326f653b85cc463eb9ee6bbc49041e5546843768ef19753666889155cdfa74bd

Sharing

Copy URL Twitter E-mail

General

Target

326f653b85cc463eb9ee6bbc49041e5546843768ef19753666889155cdfa74bd
Size

790KB
MD5

3d13f16d624097caeaf70e6b837d0a6e
SHA1

c20768497fbb77b14764f8493dbe0479e7a3b67f
SHA256

326f653b85cc463eb9ee6bbc49041e5546843768ef19753666889155cdfa74bd
SHA512

e79f0f73bc0b15b9a09feeb2c2892350504bc7609f727464fd48619ae73193262f19adfac2d87a0ec71a8f610a36837d6030f78c469c8ee4d5c41c28b02c0487
SSDEEP

12288:VijgQfoBe0B8YVB8SxWETSqbNsH3mlnNEymoM0FHG68DUTXgJZBvE:R++eqjM6XS4+GmxWFm68DUTXa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
326f653b85cc463eb9ee6bbc49041e5546843768ef19753666889155cdfa74bd

Files

326f653b85cc463eb9ee6bbc49041e5546843768ef19753666889155cdfa74bd
.dll windows:6 windows x64

fe2cf726ce90106629edb4b6147b55ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

StrNCatW
StrCpyNW
StrCmpNIW
ord219
PathParseIconLocationW
PathAddBackslashW
StrStrIW
StrCSpnA
StrStrIA
HashData
StrStrNIW
ord158
ord215
StrTrimW
ord513
ord212
ord512
ord184
ord388
PathIsNetworkPathW
StrCmpIW
ord168
PathIsRootW
PathStripToRootW
PathIsFileSpecW
ord256
PathRemoveExtensionW
PathIsUNCW
PathIsDirectoryW
PathIsRelativeW
SHRegGetValueW
SHStrDupW
UrlIsW
PathCreateFromUrlW
PathFindExtensionW
StrCmpNW
ord176
SHOpenRegStream2W
ord12
PathRemoveBlanksW
ord174
ord172
SHGetValueW
StrCmpW
SHCreateStreamOnFileW
PathFindFileNameW
PathRemoveBackslashW
PathFileExistsW
StrToIntW
ord16
StrStrW
PathRemoveFileSpecW
PathAppendW
ord487

dwmapi

DwmEnableBlurBehindWindow
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea
ord138
ord141
DwmTransitionOwnedWindow
ord139
ord113
ord159
ord163
ord187
ord164
DwmGetWindowAttribute
DwmInvalidateIconicBitmaps
DwmFlush
DwmSetIconicThumbnail
ord140
DwmUpdateThumbnailProperties

uxtheme

GetThemeMetric
GetThemePropertyOrigin
GetThemeTextExtent
GetThemeRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBool
GetThemeFont
IsThemePartDefined
ord121
ord120
ord126
ord50
ord140
ord135
ord49
ord74
ord133
ord138
ord132
GetThemeMargins
GetWindowTheme
GetBufferedPaintTargetDC
GetThemePartSize
GetCurrentThemeName
EndBufferedAnimation
DrawThemeBackground
SetWindowTheme
GetThemeBackgroundContentRect
SetWindowThemeAttribute
OpenThemeData
GetThemeBitmap
CloseThemeData
GetThemeInt
BeginBufferedPaint
EndBufferedPaint
GetThemeEnumValue
GetThemeColor
ord47
DrawThemeParentBackground
OpenThemeDataForDpi
DrawThemeTextEx
BufferedPaintSetAlpha
IsThemeBackgroundPartiallyTransparent

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory
RoInitialize
RoUninitialize

ntdll

RtlCaptureContext
NtQueryWnfStateData
RtlAdjustPrivilege
NtQueryInformationToken
RtlInitUnicodeString

msvcrt

strcmp
sin
memset
memmove
memcpy
memcmp
vsprintf_s
??2@YAPEAX_K@Z
wcschr
_wcsnicmp
wcscpy_s
wcscat_s
wcsncmp
malloc
free
_wcsicmp
vswprintf_s
isspace
tolower
isprint
_vsnwprintf
wcsstr
wcstok_s
abort
__C_specific_handler
wcsncpy_s
??_U@YAPEAX_K@Z
_wtoi
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
atoi
??1type_info@@UEAA@XZ
__dllonexit
_unlock
wcscmp
_lock
_onexit
__CxxFrameHandler3
_XcptFilter
_initterm
_amsg_exit
cos
acos
bsearch

