03c447873eb138c4b3027ce2dae8ad06eb875aa4c7b477caa52458e8bb0e5a6e

Sharing

Copy URL Twitter E-mail

General

Target

03c447873eb138c4b3027ce2dae8ad06eb875aa4c7b477caa52458e8bb0e5a6e
Size

4.5MB
MD5

fe2ff66754d761b31b49f6ba6ae52996
SHA1

e9501c119d3193dbc132513ce2dbe8aec9ea8ba4
SHA256

03c447873eb138c4b3027ce2dae8ad06eb875aa4c7b477caa52458e8bb0e5a6e
SHA512

0da4a8bca449093dbec534750c8163dd5a285cb15fd114da736a3dfcb26baa058cfb8f45ea94d116a702712b2fed29048c9f1c4967bcf0a52baa24aa3866392f
SSDEEP

49152:OBb0aqvo4JHOTa5jsn9KshTH6SNvFVRtg46hReYu4uwFqMtyzeeRQ9F+8:e0tOesEqz6OtVR65PhVFqMtNe0+8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03c447873eb138c4b3027ce2dae8ad06eb875aa4c7b477caa52458e8bb0e5a6e

Files

03c447873eb138c4b3027ce2dae8ad06eb875aa4c7b477caa52458e8bb0e5a6e
.exe windows:6 windows x86

608e84b0c081522d157b2d3c94f0cfe1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
SetCurrentDirectoryW
CreateProcessW
CopyFileW
VirtualQuery
GetQueuedCompletionStatus
SetEvent
ResetEvent
GetLocalTime
GetSystemTimeAsFileTime
lstrlenW
VerSetConditionMask
VerifyVersionInfoW
lstrcmpiW
LoadLibraryExW
SetFileTime
SetFileAttributesW
PostQueuedCompletionStatus
CreateIoCompletionPort
GlobalFlags
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
RemoveDirectoryW
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetFileType
GetStdHandle
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringEx
LocalFree
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
GetEnvironmentVariableW
OutputDebugStringA
GetCurrentProcess
FindNextFileW
GetCommandLineW
CreateDirectoryW
FreeLibrary
LoadLibraryW
GetUserDefaultLCID
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
GlobalReAlloc
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
GetTickCount
TerminateProcess
OpenProcess
Process32NextW
GetSystemInfo
Process32FirstW
CreateToolhelp32Snapshot
TerminateThread
GetExitCodeThread
SetWaitableTimer
CreateWaitableTimerW
OpenEventW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
CreateThread
GetFileAttributesW
ExitProcess
Sleep
MultiByteToWideChar
DeleteFileW
CreateEventW
LeaveCriticalSection
WriteFile
SetFilePointerEx
ReadFile
SetFilePointer
CreateFileW
FindClose
FindFirstFileW
GetModuleFileNameW
GetTempPathW
GetSystemDirectoryW
GetWindowsDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTickCount64
GetTimeZoneInformation
WideCharToMultiByte
MoveFileW
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleFileNameA
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
CreateMutexExW
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
HeapSize
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSectionEx
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetACP

user32

RegisterClassExW
GetClassInfoExW
wsprintfW
ModifyMenuW
GetMenu
GetMenuItemCount
DeleteMenu
CreatePopupMenu
TrackPopupMenu
GetSubMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
DestroyMenu
TranslateAcceleratorW
CheckMenuItem
AppendMenuW
EnableMenuItem
CreateMenu
GetWindowThreadProcessId
MonitorFromWindow
SetActiveWindow
WaitForInputIdle
OpenClipboard
GetMonitorInfoW
CloseClipboard
EmptyClipboard
MoveWindow
EnumWindows
SetClipboardData
EnumDisplaySettingsW
BeginPaint
DrawEdge
DrawTextW
FrameRect
CopyRect
FillRect
ReleaseCapture
PtInRect
SetCapture
IsRectEmpty
GetCapture
UnregisterClassW
GetSystemMetrics
GetCursorPos
UpdateWindow
DestroyCursor
MessageBoxW
GetWindowLongW
SendMessageW
SetWindowPos
ClientToScreen
DrawFrameControl
RegisterWindowMessageW
SystemParametersInfoW
SetRect
DrawFocusRect
RedrawWindow
OffsetRect
InflateRect
GetMessagePos
CharNextW
PostQuitMessage
FindWindowExW
GetNextDlgTabItem
IsIconic
GetClassNameW
IntersectRect
SetMenu
IsWindowEnabled
IsChild
GetDlgCtrlID
IsDialogMessageW
DrawIcon
SetWindowRgn
GetSystemMenu
GetLastActivePopup
SetParent
PostMessageW
GetPropW
CreateWindowExW
RemovePropW
SetWindowLongW
InvalidateRect
GetWindowTextW
GetWindowTextLengthW
GetActiveWindow
DefWindowProcW
CallWindowProcW
WinHelpW
DestroyWindow
IsWindow
SetScrollRange
GetScrollRange
GetScrollPos
GetSysColor
GetDlgItem
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SetWindowTextW
IsWindowVisible
ShowWindow
EnableWindow
LoadCursorW
SetCursorPos
GetWindowRect
GetParent
ScreenToClient
GetTopWindow
GetFocus
SetFocus
GetClientRect
GetKeyState
SetCursor
GetWindow
AdjustWindowRectEx
SetTimer
KillTimer
MsgWaitForMultipleObjects
ReleaseDC
GetWindowDC
GetDC
LoadImageW
GetDesktopWindow
LoadIconW
SetPropW
RegisterClassW
GetClassInfoW
LoadStringW
MessageBeep
ChildWindowFromPointEx
WindowFromPoint
SetScrollPos
IsZoomed
EndPaint
DestroyIcon

