInfoEx
QueryPerformanceFrequency
GetStringTypeW
GlobalHandle
MoveFileExW
AreFileApisANSI
SetFilePointerEx
SetFileInformationByHandle
GetFileInformationByHandle
CreateDirectoryW
FormatMessageA
OutputDebugStringW
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
CreatePipe
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
SetStdHandle
HeapQueryInformation
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetSystemInfo
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleOutputCP
SizeofResource
LockResource
LoadResource
FindResourceW
GlobalAlloc
DeleteFileW
GetLastError
DebugBreak
RaiseException
MultiByteToWideChar
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
lstrcpynW
GlobalLock
GlobalUnlock
GlobalFree
Sleep
MulDiv
CreateFileW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetUserDefaultLCID
ReplaceFileW
GetTempFileNameW
GetDiskFreeSpaceW
CompareStringA
GetCurrentThread
GlobalGetAtomNameW
lstrcmpA
GlobalReAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetStringTypeExW
MoveFileW
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetShortPathNameW
FlushFileBuffers
FindFirstFileW
GetProfileIntW
GetTickCount
SystemTimeToTzSpecificLocalTime
SetFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSize
CloseHandle
ReadFile
LocalAlloc
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
lstrcmpiW
SystemTimeToFileTime
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
SuspendThread
lstrcpyW
CompareStringW
GlobalFindAtomW
lstrcmpW
LoadLibraryA
LoadLibraryExW
EncodePointer
CopyFileW
LocalFree
GlobalSize
LCIDToLocaleName
ExpandEnvironmentStringsW
GetExitCodeProcess
GetCurrentProcessId
OpenProcess
DuplicateHandle
TerminateProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
IsWow64Process
GetNativeSystemInfo
GetModuleHandleA
GetProductInfo
GetEnvironmentVariableW
SetEnvironmentVariableW
GetTempPathW
FormatMessageW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetSystemDirectoryW
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
RtlCaptureStackBackTrace
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetComputerNameA
GetWindowsDirectoryA
OutputDebugStringA
GetTempPathA
GetFullPathNameW
FindNextFileW
FindFirstFileExW
FindClose
GetStdHandle
WakeAllConditionVariable
GetExitCodeThread
WriteProfileStringW
GetThreadLocale
GetProcessHeap
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
GetLocalTime
SetLastError
GlobalDeleteAtom
GlobalAddAtomW
WaitForSingleObject
ResumeThread
SetThreadPriority
CreateEventW
CreateThread
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetVersionExW
GetModuleHandleW
GetFileInformationByHandleEx

user32

RealChildWindowFromPoint
WaitMessage
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
FrameRect
SetMenuDefaultItem
CharUpperBuffW
ModifyMenuW
MonitorFromPoint
UpdateLayeredWindow
DestroyAcceleratorTable
ReuseDDElParam
UnpackDDElParam
GetNextDlgGroupItem
GetIconInfo
RegisterClipboardFormatW
CopyImage
DestroyMenu
GetMenuDefaultItem
MapVirtualKeyW
GetKeyNameTextW
DrawFrameControl
DrawEdge
CopyIcon
DestroyIcon
SetParent
SetCursorPos
EnumDisplayMonitors
SetClassLongW
InvertRect
HideCaret
UnionRect
GetUpdateRect
BringWindowToTop
NotifyWinEvent
WindowFromPoint
SetWindowRgn
DeleteMenu
GetSystemMenu
CharUpperW
IsZoomed
SendDlgItemMessageA
GetWindowDC
GetWindowThreadProcessId
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckRadioButton
CheckDlgButton
SetDlgItemTextW
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetSysColorBrush
LockWindowUpdate
GetClassInfoW
PostThreadMessageW
GetMessageW
GetTopWindow
GetClassLongW
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
GetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
CopyAcceleratorTableW
SubtractRect
GetComboBoxInfo
IsClipboardFormatAvailable
GetDoubleClickTime
EnumChildWindows
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
DestroyCursor
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
GetClassInfoExW
CharNextW
InvalidateRgn
IsCharLowerW
MapVirtualKeyExW
CreateMenu
GetWindowRgn
SetRect
ToUnicodeEx
PeekMessageW
GrayStringW
DrawTextExW
TabbedTextOutW
DrawIcon
EndPaint
BeginPaint
GetCursorPos
KillTimer
SetTimer
DefWindowProcW
GetTabbedTextExtentW
LoadAcceleratorsW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyWindow
UnregisterClassW
SetLayeredWindowAttributes
RegisterClassExW
CreateWindowExW
ShowWindow
DrawIconEx
IsRectEmpty
EnableScrollBar
TrackMouseEvent
SetPropW
LoadIconW
RemovePropW
LoadMenuW
GetSubMenu
MessageBeep
MsgWaitForMultipleObjects
ClientToScreen
CheckMenuItem
SetCapture
ReleaseCapture
EnableWindow
LoadImageW
LoadBitmapW
GetClientRect
SendMessageW
GetParent
IsIconic
SetRectEmpty
RedrawWindow
InvalidateRect
GetSysColor
GetWindowLongW
SetWindowLongW
SetWindowPos
GetSystemMetrics
UpdateWindow
GetWindow
GetFocus
ShowCursor
PostMessageW
GetDC
ReleaseDC
OffsetRect
InflateRect
PtInRect
FillRect
GetWindowRect
GetDesktopWindow
GetKeyState
GetMessagePos
ScreenToClient
AppendMenuW
CreatePopupMenu
GetMenuItemCount
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
DrawTextW
EqualRect
CopyRect
DrawFocusRect
IsWindowVisible
GetClipboardData
GetMenuBarInfo
EnableMenuItem
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
LoadCursorW
SetCursor
IsWindow
SystemParametersInfoW
RegisterClassW
CallWindowProcW
GetMessageTime
RegisterWindowMessageW
GetClassNameW
DrawStateW
RemoveMenu
InsertMenuW
GetMenuItemID
GetMenuState
GetMenuStringW
GetAsyncKeyState
GetScrollInfo
IntersectRect

