27f1076fb6351e6219f665a980d2d975dc52f707158146d744ed456c440c89b9

Sharing

Copy URL Twitter E-mail

General

Target

27f1076fb6351e6219f665a980d2d975dc52f707158146d744ed456c440c89b9
Size

5.1MB
MD5

1206cbb9b203ccca152625bee0f67c9e
SHA1

7c32607597075b9079997e64b7e4f2aa75dd2dc1
SHA256

27f1076fb6351e6219f665a980d2d975dc52f707158146d744ed456c440c89b9
SHA512

4077fc232df19c7dfb53ebd24a3e9c59b01b49971bb7dfac6ad386ae1732c359648cb159f9e0e1ddb906d9c657783ef31209e3d8211f2f3c096d152225f89f59
SSDEEP

49152:OiNahMeWuOSatRdhgk7sDhpjwkTWvzwbqNuWGQylHRsrEzICQb7cyE:OyahDWVSEJDsD8k6ieg87

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27f1076fb6351e6219f665a980d2d975dc52f707158146d744ed456c440c89b9

Files

27f1076fb6351e6219f665a980d2d975dc52f707158146d744ed456c440c89b9
.dll windows:6 windows x86

b8b6b24a48f1f3b335e9cfb1a006c5e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileW
SetFileAttributesW
ExpandEnvironmentStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
WriteConsoleW
SetConsoleTextAttribute
WideCharToMultiByte
MultiByteToWideChar
WTSGetActiveConsoleSessionId
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
LoadLibraryW
WaitForMultipleObjects
SizeofResource
SetEndOfFile
FlushFileBuffers
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
VirtualQuery
GetLocalTime
OpenProcess
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
CloseHandle
DecodePointer
OutputDebugStringW
GetTempPathW
WriteFile
SetFilePointer
GetFileSizeEx
GetProcessId
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
SetFilePointerEx
SetStdHandle
GetFullPathNameA
GetFullPathNameW
MoveFileExW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
SetConsoleCtrlHandler
OutputDebugStringA
HeapQueryInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ResumeThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
GetModuleHandleExW
GetModuleFileNameA
HeapValidate
GetSystemInfo
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
IsDebuggerPresent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
EncodePointer
GetStringTypeW
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
lstrcpyW
lstrcmpiW
lstrcpynW
InitializeCriticalSectionAndSpinCount
FormatMessageW
LocalFree
SystemTimeToFileTime
SetFileTime
LocalFileTimeToFileTime
CreateDirectoryW
VerifyVersionInfoW
MulDiv
VerSetConditionMask
ExitProcess
GlobalAlloc
FreeResource
GetACP
IsBadStringPtrA
IsBadStringPtrW
ProcessIdToSessionId
GetCurrentThreadId
CreateThread
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
lstrlenW
lstrcmpW
GlobalUnlock
GlobalLock
GetTickCount
ReadFile
GetFileSize
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
ResetEvent
FindNextFileW
RtlCaptureStackBackTrace
SetEvent
GetFileAttributesW
DeleteFileW
CreateFileW
GetStdHandle

user32

CallWindowProcW
UnregisterClassW
RegisterClassExW
CreateWindowExW
IsWindow
ShowWindow
PrintWindow
MoveWindow
SetWindowPos
IsWindowVisible
KillTimer
IsWindowEnabled
GetSystemMetrics
GetMenu
GetWindowDC
ReleaseDC
GetWindowTextW
GetWindowRect
GetWindowLongW
SetWindowLongW
GetDesktopWindow
GetParent
FindWindowW
RegisterShellHookWindow
DeregisterShellHookWindow
EnumWindows
GetClassNameW
GetTopWindow
GetWindowThreadProcessId
GetWindow
EnumDisplaySettingsW
SetLayeredWindowAttributes
IsIconic
SetFocus
SetCapture
ReleaseCapture
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
GetWindowTextLengthW
SetWindowTextW
EqualRect
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
DefWindowProcW
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
UpdateLayeredWindow
MonitorFromPoint
SetWindowRgn
GetIconInfo
DrawIconEx
DestroyIcon
SetRect
FillRect
DrawTextW
CharPrevW
UpdateWindow
InflateRect
AdjustWindowRectEx
GetPropW
SetPropW
EnableWindow
GetClassInfoExW
RegisterClassW
PostQuitMessage
wsprintfW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
IsRectEmpty
OffsetRect
UnionRect
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
GetDC
GetKeyState
GetFocus
GetActiveWindow
CharNextW
IsZoomed
DestroyWindow
SendMessageW
SetForegroundWindow
SetCursor
GetCursorPos
PtInRect
EnumChildWindows
LoadCursorW
PostThreadMessageW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
CreateCaret
SetTimer
AttachThreadInput
GetForegroundWindow
MessageBoxW

