4254dc59487151f60046332aa8669551bb6eb731ca8eaa5d1e9bb7c4e6e638d2

Sharing

Copy URL Twitter E-mail

General

Target

4254dc59487151f60046332aa8669551bb6eb731ca8eaa5d1e9bb7c4e6e638d2
Size

4.3MB
MD5

7a3f6c9d0825a115f12c4d81c6139a1b
SHA1

41520e746038ecff78078d5ae69b76c3b10f7e55
SHA256

4254dc59487151f60046332aa8669551bb6eb731ca8eaa5d1e9bb7c4e6e638d2
SHA512

447d53afc586e8e4727b91e1caaf7ec0e9cecf050fe8cb431ac047ac21f009a15101e7123327c0ffcc02d7462fcf09eeba6d78b71688b491f70b9e2d015ccf83
SSDEEP

98304:ta9Ka88jn47RLHzN2JsAEMrMLe1Inl/MRd1OOk:tYV3b47RLTNpTnl/qdjk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4254dc59487151f60046332aa8669551bb6eb731ca8eaa5d1e9bb7c4e6e638d2

Files

4254dc59487151f60046332aa8669551bb6eb731ca8eaa5d1e9bb7c4e6e638d2
.exe windows:6 windows x86

6ded59d6448424974a2d6616f8f0abc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetQueuedCompletionStatus
SetEvent
ResetEvent
GetLocalTime
GetSystemTimeAsFileTime
VerSetConditionMask
VerifyVersionInfoW
lstrlenW
lstrcmpiW
LoadLibraryExW
SetFileTime
SetFileAttributesW
PostQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
GlobalFlags
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileSizeEx
VirtualQuery
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetFileType
GetStdHandle
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringEx
LocalFree
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
GetEnvironmentVariableW
OutputDebugStringA
CreateProcessW
SetCurrentDirectoryW
GetConsoleMode
GetCurrentProcess
FindNextFileW
GetCommandLineW
CreateDirectoryW
FreeLibrary
LoadLibraryW
GetUserDefaultLCID
GetTickCount
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
GlobalReAlloc
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
GetCurrentDirectoryW
CreateToolhelp32Snapshot
TerminateThread
GetExitCodeThread
CreateThread
SetWaitableTimer
CreateWaitableTimerW
OpenEventW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetFileAttributesW
ExitProcess
CreateEventW
LeaveCriticalSection
WriteFile
SetFilePointerEx
ReadFile
SetFilePointer
CreateFileW
FindClose
FindFirstFileW
CopyFileW
GetModuleFileNameW
GetTempPathW
GetSystemDirectoryW
GetWindowsDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTickCount64
GetTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
GetModuleFileNameA
Sleep
MoveFileW
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
CreateMutexExW
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
HeapSize
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSectionEx
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
ReadConsoleW

user32

OffsetRect
ClientToScreen
DrawStateW
DrawFocusRect
GetNextDlgTabItem
FillRect
CopyRect
FrameRect
DrawTextW
DrawEdge
BeginPaint
EndPaint
RegisterClassExW
GetClassInfoExW
wsprintfW
GetWindowThreadProcessId
MonitorFromWindow
SetActiveWindow
WaitForInputIdle
OpenClipboard
GetMonitorInfoW
CloseClipboard
EmptyClipboard
WindowFromPoint
InflateRect
IsWindowVisible
ReleaseCapture
PtInRect
SetCapture
MessageBoxA
DrawFrameControl
DestroyMenu
CreateAcceleratorTableW
DestroyAcceleratorTable
UnregisterClassW
DestroyIcon
DestroyCursor
MessageBoxW
GetWindowLongW
SetWindowPos
SetWindowLongW
InvalidateRect
GetWindowTextW
GetSubMenu
TrackPopupMenu
CreatePopupMenu
DeleteMenu
FindWindowExW
IsIconic
GetClassNameW
IntersectRect
IsRectEmpty
SetMenu
IsWindowEnabled
IsChild
GetDlgCtrlID
IsDialogMessageW
DrawIcon
SetWindowRgn
RegisterWindowMessageW
GetSystemMenu
GetLastActivePopup
MessageBeep
ChildWindowFromPointEx
SetScrollPos
IsZoomed
GetTopWindow
SystemParametersInfoW
EnumWindows
SetClipboardData
EnumDisplaySettingsW
PostMessageW
GetPropW
GetWindowTextLengthW
ShowWindow
SetParent
MoveWindow
GetActiveWindow
DefWindowProcW
CallWindowProcW
WinHelpW
DestroyWindow
SendMessageW
SetScrollRange
GetScrollRange
GetScrollPos
GetSysColor
GetDlgItem
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SetWindowTextW
EnableWindow
LoadCursorW
GetCursorPos
SetCursorPos
GetWindowRect
GetParent
ScreenToClient
GetFocus
IsWindow
SetFocus
GetClientRect
GetKeyState
SetCursor
AdjustWindowRectEx
SetRect
CheckMenuItem
GetMenuState
GetMenuStringW
SetTimer
KillTimer
MsgWaitForMultipleObjects
ReleaseDC
GetWindowDC
GetSystemMetrics
GetDC
LoadImageW
GetDesktopWindow
LoadIconW
SetPropW
RegisterClassW
GetClassInfoW
LoadStringW
RemovePropW
CreateWindowExW
RedrawWindow
GetMessagePos
CharNextW
CreateMenu
PostQuitMessage
AppendMenuW
GetWindow
TranslateAcceleratorW

