cd4ac2c5be2d4f5bdbaa438d763ccfc38ea5671c8276c03a43a463b5b3e66d07

Sharing

Copy URL

Twitter E-mail

General

Target

cd4ac2c5be2d4f5bdbaa438d763ccfc38ea5671c8276c03a43a463b5b3e66d07
Size

2.7MB
MD5

3a230fa9d26a8df0fd9b364481749c52
SHA1

d9b22d83018b9b9515096a2e3d7b03dca338235b
SHA256

cd4ac2c5be2d4f5bdbaa438d763ccfc38ea5671c8276c03a43a463b5b3e66d07
SHA512

23c94cfe25a9f8e2840f23cab36afbebfeb6ad8a68f778867346df0c8c7077097d456b6a3b1f9b187d496b972fa02190737dccff9993850ff48020677d68e297
SSDEEP

49152:LNfdJ+IqvEXkRuqzzHM7oantau89gdf5gKaOozB4jzTSGp/jSixVf0WDY:xlL/UuwHMo8au898zozOjd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd4ac2c5be2d4f5bdbaa438d763ccfc38ea5671c8276c03a43a463b5b3e66d07

Files

cd4ac2c5be2d4f5bdbaa438d763ccfc38ea5671c8276c03a43a463b5b3e66d07
.exe windows:5 windows x86

2064c4603161dfca29eb7e72567eda8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
MoveFileW
MoveFileA
GetLocalTime
CreateFileMappingW
MapViewOfFile
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
OpenMutexW
CreateMutexW
SetErrorMode
GetFileAttributesA
CreateFileMappingA
OpenFileMappingA
CreateMutexA
ReleaseMutex
CopyFileW
CreateEventW
FreeLibrary
LoadLibraryW
GetProcAddress
LoadLibraryA
LoadLibraryExA
MoveFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyA
lstrlenA
lstrcatA
GetFullPathNameA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetDriveTypeA
GetDriveTypeW
FindFirstFileW
ExitProcess
ExitThread
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
GetLastError
Sleep
QueryPerformanceCounter
GetCurrentProcessId
HeapReAlloc
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetCurrentDirectoryA
GetFullPathNameW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateThread
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
HeapValidate
FormatMessageW
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
SystemTimeToFileTime
HeapCompact
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
ExpandEnvironmentStringsA
WaitForMultipleObjects
GetFileAttributesExW
OutputDebugStringA
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
GetFileInformationByHandle
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
TerminateProcess
OpenProcess
GetVersionExW
PeekNamedPipe
SleepEx
GetVersionExA
FormatMessageA
VirtualFree
SetEvent
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WriteFile
CreateFileA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
GlobalUnlock
GlobalLock
ReadFile
GetFileSize
CreateFileW
WaitForSingleObject
CloseHandle
FindResourceExW
FindResourceW
SizeofResource
LockResource
SetConsoleMode
ReadConsoleInputA
LoadResource
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalAlloc
GetCurrentThreadId
CopyFileA
GetTickCount
GetModuleFileNameA
lstrlenW
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesW
DeleteCriticalSection
GetModuleHandleW
GetModuleFileNameW
HeapDestroy
InitializeCriticalSection

user32

TrackPopupMenu
CallWindowProcW
GetParent
LoadIconW
LoadCursorW
AppendMenuW
CreatePopupMenu
GetCursorPos
UnregisterHotKey
DestroyWindow
RegisterHotKey
MessageBoxW
DrawIcon
DefWindowProcW
EndPaint
GetWindowRgn
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
SendMessageA
SetLastErrorEx
InvalidateRect
KillTimer
SetTimer
PostMessageW
RegisterWindowMessageW
wsprintfW
FindWindowA
GetWindowLongW
CreateWindowExW
RegisterClassExW
LoadImageW
SetForegroundWindow
SetWindowsHookExW
GetSystemMetrics
SetWindowPos
SetWindowLongW
SetWindowTextW
IsWindowVisible
IsWindow
CallNextHookEx
MoveWindow
GetWindowRect
ScreenToClient
UnhookWindowsHookEx
ShowWindow
DrawTextW
GetClientRect
BeginPaint

advapi32

CryptDeriveKey
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptSetKeyParam
CryptEncrypt
CryptDecrypt

ole32

CoCreateInstance
CoUninitialize
CoInitialize

shell32

ShellExecuteW
ShellExecuteA
Shell_NotifyIconW
ShellExecuteExA

oleaut32

VariantClear
VariantInit

shlwapi

PathFindExtensionW

gdi32

SetStretchBltMode
CreateCompatibleBitmap
SetBkMode
SetTextColor
CreateFontIndirectW
Rectangle
GetStockObject
GetObjectW
SetDIBColorTable
SelectObject
DeleteDC
CreateCompatibleDC
BitBlt
MoveToEx
LineTo
CreateSolidBrush
RoundRect
CreateRectRgn
PtInRegion
CreateDIBSection
DeleteObject
StretchBlt
CreatePen
GetDIBColorTable

