470d37f7903e3bb726cb9b5c259fc3f3828a152c88d2112c8654567355e24f35

Sharing

Copy URL

Twitter E-mail

General

Target

470d37f7903e3bb726cb9b5c259fc3f3828a152c88d2112c8654567355e24f35
Size

14.8MB
MD5

209f2e311cb897f4ffdbbc614a8d4149
SHA1

ea61ebb488b25170b0ea6dfae47abbe97164fde2
SHA256

470d37f7903e3bb726cb9b5c259fc3f3828a152c88d2112c8654567355e24f35
SHA512

579fa9f2ae9349d5b8ee6c137d3ca3edb070a6a98ec151a6eed4f43270e91f90108cac6de0e1856787ed02ebeddae5052503bb5f09d8bf1047a7352e78210ba3
SSDEEP

393216:AZ5PdY3KwbDUQy0Z08RBCxXJq3oFP3XO:i4Kmxy0Z08RBCxXJxFP3XO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
470d37f7903e3bb726cb9b5c259fc3f3828a152c88d2112c8654567355e24f35

Files

470d37f7903e3bb726cb9b5c259fc3f3828a152c88d2112c8654567355e24f35
.exe windows:6 windows x64

bef43e3adb91d52cb66367b9ce4250f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_Create
ImageList_AddMasked
ord412
ord410
ord413
ord345
InitCommonControlsEx
ImageList_Destroy
CreatePropertySheetPageW
ImageList_GetIconSize
ImageList_Draw

kernel32

IsDebuggerPresent
Sleep
QueryPerformanceFrequency
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetLogicalDrives
CloseHandle
FindResourceW
GetModuleHandleW
MulDiv
VerSetConditionMask
VerifyVersionInfoW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapCreate
HeapFree
GetCurrentProcess
TerminateProcess
GetEnvironmentVariableA
WaitForSingleObject
GetCurrentThreadId
GetLocaleInfoA
CreateToolhelp32Snapshot
DebugBreak
CreateMutexW
ReleaseMutex
DecodePointer
LCMapStringEx
LoadLibraryExA
WriteConsoleW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
HeapSize
GetProcessHeap
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
ReadConsoleW
SetEnvironmentVariableW
GetModuleHandleExW
FreeLibraryAndExitThread
InitializeSRWLock
PeekNamedPipe
TlsFree
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlUnwind
RtlPcToFileHeader
RtlUnwindEx
InitializeCriticalSectionEx
GetStartupInfoW
InitializeSListHead
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetConsoleMode
CreateSemaphoreW
GetProcessAffinityMask
ReleaseSemaphore
MoveFileW
FlushFileBuffers
GetFileType
SetEndOfFile
CreateHardLinkW
RemoveDirectoryW
DeviceIoControl
SetThreadPriority
SetLastError
SetConsoleCtrlHandler
GetCurrentDirectoryW
FoldStringW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
IsDBCSLeadByte
GetCPInfo
CompareStringW
AreFileApisANSI
LocalFileTimeToFileTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
RaiseException
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualProtect
GetSystemDirectoryW
OpenThread
VirtualQuery
GetThreadContext
GetModuleHandleA
ResumeThread
SuspendThread
Thread32First
Thread32Next
AllocConsole
FormatMessageA
CreateProcessW
InitializeConditionVariable
GetThreadGroupAffinity
InitOnceBeginInitialize
InitOnceComplete
WakeConditionVariable
GetEnvironmentVariableW
FreeLibrary
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
GetFileAttributesW
OutputDebugStringA
GetTempPathW
GetUserDefaultUILanguage
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SetErrorMode
GetDateFormatW
GetTimeFormatW
MoveFileExW
LocalFree
FormatMessageW
LoadResource
LockResource
SizeofResource
SetThreadExecutionState
GlobalAddAtomW
GlobalDeleteAtom
GetTickCount
GetSystemTime
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetCurrentThread
Process32FirstW
Process32NextW
OpenProcess
ExitProcess
GetCommandLineW
GetLastError
SetUnhandledExceptionFilter
SetFilePointerEx
SetCurrentDirectoryW
LoadLibraryA
AttachConsole
GetVersionExW
GetStdHandle
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
GlobalMemoryStatusEx
GetCurrentProcessId
HeapDestroy
Module32NextW
Module32FirstW
HeapAlloc
CreateThread
GetSystemInfo
HeapReAlloc
SetEvent
ReadDirectoryChangesW
QueueUserAPC
ResetEvent
ExitThread
WaitForMultipleObjectsEx
CompareFileTime
CancelIo
GetFileTime
GetDriveTypeW
GetTempFileNameW
CopyFileW
DeleteFileW
GetFileAttributesExW
GetFileInformationByHandle
SetFileAttributesW
GetVolumePathNameW
SetFileTime
GetDriveTypeA
GetPrivateProfileIntW
GetShortPathNameW
CreateEventW
GetACP
MultiByteToWideChar
GetExitCodeProcess
ReadFile
SetFilePointer
TlsSetValue
TlsAlloc
TlsGetValue
CreateEventA
GetModuleFileNameA
GetFullPathNameA
FindClose
FindFirstFileW
GetFullPathNameW
FindNextFileW
lstrcpynW
GetWindowsDirectoryW
WideCharToMultiByte
GetLocaleInfoW
SetNamedPipeHandleState
WriteFile
CreateFileW
CreateDirectoryW
GetFileSizeEx
WritePrivateProfileStringW
GetLongPathNameW

