66cd3b67498e5a1cbb04148258c51e1afb3f4646aeb68f59b85c89586167b4a4

Sharing

Copy URL

Twitter E-mail

General

Target

66cd3b67498e5a1cbb04148258c51e1afb3f4646aeb68f59b85c89586167b4a4
Size

4.8MB
MD5

d815b61b23d5a2e24cab59aebb1689e2
SHA1

3c6852641fa4731851d8a77b7f66a1ef26878bd9
SHA256

66cd3b67498e5a1cbb04148258c51e1afb3f4646aeb68f59b85c89586167b4a4
SHA512

cb3aac59cb210e0fd72c9fd917c7477de99b1dcdc90231f3a7711c5b7f874d1ccc28ce7378c001fb242670fe2d08d3db0148a61860819229c95bcbfb829b288e
SSDEEP

98304:b969EXL1gDEf7BeTci7nqv1Q9eb4TAqcruNwmqi2gLEAn1Q/P1GK5:bEQx6EVarqvmE+c5mXp4F5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66cd3b67498e5a1cbb04148258c51e1afb3f4646aeb68f59b85c89586167b4a4

Files

66cd3b67498e5a1cbb04148258c51e1afb3f4646aeb68f59b85c89586167b4a4
.exe windows:5 windows x86

37e5e118a4550e3c6c0f6dd9f07cbfe2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
GetFileSize
SetFilePointer
GetFileInformationByHandle
ReadFile
SetEndOfFile
GetStdHandle
CompareFileTime
FileTimeToSystemTime
InitializeCriticalSection
MultiByteToWideChar
lstrcmpiW
CreateMutexW
SetLastError
OutputDebugStringW
GetDiskFreeSpaceExW
GetExitCodeThread
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetTickCount
lstrlenW
lstrcpynW
FindResourceExW
GetLastError
CreateFileW
ExitProcess
InterlockedIncrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
InterlockedExchange
WideCharToMultiByte
LCMapStringA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
FatalAppExitA
HeapCreate
InterlockedDecrement
GetTempFileNameW
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
TlsGetValue
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
SearchPathW
GetCurrentDirectoryW
GetFullPathNameW
GetShortPathNameW
CreateDirectoryW
RemoveDirectoryW
SetFileTime
GetSystemDirectoryW
GetWindowsDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetVolumeInformationW
MoveFileW
ResetEvent
SetEvent
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
CreateEventW
GetModuleFileNameW
LocalFree
DeleteFileW
MoveFileExW
SetFileAttributesW
GetFileAttributesW
GetTempPathW
InterlockedCompareExchange
Sleep
GetVersionExW
GetSystemWindowsDirectoryW
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
LockResource
SystemTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpiA
lstrcmpA
GetEnvironmentVariableW
CreateThread
ExpandEnvironmentStringsW
LocalAlloc
GetSystemInfo
GetModuleHandleA
GetProcessTimes
GetSystemTimeAsFileTime
DuplicateHandle
HeapFree
GetProcessHeap
HeapAlloc
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
VirtualQuery
SetProcessWorkingSetSize
GetLocalTime
GetCurrentProcessId
WaitForMultipleObjects
TerminateProcess
OpenProcess
CopyFileW
lstrlenA
DeviceIoControl
GetCurrentThread
WriteFile
GetModuleFileNameA
DeleteCriticalSection
FreeResource
GetCurrentProcess
GetModuleHandleW
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessW
FreeLibrary
LoadLibraryW
SetConsoleCtrlHandler
GetProcAddress

