f97c1bfe7c722475e610e71ab620e93c50b2b17c958a95dc0ce24718ea357578

Sharing

Copy URL Twitter E-mail

General

Target

f97c1bfe7c722475e610e71ab620e93c50b2b17c958a95dc0ce24718ea357578
Size

6.9MB
MD5

4ba69af922e1fb09a04ed12adfea3bcc
SHA1

bb1785c7f25b3ef1f5e40323c80f6e886086c16b
SHA256

f97c1bfe7c722475e610e71ab620e93c50b2b17c958a95dc0ce24718ea357578
SHA512

717a35f97448326f9eac57b0b2ea723e808dcb60a600442824dc7554d4e0f0590b595521739d1fe4ed3d8ea1078a21bbdf36ab024e7917f37f2b3ba279aa7c4c
SSDEEP

98304:jIJZc+magF4VusdEQocy6nONPuZSTpYkPrK1l1:UM+dEQocyZQUpv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f97c1bfe7c722475e610e71ab620e93c50b2b17c958a95dc0ce24718ea357578

Files

f97c1bfe7c722475e610e71ab620e93c50b2b17c958a95dc0ce24718ea357578
.dll windows:6 windows x86

178d04c59a59a3d62e79aa8cde792cdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces

shlwapi

PathFileExistsW
AssocQueryStringW

wininet

FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
InternetGetConnectedState
FindCloseUrlCache
DeleteUrlCacheEntryW

comctl32

FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
ImageList_GetDragImage
FlatSB_SetScrollProp
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_Draw
ImageList_Remove

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteExW
SHGetPathFromIDListW
SHEmptyRecycleBinW
SHGetFileInfoW
SHGetFolderPathW
SHGetMalloc
SHGetDesktopFolder
SHQueryRecycleBinW
SHAppBarMessage
ShellExecuteW

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

psapi

GetModuleFileNameExW

user32

CopyImage
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
GetDlgCtrlID
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
SendMessageA
EnumWindows
ShowOwnedPopups
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
OemToCharBuffA
LoadBitmapW
EnumChildWindows
UnhookWindowsHookEx
SetCapture
GetCapture
ShowCaret
CreatePopupMenu
GetMenuItemID
CharLowerBuffW
PostMessageW
SetWindowLongW
IsZoomed
SetParent
DrawMenuBar
GetClientRect
IsChild
IsIconic
CallNextHookEx
ShowWindow
GetWindowTextW
SetForegroundWindow
IsDialogMessageW
DestroyWindow
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ReleaseDC
GetClassLongW
SetScrollRange
DrawTextW
CharToOemBuffA
PeekMessageA
MessageBeep
SetClassLongW
RemovePropW
GetSubMenu
DestroyIcon
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
LoadStringW
CreateMenu
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
CharLowerBuffA
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
DrawIconEx
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
ValidateRect
GetCursor
KillTimer
WaitMessage
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
CreateWindowExW
GetDCEx
PeekMessageW
MonitorFromWindow
GetUpdateRect
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
MapVirtualKeyW
IsWindowUnicode
CharToOemA
DispatchMessageW
DefMDIChildProcW
GetSystemMenu
WaitForInputIdle
SetScrollPos
GetScrollPos
DrawFocusRect
ReleaseCapture
LoadCursorW
ScrollWindow
GetLastActivePopup
GetSystemMetrics
CharUpperBuffW
SetClipboardData
GetClipboardData
ClientToScreen
SetWindowPlacement
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
EnableWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
OemToCharA
DestroyMenu
SetWindowsHookExW
EmptyClipboard
AdjustWindowRectEx
IsWindow
DrawIcon
EnumThreadWindows
InvalidateRect
GetKeyboardState
ScreenToClient
DrawFrameControl
SetCursor
CreateIcon
RemoveMenu
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CountClipboardFormats
CallWindowProcW
CloseClipboard
DestroyCursor
CharUpperBuffA
PostQuitMessage
ShowScrollBar
EnableMenuItem
HideCaret
FindWindowExW
LoadIconW
SystemParametersInfoW
MonitorFromPoint
GetWindow
GetWindowRect
GetWindowLongW
InsertMenuW
PostThreadMessageW
IsWindowEnabled
IsDialogMessageA
FindWindowW
GetKeyboardLayout
DeleteMenu

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
VariantClear
SysReAllocStringLen
CreateErrorInfo
GetActiveObject
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
SafeArrayAccessData
SysFreeString
VariantInit
GetErrorInfo
SetErrorInfo
LoadTypeLibEx
SafeArrayCreate
SafeArrayGetElement
SafeArrayUnaccessData
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetElemsize
RegisterTypeLib
VariantChangeType
VariantCopyInd
VarI4FromDec

