9982e9f1586c915c58308d0e84e0c1809f20f4684169c0aed194967e0bb7191e

Sharing

Copy URL Twitter E-mail

General

Target

9982e9f1586c915c58308d0e84e0c1809f20f4684169c0aed194967e0bb7191e
Size

4.0MB
MD5

a6255a8f39c8e0dc138d141581bdd50c
SHA1

b88f901222d688292d316bb064efd20e51d3fbb6
SHA256

9982e9f1586c915c58308d0e84e0c1809f20f4684169c0aed194967e0bb7191e
SHA512

eed4a2fa72fd562b8ebc016ce885ed63dba1daccbe62e35062de1db80691175fb6a198f5dc213888ecaef3626bc848d2330d660698cc2bc3c1b7d91f2c0d6543
SSDEEP

98304:ev1Wc+rybzfrCbWV946Na+IcxRtm5trYQl4s3vKvORP3zcQr/6o55wN+:ev1Wc+rybzfrCbWV9vWNbzcQr/6ofwN+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9982e9f1586c915c58308d0e84e0c1809f20f4684169c0aed194967e0bb7191e

Files

9982e9f1586c915c58308d0e84e0c1809f20f4684169c0aed194967e0bb7191e
.exe windows:6 windows x86

e26512cd25fd87d08d673e37d8ac7863

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htons
recvfrom
sendto
setsockopt
socket
WSAGetLastError
WSAStartup
WSACleanup
inet_ntoa
gethostbyname
getaddrinfo
htonl
connect
select
__WSAFDIsSet
send
recv
WSASocketW
ntohs
listen
accept
getsockname
gethostbyaddr
ioctlsocket
closesocket
inet_addr
freeaddrinfo
bind

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateContext
CertFindCertificateInStore

sangfordll

QueryL3vpnServiceStatus
QueryTcpServiceStatus
LogoutSslVpn

kernel32

GlobalDeleteAtom
lstrcmpW
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
GlobalGetAtomNameW
EncodePointer
GetSystemDirectoryW
GlobalAddAtomW
GlobalFindAtomW
GetPrivateProfileIntW
GetCurrentDirectoryW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
SetErrorMode
FindResourceExW
GetTempPathW
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
WriteConsoleW
GetFullPathNameW
OutputDebugStringW
lstrcmpiW
GetModuleHandleA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCurrentThread
OutputDebugStringA
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
lstrcpyW
GetConsoleOutputCP
SetFilePointerEx
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
VirtualQuery
VirtualAlloc
HeapQueryInformation
SetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileInformationByHandle
GetDriveTypeW
MoveFileExW
GetCommandLineA
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
CloseHandle
RaiseException
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
OpenFileMappingW
MapViewOfFile
GetFileSize
FlushFileBuffers
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
SuspendThread
SetThreadPriority
lstrcmpA
MulDiv
GlobalLock
GlobalUnlock
GlobalSize
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FindNextFileW
LoadLibraryA
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTimeAsFileTime
CreateFiber
DeleteFiber
SwitchToFiber
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
GetFileType
GetStdHandle
GetComputerNameA
CreateFileA
FileTimeToSystemTime
SystemTimeToFileTime
InitializeCriticalSectionEx
WritePrivateProfileStringW
GetWindowsDirectoryW
GetEnvironmentVariableW
GetModuleHandleExW
ExitProcess
SetUnhandledExceptionFilter
GetPrivateProfileStringW
WriteFile
DuplicateHandle
PeekNamedPipe
CreateProcessW
UnmapViewOfFile
lstrlenW
WideCharToMultiByte
GetStartupInfoW
CreatePipe
K32GetModuleFileNameExW
K32EnumProcessModules
GetExitCodeProcess
CreateMutexW
Process32NextW
Process32FirstW
LoadLibraryW
LoadLibraryExW
GetComputerNameExW
GetComputerNameW
DeviceIoControl
GlobalFree
GlobalAlloc
GetSystemInfo
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
FormatMessageW
GetFileTime
CopyFileW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
FindClose
FindFirstFileW
GetLogicalDrives
MoveFileA
GetLocalTime
GetModuleFileNameA
GetCurrentThreadId
OpenProcess
TerminateProcess
GetCurrentProcess
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ReadFile
CreateFileW
SetConsoleCtrlHandler
GetModuleHandleW
GetModuleFileNameW
GetTickCount
GetCurrentProcessId
CreateEventW
GetCommandLineW
GetProcAddress
FreeLibrary
DeleteFileA
CreateDirectoryW
TerminateThread
LocalFree
LocalAlloc
DeleteFileW
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
lstrlenA
WinExec
ResumeThread
GetExitCodeThread
WaitForSingleObject
ResetEvent
SetEvent
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource

