10b67b1b3eca6bea92491b57a1b30005ed6b130d3359965aa7b2cef725e0fdbf

Sharing

Copy URL Twitter E-mail

General

Target

10b67b1b3eca6bea92491b57a1b30005ed6b130d3359965aa7b2cef725e0fdbf
Size

8.5MB
MD5

d924bab768b597b60e7baeba7a92c811
SHA1

9efa03c118134276c969a07d0659dac66826eb0e
SHA256

10b67b1b3eca6bea92491b57a1b30005ed6b130d3359965aa7b2cef725e0fdbf
SHA512

deced66578d7b11aa3f5d41cfa6ac04e684fbeebc3defbec889842908e5a43c0842e57a3a9c26733f82842ec16cc6ae4ff0ebd1b69a9fcae594ada70fc5f7f7b
SSDEEP

196608:+JYXBtHLfskOUDgdviRyCPesLy1jKHFORYJhljQNLK6:k8HLf3OU8JiX9uglORYJH/6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10b67b1b3eca6bea92491b57a1b30005ed6b130d3359965aa7b2cef725e0fdbf

Files

10b67b1b3eca6bea92491b57a1b30005ed6b130d3359965aa7b2cef725e0fdbf
.exe windows:6 windows x86

ef23e713fce07d6a1f0018a4030a5e81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThread
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
SetEvent
SetLastError
GlobalAlloc
GlobalFree
GetComputerNameA
CreateFileMappingW
SetErrorMode
GetErrorMode
CreateDirectoryW
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
SetCurrentDirectoryW
MulDiv
GetACP
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
GetVersionExW
GetFileType
DosDateTimeToFileTime
AreFileApisANSI
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetSystemTimeAsFileTime
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
SetEndOfFile
DeleteFileW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
ExitProcess
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
LocalFree
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
IsDebuggerPresent
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
EncodePointer
RemoveDirectoryA
GetFileSize
DeleteFileA
SetFileAttributesA
FindClose
FindNextFileW
FindNextFileA
FindFirstFileA
LoadLibraryW
TerminateThread
GetLogicalDriveStringsW
DuplicateHandle
K32GetProcessImageFileNameW
QueryDosDeviceW
GetProcessTimes
lstrcmpiW
WideCharToMultiByte
GetProcAddress
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesW
OutputDebugStringW
OutputDebugStringA
FindResourceExW
MultiByteToWideChar
GetTickCount
CreateProcessA
GetModuleHandleW
GetCurrentProcessId
FindResourceW
LoadResource
HeapFree
Process32FirstW
LockResource
Process32NextW
Sleep
CreateToolhelp32Snapshot
OpenProcess
FreeResource
OpenFileMappingW
GetCurrentThreadId
WaitForSingleObject
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
SizeofResource
GetModuleFileNameA
MapViewOfFile
CreateDirectoryA
FreeLibrary
CloseHandle
CreateFileA
UnmapViewOfFile
CreateFileW
SetFilePointer
WriteFile
ReadFile
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx

user32

MoveWindow
GetWindowRgn
FillRect
SetRect
CharPrevW
ReleaseDC
IsWindowVisible
EqualRect
MonitorFromPoint
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
EnumThreadWindows
LoadIconW
GetGUIThreadInfo
LoadStringA
PostMessageW
InvalidateRect
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
InvalidateRgn
GetCaretBlinkTime
EnumDisplayDevicesW
EnumDisplaySettingsW
UpdateLayeredWindow
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetPropW
GetPropW
OffsetRect
EnumChildWindows
IsWindow
ShowWindow
SetWindowPos
GetWindowThreadProcessId
PostQuitMessage
MessageBoxA
MessageBoxW
wsprintfW
LoadStringW
RegisterClassW
LoadCursorW
GetSystemMetrics
EnableWindow
DefWindowProcW
GetParent
SendMessageW
IsIconic
ScreenToClient
GetClientRect
IsZoomed
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
SetWindowRgn
IsWindowEnabled
GetWindowLongW
SetWindowLongW
DestroyWindow
GetKeyState
GetWindow
SetFocus
GetCaretPos
IntersectRect
GetSysColor
ClientToScreen
SetCursor
BeginPaint
EndPaint
GetUpdateRect
IsRectEmpty
GetDC
MapWindowPoints
CreateWindowExW
GetCursorPos
InflateRect
PtInRect
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetFocus
SetTimer
KillTimer
SetCapture
ReleaseCapture
GetClassNameW
CharNextW
CreateCaret
ShowCaret
HideCaret
SetCaretPos