user32

EndPaint
GetMessagePos
WindowFromDC
IsWindowEnabled
GetUpdateRect
SetRectEmpty
GetClassInfoExW
RegisterWindowMessageW
ClientToScreen
SetLayeredWindowAttributes
DeferWindowPos
GetPropW
RemovePropW
BeginDeferWindowPos
SetPropW
EndDeferWindowPos
HideCaret
SetClassLongPtrW
ShowCaret
LoadImageW
IsCharAlphaNumericW
GetWindowThreadProcessId
GetMessageW
AllowSetForegroundWindow
LoadBitmapW
TranslateAcceleratorW
LoadCursorW
GetClassNameW
SetParent
MapVirtualKeyW
ScreenToClient
IsWindow
CharLowerBuffW
GetAncestor
IsCharUpperW
CheckRadioButton
EndDialog
SetDlgItemTextW
SendDlgItemMessageW
DialogBoxIndirectParamW
IsDlgButtonChecked
SetWindowLongW
CheckDlgButton
DialogBoxParamW
MoveWindow
OpenClipboard
CloseClipboard
EmptyClipboard
GetWindowTextLengthW
ReuseDDElParam
ShowWindowAsync
IsWindowUnicode
UnpackDDElParam
ModifyMenuW
CheckMenuRadioItem
GetMenuItemID
GetMenu
SetMenuItemInfoW
SetMenu
DrawTextExW
InsertMenuW
GetWindowLongW
GetWindow
FindWindowExW
GetFocus
IsChild
MessageBeep
GetDesktopWindow
UpdateWindow
MessageBoxW
MsgWaitForMultipleObjects
DispatchMessageW
IsDialogMessageW
PeekMessageW
TranslateMessage
GetDlgItem
PostQuitMessage
EnableWindow
MessageBoxA
SendMessageW
BringWindowToTop
LoadIconW
SetActiveWindow
DestroyWindow
GetMenuItemInfoW
GetSystemMenu
BeginPaint
GetWindowRect
IsWindowVisible
SetWindowPos
GetMenuItemCount
CallWindowProcW
CreateWindowExW
CreatePopupMenu
GetWindowLongPtrW
RegisterClassExW
GetClassLongPtrW
TrackPopupMenu
SendInput
GetCursorPos
SetForegroundWindow
DdeFreeStringHandle
DdeDisconnect
DrawTextW
CheckMenuItem
SetClipboardData
DdeFreeDataHandle
DdeClientTransaction
DdeUninitialize
DdeInitializeW
TrackMouseEvent
GetMonitorInfoW
GetWindowInfo
DdeConnect
DdeCreateStringHandleW
DestroyCursor
EnumDisplayMonitors
MonitorFromWindow
MonitorFromRect
CopyImage
GetKeyState
AdjustWindowRectEx
OemToCharA
CharToOemA
OemToCharBuffA
CharLowerW
CharUpperW
CharToOemBuffW
ShowWindow
InvalidateRgn
OffsetRect
RedrawWindow
MapWindowPoints
SetMenuDefaultItem
GetForegroundWindow
DestroyMenu
ReleaseDC
FindWindowW
GetWindowDC
TrackPopupMenuEx
RemoveMenu
GetClientRect
IsZoomed
AppendMenuW
DrawIconEx
EnableMenuItem
DrawEdge
GetParent
DrawFrameControl
InvalidateRect
SetScrollInfo
DefWindowProcW
ShowScrollBar
GetDC
FillRect
GetCursor
GetScrollInfo
GetScrollPos
GetCapture
SetTimer
SetFocus
SetCapture
SetCursor
KillTimer
GetSystemMetrics
SystemParametersInfoW
GetSysColor
DestroyAcceleratorTable
CreateAcceleratorTableW
PostMessageW
CreateMenu
SetWindowLongPtrW
IsIconic
ReleaseCapture