gdi32

PatBlt
Rectangle
CreatePen
CreateEllipticRgn
CreateRoundRectRgn
ExcludeClipRect
GetTextMetricsW
DPtoLP
RoundRect
SetROP2
SetMapMode
LPtoDP
Ellipse
MoveToEx
GetViewportExtEx
LineTo
GetCurrentObject
SelectObject
SetPolyFillMode
CreateDCW
GetWindowExtEx
SetBkColor
GetViewportOrgEx
CombineRgn
CreateBitmap
SetViewportOrgEx
ExtCreateRegion
CreatePatternBrush
GetWindowOrgEx
SetWindowExtEx
SetWindowOrgEx
CreateHatchBrush
CreateBrushIndirect
SetPixel
CreateRectRgn
SetTextColor
SetBkMode
SelectClipRgn
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GdiAlphaBlend
StretchBlt
RealizePalette
GetDIBits
GetDeviceCaps
GetSystemPaletteEntries
SelectPalette
CreatePalette
DeleteObject
GetStockObject
CreateSolidBrush
ExtSelectClipRgn
ExtTextOutW
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap
SetStretchBltMode
GetObjectW
DeleteDC
CreateFontIndirectW
GetPixel
GetClipBox

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
ChooseColorW

advapi32

RegGetValueW
EventWriteTransfer
EventSetInformation
EventRegister
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
EventUnregister

shell32

DragQueryFileW
Shell_NotifyIconW
SHCreateDirectoryExW
ShellExecuteW
DragFinish
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CLSIDFromProgID
CreateStreamOnHGlobal
CoUninitialize
OleRun
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoInitializeEx

oleaut32

SysFreeString
VariantTimeToSystemTime
VariantClear
VariantChangeType
VarCmp
VarUI4FromStr
SystemTimeToVariantTime
VarUdateFromDate
LHashValOfNameSys
VariantInit
LoadTypeLi
VariantCopyInd
RegisterTypeLi
SysAllocString
VariantCopy

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_Destroy
ImageList_Create
ImageList_GetImageCount

libcrypto-1_1

EVP_CIPHER_CTX_new
EVP_CipherInit_ex
EVP_CIPHER_CTX_set_padding
EVP_CipherUpdate
CONF_modules_unload
OPENSSL_init_crypto
EVP_CIPHER_CTX_free
EVP_rc4

sqlite3

sqlite3_exec
sqlite3_column_int
sqlite3_step
sqlite3_column_count
sqlite3_last_insert_rowid
sqlite3_prepare_v2
sqlite3_free
sqlite3_config
sqlite3_open_v2
sqlite3_close_v2
sqlite3_finalize
sqlite3_column_text

libcurl

curl_easy_setopt
curl_easy_cleanup
curl_slist_append
curl_easy_pause
curl_slist_free_all
curl_easy_perform
curl_easy_getinfo
curl_easy_init
curl_global_cleanup
curl_global_init

cximagecrt

?DestroyFrames@CxImage@@QAE_NXZ
?GetWidth@CxImage@@QBEIXZ
?GetHeight@CxImage@@QBEIXZ
?Crop@CxImage@@QAE_NHHHHPAV1@@Z
?Load@CxImage@@QAE_NPB_WI@Z
??0CxImage@@QAE@I@Z
?RGBtoRGBQUAD@CxImage@@SA?AUtagRGBQUAD@@K@Z
?Mirror@CxImage@@QAE_N_N0@Z
?GetBuffer@CxMemFile@@QAEPAE_N@Z
?Size@CxMemFile@@UAEHXZ
?Encode@CxImage@@QAE_NPAVCxFile@@I@Z
?Open@CxMemFile@@QAE_NXZ
?Destroy@CxImage@@QAE_NXZ
?Rotate@CxImage@@QAE_NMPAV1@@Z
?Save@CxImage@@QAE_NPB_WI@Z
?Expand@CxImage@@QAE_NHHHHUtagRGBQUAD@@PAV1@@Z
?Decode@CxImage@@QAE_NPAVCxFile@@I@Z
?GetType@CxImage@@QBEIXZ
??0CxMemFile@@QAE@PAEI@Z
??1CxMemFile@@UAE@XZ

libxl

xlBookLoadW
xlBookGetSheetW
xlSheetLastRowW
xlBookReleaseW
xlBookSetKeyW
xlCreateBookCW
xlCreateXMLBookCW
xlSheetReadStrW

skinhu

SkinH_Detach
SkinH_AttachEx

gdiplus

GdipCreateBitmapFromFile
GdipGetImageWidth
GdipSetCompositingMode
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImagePalette
GdiplusStartup

winmm

timeSetEvent
timeKillEvent

ws2_32

WSACleanup

shlwapi

PathFindFileNameW
PathFindExtensionW
SHCreateStreamOnFileEx
ord214

uxtheme

SetWindowTheme
OpenThemeData
DrawThemeBackground
CloseThemeData

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

608e84b0c081522d157b2d3c94f0cfe1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

libcrypto-1_1

sqlite3

libcurl

cximagecrt

libxl

skinhu

gdiplus

winmm

ws2_32

shlwapi

uxtheme

msvcrt

iphlpapi

psapi

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.sedata Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 11KB - Virtual size: 12KB

.rsrc Size: 10KB - Virtual size: 12KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.sedata
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 10KB - Virtual size: 12KB

.sedata
Size: 4KB - Virtual size: 4KB