5dbb2ff1634d2955c5931a7a640bd3f03704f9b09083ef267b97fa603809ea92

Sharing

Copy URL

Twitter E-mail

General

Target

5dbb2ff1634d2955c5931a7a640bd3f03704f9b09083ef267b97fa603809ea92
Size

14.1MB
MD5

ccce1ff3185827275e12f579f1fb0cc9
SHA1

071c2f320dc01b7fa8a08fc0ec55c44f9a1b3454
SHA256

5dbb2ff1634d2955c5931a7a640bd3f03704f9b09083ef267b97fa603809ea92
SHA512

54c3533a23a9cfe7700f97cce7ac522c2601b440792402b74fe0920f6f20fc39c7b538d7236a9688184b679fafbeba420d20efab401fea2aeff172a85e30592b
SSDEEP

196608:NDjw+EWiSBR0AiI7gJUaTgA+NVRDPImrRz2k/IRrhBu1OuL2bBVTWCCDZ8hN5w:JDH0AqN5+NVmmrRSk/eru1LLAjTWCFo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dbb2ff1634d2955c5931a7a640bd3f03704f9b09083ef267b97fa603809ea92

Files

5dbb2ff1634d2955c5931a7a640bd3f03704f9b09083ef267b97fa603809ea92
.exe windows:5 windows x86

9a9de9ffca45fdbfdf889bfdba4caeb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryW
lstrlenA
Sleep
DeviceIoControl
GetLogicalDriveStringsW
FlushInstructionCache
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersionExW
GetExitCodeThread
WriteFile
WaitForSingleObject
SetEvent
CreateEventW
FlushFileBuffers
MoveFileExW
FreeResource
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
SetEnvironmentVariableW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTempPathW
InterlockedIncrement
InterlockedDecrement
GetTempFileNameW
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
CreateMutexW
GetCurrentProcessId
CreateThread
lstrcmpiW
WaitForMultipleObjects
CloseHandle
SetFileAttributesW
GetTickCount
TlsSetValue
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
OutputDebugStringW
SetFilePointerEx
SystemTimeToFileTime
SetEnvironmentVariableA
CompareStringW
TlsGetValue
GetModuleFileNameW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LocalFileTimeToFileTime
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
TlsFree
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
ExitThread
ExitProcess
VirtualQuery
GetSystemInfo
VirtualProtect
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetSystemWindowsDirectoryW
lstrcmpiA
lstrcmpA
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetLastError
GetSystemDirectoryW
GetModuleHandleW
ReadFile
SetFilePointer
LoadLibraryExW
GetCurrentProcess
OpenProcess
GetFileSizeEx
GetDriveTypeW
GetDiskFreeSpaceExW
TlsAlloc
DeleteFileW
FormatMessageW
CreateDirectoryW
GetLastError
GetStdHandle
SetConsoleTextAttribute
CreateFileW
SetEndOfFile
DosDateTimeToFileTime
GetCurrentThreadId
GetFileAttributesW
MultiByteToWideChar
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetProcAddress
FreeLibrary
LoadLibraryW
InterlockedCompareExchange
FindResourceExW
FindResourceW
LoadResource
LockResource
QueryPerformanceCounter
SetFileTime
SizeofResource
lstrlenW
CompareStringA

user32

GetClassInfoExW
SendMessageTimeoutW
IsWindow
GetDC
UnregisterClassA
GetWindowThreadProcessId
GetShellWindow
SetWindowPos
SetForegroundWindow
BringWindowToTop
IsIconic
ShowWindow
IsWindowVisible
MessageBoxW
GetActiveWindow
FillRect
GetClientRect
RedrawWindow
GetParent
DefWindowProcW
SetWindowLongW
GetWindowLongW
CallWindowProcW
BeginPaint
EndPaint
EndDialog
MoveWindow
GetWindowRect
ScreenToClient
GetDlgItem
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
ReleaseDC
GetWindowTextW
EnableWindow
SetWindowTextW
RegisterClassW
CharNextW
PrintWindow
PostQuitMessage
IsDlgButtonChecked
GetSystemMetrics
LoadImageW
SetDlgItemTextW
CreateDialogParamW
PeekMessageW
GetMessageW
GetClassInfoW
DispatchMessageW
FindWindowExW
SystemParametersInfoW
UpdateLayeredWindow
SetWindowRgn
KillTimer
SetTimer
CopyRect
DialogBoxParamW
RegisterClassExW
GetCursorPos
IsWindowEnabled
DestroyWindow
LoadCursorW
TranslateMessage
IsDialogMessageW
ClientToScreen
CreateWindowExW
PtInRect
GetWindowTextLengthW
InvalidateRect
UpdateWindow
ScrollWindow
SetFocus
SendMessageW
PostMessageW

gdi32

CombineRgn
CreateRectRgn
SetBkColor
ExtTextOutW
BeginPath
MoveToEx
AngleArc
LineTo
EndPath
PathToRegion
SelectClipRgn
BitBlt
CreateCompatibleBitmap
SetViewportOrgEx
CreateDIBSection
SelectObject
DeleteDC
CreateCompatibleDC
DeleteObject
CreateSolidBrush
GetDeviceCaps
GetObjectW
CreateFontW

advapi32

LookupPrivilegeValueW
RegOpenKeyExA
RegEnumKeyExA
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
DuplicateTokenEx
CreateProcessAsUserW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
GetTokenInformation

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
CommandLineToArgvW
SHCreateDirectoryExW
ord165

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysFreeString
SysStringLen
SysAllocString

shlwapi

SHGetValueW
SHSetValueW
StrCpyW
PathCombineW
PathRemoveFileSpecW
AssocQueryStringW
PathFindExtensionW
PathIsRelativeW
PathCompactPathExW
PathIsPrefixW
PathIsDirectoryEmptyW
PathUnquoteSpacesW
PathQuoteSpacesW
StrStrIW
PathAddBackslashW
StrCmpNIW
PathFindFileNameW
PathRemoveExtensionW
PathStripToRootW
PathCanonicalizeW
PathAppendW
PathFileExistsW
StrCmpIW
StrTrimA
SHSetValueA
SHGetValueA
StrStrIA

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipAlloc
GdipFree
GdiplusShutdown
GdipSaveImageToFile
GdipDisposeImage
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipCreateFromHDC
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteGraphics
GdipCloneImage
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth

wininet

HttpOpenRequestW
HttpSendRequestW
InternetConnectW
InternetCloseHandle
HttpQueryInfoW
InternetOpenW

version

GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 409KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 299.5MB - Virtual size: 299.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a9de9ffca45fdbfdf889bfdba4caeb6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wininet

version

iphlpapi

Sections

.text Size: 409KB - Virtual size: 409KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 17KB - Virtual size: 31KB

.rsrc Size: 299.5MB - Virtual size: 299.5MB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 409KB - Virtual size: 409KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 17KB - Virtual size: 31KB

.rsrc
Size: 299.5MB - Virtual size: 299.5MB

.reloc
Size: 36KB - Virtual size: 36KB