18bad5b4fef1bf51bfdc0d9e936734ba18c46793b3f1aa580712da7a50944524

Sharing

Copy URL Twitter E-mail

General

Target

18bad5b4fef1bf51bfdc0d9e936734ba18c46793b3f1aa580712da7a50944524
Size

10.0MB
MD5

2d59b7dbd96025bc2bb122365f61af2f
SHA1

768d8cddeea1b2b99120ea119626b9d237f5e605
SHA256

18bad5b4fef1bf51bfdc0d9e936734ba18c46793b3f1aa580712da7a50944524
SHA512

9ada5dfefe7f45686a4db8bb87a3ab25fe0b8d1e8e135f32560a5c047d62698438f202d6c8e30b01a07625089407ee2036659b2f199d381637607eb7324add0f
SSDEEP

196608:aWOxjdKmDF6SSioVk8h7htzkdEjggxrsP8lcbzKdBAShb1:SxjcmESP83t2ursP8lcvKdnB1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18bad5b4fef1bf51bfdc0d9e936734ba18c46793b3f1aa580712da7a50944524

Files

18bad5b4fef1bf51bfdc0d9e936734ba18c46793b3f1aa580712da7a50944524
.exe windows:5 windows x86

020c96add3d05d5e5c9242d48f981c7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
FindResourceExW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetCommandLineW
OutputDebugStringW
MultiByteToWideChar
CloseHandle
WideCharToMultiByte
MoveFileExW
FreeResource
GetLastError
LoadLibraryW
GetProcAddress
LockResource
SizeofResource
GetLocalTime
FindFirstFileA
FindNextFileA
DeleteFileA
Sleep
FreeLibrary
GetDiskFreeSpaceExW
ExpandEnvironmentStringsW
GetCurrentThreadId
GetExitCodeProcess
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
IsValidCodePage
FindFirstFileExW
CreatePipe
SetStdHandle
SetEndOfFile
LoadResource
WriteConsoleW
SetEnvironmentVariableA
OutputDebugStringA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleA
GetStdHandle
GetDynamicTimeZoneInformation
GetCurrentProcessId
DeleteFileW
GetTempPathW
SetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
lstrcmpA
lstrcmpW
GetCurrentDirectoryW
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
lstrlenW
SetFileAttributesW
FindNextFileW
RemoveDirectoryW
ExitProcess
VirtualProtect
GetModuleHandleW
WaitForSingleObject
CreateToolhelp32Snapshot
lstrcmpiW
Process32NextW
Process32FirstW
TerminateProcess
OpenProcess
GetCurrentProcess
SetEnvironmentVariableW
WinExec
GetVersion
LocalFree
GetTempFileNameW
QueryDosDeviceW
GetLogicalDriveStringsW
GetLogicalDrives
GetDriveTypeW
lstrcpyA
lstrcpyW
lstrlenA
CreateMutexW
CreateFileW
GetFileSize
ReadFile
WriteFile
GetFileSizeEx
SetFilePointer
SetFilePointerEx
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageW
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
GetModuleFileNameA
LoadLibraryExA
FormatMessageA
VerSetConditionMask
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
VerifyVersionInfoW
MulDiv
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
GetFileAttributesW
GlobalFree
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryW
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetModuleHandleA
GetFileAttributesExW
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetVersionExW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
RtlUnwind
ExitThread
GetModuleHandleExW
CreateProcessA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetOEMCP

user32

GetCursorPos
ScreenToClient
MapWindowPoints
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
MonitorFromPoint
GetMonitorInfoW
RealGetWindowClassW
wsprintfW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
IsWindowEnabled
SetPropW
GetPropW
LoadCursorW
LoadImageW
MoveWindow
SetWindowRgn
SetCursor
InflateRect
GetDesktopWindow
EnumDisplaySettingsW
CreatePopupMenu
GetClientRect
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
UpdateLayeredWindow
GetWindowRgn
DrawTextW
FillRect
SetRect
CharNextW
GetWindowTextW
GetWindowTextLengthW
EqualRect
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
MonitorFromWindow
PostQuitMessage
MessageBoxW
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
GetSystemMetrics
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
RegisterClipboardFormatW
IsZoomed
IsIconic
IsWindowVisible
SetLayeredWindowAttributes
DestroyWindow
IsWindow
CreateWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
SetForegroundWindow
SetWindowPos
ShowWindow
SetWindowTextW
GetForegroundWindow
SwitchToThisWindow
ExitWindowsEx
EnumWindows
GetWindowThreadProcessId
LoadStringW
UpdateWindow
PostMessageW
FindWindowW
AttachThreadInput
GetWindowRect
SendMessageW
DestroyMenu

