2de13f96aae0f6d8b6bd61ab40f65c08fcfa3651cbeebf84222b0d98fbfe870c

Sharing

Copy URL Twitter E-mail

General

Target

2de13f96aae0f6d8b6bd61ab40f65c08fcfa3651cbeebf84222b0d98fbfe870c
Size

3.8MB
MD5

a5288ab0d9876dc7658b33e760305175
SHA1

181e0561404c6b764d32640da5e57d0a6fdb175d
SHA256

2de13f96aae0f6d8b6bd61ab40f65c08fcfa3651cbeebf84222b0d98fbfe870c
SHA512

1cdc0ac6e96e38485daee4f9ccb92cbbc22f9f37a155bdb567df200c27691f688fee02c7ee2b0ea2b9b0d6eb4298e9a68cd6a7da78091998a630a7f2842f4025
SSDEEP

98304:JUNbZ/tM9yTsA662SJnfPEm8uX4ELBGGy1ZwnREnPpqC25FBRvMPd2JcbH:JUNbZ/tM9yTsA662S/8m37n4ORvMPoJc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2de13f96aae0f6d8b6bd61ab40f65c08fcfa3651cbeebf84222b0d98fbfe870c

Files

2de13f96aae0f6d8b6bd61ab40f65c08fcfa3651cbeebf84222b0d98fbfe870c
.dll windows:6 windows x86

21e514ee419c243a41664d7e04ce4c1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertOpenStore

ws2_32

htons
WSASetLastError
WSAStartup
WSAGetLastError
inet_ntoa
gethostbyname
WSACleanup
setsockopt
closesocket
socket
getaddrinfo
freeaddrinfo
ioctlsocket
connect
select
__WSAFDIsSet
send
recv
WSASocketW
sendto
recvfrom
bind
listen
gethostbyaddr
getsockname
inet_addr
accept

dnsapi

DnsFree
DnsQuery_W

kernel32

LocalReAlloc
SetErrorMode
GlobalGetAtomNameW
CompareStringW
EncodePointer
GetSystemDirectoryW
GetCurrentDirectoryW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GlobalFindAtomW
VirtualProtect
lstrcpyW
FindResourceExW
GetWindowsDirectoryW
GetTempPathW
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalReAlloc
GetACP
IsValidCodePage
FindFirstFileExW
MoveFileExW
GetConsoleOutputCP
SetFilePointerEx
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
VirtualQuery
VirtualAlloc
HeapQueryInformation
SetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
ExitProcess
GetCommandLineW
GetCommandLineA
InterlockedFlushSList
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringEx
OutputDebugStringW
LocalAlloc
GlobalHandle
GetFileSizeEx
GetFileAttributesExW
GetOEMCP
SizeofResource
LockResource
LoadResource
FindResourceW
MultiByteToWideChar
GetLastError
lstrlenA
lstrlenW
WideCharToMultiByte
TerminateThread
ResumeThread
HeapAlloc
GetProcessHeap
HeapFree
Sleep
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
RaiseException
DecodePointer
DeleteCriticalSection
GetCurrentThreadId
GetFileAttributesW
GetCurrentProcessId
GetModuleFileNameA
GetLocalTime
MoveFileA
DeleteFileA
LocalFree
FormatMessageW
VerSetConditionMask
VerifyVersionInfoW
GetVersionExW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetSystemInfo
DeleteFileW
GlobalAlloc
GlobalFree
CreateFileW
DeviceIoControl
CloseHandle
GetTickCount
FreeLibrary
WTSGetActiveConsoleSessionId
GetComputerNameW
LoadLibraryExW
LoadLibraryW
GetSystemPowerStatus
GetTimeZoneInformation
GetModuleFileNameW
WaitForSingleObject
WriteFile
QueryPerformanceFrequency
QueryPerformanceCounter
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
GetExitCodeProcess
TerminateProcess
CreatePipe
GetStartupInfoW
CreateProcessW
PeekNamedPipe
ReadFile
DuplicateHandle
InitializeCriticalSectionEx
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLogicalDrives
FindFirstFileW
FindClose
CreateDirectoryW
CopyFileW
GetFileTime
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
SystemTimeToFileTime
FileTimeToSystemTime
CreateEventW
ResetEvent
SetEvent
CreateFileA
GetComputerNameA
GetStdHandle
GetFileType
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
FindNextFileW
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
GlobalSize
GlobalUnlock
GlobalLock
MulDiv
lstrcmpA
OutputDebugStringA
GetCurrentThread
GetModuleHandleA
GlobalDeleteAtom
lstrcmpW
SetThreadPriority
SuspendThread
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
lstrcmpiW
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime

