a85b64acaf924eba40f8f5972f885c9f307d1fb3a3d66774a5b4fcc75cd066d2

Sharing

Copy URL Twitter E-mail

General

Target

a85b64acaf924eba40f8f5972f885c9f307d1fb3a3d66774a5b4fcc75cd066d2
Size

2.4MB
MD5

49ec4964cee5fcf26cea52af8be9a6ba
SHA1

009c98cea4966dcbcb632f95f6bd95f1b236d5ad
SHA256

a85b64acaf924eba40f8f5972f885c9f307d1fb3a3d66774a5b4fcc75cd066d2
SHA512

b1fb1b44471df63d43a7ebca826a1d63bd2d63c5b9f4c557fa85d8ace2b035a929299c65334c87e4df6e4a3d4adf3128229caf2a99df9046fa5d25564c8091c5
SSDEEP

49152:Ojo53YGJn06Sn2PCai9C+91VjPpWS2y2cjlIOKtSoIWCPBE3iZD+2ZMWEhro/0IJ:XpYGJn0Tn26ai91VjPpWm2cyOUSoIWSN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a85b64acaf924eba40f8f5972f885c9f307d1fb3a3d66774a5b4fcc75cd066d2

Files

a85b64acaf924eba40f8f5972f885c9f307d1fb3a3d66774a5b4fcc75cd066d2
.exe windows:5 windows x86

6665dd416aa0ca4f504518f1f8fda707

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetConnectW
InternetSetStatusCallbackW
InternetQueryDataAvailable
InternetQueryOptionW
InternetSetOptionW
HttpSendRequestW
HttpQueryInfoW
HttpOpenRequestW
InternetReadFileExW
InternetCanonicalizeUrlW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpSendRequestExW
InternetReadFile
InternetWriteFile
HttpAddRequestHeadersW
HttpEndRequestW
HttpQueryInfoA
InternetOpenW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winspool.drv

ClosePrinter
EnumPrintersW
DocumentPropertiesW
OpenPrinterW
ord203
DeviceCapabilitiesW
GetPrinterW
ord201
ord202

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

ws2_32

WSACleanup
WSAStartup
accept
listen
send
closesocket
socket
bind
recv
setsockopt
htons
gethostbyname
inet_ntoa
gethostname

kernel32

TlsFree
SetLastError
GetCurrentThread
HeapCreate
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
GetACP
GetOEMCP
InitializeCriticalSectionAndSpinCount
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
SetEndOfFile
GetProcessHeap
WriteConsoleW
SetEnvironmentVariableA
DeactivateActCtx
ActivateActCtx
FreeResource
MulDiv
GlobalSize
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryExW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
lstrcmpA
SetThreadPriority
ResumeThread
SuspendThread
CreateActCtxW
ReleaseActCtx
GetThreadLocale
lstrcmpiW
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
lstrlenA
GlobalGetAtomNameW
GlobalReAlloc
LocalReAlloc
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
GetNumberFormatW
GetProfileIntW
SearchPathW
VirtualProtect
FindResourceExW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
SetUnhandledExceptionFilter
CompareStringW
LCMapStringW
RtlUnwind
RaiseException
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetCPInfo
FindFirstFileExA
GetDriveTypeA
HeapReAlloc
HeapAlloc
TlsSetValue
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetLocaleInfoW
DeleteCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
GlobalHandle
LoadLibraryA
ReadFile
lstrcpynW
GetVersionExW
GetSystemDirectoryW
GetFileSize
CreateEventW
ResetEvent
SetEvent
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetWindowsDirectoryW
GetExitCodeProcess
GetCurrentProcess
InterlockedIncrement
FindCloseChangeNotification
WaitForSingleObject
WideCharToMultiByte
LoadLibraryW
FreeLibrary
CreateFileW
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
DeleteFileA
FindNextFileA
RemoveDirectoryA
GetFileAttributesW
WaitForMultipleObjects
FindNextChangeNotification
GetTempPathW
FormatMessageW
FindFirstChangeNotificationW
GetTempFileNameW
FindNextFileW
InterlockedDecrement
LocalFree
LocalAlloc
GlobalFree
GlobalUnlock
GlobalFlags
GlobalAlloc
GlobalLock
GetTickCount
InitializeCriticalSection
GetTickCount64
GetCurrentProcessId
FileTimeToLocalFileTime
GetLocalTime
GetProcAddress
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
FileTimeToSystemTime
CopyFileW
GetModuleHandleW
GetComputerNameW
CreateMutexW
GetLastError
CreateThread
GetProcessId
EnterCriticalSection
LeaveCriticalSection
OpenProcess
LockResource
SizeofResource
GetPrivateProfileStringW
LoadResource
FindResourceW
lstrcatW
MultiByteToWideChar
lstrcpyW
lstrlenW
lstrcmpW
DeleteFileW
CloseHandle
FindClose
FindFirstFileA
Sleep
GetProcessTimes
WriteFile
CreateDirectoryW
GetDriveTypeW
FindFirstFileW
CreateFileA
TlsGetValue
TlsAlloc
HeapFree
GetFileType
ExitThread
HeapQueryInformation
VirtualAlloc
GetSystemInfo
VirtualQuery
IsValidCodePage

