57b6a31de3b31a09728e71b7aa4b9b3b4c0f254b116d34e56834a48a40d2985b

Sharing

Copy URL Twitter E-mail

General

Target

57b6a31de3b31a09728e71b7aa4b9b3b4c0f254b116d34e56834a48a40d2985b
Size

797KB
MD5

d65d33c78c2825ff1e255db7ee9e4a5b
SHA1

4754109f4cbc11278026bbdbb4a915b85fc2d395
SHA256

57b6a31de3b31a09728e71b7aa4b9b3b4c0f254b116d34e56834a48a40d2985b
SHA512

ccedffe44c2f0ea16090e1412799d3fbcc02ba0945daaedcb00abeef0a99a191b3d1e88512ef6fbec415efb51a51f18c7652f110dd234d8dfc15da85312cce03
SSDEEP

12288:gCgwxfHyya6yLkzeQLejCdlK2iHGsUxWz+2IUXJBCwl6wG:7ZZnfyLky8x+2CG/Wz+7UeIG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57b6a31de3b31a09728e71b7aa4b9b3b4c0f254b116d34e56834a48a40d2985b

Files

57b6a31de3b31a09728e71b7aa4b9b3b4c0f254b116d34e56834a48a40d2985b
.exe windows:4 windows x86

59f5910802ac8cfb6be7a8c673b229ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesW
MoveFileW
GetCurrentProcessId
CreateThread
TerminateThread
ResetEvent
SetFilePointer
GetExitCodeProcess
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
LoadLibraryW
GetStringTypeW
GetStringTypeA
WaitForMultipleObjects
EnumSystemLocalesA
GetUserDefaultLCID
HeapCreate
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
SetEvent
CreateEventW
InterlockedExchange
GetCurrentProcess
GetVersionExW
GetFileSize
MultiByteToWideChar
GlobalLock
CreateMutexW
TerminateProcess
Module32FirstW
QueryDosDeviceW
GetLogicalDriveStringsW
WritePrivateProfileStringW
FindClose
WaitForSingleObject
OpenEventW
GetSystemDirectoryW
CreateDirectoryW
GetFileAttributesW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
ProcessIdToSessionId
DeleteFileW
WriteFile
GetModuleHandleW
InterlockedDecrement
GetPrivateProfileIntW
Sleep
GlobalAlloc
GetLastError
InterlockedIncrement
GetProcAddress
IsValidLocale
lstrlenW
GlobalUnlock
GetLocalTime
RaiseException
CloseHandle
FreeResource
LeaveCriticalSection
EnterCriticalSection
GetWindowsDirectoryW
DeleteCriticalSection
ReadFile
InitializeCriticalSection
GetPrivateProfileStringW
GetModuleFileNameW
lstrcmpiW
lstrlenA
CreateFileW
GetCurrentThreadId
GlobalFree
WideCharToMultiByte
FreeLibrary
SetLastError
UnmapViewOfFile
FlushInstructionCache
OutputDebugStringW
LoadLibraryExW
GetTickCount
FindResourceExW
LoadResource
FindResourceW
LockResource
SizeofResource
GetStdHandle

user32

OffsetRect
SetCursor
CharNextW
UnregisterClassA
ScreenToClient
LoadImageW
LoadCursorW
LoadBitmapW
WindowFromPoint
GetSystemMetrics
GetCursorPos
GetDesktopWindow
GetWindowThreadProcessId
GetDlgItem
GetDC
GetWindow
GetForegroundWindow
DrawTextW
SetTimer
IsWindowVisible
GetWindowRect
UpdateLayeredWindow
GetWindowLongW
AttachThreadInput
SendMessageW
EqualRect
DestroyWindow
GetClientRect
PostThreadMessageW
MoveWindow
PeekMessageW
MapWindowPoints
SetWindowPos
RegisterClassExW
GetMessageW
CreateWindowExW
SetForegroundWindow
SetWindowLongW
ReleaseDC
TranslateMessage
GetFocus
IsIconic
GetParent
DispatchMessageW
IsChild
SetRect
CopyRect
IsDialogMessageW
FindWindowW
MonitorFromWindow
SetWindowRgn
IntersectRect
GetMonitorInfoW
IsRectEmpty
SetFocus
LoadIconW
SetCapture
SetRectEmpty
DrawFrameControl
DestroyIcon
InvalidateRect
InflateRect
GetActiveWindow
GetClassInfoExW
EnableWindow
ReleaseCapture
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
EndPaint
IsWindow
SystemParametersInfoW
IsWindowEnabled
RegisterWindowMessageW
GetNextDlgTabItem
KillTimer
PostMessageW
DrawIconEx
PtInRect
SetActiveWindow
BeginPaint
ClientToScreen
EnumDisplayMonitors
EnumChildWindows
SetWindowTextW
ShowWindow