user32

IsWindow
ExitWindowsEx
FindWindowW
FindWindowExW
GetWindowRect
PostMessageW
BeginPaint
SendMessageW
GetWindowLongW
GetClientRect
GetWindowTextW
EndPaint
SetWindowPos
SetWindowLongW
CharToOemW
CopyRect
GetUpdateRect
SetRect
ReleaseDC
GetWindowDC
GetWindow
MonitorFromWindow
GetMonitorInfoW
LoadImageW
GetWindowTextLengthW
ReleaseCapture
GetDlgCtrlID
SystemParametersInfoW
SetCapture
CreateDialogParamW
InvalidateRect
CallWindowProcW
SetCursor
GetDC
PtInRect
ClientToScreen
GetCapture
UpdateWindow
DrawFocusRect
GetSystemMetrics
InflateRect
DrawEdge
IsWindowEnabled
FillRect
DrawTextW
PeekMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
CharNextW
DefWindowProcW
BringWindowToTop
SetForegroundWindow
LoadStringW
SetWindowRgn
GetParent
AdjustWindowRectEx
GetMenu
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
GetSysColor
RedrawWindow
IsIconic
PostQuitMessage
PostThreadMessageW
SetDlgItemTextW
GetMessageW
GetDesktopWindow
MapWindowPoints
GetShellWindow
GetWindowThreadProcessId
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MonitorFromPoint
GetForegroundWindow
AttachThreadInput
SubtractRect
MapVirtualKeyW
GetKeyNameTextW
UnregisterClassA
EnableWindow
SetWindowTextW
GetDlgItem
ShowWindow
LoadCursorW
SetTimer
KillTimer

gdi32

CreatePolygonRgn
GetDeviceCaps
GetBitmapBits
OffsetViewportOrgEx
CreatePatternBrush
CreateDIBPatternBrushPt
CreateFontW
CreateSolidBrush
GetCurrentObject
CreateDIBSection
SetTextColor
SetBkMode
CreateFontIndirectW
GetObjectW
GetStockObject
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
DeleteDC
SelectObject

advapi32

OpenProcessToken
CopySid
GetTokenInformation
RegEnumKeyW
RegSetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
RegCreateKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExA
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
GetLengthSid
RegQueryValueExW
DuplicateTokenEx
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegGetKeySecurity
AllocateAndInitializeSid

shell32

SHGetSpecialFolderPathA
SHGetFileInfoW
SHGetSpecialFolderLocation
SHAppBarMessage
SHFreeNameMappings
SHFileOperationW
CommandLineToArgvW
ord165
SHGetPathFromIDListW
SHBrowseForFolderW
SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
OleInitialize
OleUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
CoCreateGuid
CreateStreamOnHGlobal
CoUninitialize

oleaut32

SysAllocStringByteLen
VarUI4FromStr
VariantCopy
VariantInit
SysAllocString
VariantClear
SysFreeString
OleLoadPicture

wininet

InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle

shlwapi

SHSetValueW
PathAppendW
PathIsDirectoryW
StrTrimA
SHDeleteKeyW
PathRemoveFileSpecW
PathIsPrefixW
PathFindFileNameW
PathRemoveExtensionW
StrStrIW
PathIsRootW
PathCombineW
PathFileExistsW
StrCmpNIW
StrStrIA
PathMatchSpecW
StrCmpIW
AssocQueryStringW
PathFindExtensionW
PathIsURLW
StrToIntExW
SHGetValueA
PathFileExistsA
PathAppendA
PathCombineA
PathUnquoteSpacesW
SHGetValueW

comctl32

InitCommonControlsEx
ImageList_Remove
ImageList_Duplicate
ImageList_SetImageCount
ImageList_Add
ImageList_Create
_TrackMouseEvent
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize

msimg32

AlphaBlend

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

setupapi

SetupIterateCabinetW

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
WTHelperProvDataFromStateData
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext

crypt32

CertGetNameStringW

netapi32

Netbios

iphlpapi

GetAdaptersInfo

psapi

GetModuleBaseNameW
GetProcessMemoryInfo
GetModuleFileNameExW
EnumProcesses
EnumProcessModules

comdlg32

GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32.3MB - Virtual size: 32.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37e5e118a4550e3c6c0f6dd9f07cbfe2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

shlwapi

comctl32

msimg32

version

setupapi

wintrust

crypt32

netapi32

iphlpapi

psapi

comdlg32

Sections

.text Size: 429KB - Virtual size: 428KB

.rdata Size: 85KB - Virtual size: 84KB

.data Size: 12KB - Virtual size: 38KB

.rsrc Size: 32.3MB - Virtual size: 32.3MB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 429KB - Virtual size: 428KB

.rdata
Size: 85KB - Virtual size: 84KB

.data
Size: 12KB - Virtual size: 38KB

.rsrc
Size: 32.3MB - Virtual size: 32.3MB

.reloc
Size: 23KB - Virtual size: 22KB