gdi32

BitBlt
SaveDC
Rectangle
GetStockObject
SelectObject
CreatePen
CreateRectRgn
DeleteObject
SetWindowOrgEx
GetClipBox
CreateRectRgnIndirect
SelectClipRgn
StretchBlt
SetStretchBltMode
CreatePenIndirect
MoveToEx
LineTo
RestoreDC
GetTextMetricsW
GetObjectW
GetDeviceCaps
CreateFontIndirectW
GetCurrentObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
PtInRegion
GetPixel
SetPixel
CreateSolidBrush
GetObjectA
SetBkMode
SetTextColor
SetBkColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
CombineRgn
SetGraphicsMode
CreateRoundRectRgn
ExtSelectClipRgn
SetWorldTransform

advapi32

OpenProcessToken
RegOpenKeyExW
RegFlushKey
RegCreateKeyExW
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenServiceA
OpenThreadToken
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
RegSetValueExW

shell32

Shell_NotifyIconW
SHCreateDirectoryExA
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
ShellExecuteA
ShellExecuteExA
SHCreateDirectoryExW

ole32

CLSIDFromProgID
CLSIDFromString
OleLockRunning
OleUninitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

shlwapi

PathFindFileNameA
PathAddBackslashA
PathAppendW
PathRemoveFileSpecA
PathAppendA
PathFileExistsA
PathFileExistsW
PathRemoveFileSpecW
ord12

ntdll

NtDuplicateObject

winmm

timeSetEvent
timeBeginPeriod
timeGetDevCaps
timeEndPeriod
timeGetTime
timeKillEvent

comctl32

ord17
_TrackMouseEvent

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

version

GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA

ws2_32

htons
inet_ntoa
connect
socket
getsockname
inet_addr
WSAStartup
gethostbyname
closesocket
WSACleanup

iphlpapi

GetAdaptersInfo
GetIpNetTable

winhttp

WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpGetProxyForUrl
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpCloseHandle
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpWriteData

d3d9

Direct3DCreate9

gdiplus

GdipGraphicsClear
GdipCreatePath
GdipDeletePath
GdipFillPath
GdipDeleteFontFamily
GdipGetFamily
GdipMeasureString
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipCreateLineBrush
GdipSetLineGammaCorrection
GdipStartPathFigure
GdipAddPathLine
GdipGetImageWidth
GdipCreateLineBrushI
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipDrawLineI
GdipDrawRectangle
GdipDrawPath
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipSetInterpolationMode
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipSetClipRectI
GdipReleaseDC
GdipGetDC
GdipDrawImageI
GdipSetTextRenderingHint
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDrawString
GdipSetSmoothingMode
GdipCloneBrush
GdipDeleteBrush
GdipClosePathFigure
GdipAddPathArc
GdipCreateBitmapFromStream
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCloneImage
GdipCreateSolidFill
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCreateFromHDC
GdipDeleteGraphics
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0

Sections

.text
Size: 851KB - Virtual size: 851KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24.0MB - Virtual size: 24.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef23e713fce07d6a1f0018a4030a5e81

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ntdll

winmm

comctl32

imm32

version

ws2_32

iphlpapi

winhttp

d3d9

gdiplus

Sections

.text Size: 851KB - Virtual size: 851KB

.rdata Size: 191KB - Virtual size: 191KB

.data Size: 13KB - Virtual size: 45KB

.gfids Size: 512B - Virtual size: 504B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 24.0MB - Virtual size: 24.0MB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 851KB - Virtual size: 851KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 13KB - Virtual size: 45KB

.gfids
Size: 512B - Virtual size: 504B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 24.0MB - Virtual size: 24.0MB

.reloc
Size: 56KB - Virtual size: 55KB