2ca60aaed0eec2361d3cdce11a91c4d9159edb4b7952aac9c846e8639460dc72

Sharing

Copy URL Twitter E-mail

General

Target

2ca60aaed0eec2361d3cdce11a91c4d9159edb4b7952aac9c846e8639460dc72
Size

1.2MB
MD5

a95245937e323a5e72cdef59bb86859f
SHA1

9c4e87b1e1f4abf336c7896874d14dfc9b97057c
SHA256

2ca60aaed0eec2361d3cdce11a91c4d9159edb4b7952aac9c846e8639460dc72
SHA512

61356688423bc977c1ce00bd98f634fc7f23d7101112ed01ea8ca5171e090a8038f8f499a03318d2a092b8e0573467971fcdfc847c940d3f9fcb5de632f62f87
SSDEEP

24576:MiS+keAI0cAgqIDyBLhdzkNNTeFstwD1oMsJpMgVQfG3cQsV:ZYPc2LHYN9VA1o53fVQe3FsV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ca60aaed0eec2361d3cdce11a91c4d9159edb4b7952aac9c846e8639460dc72

Files

2ca60aaed0eec2361d3cdce11a91c4d9159edb4b7952aac9c846e8639460dc72
.dll windows:6 windows x86

22baa9708e23c2839f86356bf0659446

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdiplusShutdown
GdipCloneImage
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdiplusStartup
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageWidth
GdipGetImageHeight
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile

kernel32

WideCharToMultiByte
K32GetModuleFileNameExW
Sleep
CreateThread
GetTickCount
RaiseException
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
SetLastError
GetCurrentThreadId
DecodePointer
CreateFileW
FlushFileBuffers
WriteFile
WaitForSingleObject
GetExitCodeProcess
lstrlenW
lstrcmpW
WritePrivateProfileStringW
SetEvent
CreateEventW
WaitForMultipleObjects
GetFileSizeEx
GetPrivateProfileStringW
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
OpenProcess
GetCurrentProcess
InitializeCriticalSectionEx
CloseHandle
GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetPrivateProfileIntW
FindFirstFileExA
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
VirtualQuery
GetSystemInfo
GetModuleHandleExW
ExitThread
RtlUnwind
CreateFileA
lstrcmpiA
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
SetFileTime
SetFileAttributesW
SignalObjectAndWait
CreateTimerQueue
InterlockedDecrement
InterlockedIncrement
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
CreateMutexW
GetLogicalDriveStringsW
GetLongPathNameW
GetStartupInfoW
SetFilePointer
OpenFileMappingW
GetFileSize
lstrcmpA
DeviceIoControl
GetVersionExW
GetSystemWindowsDirectoryW
LoadLibraryExW
FreeResource
InterlockedCompareExchange
ReleaseMutex
CopyFileW
GetTempPathW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
CreateSemaphoreW
WaitForMultipleObjectsEx
WaitNamedPipeW
FindNextFileA
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
FormatMessageW
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LocalFree
GetCurrentProcessId
ReadFile

user32

PostMessageW
DispatchMessageW
TranslateMessage
GetClassNameW
EnumWindows
SetParent
GetParent
LoadImageW
LoadIconW
SetClassLongW
SetWindowTextW
SetForegroundWindow
ReleaseCapture
SetFocus
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DestroyWindow
PostQuitMessage
AttachThreadInput
EnumDisplayMonitors
GetActiveWindow
GetWindowPlacement
SystemParametersInfoW
LoadCursorW
SetWindowLongW
GetWindowLongW
ScreenToClient
GetClientRect
InvalidateRect
SetWindowRgn
EndPaint
BeginPaint
KillTimer
SetTimer
IsZoomed
SetWindowPos
UpdateLayeredWindow
ShowWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
UnregisterClassW
RegisterWindowMessageW
PeekMessageW
GetMessageW
MonitorFromRect
OffsetRect
CopyRect
IsWindowVisible
GetAncestor
GetWindowInfo
GetMonitorInfoW
MonitorFromWindow
wsprintfW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
EnumDisplaySettingsW
RegisterClassW
MonitorFromPoint
GetWindow
GetWindowThreadProcessId
GetShellWindow
FindWindowExW
GetDesktopWindow
WindowFromPoint
MessageBoxW
GetWindowRect
ReleaseDC
GetDC
GetForegroundWindow
GetSystemMetrics
SendMessageTimeoutW
FindWindowW
IsWindow
SendMessageW
PostThreadMessageW

gdi32

GetObjectW
BitBlt
CreateCompatibleDC
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
CreateDIBSection
CreateRectRgn
CombineRgn
CreateCompatibleBitmap
SetViewportOrgEx
SetBkColor
ExtTextOutW

comdlg32

CommDlgExtendedError
GetSaveFileNameW

advapi32

RegEnumKeyExA
InitializeSecurityDescriptor
RegGetValueW
RegCreateKeyExW
RegSetValueExW
LookupPrivilegeValueW
GetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
MapGenericMask
GetFileSecurityW
DuplicateToken
AccessCheck
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHFileOperationW
ord165
SHCreateDirectoryExW
SHChangeNotify
ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateGuid
CreateStreamOnHGlobal

oleaut32

SysAllocString
VariantClear
SysFreeString

shlwapi

SHSetValueA
AssocQueryStringW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathCombineW
PathFindExtensionW
PathFileExistsW
PathAppendW
StrCmpIW
SHGetValueW
StrStrIW
StrTrimA
StrCmpNIW
PathIsDirectoryW
PathIsRootW
PathIsRelativeW
StrStrIA
SHSetValueW
SHGetValueA
PathFindFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

wininet

InternetGetConnectedState

Exports

Exports

GetWebWindowFactory
GetWebWindowFactoryEx

Sections

.text
Size: 903KB - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22baa9708e23c2839f86356bf0659446

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

version

urlmon

iphlpapi

crypt32

wintrust

psapi

wininet

Exports

Exports

Sections

.text Size: 903KB - Virtual size: 902KB

.rdata Size: 203KB - Virtual size: 202KB

.data Size: 26KB - Virtual size: 34KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 47KB - Virtual size: 46KB

.text
Size: 903KB - Virtual size: 902KB

.rdata
Size: 203KB - Virtual size: 202KB

.data
Size: 26KB - Virtual size: 34KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 47KB - Virtual size: 46KB