gdi32

DeleteDC
GetDeviceCaps
CreateDCW
GetTextExtentPoint32W
CreateFontIndirectW
DeleteObject
StretchBlt
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
StartDocW
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetStockObject
GetTextMetricsW
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CombineRgn
CreateEllipticRgn
Ellipse
GetBkColor
PatBlt
CreatePolygonRgn
Polygon
Polyline
GetMapMode
SetRectRgn
DPtoLP
GetDIBits
RealizePalette
CreateDIBSection
SetDIBColorTable
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RoundRect
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetRgnBox
OffsetRgn
GetCharWidthW
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
EnumFontFamiliesExW
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
SetPixelV
CreateHatchBrush
UnrealizeObject
LPtoDP
SetBrushOrgEx
GetPixel
SelectObject
CreateRectRgnIndirect
BitBlt
CreatePen
CreateSolidBrush
PtVisible
RectVisible
ExtTextOutW
Escape
GetTextColor
Rectangle
CreatePatternBrush
GetDIBColorTable
SetPixel
CopyMetaFileW
SetBkColor
SetTextColor
CreateBitmap
CreateRectRgn
ExcludeClipRect
GetClipBox
GetCurrentPositionEx
GetObjectType
GetViewportExtEx
GetWindowExtEx
CreateRoundRectRgn
TextOutW
IntersectClipRect

msimg32

TransparentBlt
AlphaBlend

winspool.drv

GetJobW
ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

GetFileSecurityW
SystemFunction036
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueW
RegDeleteKeyW
RegEnumKeyW
SetFileSecurityW
RegQueryValueW

shell32

SHGetSpecialFolderLocation
ShellExecuteW
DragQueryFileW
DragFinish
ShellExecuteExW
SHGetFolderPathW
DragAcceptFiles
SHBrowseForFolderW
SHGetMalloc
SHGetKnownFolderPath
ExtractIconW
SHAddToRecentDocs
SHAppBarMessage
SHGetDesktopFolder
SHGetFileInfoW
SHGetPathFromIDListW

comctl32

ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_Draw
ImageList_AddMasked
ImageList_GetIcon
InitCommonControlsEx
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_DragShowNolock

shlwapi

PathFileExistsW
StrFormatKBSizeW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW

uxtheme

IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeText
GetWindowTheme
GetThemeSysColor
IsAppThemed
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName

ole32

CoTaskMemFree
StringFromCLSID
CreateStreamOnHGlobal
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
OleLockRunning
OleGetClipboard
CoDisconnectObject
CLSIDFromProgID
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoInitializeEx
CoUninitialize
CLSIDFromString
CoCreateInstance
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoGetClassObject

oleaut32

SysFreeString
VariantChangeType
VariantInit
VariantCopy
SysStringLen
SafeArrayDestroy
SysAllocString
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
SysAllocStringLen

oledlg

OleUIBusyW

gdiplus

GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipSetInterpolationMode
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipNewPrivateFontCollection
GdipCloneFontFamily
GdipDeletePrivateFontCollection
GdipPrivateAddFontFile
GdipGetFamilyName
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromFile
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree

winmm

PlaySoundW

dbghelp

SymInitialize
SymCleanup
SymFromAddr
UnDecorateSymbolName
SymSetOptions

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 595KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbbb178b241b14cd46c463c11718c54d

Headers

DLL Characteristics

File Characteristics

Imports

framework

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

winmm

dbghelp

oleacc

imm32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 595KB - Virtual size: 594KB

.data Size: 32KB - Virtual size: 120KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 208KB - Virtual size: 207KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 595KB - Virtual size: 594KB

.data
Size: 32KB - Virtual size: 120KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 208KB - Virtual size: 207KB