4a89466ae3eb2de0c309380be76ac0ca2790b69af84253b9019d1160656c6c75

Sharing

Copy URL Twitter E-mail

General

Target

4a89466ae3eb2de0c309380be76ac0ca2790b69af84253b9019d1160656c6c75
Size

6.3MB
MD5

7b5f021f6413ece2deec8be783816140
SHA1

b1259697dd9f3db57152c244ca085a689aff5f3e
SHA256

4a89466ae3eb2de0c309380be76ac0ca2790b69af84253b9019d1160656c6c75
SHA512

840f9e4a3c8b9d10a0ba9c6bda9acfeeb84d12256ba6c6187eb9faa77b207722d0d184672f6359eaf6b351d07891e7e2be22d8e106f1414d63995aff0decddb8
SSDEEP

98304:80l50hbeq9Ri4zVRf4ap1KzYlB+zCLjEh4pydrLNU7jrqgWyBdmhQr1:8YabDi4pRfpL0Aq4pQrLNUjqmBgI1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a89466ae3eb2de0c309380be76ac0ca2790b69af84253b9019d1160656c6c75

Files

4a89466ae3eb2de0c309380be76ac0ca2790b69af84253b9019d1160656c6c75
.exe windows:5 windows x86

f9e071ac57eaf8fee0a3cd9cf041ee3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
LoadLibraryExW
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
WritePrivateProfileStructW
LocalFileTimeToFileTime
GetCurrentProcessId
SetErrorMode
FlushViewOfFile
CreateMutexW
CreateFileMappingW
FindFirstFileW
InterlockedDecrement
GetModuleFileNameW
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
CreateIoCompletionPort
GetQueuedCompletionStatus
ResumeThread
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
CreateRemoteThread
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
HeapAlloc
HeapFree
GetProcessHeap
lstrcatW
GetTempFileNameW
OpenMutexW
GetCurrentThreadId
VirtualProtect
WaitForMultipleObjects
GetSystemTime
FlushInstructionCache
InterlockedPopEntrySList
FlushFileBuffers
MultiByteToWideChar
GetDriveTypeW
GetExitCodeProcess
GetFileAttributesW
MoveFileExW
OutputDebugStringW
VirtualAlloc
MoveFileW
SetFileTime
WriteConsoleW
GetFileTime
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
lstrcpynW
ExitThread
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetFilePointerEx
SetStdHandle
GetFileType
SetEnvironmentVariableA
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
InterlockedPushEntrySList
RtlUnwind
RaiseException
InitializeCriticalSection
AreFileApisANSI
HeapCreate
InterlockedCompareExchange
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
LoadLibraryA
GetVersionExA
HeapReAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
FormatMessageA
UnmapViewOfFile
SetVolumeLabelW
GetTempPathW
GetFileSizeEx
SetFileAttributesW
FormatMessageW
SystemTimeToFileTime
FreeEnvironmentStringsW
OutputDebugStringA
GetComputerNameW
GetFullPathNameW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetLongPathNameW
QueryPerformanceFrequency
QueryPerformanceCounter
RemoveDirectoryW
QueryDosDeviceW
LoadLibraryW
GetLogicalDriveStringsW
DuplicateHandle
TerminateThread
FreeLibrary
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFree
LocalAlloc
GetSystemInfo
GetProcAddress
FindFirstFileExW
SetFilePointer
SetEndOfFile
DeleteFileW
ReadFile
GetFileSize
WideCharToMultiByte
DeleteFileA
CreateFileA
WriteFile
SetLastError
GetVolumeInformationW
FindNextFileW
lstrcmpW
FindClose
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
LCMapStringW
CompareStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
DecodePointer
EncodePointer
GetStringTypeW
GetNumberFormatW
FindResourceW
SizeofResource
LoadResource
LockResource
GetModuleHandleA
GetLogicalDrives
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
OpenFileMappingW
MapViewOfFile
CreateFileW
DeviceIoControl
TerminateProcess
OpenProcess
GetVersionExW
CreateDirectoryW
CreateEventW
lstrlenW
GetLocalTime
CloseHandle
Sleep
WaitForSingleObject
ResetEvent
SetEvent
GetLastError
CreateThread
SetPriorityClass
SetThreadPriority
LoadLibraryExA
FreeLibraryAndExitThread
GetCurrentProcess

user32

RegisterClassExW
CreateWindowExW
EmptyClipboard
IsIconic
SetTimer
KillTimer
DestroyMenu
EnableMenuItem
SetMenuDefaultItem
SetActiveWindow
SetForegroundWindow
GetWindowRect
GetCursorPos
GetWindowLongW
SetWindowLongW
FindWindowW
PeekMessageW
EnumDisplaySettingsW
wsprintfW
DestroyWindow
mouse_event
ShowCursor
SetCursorPos
GetActiveWindow
ShowWindow
FindWindowExW
SendMessageTimeoutW
GetPropW
GetDesktopWindow
GetWindow
MessageBoxW
EnumDisplayDevicesW
GetKeyState
PtInRect
TrackMouseEvent
SetCapture
ReleaseCapture
PostMessageW
DefWindowProcW
RegisterWindowMessageW
GetClipboardData
CloseClipboard
OpenClipboard
SetCursor
GetSystemMetrics
SystemParametersInfoW
ReleaseDC
GetDC
LoadCursorW
GetWindowThreadProcessId
DestroyIcon
ExitWindowsEx
GetMessageW
PostQuitMessage
SetWindowPos
GetIconInfo
ClientToScreen
UnregisterClassW
UpdateLayeredWindow
GetMenuStringW
GetSystemMenu
CreatePopupMenu
AppendMenuW
TrackPopupMenu
BeginPaint
MoveWindow
SetFocus
RegisterHotKey
UnregisterHotKey
GetWindowPlacement
SetWindowPlacement
IsZoomed
EndDialog
EnableWindow
IsWindowEnabled
EndPaint
SetClipboardData
LoadIconW
SetPropW
DispatchMessageW
TranslateMessage
GetClassNameW
EnumWindows
EnumChildWindows
GetParent
IsWindowVisible
IsWindow
SendMessageW
LoadStringW

gdi32

CreateCompatibleDC
GetObjectW
DeleteObject
EnumFontFamiliesW
SelectObject
CreateDIBSection
DeleteDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

AllocateAndInitializeSid
CryptReleaseContext
CryptAcquireContextA
DuplicateTokenEx
CreateProcessAsUserW
EqualSid
SetTokenInformation
CredEnumerateW
CredDeleteW
CredFree
RegCloseKey
RegCreateKeyW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegEnumKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegOpenKeyW
RegCreateKeyExW
RegEnumKeyExW
OpenEventLogW
CloseEventLog
ClearEventLogW
GetUserNameW
GetTokenInformation
RegSetKeySecurity
RegGetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
GetLengthSid
FreeSid
CryptGenRandom
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
ConvertStringSidToSidW
RegUnLoadKeyW
RegLoadKeyW
LookupPrivilegeValueW
LookupAccountNameW
AdjustTokenPrivileges
OpenProcessToken
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHAddToRecentDocs
ShellExecuteW
SHGetSpecialFolderPathW
DragQueryFileW
ExtractIconExW
SHGetFolderPathW
Shell_NotifyIconW
SHEmptyRecycleBinW
SHFileOperationW
SHGetDesktopFolder
ShellExecuteExW
SHGetFileInfoW

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
PropVariantClear
CoUninitialize
OleUninitialize
CLSIDFromString
OleRegGetUserType
CoInitialize
CoSetProxyBlanket
StgOpenStorageEx
StgIsStorageFile
OleInitialize

oleaut32

VariantClear
VariantInit
VariantTimeToSystemTime
SysFreeString
SysAllocString

gdiplus

GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipGetImageHeight
GdipGetImageWidth
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipSetPenColor
GdipSetStringFormatMeasurableCharacterRanges
GdipSetStringFormatTabStops
GdipCloneStringFormat
GdipMeasureCharacterRanges
GdipGetRegionScansI
GdipGetRegionScansCount
GdipAddPathPieI
GdipGetRegionBounds
GdipGetClip
GdipSetStringFormatTrimming
GdipCreateFromHDC
GdipDeleteGraphics
GdipMeasureString
GdipSetTextRenderingHint
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdiplusStartup
GdipDeletePath
GdipResetPath
GdipSetClipRegion
GdipSetClipPath
GdipDrawImageI
GdipBitmapSetResolution
GdipCreateBitmapFromScan0
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipAddPathRectangleI
GdipAddPathLineI
GdipAddPathArcI
GdipCreateLineBrush
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetPathGradientFocusScales
GdipSetPathGradientPresetBlend
GdipDeleteRegion
GdipCreateRegion
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipCreateLineBrushI
GdipCreateSolidFill
GdipCreateTexture
GdipSetPenDashArray
GdipGetFontHeightGivenDPI
GdipAddPathPolygonI
GdipClosePathFigure
GdipCreatePathGradientFromPath
GdipDeleteBrush
GdipCloneBrush
GdipSetClipRectI
GdipFree
GdipAlloc
GdipGetImagePixelFormat
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipSetImageAttributesGamma
GdipSetSmoothingMode
GdipSetWorldTransform
GdipTranslateWorldTransform
GdipGetDpiX
GdipGetDpiY
GdipDrawLine
GdipDrawRectangle
GdipGraphicsClear
GdipFillRectangle
GdipFillRectangleI
GdipFillPath
GdipDrawImage
GdipDrawImageRect
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipCreatePath

sfc

SfcIsFileProtected

ntdll

NtTerminateProcess
NtWriteVirtualMemory

esent

JetMove
JetRetrieveColumn
JetTerm
JetDelete
JetCloseTable
JetCloseDatabase
JetEndSession
JetInit2

wininet

InternetOpenUrlW
InternetReadFileExA
InternetReadFileExW
InternetSetStatusCallbackW
InternetCloseHandle
InternetCheckConnectionW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryExW
FindNextUrlCacheEntryExW
FindCloseUrlCache
InternetOpenW
HttpQueryInfoW
InternetGetConnectedState

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptQueryObject
CryptMsgClose
CryptDecodeObject
CryptMsgGetParam

netapi32

NetApiBufferFree
NetUserEnum

shlwapi

SHDeleteValueW
SHDeleteKeyW
PathGetDriveNumberW
PathCanonicalizeW
PathIsNetworkPathW
PathFindExtensionW
PathIsRelativeW
SHStrDupW
PathMatchSpecA
PathStripPathW
PathMatchSpecW
PathFileExistsW
PathIsDirectoryW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

comctl32

InitCommonControlsEx

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcessModules

winmm

timeGetTime

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 773KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9e071ac57eaf8fee0a3cd9cf041ee3b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

gdiplus

sfc

ntdll

esent

wininet

crypt32

netapi32

shlwapi

version

comctl32

psapi

winmm

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 773KB - Virtual size: 772KB

.data Size: 98KB - Virtual size: 441KB

.gfids Size: 1024B - Virtual size: 556B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3.1MB - Virtual size: 3.1MB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 773KB - Virtual size: 772KB

.data
Size: 98KB - Virtual size: 441KB

.gfids
Size: 1024B - Virtual size: 556B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3.1MB - Virtual size: 3.1MB