shell32

SHBindToParent
ShellExecuteW
SHGetSpecialFolderPathW
SHParseDisplayName
SHCreateItemFromIDList
SHCreateDirectoryExW
ord165
SHFileOperationW
ShellExecuteExW
CommandLineToArgvW
ord75
ord25
SHGetDataFromIDListW
SHGetPathFromIDListW
DragQueryFileW

ole32

RegisterDragDrop
CreateStreamOnHGlobal
CLSIDFromString
StringFromCLSID
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
ReleaseStgMedium
CLSIDFromProgID
OleLockRunning

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecA
PathFindFileNameA
PathRemoveExtensionA
ord219
PathAppendW
PathGetDriveNumberW
PathIsDirectoryW
PathIsURLW
PathRemoveBackslashW
PathCombineW

gdiplus

GdipGetCompositingQuality
GdiplusShutdown
GdiplusStartup
GdipCreateLineBrushFromRectI
GdipAddPathStringI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetFontStyle
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipCreateRegionPath
GdipDeleteRegion
GdipGetRegionHRgn
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetPointCount
GdipGetPathData
GdipClosePathFigure
GdipAddPathLine
ord1
GdipAddPathEllipse
GdipAddPathLineI
GdipAddPathBezierI
GdipCloneBrush
GdipGetFamily
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenLineJoin
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesGamma
GdipGetDC
GdipReleaseDC
GdipSetCompositingMode
GdipGetCompositingMode
GdipSetCompositingQuality
GdipDeleteBrush
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipSetInterpolationMode
GdipGetInterpolationMode
GdipGetPageUnit
GdipGetPageScale
GdipSetPageUnit
GdipSetPageScale
GdipGetDpiX
GdipGetDpiY
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawImageRectI
GdipDrawImageRectRect
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFontSize
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipDrawImageRectRectI
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipBitmapSetPixel
GdipAddPathString
GdipGetPathWorldBounds

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW

ws2_32

getsockname
getsockopt
htons
connect
bind
recv
WSAGetLastError
closesocket
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSACleanup
WSAStartup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
WSAWaitForMultipleEvents
WSAResetEvent
gethostname
WSAEventSelect
WSAEnumNetworkEvents
ioctlsocket
getpeername
gethostbyname
WSACreateEvent
WSACloseEvent
send

crypt32

CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindExtension

wldap32

ord73
ord216
ord14
ord145
ord219
ord208
ord41
ord117
ord142
ord26
ord27
ord127
ord167
ord46
ord79
ord133
ord147
ord301

bcrypt

BCryptGenRandom

gdi32

ExtSelectClipRgn
SetStretchBltMode
SetTextColor
BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
CreateRectRgn
DeleteDC
DeleteObject
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
SelectClipRgn
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
GetDeviceCaps
StretchBlt
PtInRegion
CreateDIBSection
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
BeginPath
SetBkColor
EndPath
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
GetObjectA
GetPath
SetBkMode

advapi32

LookupPrivilegeValueW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ControlService
StartServiceW
QueryServiceStatus
OpenServiceW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenProcessToken
CloseServiceHandle

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 87.3MB - Virtual size: 87.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

020c96add3d05d5e5c9242d48f981c7f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

shlwapi

gdiplus

version

psapi

ws2_32

crypt32

wldap32

bcrypt

gdi32

advapi32

comctl32

imm32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 345KB - Virtual size: 344KB

.data Size: 23KB - Virtual size: 41KB

_RDATA Size: 2KB - Virtual size: 2KB

.rsrc Size: 87.3MB - Virtual size: 87.3MB

.reloc Size: 92KB - Virtual size: 91KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 345KB - Virtual size: 344KB

.data
Size: 23KB - Virtual size: 41KB

_RDATA
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 87.3MB - Virtual size: 87.3MB

.reloc
Size: 92KB - Virtual size: 91KB