59c359f87c4155f48ae95e2fc10b31981c0f62db64fcc62b091a0450c0a99016

Sharing

Copy URL

Twitter E-mail

General

Target

59c359f87c4155f48ae95e2fc10b31981c0f62db64fcc62b091a0450c0a99016
Size

4.3MB
MD5

83d7276975493ffa19e7bc030bb4eeb4
SHA1

9d4933a32c604a599fbdaaf50496b22145eee236
SHA256

59c359f87c4155f48ae95e2fc10b31981c0f62db64fcc62b091a0450c0a99016
SHA512

670038b2e0c5f460a8bab7d7435dd9b0ab3d3eec7cd286cc4910ec60d469da6e1ea3eb23e24f93ce232e7e998db07d4322385694990e345eb17306908aa31508
SSDEEP

98304:V6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwc:TrFelu7QUkFqbJtPxwuoqlIx7CsX6/oV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59c359f87c4155f48ae95e2fc10b31981c0f62db64fcc62b091a0450c0a99016

Files

59c359f87c4155f48ae95e2fc10b31981c0f62db64fcc62b091a0450c0a99016
.dll windows:5 windows x86

3c5daac9a92c1b37960074e205133df8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AllocConsole
AssignProcessToJobObject
CancelIo
CloseHandle
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMailslotW
CreateMutexW
CreateNamedPipeW
CreatePipe
CreateProcessW
CreateSemaphoreW
CreateThread
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FindResourceExW
FindResourceW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHandleCount
GetProcessHeap
GetProcessId
GetProcessMitigationPolicy
GetProcessTimes
GetProductInfo
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadId
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalUnlock
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetModuleInformation
K32GetPerformanceInfo
K32GetProcessImageFileNameW
K32GetProcessMemoryInfo
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockFileEx
LockResource
MapViewOfFile
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
OpenEventW
OpenMutexW
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
Process32FirstW
Process32NextW
QueryFullProcessImageNameW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ReplaceFileW
ResetEvent
ResumeThread
RtlCaptureStackBackTrace
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetNamedPipeHandleState
SetProcessShutdownParameters
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableSRW
SleepEx
SuspendThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransactNamedPipe
TryAcquireSRWLockExclusive
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnlockFileEx
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WerRegisterRuntimeExceptionModule
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpA
lstrcmpiW
lstrlenW

gdi32

BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontW
CreatePen
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
ExtSelectClipRgn
GetCurrentObject
GetDeviceCaps
GetObjectW
GetStockObject
OffsetRgn
RoundRect
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetBrushOrgEx
SetStretchBltMode
SetTextColor
StretchBlt

user32

AllowSetForegroundWindow
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerW
CharNextW
CharUpperW
ClientToScreen
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumThreadWindows
FillRect
FindWindowExW
GetActiveWindow
GetAsyncKeyState
GetClientRect
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetGuiResources
GetMessageW
GetMonitorInfoW
GetNextDlgGroupItem
GetParent
GetQueueStatus
GetSystemMenu
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InvalidateRect
IsChild
IsWindowEnabled
IsWindowVisible
KillTimer
LoadCursorW
LoadIconW
LoadStringW
MapWindowPoints
MessageBoxW
MonitorFromPoint
MonitorFromWindow
MsgWaitForMultipleObjectsEx
NotifyWinEvent
OffsetRect
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RegisterClassExW
RegisterClassW
RegisterHotKey
ReleaseCapture
ReleaseDC
ScreenToClient
SendInput
SendMessageW
SendNotifyMessageW
SetCapture
SetCursor
SetFocus
SetForegroundWindow
SetProcessDPIAware
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
TrackMouseEvent
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UnregisterHotKey
WaitForInputIdle
wsprintfW

advapi32

AccessCheck
AdjustTokenPrivileges
AllocateAndInitializeSid
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
BuildTrusteeWithSidW
CheckTokenMembership
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CreateProcessAsUserW
DuplicateToken
DuplicateTokenEx
EqualSid
EventRegister
EventSetInformation
EventUnregister
EventWrite
FreeSid
GetExplicitEntriesFromAclW
GetLengthSid
GetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetTokenInformation
GetUserNameW
ImpersonateNamedPipeClient
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegGetKeySecurity
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RevertToSelf
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityInfo
SystemFunction036

shell32

CommandLineToArgvW
ord190
ord155
ord680
SHBrowseForFolderW
SHChangeNotify
SHCreateItemFromParsingName
SHGetDesktopFolder
SHGetFolderPathW
SHGetKnownFolderPath
SHGetPathFromIDListW
SHOpenWithDialog
ShellExecuteA
ShellExecuteExW
ShellExecuteW

ole32

CoAllowSetForegroundWindow
CoCreateInstance
CoInitializeEx
CoRegisterInitializeSpy
CoRevokeInitializeSpy
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CreateStreamOnHGlobal
IIDFromString
PropVariantClear
StringFromGUID2

msimg32

AlphaBlend
GradientFill

comctl32

ord413
ord412
ord410

gdiplus

GdipAddPathArc
GdipAddPathLine
GdipAddPathLineI
GdipAlloc
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCloneBrush
GdipCloneImage
GdipClosePathFigure
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateMatrix2
GdipCreatePath
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePen
GdipDisposeImage
GdipDrawEllipse
GdipDrawImageRectI
GdipDrawPath
GdipFillEllipse
GdipFillPath
GdipFillRectangle
GdipFree
GdipImageRotateFlip
GdipSetSmoothingMode
GdipTransformPath
GdiplusShutdown
GdiplusStartup

secur32

GetUserNameExW

dbghelp

MiniDumpWriteDump
SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptOpenAlgorithmProvider

wininet

HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetCrackUrlW
InternetErrorDlg
InternetOpenW
InternetReadFile
InternetSetStatusCallbackW

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertGetNameStringW
CryptBinaryToStringW
CryptDecodeObject
CryptEnumOIDInfo
CryptHashCertificate
CryptMsgClose
CryptMsgGetParam
CryptQueryObject

wintrust

WinVerifyTrust

oleaut32

SafeArrayCreate
SafeArrayGetVartype
SafeArrayPutElement
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysStringByteLen
VarUI4FromStr
VariantClear
VariantInit
VariantTimeToSystemTime

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathMatchSpecW
SHDeleteKeyW

propsys

InitPropVariantFromCLSID

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpWriteData

Exports

Exports

GetHandleVerifier
RunInstaller

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 361B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

malloc_h
Size: 512B - Virtual size: 185B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 778KB - Virtual size: 777KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c5daac9a92c1b37960074e205133df8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

advapi32

shell32

ole32

msimg32

comctl32

gdiplus

secur32

dbghelp

bcrypt

wininet

crypt32

wintrust

oleaut32

version

shlwapi

propsys

winmm

userenv

winhttp

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 578KB - Virtual size: 578KB

.data Size: 19KB - Virtual size: 103KB

.00cfg Size: 512B - Virtual size: 8B

.rodata Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 361B

CPADinfo Size: 512B - Virtual size: 48B

malloc_h Size: 512B - Virtual size: 185B

.rsrc Size: 778KB - Virtual size: 777KB

.reloc Size: 103KB - Virtual size: 103KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 578KB - Virtual size: 578KB

.data
Size: 19KB - Virtual size: 103KB

.00cfg
Size: 512B - Virtual size: 8B

.rodata
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 361B

CPADinfo
Size: 512B - Virtual size: 48B

malloc_h
Size: 512B - Virtual size: 185B

.rsrc
Size: 778KB - Virtual size: 777KB

.reloc
Size: 103KB - Virtual size: 103KB