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageEncoders
GdipSaveImageToFile

msimg32

TransparentBlt

libcef

cef_run_message_loop
cef_string_list_copy
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_map_alloc
cef_string_map_free
cef_string_list_size
cef_string_list_value
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_multimap_append
cef_string_map_append
cef_string_list_append
cef_string_utf16_cmp
cef_browser_host_create_browser
cef_string_utf16_set
cef_string_utf16_to_utf8
cef_string_utf16_clear
cef_string_utf8_to_utf16
cef_string_utf8_clear
cef_log
cef_string_userfree_utf16_free
cef_string_list_free
cef_string_list_alloc
cef_v8value_create_int
cef_v8value_create_string
cef_v8value_create_function
cef_shutdown
cef_quit_message_loop
cef_execute_process
cef_api_hash
cef_initialize

wsock32

recv
send
socket
htons
ioctlsocket
bind
listen
accept
getsockname
WSACleanup
ntohl
gethostbyname
inet_addr
setsockopt
connect
WSAGetLastError
select
__WSAFDIsSet
htonl
recvfrom
sendto
WSAStartup
closesocket
gethostname
getpeername
gethostbyaddr
ntohs
inet_ntoa

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comdlg32

GetSaveFileNameA

libzbar-0

zbar_scan_image
zbar_image_scanner_destroy
zbar_image_scanner_create
zbar_image_get_symbols
zbar_image_set_data
zbar_image_set_size
zbar_image_set_format
_zbar_error_string
zbar_image_scanner_set_config
zbar_symbol_set_ref
zbar_symbol_ref
zbar_symbol_get_data_length
zbar_symbol_get_type
zbar_symbol_get_data
zbar_symbol_set_first_symbol
zbar_image_create
zbar_image_set_userdata
zbar_image_ref

ws2_32

shutdown
getaddrinfo
freeaddrinfo
getsockopt
WSAIoctl
WSASetLastError

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

opencv_core2413

?_interlockedExchangeAdd@cv@@YAHPAHH@Z
?fastFree@cv@@YAXPAX@Z
?copyTo@Mat@cv@@QBEXABV_OutputArray@2@@Z
??0_OutputArray@cv@@QAE@AAVMat@1@@Z
??0_InputArray@cv@@QAE@ABVMat@1@@Z
?deallocate@Mat@cv@@QAEXXZ
??0Mat@cv@@QAE@ABV01@ABV?$Rect_@H@1@@Z
??0_OutputArray@cv@@QAE@ABVMat@1@@Z

opencv_objdetect2413

??1CascadeClassifier@cv@@UAE@XZ
??0CascadeClassifier@cv@@QAE@XZ
?load@CascadeClassifier@cv@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

opencv_highgui2413

??0VideoCapture@cv@@QAE@XZ
?imwrite@cv@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV_InputArray@1@ABV?$vector@HV?$allocator@H@std@@@3@@Z
?imread@cv@@YA?AVMat@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z

opencv_imgproc2413

?resize@cv@@YAXABV_InputArray@1@ABV_OutputArray@1@V?$Size_@H@1@NNH@Z
?equalizeHist@cv@@YAXABV_InputArray@1@ABV_OutputArray@1@@Z
?cvtColor@cv@@YAXABV_InputArray@1@ABV_OutputArray@1@HH@Z

winmm

mciSendCommandW
mciSendCommandA

psapi

GetModuleBaseNameA
EnumProcesses

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2064c4603161dfca29eb7e72567eda8d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

gdiplus

msimg32

libcef

wsock32

version

comdlg32

libzbar-0

ws2_32

wldap32

opencv_core2413

opencv_objdetect2413

opencv_highgui2413

opencv_imgproc2413

winmm

psapi

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 437KB - Virtual size: 436KB

.data Size: 64KB - Virtual size: 88KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 117KB - Virtual size: 117KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 437KB - Virtual size: 436KB

.data
Size: 64KB - Virtual size: 88KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 117KB - Virtual size: 117KB