7772a075de8342ac79ed5d296b7af9805c7da95b1f1e208feea4cbe0ab0fb898

Sharing

Copy URL Twitter E-mail

General

Target

7772a075de8342ac79ed5d296b7af9805c7da95b1f1e208feea4cbe0ab0fb898
Size

2.3MB
MD5

65e74b89e6661dc74c9ab53a21bcc5f5
SHA1

d4691fb4d84007a25a6d0fc388284032e6a5cadb
SHA256

7772a075de8342ac79ed5d296b7af9805c7da95b1f1e208feea4cbe0ab0fb898
SHA512

0021155cfc7b280be04394eb732eeb4d0d7c046d5ec419e07ae7c2de1ab3a96f10b053369690b840e4beca9b224addf5b724cfce1a12e98cf416989916759f13
SSDEEP

49152:dLQBd+fBl2mrphpgO0uTwqoeTvZJV478f58mE3slc/Xzm:XprKUooV47MMmc/z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7772a075de8342ac79ed5d296b7af9805c7da95b1f1e208feea4cbe0ab0fb898

Files

7772a075de8342ac79ed5d296b7af9805c7da95b1f1e208feea4cbe0ab0fb898
.exe windows:6 windows x86

28e0d6f1206973206b6833e7abfaf24d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

listen
send
recv
WSAGetLastError
recvfrom
WSACleanup
gethostbyname
gethostname
setsockopt
htons
getsockopt
sendto
ntohs
socket
getsockname
getpeername
WSASetLastError
closesocket
WSAIoctl
bind
select
__WSAFDIsSet
ioctlsocket
freeaddrinfo
accept
getaddrinfo
connect
WSAStartup

wldap32

ord79
ord14
ord26
ord127
ord41
ord142
ord216
ord118
ord147
ord27
ord301
ord46
ord145
ord133
ord167
ord208

kernel32

DeleteFileW
CloseHandle
Sleep
CreateThread
WideCharToMultiByte
GetACP
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTickCount
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
CreateFileW
GetFileSize
ReadFile
ExitProcess
FreeResource
MulDiv
InitializeCriticalSectionAndSpinCount
CreateDirectoryW
GetFileType
SetFilePointer
SetFileTime
WriteFile
DuplicateHandle
GetCurrentProcess
DosDateTimeToFileTime
SystemTimeToFileTime
GetLocalTime
VerSetConditionMask
GetVersionExW
VerifyVersionInfoW
GlobalAlloc
GlobalUnlock
GlobalLock
GetSystemTime
FileTimeToSystemTime
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WritePrivateProfileSectionW
GetVersion
lstrcpyW
CreateMutexW
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
GetCommandLineW
GetShortPathNameW
InitializeCriticalSectionEx
GetVolumeInformationW
MultiByteToWideChar
GetTimeZoneInformation
lstrlenW
FindFirstFileW
FindClose
FindFirstFileA
FileTimeToLocalFileTime
FreeLibrary
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
lstrcpynW
lstrcatW
GetFileAttributesW
FindNextFileW
RemoveDirectoryW
CopyFileW
WriteConsoleA
WaitForSingleObject
ReleaseMutex
WriteConsoleW
DeleteFileA
MoveFileA
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
SetLastError
FormatMessageA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SleepEx
InitializeCriticalSection
ExpandEnvironmentStringsA
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
SetProcessAffinityMask
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
FreeLibraryAndExitThread
InterlockedFlushSList
DeleteCriticalSection
GetLastError
RaiseException
GetLongPathNameW
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
GetThreadTimes
UnregisterWait
FindResourceW
GetModuleHandleA
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
LocalFree
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceFrequency
CreateHardLinkW
AreFileApisANSI
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
GetFileAttributesExW
GetDiskFreeSpaceExW
FindFirstFileExW
FormatMessageW
GetStringTypeW
TryEnterCriticalSection
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
SwitchToThread
OutputDebugStringW
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
GetFileInformationByHandle
RtlCaptureStackBackTrace
RegisterWaitForSingleObject

user32

GetMenu
GetSystemMetrics
EnableWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
IntersectRect
MapWindowPoints
ScreenToClient
SetCaretPos
GetCaretBlinkTime
CreateCaret
GetCursorPos
GetWindowRect
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetSysColor
SetPropW
ReleaseCapture
SetCapture
GetKeyState
GetFocus
SetFocus
IsIconic
SetWindowPos
UpdateLayeredWindow
DestroyWindow
IsWindow
CreateWindowExW
DispatchMessageW
TranslateMessage
LoadCursorW
GetPropW
AdjustWindowRectEx
LoadImageW
MonitorFromWindow
GetMonitorInfoW
MoveWindow
GetWindowRgn
SetWindowRgn
OffsetRect
UnionRect
GetWindowTextW
CharNextW
HideCaret
ShowCaret
InflateRect
SetCursor
wsprintfW
wvsprintfW
IsWindowVisible
FindWindowW
PeekMessageW
TrackPopupMenu
RegisterWindowMessageW
SetForegroundWindow
GetSysColorBrush
MapVirtualKeyW
GetKeyNameTextW
GetWindowTextLengthW
SetWindowTextW
InvalidateRgn
CreateAcceleratorTableW
SetRect
FillRect
DrawTextW
MessageBoxW
KillTimer
SetTimer
PostMessageW
SendMessageW
UnregisterClassW
IsZoomed
PostQuitMessage
ShowWindow
ClientToScreen
UpdateWindow
CharPrevW
GetDC
GetCaretPos
GetMessageW

gdi32

GetTextMetricsW
CreateDIBSection
GetObjectW
SetWindowOrgEx
CreateRectRgn
PtInRegion
CreateRoundRectRgn
GetDeviceCaps
GetTextExtentPoint32W
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
CreatePen
SelectObject
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
ExtTextOutW
GdiFlush
CreateBitmapIndirect
CreateDCW
GetDIBits
SaveDC
RestoreDC
GetStockObject
Rectangle
DeleteObject
LineTo
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
GetClipBox
BitBlt
CreateCompatibleBitmap

comdlg32

GetOpenFileNameW
ChooseColorW
GetSaveFileNameW

advapi32

CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

shell32

SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
SHGetMalloc
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHBrowseForFolderW

ole32

CoCreateInstance
OleInitialize
CoUninitialize
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CoCreateGuid
CLSIDFromString

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
VarDateFromStr
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo

shlwapi

PathGetArgsW
PathFindFileNameW
PathFileExistsW
PathRemoveArgsW
PathUnquoteSpacesW
PathCanonicalizeW
PathRelativePathToW
PathFindExtensionW

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

gdiplus

GdipGetImageEncodersSize
GdipGetImageHeight
GdipGetImageEncoders
GdipSetSmoothingMode
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipAddPathEllipse
GdipDeletePath
GdipCreatePath
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipSetClipPath
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateStringFormat
GdipCreateLineBrushI
GdipDrawImageRectRectI
GdiplusStartup
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageI
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipCreateHBITMAPFromBitmap
GdipGetImageWidth
GdipSetInterpolationMode
GdipGraphicsClear
GdiplusShutdown
GdipDrawImageRectRect
GdipImageGetFrameCount

sensapi

IsNetworkAlive

comctl32

ord17
_TrackMouseEvent

msimg32

AlphaBlend

wininet

InternetGetConnectedState

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

vcruntime140

__processing_throw
__current_exception
__RTDynamicCast
__std_exception_copy
wcsstr
wcsrchr
wcschr
memcmp
__std_terminate
_purecall
__CxxFrameHandler3
_CxxThrowException
memset
memmove
memcpy
__AdjustPointer
_except_handler4_common
strrchr
__std_type_info_destroy_list
strstr
strchr
__uncaught_exception
memchr
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_endthreadex
abort
strerror
_beginthreadex
_invalid_parameter_noinfo_noreturn
__sys_nerr
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initterm_e
_errno
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo
_set_app_type
_seh_filter_exe
terminate
_controlfp_s
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

iswalnum
tolower
wcsncmp
_wcsupr
isalpha
isxdigit
_wcslwr
strcmp
_stricmp
isspace
_wcsicmp
wcsncpy
isdigit
wcscpy
_strnicmp
wcscmp
isprint
isgraph
isupper
islower
iswspace
wcscspn
wcsspn
wcsncpy_s
strncpy
strcpy
toupper
wcsnlen
wcstok_s
strcspn
wmemcpy_s
strlen
wcspbrk
isalnum
wcscpy_s
wcslen
_wcsdup
strncmp
iswdigit
_strdup
__strncnt
wcscat

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
calloc
_recalloc
malloc
realloc

api-ms-win-crt-convert-l1-1-0

strtol
_itoa
_atoi64
_wtoi64
_i64toa
_i64tow
wcstombs
_itoa_s
_i64toa_s
wcstol
strtod
strtof
_itow
strtoul
_wtoi
_strtoi64
wcstoul
atoi

api-ms-win-crt-stdio-l1-1-0

fputc
ungetwc
_get_stream_buffer_pointers
fputwc
fgetwc
__stdio_common_vfwprintf
fclose
fflush
fgetc
fgetpos
fsetpos
_fseeki64
__stdio_common_vswscanf
__stdio_common_vsscanf
__stdio_common_vsprintf
_fsopen
_wfsopen
__stdio_common_vsprintf_s
_open
setvbuf
__stdio_common_vswprintf
fwrite
__stdio_common_vswprintf_s
fputs
_close
_wfopen
fgets
fopen_s
ungetc
feof
fread
fseek
_set_fmode
ftell
_read
_lseeki64
fopen
__p__commode
_write
__acrt_iob_func

api-ms-win-crt-time-l1-1-0

_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_Gettnames
_Strftime
strftime
wcsftime
_mktime64
_Getdays
_localtime64
_time64
_gmtime64
_localtime64_s
_Getmonths

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64
_wrmdir
_lock_file
_wsplitpath
_wchdir
_unlock_file
_wrename
_wremove
_stat64i32

api-ms-win-crt-math-l1-1-0

_CIsqrt
_CIexp
sqrt
_except1
__setusermatherr
ceil
_CIpow
frexp
pow
ldexp

api-ms-win-crt-utility-l1-1-0

abs
_lrotl
srand
qsort_s
qsort

api-ms-win-crt-locale-l1-1-0

___lc_collate_cp_func
localeconv
_configthreadlocale
setlocale
___mb_cur_max_func
___lc_codepage_func
___lc_locale_name_func
_lock_locales
_unlock_locales
__pctype_func

api-ms-win-crt-environment-l1-1-0

_wgetcwd
getenv

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28e0d6f1206973206b6833e7abfaf24d

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

imm32

gdiplus

sensapi

comctl32

msimg32

wininet

version

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 284KB - Virtual size: 284KB

.data Size: 21KB - Virtual size: 54KB

.rsrc Size: 732KB - Virtual size: 731KB

.reloc Size: 75KB - Virtual size: 75KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 284KB - Virtual size: 284KB

.data
Size: 21KB - Virtual size: 54KB

.rsrc
Size: 732KB - Virtual size: 731KB

.reloc
Size: 75KB - Virtual size: 75KB