3129b3eecc3929ccc3630ce6ebea6f3bb82e39d4508ea7085eeb49957e859314

Sharing

Copy URL Twitter E-mail

General

Target

3129b3eecc3929ccc3630ce6ebea6f3bb82e39d4508ea7085eeb49957e859314
Size

1.6MB
MD5

33d4fd3855b49045c0b7165f4cc9e461
SHA1

11823d53e552698216601d444c440f5be37aa9e2
SHA256

3129b3eecc3929ccc3630ce6ebea6f3bb82e39d4508ea7085eeb49957e859314
SHA512

3078c3cf764bff9de47d5b7a8c117ae21ba17db7193ce866ece7b7f616c32c1c8ec2b41ffa12a19f47369fdce4b6e9831eb0344a375a6e2b6daa3b0fbec70f02
SSDEEP

49152:Hlxs/MnwnTJZuaJ9mt46gFKfecmJcNB02pgePS:Hlxs/oYTXu+FKVkOB02pFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3129b3eecc3929ccc3630ce6ebea6f3bb82e39d4508ea7085eeb49957e859314

Files

3129b3eecc3929ccc3630ce6ebea6f3bb82e39d4508ea7085eeb49957e859314
.exe windows:4 windows x86

1ff137085a7cee65680c13f40291310d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetUserGetInfo
NetUserSetInfo
NetUserChangePassword
NetGetDCName
NetApiBufferFree

mpr

WNetAddConnection2A

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shell32

ExtractIconExA
ShellExecuteW
SHGetSpecialFolderPathA
ShellExecuteExA
SHFileOperationW
ShellExecuteA

shlwapi

StrFormatByteSizeA

mfc42

ord1083
ord1849
ord4532
ord4349
ord5290
ord5253
ord3371
ord3641
ord2583
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4403
ord5240
ord3748
ord1726
ord4432
ord686
ord384
ord303
ord813
ord4244
ord2862
ord6696
ord2096
ord4464
ord3910
ord3301
ord2148
ord2097
ord3293
ord6007
ord3290
ord3914
ord3286
ord3287
ord4083
ord924
ord4508
ord6907
ord6905
ord773
ord5621
ord501
ord3994
ord715
ord415
ord1081
ord3993
ord5605
ord1980
ord3181
ord4058
ord2781
ord2770
ord668
ord356
ord5856
ord3319
ord3311
ord4448
ord4671
ord4676
ord1859
ord4246
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord3350
ord975
ord2880
ord4153
ord2383
ord5284
ord4437
ord4428
ord807
ord796
ord327
ord6491
ord554
ord529
ord402
ord620
ord642
ord2438
ord5871
ord6000
ord2117
ord6565
ord6619
ord2087
ord4163
ord6625
ord4457
ord5255
ord4413
ord4220
ord2584
ord3654
ord1644
ord4501
ord6828
ord4590
ord4907
ord4615
ord4612
ord4610
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord3738
ord815
ord561
ord617
ord5301
ord5214
ord296
ord986
ord411
ord2621
ord1134
ord923
ord1247
ord5642
ord2725
ord996
ord5641
ord665
ord1979
ord6385
ord2814
ord5186
ord354
ord5714
ord3616
ord5651
ord3126
ord3613
ord3127
ord350
ord3811
ord1825
ord4238
ord1669
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1942
ord5259
ord3399
ord3734
ord4272
ord4000
ord6008
ord4507
ord3296
ord2149
ord3297
ord4125
ord6270
ord5607
ord998
ord5261
ord641
ord324
ord2370
ord4234
ord2301
ord2642
ord523
ord791
ord1105
ord1995
ord2077
ord1737
ord1158
ord6282
ord2575
ord4396
ord3402
ord3574
ord3571
ord3619
ord3626
ord809
ord609
ord640
ord2414
ord2405
ord5785
ord1640
ord323
ord2859
ord1641
ord6467
ord556
ord567
ord4275
ord5875
ord3874
ord3797
ord2122
ord1088
ord2431
ord4284
ord2452
ord2578
ord2411
ord2023
ord4218
ord4398
ord3582
ord818
ord616
ord6442
ord4123
ord3317
ord755
ord470
ord4299
ord3706
ord5789
ord6880
ord6605
ord3610
ord656
ord2754
ord5873
ord3698
ord765
ord6734
ord1576
ord3721
ord795
ord5232
ord5718
ord2147
ord1180
ord1568
ord5268
ord541
ord801
ord1768
ord6883
ord6143
ord551
ord1138
ord5645
ord2582
ord4402
ord3370
ord3640
ord693
ord2841
ord2448
ord4243
ord5981
ord3996
ord3496
ord6904
ord3089
ord2639
ord955
ord2044
ord2107
ord5450
ord5834
ord5440
ord6383
ord6394
ord3573
ord4476
ord772
ord6142
ord500
ord3693
ord4133
ord4297
ord5788
ord472
ord5860
ord6172
ord859
ord2763
ord2860
ord6453
ord3988
ord5608
ord5861
ord5823
ord3664
ord1871
ord6571
ord5460
ord2775
ord5681
ord2652
ord4226
ord2726
ord565
ord817
ord4424
ord4622
ord5715
ord5289
ord5307
ord4699
ord4079
ord5303
ord5300
ord3346
ord2396
ord1948
ord6380
ord6197
ord6378
ord2379
ord4710
ord3092
ord5953
ord2864
ord4376
ord2302
ord3597
ord4425
ord2446
ord4441
ord5280
ord2385
ord5241
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord5265
ord5283
ord4772
ord5254
ord1168
ord1146
ord6199
ord2252
ord2863
ord6215
ord794
ord674
ord401
ord527
ord4427
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2445
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4436
ord4837
ord3798
ord1665
ord2649
ord4353
ord6374
ord5163
ord2382
ord5237
ord4407
ord1776
ord4077
ord6055
ord4152
ord2878
ord2879
ord3403
ord5472
ord976
ord5012
ord3351
ord4303
ord5104
ord5100
ord3059
ord2390
ord2723
ord2101
ord5101
ord4245
ord1858
ord536
ord268
ord1567
ord940
ord861
ord6663
ord3810
ord5620
ord539
ord6673
ord2614
ord5572
ord823
ord2915
ord5600
ord2393
ord4160
ord4204
ord1106
ord1175
ord5683
ord2764
ord941
ord926
ord939
ord4129
ord5710
ord4278
ord922
ord4277
ord4203
ord6877
ord858
ord2818
ord535
ord860
ord825
ord540
ord3663
ord800
ord537
ord269
ord826
ord600
ord1578

