020dce9570e88194aaa5a9b3ac017577f363f10a3f3a65f4bfc982634a3fc632

Sharing

Copy URL

Twitter E-mail

General

Target

020dce9570e88194aaa5a9b3ac017577f363f10a3f3a65f4bfc982634a3fc632
Size

10.0MB
MD5

d05de89abacf871c03382927b7c72b6f
SHA1

68a235a1992a3c7e509722c54ae39b31cc9cc19d
SHA256

020dce9570e88194aaa5a9b3ac017577f363f10a3f3a65f4bfc982634a3fc632
SHA512

b90204086eaf99a4974d4d20717eeca1d7eef0047d7730d04d60b9c02e4023d59ef4abdcf68e2956d8406b934d60240299171f13d2c13fabffc7099b25157f6d
SSDEEP

196608:suQJjIax5/hkg30VrZ7uWxmLxw8gPJmZ6ZtZpbb3m2QS2gF/ypdGIr0Fr:sjJIaxPhmrwWxmpaJmUhpHQSb4Cdr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
020dce9570e88194aaa5a9b3ac017577f363f10a3f3a65f4bfc982634a3fc632

Files

020dce9570e88194aaa5a9b3ac017577f363f10a3f3a65f4bfc982634a3fc632
.exe windows:5 windows x86

5954a2a87c9ec62e972ecf9717879888

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
GetFileSizeEx
GetFileInformationByHandle
InterlockedCompareExchange
PeekNamedPipe
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
GetFileAttributesExA
UnmapViewOfFile
CreateFileMappingW
lstrlenA
GetDriveTypeW
MulDiv
GetLastError
FormatMessageW
GetFileAttributesW
MoveFileExW
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
VirtualAlloc
VirtualFree
GetModuleHandleW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
FileTimeToLocalFileTime
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
WaitForMultipleObjects
WriteFile
SetEndOfFile
SetLastError
GetSystemDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
GetSystemTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetPrivateProfileStringW
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
GlobalFree
GetExitCodeProcess
CreateProcessW
SystemTimeToTzSpecificLocalTime
GetVolumeInformationW
GetLongPathNameW
lstrcpyW
GetFileAttributesExW
FileTimeToSystemTime
ReleaseMutex
CreateMutexW
DeviceIoControl
SetPriorityClass
FlushInstructionCache
HeapCreate
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetLocalTime
GetVersionExA
LoadLibraryA
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetFileType
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
OutputDebugStringW
WaitForSingleObjectEx
SetStdHandle
GetConsoleCP
FlushFileBuffers
WriteConsoleW
FormatMessageA
QueryPerformanceFrequency
SystemTimeToFileTime
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteFileW
GetTempPathW
SetCurrentDirectoryW
GetModuleFileNameW
WideCharToMultiByte
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
CreateFileW
WritePrivateProfileStringW
ReadFile
GetFileSize
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
InitializeCriticalSection
GetExitCodeThread
TerminateThread
CreateThread
QueryDosDeviceW
GetWindowsDirectoryW
GetLogicalDriveStringsW
lstrlenW
lstrcmpiW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
GetVersionExW
LoadLibraryW
CloseHandle
Sleep
OpenProcess
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleA

user32

TrackPopupMenu
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
MsgWaitForMultipleObjects
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
PostMessageW
TrackMouseEvent
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
MapWindowPoints
GetWindowRect
GetClientRect
GetActiveWindow
GetDlgItem
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetFocus
SetFocus
PtInRect
IsRectEmpty
UnionRect
CopyRect
SetRect
SetCursor
AppendMenuW
SetTimer
DestroyWindow
DestroyCursor
LoadCursorW
IntersectRect
GetKeyState
LoadStringW
SetWindowLongW
GetWindowLongW
GetForegroundWindow
GetClassNameW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
SendMessageW
ShowWindow
SetWindowPos
SetWindowTextW
IsWindow
SetForegroundWindow
IsWindowEnabled
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
IsWindowVisible
wsprintfW
UnregisterClassW
CharPrevExA
CharUpperW
GetIconInfo
DrawIconEx
OffsetRect
InflateRect
GetSystemMetrics
GetSysColor
EnableMenuItem
FindWindowW
ClientToScreen
PeekMessageW
EqualRect
DispatchMessageW
TranslateMessage
GetMessageW
CharNextW
LoadImageW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
CreateIconFromResource
LoadBitmapW
DestroyIcon
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
GetCursorPos
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
KillTimer
IsZoomed
SystemParametersInfoW
GetDC
ReleaseDC

advapi32

CryptEnumProvidersA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashA
RegOpenKeyW
RegEnumKeyW
SetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateProcessAsUserW
DuplicateTokenEx
RevertToSelf
ImpersonateLoggedOnUser

shell32

SHFileOperationW
SHGetSpecialFolderPathW
SHChangeNotify
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW

ole32

OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
CreateBindCtx
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoUninitialize
CoInitialize
CoCreateGuid

psapi

EnumProcesses
GetProcessImageFileNameW
EnumProcessModules
GetModuleFileNameExW

shlwapi

SHCreateStreamOnFileEx
PathFileExistsW
SHDeleteKeyW
SHDeleteValueW
SHGetValueW
SHSetValueW
StrToIntExW

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipFree
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipImageGetFrameDimensionsList
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageRectI
GdipDrawImageI
GdipSaveImageToFile
GdipGraphicsClear
GdipAlloc

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

gdi32

GetDeviceCaps
CreateBitmap
CreateRoundRectRgn
EnumFontsW
BitBlt
GetViewportOrgEx
GetCurrentObject
SetViewportOrgEx
GetObjectW
SetGraphicsMode
SelectObject
SelectClipRgn
IntersectClipRect
GetRegionData
ExtCreateRegion
DeleteObject
DeleteDC
CreateFontIndirectW
CreateSolidBrush
GetStockObject
Rectangle
SetBkMode
CreateCompatibleDC
StretchBlt
CreateDIBSection
GdiFlush
GetTextFaceW
ExtTextOutW
SetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsW
GetGlyphOutlineW
GetFontData
GetCharABCWidthsW
EnumFontFamiliesExW

oleaut32

VariantCopy
SysAllocStringLen
SysFreeString
SysAllocString
VariantClear

crypt32

CertOpenStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptMsgClose
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CertEnumCertificatesInStore

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wldap32

ord32
ord27
ord33
ord22
ord41
ord50
ord60
ord211
ord46
ord217
ord35
ord79
ord30
ord200
ord301
ord26
ord143

ws2_32

closesocket
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
getservbyname
send
gethostbyname
htonl
shutdown
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
connect
recv
WSASetLastError
getpeername
select
__WSAFDIsSet
socket
WSAGetLastError
bind

usp10

ScriptShape
ScriptFreeCache
ScriptItemize

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 817KB - Virtual size: 817KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15.0MB - Virtual size: 15.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5954a2a87c9ec62e972ecf9717879888

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

psapi

shlwapi

gdiplus

imm32

gdi32

oleaut32

crypt32

userenv

wldap32

ws2_32

usp10

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 817KB - Virtual size: 817KB

.data Size: 104KB - Virtual size: 235KB

.gfids Size: 512B - Virtual size: 436B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 15.0MB - Virtual size: 15.0MB

.reloc Size: 186KB - Virtual size: 186KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 817KB - Virtual size: 817KB

.data
Size: 104KB - Virtual size: 235KB

.gfids
Size: 512B - Virtual size: 436B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 15.0MB - Virtual size: 15.0MB

.reloc
Size: 186KB - Virtual size: 186KB