gdi32

CreateRectRgnIndirect
Rectangle
CreateRoundRectRgn
CreateSolidBrush
GetObjectW
CreateDIBSection
SetStretchBltMode
StretchBlt
SelectObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
CreateDIBitmap
CreateFontIndirectW
CreatePen
EnumFontFamiliesExW
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
CreatePenIndirect
RestoreDC
SaveDC
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
SetWindowOrgEx
CombineRgn
CreateDCW
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
GetObjectA
SetTextColor
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetObjectType
GetDIBits
GetClipBox
GetCharABCWidthsW

advapi32

RegOpenKeyExW
AdjustTokenPrivileges
DuplicateTokenEx
ImpersonateLoggedOnUser
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegGetValueW
RegSetValueExW
OpenProcessToken
RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
LookupPrivilegeValueW
SetSecurityDescriptorDacl
SetFileSecurityW
RevertToSelf
InitializeSecurityDescriptor

shell32

DragQueryFileW
SHGetSpecialFolderPathW
ShellExecuteExW
SHCreateDirectoryExW

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsDirectoryW
PathRemoveFileSpecW
StrChrW
PathFileExistsW

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetWorldTransform
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdiplusStartup
GdipDrawImageRectI
GdipCreateFontFromDC
GdipCloneBrush
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateTexture
GdipRotateMatrix
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipGetImageThumbnail
GdipFillEllipseI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipAddPathArc
GdipFree
GdipAlloc
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipCreateFontFromLogfontA
GdiplusShutdown
GdipFillPath
GdipSetTextureTransform

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

libcurl

curl_easy_getinfo
curl_easy_cleanup
curl_easy_perform
curl_easy_setopt
curl_easy_init
curl_version_info
curl_slist_append
curl_global_cleanup
curl_global_init

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust

crypt32

CryptQueryObject
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptMsgClose

bcrypt

BCryptHashData
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptFinishHash

sqlite3mc

sqlite3_busy_timeout
sqlite3_mprintf
sqlite3_vmprintf
sqlite3_free
sqlite3_key
sqlite3_busy_handler
sqlite3_exec
sqlite3_column_int64
sqlite3_column_int
sqlite3_step
sqlite3_prepare_v2
sqlite3_column_text
sqlite3_close
sqlite3_threadsafe
sqlite3_db_mutex
sqlite3_mutex_leave
sqlite3_mutex_enter
sqlite3_db_handle
sqlite3_sleep
sqlite3_finalize
sqlite3_prepare
sqlite3_open_v2

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

fltlib

FilterSendMessage
FilterConnectCommunicationPort

dwmapi

DwmGetWindowAttribute

ws2_32

gethostbyname
gethostname
WSAStartup

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
CreateStreamOnHGlobal
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoCreateInstance

Exports

Exports

pcm_plugin_action
pcm_plugin_buffer_allocate
pcm_plugin_buffer_free
pcm_plugin_ininitialize

Sections

.textbss
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 783KB - Virtual size: 782KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8b6b24a48f1f3b335e9cfb1a006c5e1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

shlwapi

gdiplus

wtsapi32

version

libcurl

wintrust

crypt32

bcrypt

sqlite3mc

comctl32

imm32

fltlib

dwmapi

ws2_32

ole32

Exports

Exports

Sections

.textbss Size: - Virtual size: 1.9MB

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 783KB - Virtual size: 782KB

.data Size: 29KB - Virtual size: 54KB

.idata Size: 19KB - Virtual size: 19KB

.gfids Size: 7KB - Virtual size: 7KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 79KB - Virtual size: 78KB

.reloc Size: 153KB - Virtual size: 152KB

.textbss
Size: - Virtual size: 1.9MB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 783KB - Virtual size: 782KB

.data
Size: 29KB - Virtual size: 54KB

.idata
Size: 19KB - Virtual size: 19KB

.gfids
Size: 7KB - Virtual size: 7KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 79KB - Virtual size: 78KB

.reloc
Size: 153KB - Virtual size: 152KB