fd253237050a6f06ea6c85118a69a0a631069846af5b062c0ff123f575202347

Sharing

Copy URL Twitter E-mail

General

Target

fd253237050a6f06ea6c85118a69a0a631069846af5b062c0ff123f575202347
Size

14.2MB
MD5

10c170c6fec4173f46493155342f3405
SHA1

30643ed9659cd5432492cc10d29b453aae9208bd
SHA256

fd253237050a6f06ea6c85118a69a0a631069846af5b062c0ff123f575202347
SHA512

afd1bc6667027f2a03796b35841ac0a31564fc03ae95da0847e47bff012a5796550911231f0e0eaad66367e15c9346e8d81dea8a32c2f627315d4ab92919996b
SSDEEP

393216:gwOBEIYhiqp8kLuc1oLoOjp5FhNCYnPJbrv7:ABEIciqp8yx1aoOTtLnFrv7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd253237050a6f06ea6c85118a69a0a631069846af5b062c0ff123f575202347

Files

fd253237050a6f06ea6c85118a69a0a631069846af5b062c0ff123f575202347
.exe windows:5 windows x86

f417d52acc9741075afcacd1d7d02826

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetTimeZoneInformation
GetFullPathNameA
SetStdHandle
WriteConsoleW
GetStringTypeW
SetHandleCount
CreateThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThreadId
GetModuleHandleA
GetVersion
GetFileAttributesA
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SetEvent
WaitForMultipleObjects
TerminateThread
SetThreadPriority
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToSystemTime
QueryPerformanceFrequency
FileTimeToLocalFileTime
HeapCreate
IsValidLocale
GetOEMCP
GetLocaleInfoW
GetSystemDirectoryW
IsProcessorFeaturePresent
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
SleepEx
GetCPInfo
SetConsoleMode
ReadConsoleInputA
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapAlloc
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapFree
ExitThread
DecodePointer
EncodePointer
InterlockedDecrement
PeekNamedPipe
InterlockedIncrement
RaiseException
ExpandEnvironmentStringsA
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
SetLastError
FormatMessageA
GetLocalTime
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSize
SetFileTime
GetFileSizeEx
DosDateTimeToFileTime
SystemTimeToFileTime
ReadFile
CreateFileW
DuplicateHandle
GlobalMemoryStatus
LoadLibraryA
GetFileType
SetFilePointer
FormatMessageW
LocalFree
FlushConsoleInputBuffer
GetACP
ExitProcess
GetCurrentDirectoryW
GetCurrentProcessId
LoadLibraryW
FreeLibrary
GetDiskFreeSpaceExW
OpenMutexW
CreateMutexW
WriteFile
CreateFileA
GetFileAttributesW
CreateProcessW
GetStdHandle
GetVersionExW
GetModuleFileNameW
MulDiv
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
VerifyVersionInfoW
VerSetConditionMask
OutputDebugStringW
TerminateProcess
Sleep
Process32NextW
OpenProcess
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
FindClose
FindNextFileW
FindFirstFileW
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetTickCount
MoveFileExW
CopyFileW
SetEnvironmentVariableA
WinExec
GetExitCodeProcess
ResetEvent
InitializeCriticalSection
CreateEventW
WaitForSingleObject
GetProcAddress
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetLastError
GetModuleHandleW
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
SetEndOfFile
GetProcessHeap
GetDriveTypeW
CompareStringW
IsValidCodePage

ws2_32

socket
WSACleanup
WSAStartup
WSAIoctl
setsockopt
getsockname
select
getsockopt
getpeername
connect
sendto
recvfrom
__WSAFDIsSet
WSASetLastError
send
recv
WSASetEvent
WSAGetLastError
ioctlsocket
getaddrinfo
freeaddrinfo
ntohl
htons
bind
listen
accept
htonl
gethostname
closesocket
ntohs

wldap32

ord208
ord145
ord219
ord14
ord118
ord26
ord133
ord127
ord142
ord79
ord167
ord301
ord27
ord41
ord46
ord216
ord73
ord147