gdi32

CreatePen
LineTo
GetPixel
CreateEllipticRgn
CreateRoundRectRgn
GetClipBox
ExcludeClipRect
GetTextMetricsW
DPtoLP
SetROP2
SetMapMode
LPtoDP
GetViewportExtEx
MoveToEx
SelectObject
CreateDCW
PatBlt
GetWindowExtEx
SetBkMode
GetViewportOrgEx
CombineRgn
SetViewportOrgEx
CreatePatternBrush
GetWindowOrgEx
SetWindowExtEx
SetWindowOrgEx
CreateHatchBrush
CreateBrushIndirect
CreateBitmap
RoundRect
CreateRectRgn
SetTextColor
CreateDIBSection
SetDIBColorTable
DeleteObject
DeleteDC
CreateFontIndirectW
SetStretchBltMode
GetObjectW
CreatePalette
SelectPalette
GetSystemPaletteEntries
GetDeviceCaps
GetDIBits
GetStockObject
SelectClipRgn
SetBkColor
CreateSolidBrush
ExtSelectClipRgn
ExtTextOutW
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
RealizePalette
StretchBlt
GdiAlphaBlend
SetPolyFillMode
Rectangle

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
ChooseColorW

advapi32

RegGetValueW
EventWriteTransfer
EventSetInformation
EventRegister
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
EventUnregister

shell32

DragQueryFileW
DragFinish
ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CLSIDFromString
CoUninitialize
OleRun
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromProgID
CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

VarUI4FromStr
SystemTimeToVariantTime
LHashValOfNameSys
VariantInit
LoadTypeLi
VariantCopyInd
RegisterTypeLi
SysAllocString
VariantCopy
VarCmp
VariantChangeType
VariantClear
VariantTimeToSystemTime
SysFreeString

comctl32

_TrackMouseEvent
ImageList_Create
ImageList_AddMasked
InitCommonControlsEx
ImageList_Destroy
ImageList_SetBkColor
ImageList_GetImageCount

libcrypto-1_1

CONF_modules_unload
EVP_CIPHER_CTX_new
EVP_CipherInit_ex
EVP_CIPHER_CTX_set_padding
EVP_CipherUpdate
EVP_CIPHER_CTX_free
OPENSSL_init_crypto
EVP_rc4

sqlite3

sqlite3_open_v2
sqlite3_exec
sqlite3_free
sqlite3_prepare_v2
sqlite3_column_count
sqlite3_step
sqlite3_column_int
sqlite3_column_text
sqlite3_finalize
sqlite3_last_insert_rowid
sqlite3_close_v2

libcurl

curl_easy_cleanup
curl_slist_append
curl_easy_pause
curl_slist_free_all
curl_easy_perform
curl_easy_getinfo
curl_easy_init
curl_easy_setopt
curl_global_cleanup
curl_global_init

cximagecrt

?GetType@CxImage@@QBEIXZ
?Save@CxImage@@QAE_NPB_WI@Z
?GrayScale@CxImage@@QAE_NXZ
?RedEyeRemove@CxImage@@QAE_NM@Z
?RGBtoRGBQUAD@CxImage@@SA?AUtagRGBQUAD@@K@Z
?GetWidth@CxImage@@QBEIXZ
?Load@CxImage@@QAE_NPB_WI@Z
?DestroyFrames@CxImage@@QAE_NXZ
?Destroy@CxImage@@QAE_NXZ
??0CxImage@@QAE@I@Z
?Expand@CxImage@@QAE_NHHHHUtagRGBQUAD@@PAV1@@Z
?Crop@CxImage@@QAE_NHHHHPAV1@@Z
??0CxMemFile@@QAE@PAEI@Z
??1CxMemFile@@UAE@XZ
?GetHeight@CxImage@@QBEIXZ
?GetBuffer@CxMemFile@@QAEPAE_N@Z
?Size@CxMemFile@@UAEHXZ
?Encode@CxImage@@QAE_NPAVCxFile@@I@Z
?RotateRight@CxImage@@QAE_NPAV1@@Z
?RotateLeft@CxImage@@QAE_NPAV1@@Z
?Decode@CxImage@@QAE_NPAVCxFile@@I@Z
?Open@CxMemFile@@QAE_NXZ

libxl

xlCreateXMLBookCW
xlSheetReadStrW
xlSheetLastRowW
xlCreateBookCW
xlBookSetKeyW
xlBookReleaseW
xlBookLoadW
xlBookGetSheetW

skinhu

SkinH_AttachEx
SkinH_Detach

gdiplus

GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipGetImagePalette
GdipSetCompositingMode
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0

ws2_32

WSACleanup

shlwapi

PathFindFileNameW
SHCreateStreamOnFileEx
PathFindExtensionW

uxtheme

OpenThemeData
DrawThemeBackground
CloseThemeData

winmm

PlaySoundW

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ded59d6448424974a2d6616f8f0abc3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

libcrypto-1_1

sqlite3

libcurl

cximagecrt

libxl

skinhu

gdiplus

ws2_32

shlwapi

uxtheme

winmm

imm32

msvcrt

iphlpapi

psapi

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.sedata Size: 1.1MB - Virtual size: 1.1MB

.idata Size: 11KB - Virtual size: 12KB

.rsrc Size: 10KB - Virtual size: 12KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.sedata
Size: 1.1MB - Virtual size: 1.1MB

.idata
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 10KB - Virtual size: 12KB

.sedata
Size: 4KB - Virtual size: 4KB