user32

CopyIcon
CharUpperBuffW
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DestroyCursor
GetWindowRgn
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsRectEmpty
IsZoomed
GetAsyncKeyState
NotifyWinEvent
MessageBeep
ReleaseCapture
WindowFromPoint
SetCapture
SetWindowRgn
GetSystemMenu
DestroyMenu
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
CharUpperW
GetMessageW
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
SetCursor
PostQuitMessage
IntersectRect
InflateRect
MapVirtualKeyW
GetKeyNameTextW
ShowWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
UnpackDDElParam
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
CopyRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringW
DrawTextExW
TabbedTextOutW
AppendMenuW
GetMenuItemID
InsertMenuW
RemoveMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
ScreenToClient
ClientToScreen
PtInRect
GetWindowThreadProcessId
IsWindowEnabled
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetScrollPos
GetWindow
GetWindowLongW
SetFocus
GetClassNameW
InvalidateRect
UpdateWindow
DrawStateW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
DispatchMessageW
LoadImageW
GetParent
GetDesktopWindow
SetWindowPos
DestroyIcon
MoveWindow
CloseClipboard
GetClipboardData
OpenClipboard
wsprintfA
SetTimer
TrackPopupMenu
IsIconic
IsChild
KillTimer
GetSubMenu
DeleteMenu
GetFocus
GetMenuStringW
DrawIcon
GetMenuItemInfoW
LoadIconW
LoadMenuW
GetMenuItemCount
IsWindow
GetSystemMetrics
GetLastActivePopup
FindWindowW
BringWindowToTop
MessageBoxW
GetCursorPos
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
FrameRect
RegisterClipboardFormatW
EmptyClipboard
SetClipboardData
GetIconInfo
HideCaret
InvertRect
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
GetWindowRect
GetClientRect
DrawTextW
GetSysColor
FillRect
OffsetRect
ValidateRect
SendMessageW
EnableWindow
SendMessageA
wsprintfW
SetClassLongW
DestroyAcceleratorTable
SetParent
UnregisterClassW
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
SetRect
GetForegroundWindow
CharNextW
WaitMessage
RegisterClassW
CopyImage
GetDlgCtrlID

gdi32

MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
PatBlt
CreateFontIndirectW
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateDIBitmap
CreateCompatibleBitmap
Escape
EnumFontFamiliesW
GetTextCharsetInfo
GetTextExtentPoint32W
CreateRoundRectRgn
CreateDIBSection
GetBkColor
LineTo
GetRgnBox
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
GetBoundsRect
GetTextFaceW
SetPixelV
ExtTextOutW
TextOutW
RectVisible
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
GetDeviceCaps
GetObjectW
DeleteObject
CreateBitmap
SelectObject
GetStockObject
FrameRgn
GetTextMetricsW
CreateRectRgnIndirect
FillRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateFontW
GetTextColor
CreateSolidBrush
PtVisible
SetViewportOrgEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleW

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegQueryValueExA
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
ShellExecuteExW
ShellExecuteW
SHFileOperationW
SHBrowseForFolderW
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetFileInfoW
SHBrowseForFolderA
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
Shell_NotifyIconW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathRemoveFileSpecW

ole32

CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
OleCreateMenuDescriptor
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitializeEx
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium

oleaut32

GetErrorInfo
VariantChangeType
SysStringLen
VariantCopy
VarBstrCmp
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
OleCreateFontIndirect
VariantInit
SysAllocStringLen
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 375KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6665dd416aa0ca4f504518f1f8fda707

Headers

DLL Characteristics

File Characteristics

Imports

wininet

version

winspool.drv

psapi

ws2_32

kernel32

user32

gdi32

msimg32

comdlg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 375KB - Virtual size: 374KB

.data Size: 31KB - Virtual size: 63KB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 201KB - Virtual size: 200KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 375KB - Virtual size: 374KB

.data
Size: 31KB - Virtual size: 63KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 201KB - Virtual size: 200KB