gdi32

SaveDC
CreateCompatibleDC
GetDeviceCaps
DeleteDC
SetBkMode
ExtTextOutW
GetTextExtentPoint32W
SetBkColor
CreateFontIndirectW
CombineRgn
SetTextColor
GetStockObject
CreateRectRgnIndirect
GetObjectW
GetViewportOrgEx
OffsetRgn
LineTo
ExtSelectClipRgn
CreateCompatibleBitmap
SelectObject
SetViewportOrgEx
SetStretchBltMode
CreatePen
DeleteObject
Rectangle
StretchBlt
BitBlt
CreateRoundRectRgn
CreateBitmap
RoundRect
GetTextColor
GetClipRgn
TextOutW
RectInRegion
CreateDIBSection
SelectClipRgn
RestoreDC
GetCurrentObject
MoveToEx
CreateRectRgn

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenCurrentUser
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
RegOpenKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

SHCreateDirectoryExW
ShellExecuteExW
ExtractIconW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

StrToIntA
StrToIntW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipDrawPath
GdipDeletePrivateFontCollection
GdipFillRectangleI
GdipTranslateWorldTransform
GdipDeleteStringFormat
GdipCreateBitmapFromScan0
GdipCreateStringFormat
GdipCreateBitmapFromHICON
GdipSetClipPath
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipNewPrivateFontCollection
GdipAddPathArcI
GdipFillPath
GdipCreateLineBrushFromRectWithAngleI
GdipRotateWorldTransform
GdipGetImageGraphicsContext
GdipPrivateAddFontFile
GdipSetStringFormatFlags
GdipResetWorldTransform
GdipSetInterpolationMode
GdipGetFontCollectionFamilyCount
GdipSetStringFormatAlign
GdipSetPixelOffsetMode
GdipSetStringFormatLineAlign
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipGetImagePixelFormat
GdipSetStringFormatTrimming
GdipGetFamily
GdipDrawImageRectRect
GdipFree
GdipDrawImageRectRectI
GdiplusShutdown
GdipGetImageWidth
GdipSetTextRenderingHint
GdipCreatePath
GdipCloneBrush
GdipCloneBitmapArea
GdipAddPathStringI
GdipDrawString
GdipDeletePath
GdipGetImageHeight
GdipAlloc
GdipGetFontSize
GdipSetPenDashStyle
GdipSetPenEndCap
GdipDeleteBrush
GdipDisposeImage
GdipGraphicsClear
GdipImageRotateFlip
GdipSetPenStartCap
GdiplusStartup
GdipCreateFont
GdipAddPathPieI
GdipCloneImage
GdipDrawImageRectI
GdipSetPenMode
GdipClosePathFigure
GdipDrawImageI
GdipDrawLinesI
GdipFillRectangle
GdipDeletePen
GdipLoadImageFromFile
GdipDrawLine
GdipLoadImageFromStream
GdipDeleteFont
GdipDrawImagePointsRectI
GdipDeleteFontFamily
GdipCreateFontFromLogfontW
GdipAddPathRectangleI
GdipDrawRectangleI
GdipSetCompositingQuality
GdipCreateImageAttributes
GdipCreatePen1
GdipCreateBitmapFromStream
GdipCreateSolidFill
GdipMeasureString
GdipDisposeImageAttributes
GdipCreateHBITMAPFromBitmap
GdipSetSmoothingMode
GdipDeleteGraphics

ws2_32

WSACleanup
WSAStartup
closesocket
WSAGetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
socket
WSASetLastError
freeaddrinfo
getaddrinfo
__WSAFDIsSet
select
ioctlsocket

psapi

GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

59f5910802ac8cfb6be7a8c673b229ad

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

ws2_32

psapi

version

Sections

.text Size: 528KB - Virtual size: 527KB

.rdata Size: 112KB - Virtual size: 110KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 120KB - Virtual size: 120KB

.text
Size: 528KB - Virtual size: 527KB

.rdata
Size: 112KB - Virtual size: 110KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 120KB - Virtual size: 120KB