gdi32

SetROP2
GetObjectA
SetWorldTransform
GetTextExtentPoint32W
ExtTextOutW
GetObjectW
CreateDIBSection
GetTextExtentPoint32A
SetLayout
CreateRoundRectRgn
SelectClipRgn
RoundRect
BitBlt
StartPage
AbortDoc
EndDoc
CreateDCW
GetDeviceCaps
SetMapMode
StartDocW
EndPage
LineTo
MoveToEx
SetBkColor
CreateFontIndirectW
CreatePatternBrush
CreateBitmap
SetBkMode
GetClipBox
CreateRectRgn
SetViewportOrgEx
ExcludeClipRect
ExtSelectClipRgn
SetBrushOrgEx
SelectObject
CreateCompatibleDC
PatBlt
StretchBlt
GetStockObject
DeleteDC
SetTextColor
CreatePen
Rectangle
DeleteObject
CreateSolidBrush
GetDIBColorTable
GetDIBits
SetStretchBltMode
SetDIBits
TextOutW
SetGraphicsMode
SetDIBColorTable
CreateCompatibleBitmap

winspool.drv

GetPrinterW
DocumentPropertiesW
ClosePrinter
DeviceCapabilitiesW
EnumPrintersW
OpenPrinterW
ord203

comdlg32

GetOpenFileNameW
GetSaveFileNameW
PrintDlgExW

advapi32

CryptReleaseContext
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegGetValueW
RegEnumKeyW
InitializeSecurityDescriptor
SetFileSecurityW
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegOpenKeyExW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
RegSetKeySecurity
OpenProcessToken
FreeSid
CheckTokenMembership

shell32

SHGetDesktopFolder
DragAcceptFiles
SHChangeNotify
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetMalloc
DragFinish
DragQueryFileW
ShellExecuteExW
SHBindToParent
SHAddToRecentDocs
SHGetFolderPathW
SHFileOperationW
CommandLineToArgvW

ole32

CoInitialize
OleUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
CoGetMalloc
ReleaseStgMedium
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SafeArrayCreateVector
VariantClear
SafeArrayPutElement
VariantInit

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data:
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 998KB - Virtual size: 997KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bef43e3adb91d52cb66367b9ce4250f2

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.data: Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 137KB - Virtual size: 496KB

.pdata Size: 133KB - Virtual size: 132KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 998KB - Virtual size: 997KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 5.5MB - Virtual size: 5.5MB

.data:
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 137KB - Virtual size: 496KB

.pdata
Size: 133KB - Virtual size: 132KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 998KB - Virtual size: 997KB

.reloc
Size: 35KB - Virtual size: 35KB