netapi32

Netbios

msvcrt

memcpy

advapi32

CloseServiceHandle
RegSetValueExW
ControlService
CredEnumerateW
OpenThreadToken
RegOpenCurrentUser
LookupAccountNameW
GetUserNameW
RegQueryInfoKeyW
IsValidSid
EqualSid
StartServiceW
QueryServiceStatusEx
GetSidSubAuthority
GetTokenInformation
GetServiceDisplayNameW
LookupAccountSidW
ChangeServiceConfigW
RegCreateKeyExW
ChangeServiceConfig2W
OpenServiceW
GetSidSubAuthorityCount
EnumDependentServicesW
RegEnumKeyExW
QueryServiceConfig2W
QueryServiceStatus
AdjustTokenPrivileges
QueryServiceConfigW
GetSidIdentifierAuthority
RegDeleteKeyW
OpenSCManagerW
RegOpenKeyExA
RegOpenKeyExW
OpenProcessToken
AllocateAndInitializeSid
FreeSid
RegDeleteValueW
CredFree
RegFlushKey
RegEnumValueW
RegQueryValueExA
RegQueryValueExW
RegCloseKey
EnumServicesStatusW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
SetFileTime
QueryDosDeviceW
GetACP
GetExitCodeProcess
GetStringTypeExW
CloseHandle
LocalFree
GetCurrentProcessId
GetSystemDefaultLangID
SizeofResource
TlsAlloc
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
HeapAlloc
ExitProcess
GetCPInfoExW
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetFirmwareEnvironmentVariableW
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
HeapDestroy
SetDllDirectoryW
FileTimeToDosDateTime
ReadFile
DosDateTimeToFileTime
GetUserDefaultLCID
CreateProcessW
lstrcpynW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
lstrlenA
CreateThread
CompareStringW
GetFileSizeEx
MapViewOfFile
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetLogicalDrives
GetFileAttributesExW
GlobalMemoryStatusEx
ExpandEnvironmentStringsW
LoadLibraryExW
TerminateProcess
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
PeekNamedPipe
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
SetVolumeLabelW
EnterCriticalSection
GetDiskFreeSpaceExW
SetFilePointer
FlushFileBuffers
GetStringTypeExA
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
WaitForMultipleObjects
GetFileSize
GetTempFileNameW
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
VerLanguageNameW
GetThreadPriority
GetCurrentProcess
GlobalLock
SetThreadPriority
VirtualAlloc
GetTempPathW
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetEnvironmentStringsW
GetWindowsDirectoryW
GetProcessAffinityMask
DeviceIoControl
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
TlsFree
UnmapViewOfFile
lstrlenW
CompareStringA
QueryPerformanceCounter
SetEndOfFile
InitializeCriticalSectionAndSpinCount
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
FreeEnvironmentStringsW
SetEvent
CreateFileW
GetLocaleInfoW
SystemTimeToFileTime
EnumResourceNamesW
GetSystemDirectoryW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
TzSpecificLocalTimeToSystemTime
IsValidLocale
TlsSetValue
CreateDirectoryW
LoadLibraryExA
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
GlobalMemoryStatus
CreateEventW
GetPrivateProfileStringW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

shfolder

SHGetFolderPathW

crypt32

CertGetNameStringA
CertNameToStrA

wsock32

ntohl
WSAStartup
inet_addr
WSACleanup
gethostbyname
send
gethostname
inet_ntoa

ole32

CoRevokeClassObject
StgCreateDocfile
CoRegisterClassObject
CoCreateInstance
CoUninitialize
CLSIDFromString
IsEqualGUID
CoLockObjectExternal
StgOpenStorage
OleInitialize
ProgIDFromCLSID
PropVariantClear
CLSIDFromProgID
OleUninitialize
CoInitialize
CoDisconnectObject
StgIsStorageFile
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces
GetAdaptersAddresses

gdi32

Arc
Pie
SetBkMode
SelectPalette
CreateCompatibleBitmap
GetEnhMetaFileHeader
ExcludeClipRect
RectVisible
SetWindowOrgEx
MaskBlt
AngleArc
DeleteEnhMetaFile
Chord
SetTextColor
StretchBlt
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
GetDIBColorTable
SetDIBColorTable
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
PolyBezierTo
GetStockObject
CreateSolidBrush
Polygon
Rectangle
MoveToEx
DeleteDC
SaveDC
PlayEnhMetaFile
BitBlt
Ellipse
FrameRgn
GetDeviceCaps
GetBitmapBits
GetTextExtentPoint32W
GetClipBox
Polyline
IntersectClipRect
GetEnhMetaFileBits
GetSystemPaletteEntries
CreateBitmap
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
CreatePenIndirect
GetDIBits
SetStretchBltMode
GetEnhMetaFilePaletteEntries
CreateFontIndirectW
PolyBezier
LineTo
GetRgnBox
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetObjectW
GetBrushOrgEx
GetCurrentPositionEx
GetWinMetaFileBits
SetROP2
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetEnhMetaFileDescriptionW
GetPixel
ArcTo
GdiFlush
SetPixel
EnumFontFamiliesExW
GetPaletteEntries

ntdll

NtQuerySystemInformation
NtSetSystemInformation

Exports

Exports

CB_OnActionBegin
CB_OnActionEnd
CB_OnActionProgress
CB_OnComplete
CB_OnDebugEvent
CB_OnUpdatePath
Cancel
ExcludeTools
Initialize
Scan
TMethodImplementationIntercept
Uninitialize
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 553KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

178d04c59a59a3d62e79aa8cde792cdf

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

shlwapi

wininet

comctl32

shell32

urlmon

psapi

user32

version

oleaut32

netapi32

msvcrt

advapi32

winhttp

kernel32

wintrust

shfolder

crypt32

wsock32

ole32

iphlpapi

gdi32

ntdll

Exports

Exports

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.itext Size: 36KB - Virtual size: 35KB

.data Size: 88KB - Virtual size: 88KB

.bss Size: - Virtual size: 553KB

.idata Size: 17KB - Virtual size: 17KB

.didata Size: 5KB - Virtual size: 5KB

.edata Size: 512B - Virtual size: 410B

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 429KB - Virtual size: 428KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 4.5MB - Virtual size: 4.5MB

.itext
Size: 36KB - Virtual size: 35KB

.data
Size: 88KB - Virtual size: 88KB

.bss
Size: - Virtual size: 553KB

.idata
Size: 17KB - Virtual size: 17KB

.didata
Size: 5KB - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 410B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 429KB - Virtual size: 428KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB