9f698c7c4106956c311365473190d83c214b498456127543a837979bdc23a705

Sharing

Copy URL Twitter E-mail

General

Target

9f698c7c4106956c311365473190d83c214b498456127543a837979bdc23a705
Size

725KB
MD5

8f795ef859dc84e08ca40b92484c2964
SHA1

7d040d682b8eb3bd3510ff8430704b20c568baf2
SHA256

9f698c7c4106956c311365473190d83c214b498456127543a837979bdc23a705
SHA512

dcd9d4dfa399dc655cbf99fa320dfeb88814ce2beed8c2f33d2ff19b7df6514338e66f9d71dd3c696ac1cc822fc0a83ad124b0fc8559669a004f16379fe27edb
SSDEEP

12288:FMW5A0akaKUF2pJI5wWYhB59JIm/e1RUBfSzsu7TpOf:FUGUF2pJxD9ORUBfSzPd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f698c7c4106956c311365473190d83c214b498456127543a837979bdc23a705

Files

9f698c7c4106956c311365473190d83c214b498456127543a837979bdc23a705
.exe windows:5 windows x86

2f558f8c29c33206d869881821b13359

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalDeleteAtom
lstrcmpW
GlobalFindAtomA
FreeResource
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapFree
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
GetFullPathNameW
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
ExitThread
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
GetACP
IsValidCodePage
GetStdHandle
GetCurrentThread
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetCurrentDirectoryA
GetDriveTypeA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
ConvertDefaultLocale
EnumResourceLanguagesA
InterlockedCompareExchange
GetProcessHeap
GetLocaleInfoA
InterlockedExchange
GetFileTime
GetFileSizeEx
GetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
FileTimeToLocalFileTime
SetErrorMode
SuspendThread
SetEvent
GlobalFlags
GlobalAddAtomA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
DuplicateHandle
UnlockFile
LockFile
ReadFile
GetStringTypeExA
MoveFileA
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
lstrcmpA
GetAtomNameA
GlobalGetAtomNameA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetModuleHandleW
CompareStringA
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
MulDiv
DeleteFileW
GetCurrentProcess
GetCurrentProcessId
CreateDirectoryW
SetUnhandledExceptionFilter
FindClose
FindNextFileW
FindFirstFileW
lstrcpyW
SetLastError
CreateFileW
FindResourceW
GetModuleFileNameW
WaitForMultipleObjects
CreateEventA
Sleep
WritePrivateProfileStringA
GetPrivateProfileIntA
SetFileAttributesA
CreateFileA
GetFileSize
SetFilePointer
WriteFile
FlushFileBuffers
SetEndOfFile
DeleteFileA
OpenProcess
GetCurrentThreadId
ExitProcess
CreateThread
SetThreadPriority
ResumeThread
TerminateThread
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetVersion
GetVersionExA
FreeLibrary
LoadLibraryA
GetProcAddress
lstrlenA
MultiByteToWideChar
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
WideCharToMultiByte
OpenEventA
WaitForSingleObject
CloseHandle
GetModuleFileNameA
GetLastError
GetPrivateProfileStringA
FormatMessageA
FreeEnvironmentStringsA
LocalFree

user32

InsertMenuItemA
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorA
InvalidateRect
SetRectEmpty
GetDialogBaseUnits
GetMenuItemInfoA
InflateRect
ShowOwnedPopups
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
UpdateWindow
GetClientRect
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CopyRect
CallWindowProcA
GetMenu
IntersectRect
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadAcceleratorsA
ModifyMenuA
CheckMenuItem
IsIconic
SetWindowPos
ScrollWindowEx
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
RegisterClassExA
CreateWindowExA
DestroyWindow
DestroyIcon
UnregisterClassA
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
PtInRect
SetWindowTextA
CharUpperA
GetWindowTextLengthA
GetWindowTextA
GetWindowThreadProcessId
SendMessageA
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetMenuState
GetMenuStringA
AppendMenuA
InsertMenuA
GetMenuItemCount
SetCapture
LockWindowUpdate
GetDCEx
UnionRect
GetSystemMenu
IsRectEmpty
MapVirtualKeyA
GetKeyNameTextA
LoadImageA
LoadIconA
SetTimer
KillTimer
WindowFromPoint
SetRect
UnpackDDElParam
ReuseDDElParam
GetMenuBarInfo
LoadBitmapA
ReleaseCapture
LoadStringA
IsWindow
SetMenuDefaultItem
DestroyMenu
GetSubMenu
LoadMenuA
GetMenuItemID
PostMessageA
TrackPopupMenu
SetForegroundWindow
GetCursorPos
RemoveMenu
wsprintfW
LoadCursorA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
GetDesktopWindow
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
MessageBoxA
RegisterWindowMessageA
RedrawWindow
SetActiveWindow
DrawAnimatedRects
GetWindowLongA
SetWindowLongA
SetParent
FindWindowA
EnumChildWindows
SystemParametersInfoA
GetClassNameA
GetWindowRect
DefWindowProcA
DeleteMenu
EnableMenuItem
OffsetRect

gdi32

CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextExtentPoint32A
GetCharWidthA
CreateFontA
StretchDIBits
CreateCompatibleBitmap
GetBkColor
CreateFontIndirectA
CreateSolidBrush
CreateHatchBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreateCompatibleDC
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
SetViewportExtEx
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
GetTextMetricsA
GetStockObject
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
DeleteObject
CreateDCA
CopyMetaFileA
GetDeviceCaps
ScaleViewportExtEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetOpenFileNameA
GetFileTitleA

advapi32

RegDeleteValueA
RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCreateKeyExA
RegSetValueA
RegCloseKey
QueryServiceStatus
OpenProcessToken
DuplicateTokenEx
ImpersonateLoggedOnUser
GetTokenInformation
LookupAccountSidA
OpenSCManagerA
DeleteService
OpenServiceA
ControlService
CloseServiceHandle
RegQueryValueExA

shell32

DragQueryFileA
SHAppBarMessage
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ExtractIconA
SHGetFileInfoA
Shell_NotifyIconA
DragFinish

ole32

StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
ReadClassStg
CoTaskMemAlloc
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoCreateInstance
OleRun
CoInitialize
CoUninitialize
StringFromGUID2
OleDuplicateData
CoDisconnectObject
CLSIDFromString
CoInitializeEx
ReadFmtUserTypeStg

oleaut32

SysStringLen
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SystemTimeToVariantTime
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysAllocStringLen
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
VariantInit
VarUdateFromDate
VariantTimeToSystemTime
SysFreeString
SafeArrayAllocDescriptor
GetErrorInfo
SetErrorInfo
CreateErrorInfo

netcheckalarm

?IsCurrentAppAlreadyRun@@YAHXZ
?IsMainAppRunning@@YAHPBD@Z

shlwapi

PathRemoveFileSpecW
PathFindExtensionA
PathFindFileNameA
PathRemoveExtensionA
PathStripToRootA
PathIsUNCA

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f558f8c29c33206d869881821b13359

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

netcheckalarm

shlwapi

oleacc

dbghelp

Sections

.text Size: 564KB - Virtual size: 564KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 13KB - Virtual size: 33KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 564KB - Virtual size: 564KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 13KB - Virtual size: 33KB

.rsrc
Size: 26KB - Virtual size: 26KB