user32

EndDialog
CreateDialogIndirectParamW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
GetMenuItemInfoW
DestroyMenu
IntersectRect
InflateRect
DestroyIcon
IsDialogMessageW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetTopWindow
GetClassLongW
SetWindowLongW
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetNextDlgTabItem
GetMessagePos
RegisterWindowMessageW
InvalidateRect
DrawFrameControl
KillTimer
SetTimer
RealChildWindowFromPoint
GetWindow
EnumDisplayMonitors
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
UnregisterClassW
FindWindowA
SendMessageW
PtInRect
GetWindowRect
SetWindowTextW
GetDlgCtrlID
DeleteMenu
SystemParametersInfoW
CopyImage
GetClientRect
LoadCursorW
GetSysColorBrush
GetWindowTextLengthW
GetWindowTextW
GetDesktopWindow
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
PostMessageW
PostQuitMessage
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetParent
LoadBitmapW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
ShowOwnedPopups
GetAsyncKeyState
MapDialogRect
TrackMouseEvent
LoadImageW
GetNextDlgGroupItem
SetCapture
ReleaseCapture
WindowFromPoint
DrawFocusRect
IsRectEmpty
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
GetMessageTime
SetCursor
EnableWindow
IsWindowEnabled
GetWindowLongW
GetWindowThreadProcessId
GetLastActivePopup
UnhookWindowsHookEx
CharUpperW
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
GetSystemMetrics
DrawTextW
GetKeyboardState
DrawTextExW
GrayStringW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
SetLayeredWindowAttributes
SetClassLongW
SetWindowRgn
SetParent
GetClassNameW
DrawEdge
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
UpdateWindow

gdi32

GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
GetTextExtentPoint32W
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CreateFontIndirectW
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
GetObjectW
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW
EnumFontFamiliesW

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumKeyExW
RegQueryValueExW
GetUserNameW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
SHAppBarMessage
SHBrowseForFolderW
DragFinish

shlwapi

PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW
StrFormatKBSizeW
PathStripToRootW
PathFindFileNameW

uxtheme

GetThemeColor
DrawThemeBackground
CloseThemeData
GetCurrentThemeName
DrawThemeParentBackground
DrawThemeText
GetThemePartSize
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
OpenThemeData

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
OleDuplicateData
ReleaseStgMedium
CoCreateGuid
CoDisconnectObject
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoInitializeSecurity

oleaut32

SysAllocStringLen
SysStringLen
VariantCopy
VariantChangeType
VarBstrFromDate
LoadTypeLi
VariantInit
VarUdateFromDate
SystemTimeToVariantTime
VariantClear
SysFreeString
VariantTimeToSystemTime
SysAllocString

winmm

PlaySoundW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

bcrypt

BCryptGenRandom

gdiplus

GdiplusStartup
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipGetImageHeight
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc
GdiplusShutdown
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipDisposeImage
GdipBitmapUnlockBits
GdipCloneImage
GdipFree
GdipGetImagePalette

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

Exports

Exports

CreateNetworkInstance
DestroyNetworkInstance

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 777KB - Virtual size: 777KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21e514ee419c243a41664d7e04ce4c1b

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ws2_32

dnsapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

winmm

wtsapi32

bcrypt

gdiplus

oleacc

imm32

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 777KB - Virtual size: 777KB

.data Size: 39KB - Virtual size: 85KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 199KB - Virtual size: 198KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 777KB - Virtual size: 777KB

.data
Size: 39KB - Virtual size: 85KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 199KB - Virtual size: 198KB