msvcrt

_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_EH_prolog
strncpy
calloc
_CIpow
_fpclass
_finite
_mbsnbcmp
tolower
toupper
_mbsnbset
vsprintf
_mbscoll
_mbscspn
_mbsspn
_mbspbrk
_ismbcspace
exit
memmove
_mbsrev
_mbslwr
_mbsupr
realloc
strchr
sscanf
_mbschr
strtoul
_mbsstr
_mbsnbicmp
_mbsnbcpy
_wrename
_setmbcp
_ltoa
_strlwr
rename
wcscmp
_findfirst
_findnext
_mbsicoll
_acmdln
__getmainargs
_initterm
__setusermatherr
_controlfp
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_mbsinc
__CxxFrameHandler
sprintf
_mbscmp
_wcsdup
wcslen
_wcsicmp
wcsrchr
wcscpy
atol
strerror
memset
atoi
memcpy
strlen
_itoa
fclose
fread
fopen
free
atof
strcpy
strcmp
_mbsicmp
memcmp
malloc
_findclose
_wfindnexti64
_wfindfirsti64
clock
strstr
_atoi64
printf
_except_handler3
__p___argv
strcat
strpbrk
_vsnprintf
pow
_ftol
perror
strtol
_heapmin
wcschr
wcscat
_strrev
_errno