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CryptQueryObject
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CertGetNameStringW
CertFreeCertificateChainEngine
CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryW
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore

user32

GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
InvalidateRgn
CreateAcceleratorTableW
CloseWindow
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
MsgWaitForMultipleObjectsEx
PeekMessageW
CallMsgFilterW
GetQueueStatus
WaitMessage
UnregisterClassW
GetWindowRgn
CharNextW
wvsprintfW
SetCursor
OffsetRect
MessageBoxW
SetWindowRgn
GetClassInfoExW
RegisterClassExW
LoadCursorW
RegisterClassW
SetPropW
GetPropW
CallWindowProcW
MonitorFromWindow
EnableWindow
ShowWindow
DefWindowProcW
TranslateMessage
GetSysColor
GetParent
GetWindow
BeginPaint
IsRectEmpty
UpdateLayeredWindow
EndPaint
GetUpdateRect
MapWindowPoints
CreateWindowExW
SetFocus
GetFocus
DestroyWindow
LoadStringW
SetWindowPos
PostMessageW
ReleaseCapture
SetCapture
InvalidateRect
GetWindowLongW
SetWindowLongW
GetDC
IsWindow
PostQuitMessage
KillTimer
SetTimer
PtInRect
LoadImageW
SendMessageW
IsZoomed
GetClientRect
ScreenToClient
ReleaseDC
EnumDisplaySettingsW
GetMonitorInfoW
EnumDisplayMonitors
GetCursorPos
GetKeyState
GetWindowRect
IsIconic
SetCaretPos
ShowCaret
HideCaret
CreateCaret
GetMessageW
ClientToScreen
SetRect
CharPrevW
DrawTextW
FillRect
IntersectRect
DispatchMessageW
MoveWindow

gdi32

GetObjectA
GetCharABCWidthsW
TextOutW
SetBkMode
SetTextColor
RoundRect
CreatePenIndirect
MoveToEx
LineTo
CreateSolidBrush
SetBkColor
ExtTextOutW
SetStretchBltMode
StretchBlt
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
CreateRectRgn
PtInRegion
CreateRoundRectRgn
CreateCompatibleDC
CreateDIBSection
SaveDC
BitBlt
RestoreDC
Rectangle
SetWindowOrgEx
DeleteDC
CreatePen
GetTextMetricsW
GetTextExtentPoint32W
GetObjectW
GetStockObject
DeleteObject
SelectObject
CreateFontIndirectW
GetDeviceCaps
CreateDCW

advapi32

CryptHashData
CreateServiceW
CloseServiceHandle
OpenServiceW
ControlService
DeleteService
RegOpenKeyExW
RegCloseKey
CryptImportKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
DeregisterEventSource
ReportEventA
CryptEncrypt
CryptDestroyKey
CryptCreateHash
RegisterEventSourceA
OpenSCManagerW
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

shell32

ShellExecuteW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetSpecialFolderLocation

ole32

CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize

gdiplus

GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipSetImageAttributesColorMatrix
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdiplusShutdown

comctl32

ord17
_TrackMouseEvent

msimg32

AlphaBlend

winmm

timeGetTime

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51.0MB - Virtual size: 51.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f417d52acc9741075afcacd1d7d02826

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

version

kernel32

ws2_32

wldap32

crypt32

user32

gdi32

advapi32

shell32

ole32

gdiplus

comctl32

msimg32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 327KB - Virtual size: 327KB

.data Size: 21KB - Virtual size: 45KB

.rsrc Size: 51.0MB - Virtual size: 51.0MB

.reloc Size: 208KB - Virtual size: 208KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 327KB - Virtual size: 327KB

.data
Size: 21KB - Virtual size: 45KB

.rsrc
Size: 51.0MB - Virtual size: 51.0MB

.reloc
Size: 208KB - Virtual size: 208KB