c8d7d4d3be332732b114bb141e2ad7f9b5056d6f8a34e28dfa00dc1c3c2f1969

Sharing

Copy URL Twitter E-mail

General

Target

c8d7d4d3be332732b114bb141e2ad7f9b5056d6f8a34e28dfa00dc1c3c2f1969
Size

4.0MB
MD5

d03ffd98dc8a0b35da2282cbf846347f
SHA1

e1b3f8442d62b72522cdb598215609237aa5afc9
SHA256

c8d7d4d3be332732b114bb141e2ad7f9b5056d6f8a34e28dfa00dc1c3c2f1969
SHA512

c5bc9b4e27a5016fede42705d449be06d68bb5e8eb1f5c2a3ceeff1d9b1112297572247514c0da27398d290aeb28d436059001d0fd671516fb83613f4687fab9
SSDEEP

98304:orQVQ9j/D0P/uNhE7p7Nr5DCvkGbnzOeQE+EN+Gb6fjg:RQG5jGzJZ+Nz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8d7d4d3be332732b114bb141e2ad7f9b5056d6f8a34e28dfa00dc1c3c2f1969

Files

c8d7d4d3be332732b114bb141e2ad7f9b5056d6f8a34e28dfa00dc1c3c2f1969
.dll windows:6 windows x86

8dba89ac97d5472774645ad374711e76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAIoctl
getaddrinfo
freeaddrinfo
accept
ntohs
recvfrom
sendto
ioctlsocket
gethostname
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
WSACleanup
shutdown
setsockopt
htonl
getservbyname
gethostbyname
listen
WSAStartup

wldap32

ord33
ord32
ord27
ord301
ord22
ord41
ord50
ord60
ord200
ord79
ord26
ord30
ord211
ord46
ord217
ord143
ord35

kernel32

MulDiv
FlushInstructionCache
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
FreeResource
LockResource
SetLastError
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetTickCount
GetVersionExW
FreeLibrary
LoadLibraryW
GetLocalTime
GetVersionExA
LoadLibraryA
GetModuleHandleA
FormatMessageA
InitializeCriticalSectionEx
SleepEx
GetTickCount64
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
GetSystemDirectoryA
VerifyVersionInfoA
FlushConsoleInputBuffer
WriteFile
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
GetSystemTime
SystemTimeToFileTime
FindFirstFileExW
ReadConsoleInputW
SetConsoleMode
SetEndOfFile
GetFileAttributesExW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
SetFilePointerEx
GetModuleHandleExW
LeaveCriticalSection
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
RaiseException
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
ResetEvent
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
TryEnterCriticalSection
lstrcpynW
lstrcpynA
GlobalFree
lstrcpyA
OutputDebugStringA
OpenProcess
GetNativeSystemInfo
OutputDebugStringW
EnterCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
ExitThread
ExitProcess
CreateThread
Sleep
ReadFile
TerminateProcess
CreateProcessA
GetStartupInfoA
CreatePipe
MultiByteToWideChar
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
WideCharToMultiByte
FindFirstFileW
FindClose
GetCurrentProcess
GetModuleHandleW
GetProcAddress
lstrlenA
GetPrivateProfileStringW
GetModuleFileNameW
GetLastError
lstrcpyW
GlobalUnlock
GlobalLock
GlobalAlloc
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
FlushFileBuffers

user32

MessageBoxW
SendMessageW
PtInRect
CopyRect
InflateRect
IsRectEmpty
GetProcessWindowStation
FillRect
InvertRect
DrawIconEx
OffsetRect
GetForegroundWindow
MsgWaitForMultipleObjects
UpdateLayeredWindow
GetUserObjectInformationW
IsIconic
ShowWindow
PostMessageW
SetRect
GetActiveWindow
CallWindowProcW
SetWindowLongW
FindWindowExW
SetTimer
KillTimer
SetCursor
IntersectRect
UnionRect
EqualRect
IsWindow
DestroyWindow
LoadCursorW
DestroyCursor
CharNextW
DestroyIcon
GetIconInfo
DefWindowProcW
UnregisterClassW
RegisterClassExW
CreateWindowExW
SetWindowPos
GetDlgItem
GetClientRect
GetWindowRect
MapWindowPoints
GetWindowLongW
GetParent
GetWindow
GetDesktopWindow
SetActiveWindow
EnableWindow
MapVirtualKeyA
MessageBoxA
GetCursorPos
ScreenToClient
CharLowerBuffW
SystemParametersInfoA
DrawTextW
IsWindowVisible
GetSystemMetrics
EnableMenuItem
ClientToScreen
MonitorFromWindow
GetMonitorInfoW
TrackMouseEvent
PostQuitMessage
AnimateWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadIconW
LoadImageW
CreateIconFromResource
LoadBitmapW
GetKeyState
GetFocus
GetSysColor
SetMenuContextHelpId
SetForegroundWindow
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsWindowEnabled
IsMenu
GetClassNameW
IsZoomed
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
SetLayeredWindowAttributes

gdi32

GetClipRgn
GetRgnBox
GetTextColor
GetTextExtentPoint32W
IntersectClipRect
OffsetRgn
Pie
PtInRegion
RectInRegion
RestoreDC
RoundRect
SaveDC
ExtSelectClipRgn
SetRectRgn
SetTextColor
GetWorldTransform
SetWorldTransform
SetViewportOrgEx
CreateCompatibleBitmap
Arc
GetObjectW
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
GetDeviceCaps
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
EnumFontsW
BitBlt
CreateRoundRectRgn
DeleteObject
CreateDIBSection
Polyline
GetCurrentObject
GetViewportOrgEx
CombineRgn
CreateEllipticRgnIndirect
CreatePen
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
Ellipse
StretchBlt
ExcludeClipRect

advapi32

CryptDecrypt
CryptExportKey
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey

shell32

SHBrowseForFolderW
Shell_NotifyIconW
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

StringFromGUID2
CoCreateGuid
CreateBindCtx
CLSIDFromProgID
CLSIDFromString
OleLockRunning
OleInitialize
CoTaskMemFree
IIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString

shlwapi

StrToIntExW

iphlpapi

GetAdaptersInfo

gdiplus

GdipGetImageEncodersSize
GdipDrawImageRectI
GdipGraphicsClear
GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

msimg32

AlphaBlend
GradientFill

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty

Exports

Exports

BindControlAndNSISScript
BindingProgress
ClosePage
CloseProcess
FindChildByName
FindProcess
FindStringByName
GetControlProperties
InitWindow
NSISMessageBox
NSISOpenFolderDialog
NSISScriptSendMessage
SetControlProperties
ShowPage

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 583KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dba89ac97d5472774645ad374711e76

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

gdiplus

imm32

msimg32

crypt32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 583KB - Virtual size: 583KB

.data Size: 75KB - Virtual size: 155KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 127KB - Virtual size: 127KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 583KB - Virtual size: 583KB

.data
Size: 75KB - Virtual size: 155KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 127KB - Virtual size: 127KB