user32

FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
SetParent
SetWindowRgn
SetClassLongW
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
DrawIcon
TrackMouseEvent
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
GetMenuItemInfoW
DestroyMenu
DestroyIcon
IntersectRect
InflateRect
InvalidateRect
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
SetCursor
SystemParametersInfoW
CopyImage
IsDialogMessageW
SetWindowTextW
LoadAcceleratorsW
MoveWindow
GetMonitorInfoW
MonitorFromWindow
DispatchMessageW
UnionRect
UpdateLayeredWindow
LoadImageW
MonitorFromPoint
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetClientRect
RemovePropW
GetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
TranslateMessage
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
CheckDlgButton
GetMessageW
RemoveMenu
AppendMenuW
InsertMenuW
DrawMenuBar
PeekMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
SendMessageW
CharUpperW
PostMessageW
PostQuitMessage
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetDesktopWindow
UnhookWindowsHookEx
EnableWindow
IsWindowEnabled
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetSysColorBrush
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
IsWindow
ShowWindow
ShowOwnedPopups
FindWindowW
FindWindowA
GetSystemMetrics
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
GetUpdateRect
SetPropW
GetClassInfoW

gdi32

GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateFontIndirectW
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
SetTextColor
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
EnumFontFamiliesW
CopyMetaFileW
CreateDCW
GetDeviceCaps
BitBlt
CreateBitmap
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
DeleteDC
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetObjectType
SetPaletteEntries
SetTextAlign
GetPixel
GetStockObject
GetTextCharsetInfo
CreateSolidBrush
GetViewportExtEx

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
SetFileSecurityW
SetSecurityDescriptorDacl
AddAccessAllowedAce
LookupAccountNameW
InitializeAcl
InitializeSecurityDescriptor
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
SHBrowseForFolderW
DragFinish
DragQueryFileW
ShellExecuteW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathRemoveFileSpecW
StrFormatKBSizeW
PathStripToRootW

uxtheme

GetThemePartSize
GetThemeSysColor
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent

ole32

OleCreateMenuDescriptor
OleTranslateAccelerator
OleLockRunning
RevokeDragDrop
RegisterDragDrop
IsAccelerator
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitialize
OleDestroyMenuDescriptor
CoLockObjectExternal

oleaut32

LoadTypeLi
SysAllocStringLen
SysStringLen
SysFreeString
VariantCopy
VariantChangeType
VarBstrFromDate
SysAllocString
VarUdateFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
VariantClear

winmm

PlaySoundW

iphlpapi

SendARP
GetAdaptersInfo
GetInterfaceInfo

mprapi

MprConfigServerDisconnect
MprConfigGetFriendlyName
MprConfigServerConnect

setupapi

SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status

rasapi32

RasHangUpW
RasGetProjectionInfoW
RasGetErrorStringW
RasEnumConnectionsW

wsock32

WSASetLastError

bcrypt

BCryptGenRandom

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipGetImageGraphicsContext
GdipCloneImage
GdipDisposeImage

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 815KB - Virtual size: 814KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e26512cd25fd87d08d673e37d8ac7863

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

sangfordll

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

winmm

iphlpapi

mprapi

setupapi

rasapi32

wsock32

bcrypt

gdiplus

oleacc

imm32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 815KB - Virtual size: 814KB

.data Size: 40KB - Virtual size: 88KB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 207KB - Virtual size: 207KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 815KB - Virtual size: 814KB

.data
Size: 40KB - Virtual size: 88KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 207KB - Virtual size: 207KB