kernel32

CreateFileW
SystemTimeToFileTime
CreateFileA
CloseHandle
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
OutputDebugStringA
GetFileAttributesExA
WideCharToMultiByte
MultiByteToWideChar
ResetEvent
EnterCriticalSection
SetEvent
Sleep
LeaveCriticalSection
GetLastError
FormatMessageW
LocalFree
ResumeThread
CreateEventA
LoadResource
SizeofResource
FindResourceA
WinExec
FindCloseChangeNotification
LocalAlloc
GetCurrentProcess
GetCurrentThread
CopyFileA
InitializeCriticalSection
CreateProcessA
SetPriorityClass
CreateDirectoryA
OpenProcess
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetSystemTimeAsFileTime
WritePrivateProfileStringA
GetShortPathNameA
GetUserDefaultLangID
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
GetEnvironmentVariableA
OutputDebugStringW
GetStartupInfoA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetWindowsDirectoryA
GetComputerNameA
SetFilePointer
GetVolumeInformationW
lstrcpynA
lstrlenA
lstrcpyA
SetLastError
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
WaitNamedPipeA
lstrlenW
CreateDirectoryW
DeleteFileW
DeleteFileA
SetFileAttributesW
GetFileAttributesW
SetFileAttributesA
GetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
GetFileAttributesExW
WaitForSingleObject
GetTickCount
GetACP
FileTimeToLocalFileTime
GetPriorityClass
GetFileSize
DeleteCriticalSection
CreateThread
GetExitCodeThread
GetDiskFreeSpaceA
GetLogicalDrives
FindClose
FindNextFileA
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FormatMessageA
FindFirstFileA
RemoveDirectoryA
RemoveDirectoryW
MoveFileA
WriteFile
ReadFile
GlobalMemoryStatus
SetThreadPriority
GetModuleFileNameA
GetTempPathA
GetCurrentDirectoryA
CreateMutexA
TerminateThread
ReleaseMutex
SleepEx
GetModuleHandleA
GetVersionExA
lstrcmpiA
SuspendThread
GetPrivateProfileStringA
LockResource
FlushFileBuffers

user32

GetParent
LoadBitmapA
GetDesktopWindow
GetDC
ReleaseDC
AppendMenuA
LoadMenuA
EnableMenuItem
GetSysColor
GetWindow
GetClassNameA
SendNotifyMessageA
EnumWindows
DeleteMenu
GetMenu
CreatePopupMenu
InsertMenuA
GetSubMenu
DrawMenuBar
GetFocus
wsprintfW
wsprintfA
MessageBeep
PostMessageA
GetWindowLongA
SystemParametersInfoA
DestroyIcon
GetKeyState
GetMessagePos
GetClientRect
GetCapture
LoadCursorA
SetCursor
GetClassLongA
ClientToScreen
GetWindowRect
SetCapture
PtInRect
SetRect
OffsetRect
FindWindowExA
GetWindowDC
PostThreadMessageA
RemoveMenu
DrawFocusRect
GetNextDlgGroupItem
ReleaseCapture
GetCursorPos
ScreenToClient
PostQuitMessage
EnableWindow
KillTimer
InvalidateRect
UpdateWindow
PeekMessageA
GetSystemMenu
SendMessageA
LoadIconA
IsWindow
GetActiveWindow
IsWindowEnabled
LoadStringA
WindowFromPoint
GetSystemMetrics
IsWindowVisible
RedrawWindow
DestroyCursor
SetWindowLongA
CopyIcon
SetActiveWindow
SetTimer
SetForegroundWindow
DispatchMessageA
InflateRect

gdi32

TextOutA
GetStockObject
GetTextMetricsA
CreateSolidBrush
GetTextExtentPoint32A
GetObjectA
DeleteObject
CreateFontIndirectA
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetTextJustification

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegQueryValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
ImpersonateSelf
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
GetLengthSid
SetSecurityDescriptorDacl
RegQueryValueExA
InitializeSecurityDescriptor
FreeSid
RevertToSelf
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck

comctl32

ImageList_DragShowNolock
ImageList_Draw
ImageList_ReplaceIcon
ImageList_EndDrag
ImageList_DragLeave
ImageList_GetImageInfo
ImageList_DragMove
ImageList_BeginDrag
ImageList_DragEnter

ole32

CoTaskMemFree

oleaut32

SysAllocStringLen

msvcp60

?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z

wsock32

getsockopt
inet_addr
setsockopt

powrprof

PowerSetActiveScheme
PowerGetActiveScheme
PowerReadACValueIndex
PowerWriteACValueIndex

secur32

GetUserNameExA

Sections

.text
Size: 1020KB - Virtual size: 1016KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ff137085a7cee65680c13f40291310d

Headers

File Characteristics

Imports

netapi32

mpr

version

shell32

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

comctl32

ole32

oleaut32

msvcp60

wsock32

powrprof

secur32

Sections

.text Size: 1020KB - Virtual size: 1016KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 72KB - Virtual size: 345KB

.rsrc Size: 472KB - Virtual size: 471KB

.text
Size: 1020KB - Virtual size: 1016KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 72KB - Virtual size: 345KB

.rsrc
Size: 472KB - Virtual size: 471KB