gdi32

CreateCompatibleDC
CreateDIBSection
GetGlyphIndicesW
GetLayout
SelectClipRgn
OffsetClipRgn
GetObjectType
StretchDIBits
GetTextExtentExPointW
SetBkMode
TextOutW
GetDCDpiScaleValue
GdiDrawStream
SelectObject
GetBitmapBits
GetDCBrushColor
StretchBlt
GetBkColor
GetBkMode
SetBoundsRect
GetBoundsRect
OffsetRgn
CreateCompatibleBitmap
SetViewportOrgEx
GetTextExtentPoint32W
GetDeviceCaps
AddFontResourceExW
GetObjectW
GdiAlphaBlend
DeleteDC
CreateBitmap
DeleteObject
SetBitmapBits
CreateRectRgn
GetClipBox
CreateSolidBrush
CreateFontIndirectW
GetTextExtentPointW
SetLayout
BitBlt
SaveDC
ExcludeClipRect
RestoreDC
SetBkColor
GetStockObject
SetTextColor
ExtTextOutW
CreateRectRgnIndirect
GetCurrentObject
CombineRgn
GetRgnBox
GdiFlush
GetTextColor
SetWindowOrgEx
CreateFontW
GetCharWidth32W

user32

GetWindowLongPtrW
SendMessageTimeoutW
GetWindowLongW
SetWindowLongPtrW
GetSystemMetricsForDpi
SetWindowRgn
RemovePropW
SendMessageW
GetClassNameW
EnumChildWindows
DefWindowProcW
EqualRect
IsZoomed
SetClassLongPtrW
GetSysColorBrush
RegisterClassW
TrackPopupMenu
TrackPopupMenuEx
GetMenuItemInfoW
InvalidateRect
SystemParametersInfoForDpi
InflateRect
SetFocus
GetDoubleClickTime
SetWindowPos
ShowWindow
RedrawWindow
GetDCEx
ReleaseDC
FillRect
GetDlgItem
BeginPaint
EndPaint
GetWindowInfo
OffsetRect
GetWindowDC
GetClassLongPtrW
GetSystemMetrics
GetComboBoxInfo
SystemParametersInfoW
FindWindowW
UpdateWindow
AnimateWindow
DrawFocusRect
LoadImageW
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetClassWord
CreateWindowExW
GetGUIThreadInfo
IsChild
MonitorFromWindow
UpdateLayeredWindow
GetWindowRgn
DestroyWindow
GetMonitorInfoW
SetRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetWindow
LockSetForegroundWindow
GetFocus
IsWindow
SetLayeredWindowAttributes
PeekMessageW
NotifyWinEvent
DispatchMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
ClientToScreen
TrackMouseEvent
GetCapture
GetNextDlgGroupItem
CreatePopupMenu
InsertMenuW
LoadMenuW
GetMenuStringW
GetSubMenu
DestroyMenu
CheckMenuRadioItem
GetMenuItemCount
CheckMenuItem
ReleaseCapture
PtInRect
DragDetect
SetCapture
SetMenuItemBitmaps
DrawTextW
UnhookWinEvent
IsCharAlphaNumericA
RegisterClassExW
DestroyIcon
PostQuitMessage
SetThreadDpiAwarenessContext
GetCursorPos
MonitorFromPoint
SetWindowTextW
MsgWaitForMultipleObjectsEx
SetForegroundWindow
GetForegroundWindow
SetMenuDefaultItem
CreateDialogParamW
GetDlgItemTextW
SetDlgItemTextW
IntersectRect
SendDlgItemMessageW
EndDialog
DialogBoxParamW
GetActiveWindow
WindowFromDC
GetMessageExtraInfo
GetMenuBarInfo
GetMenuInfo
SetMenuInfo
GetSystemMenu
IsMenu
SetMessageExtraInfo
SetMenuItemInfoW
DeleteMenu
AppendMenuW
GetMenuItemID
TranslateMessage
GetMenuDefaultItem
GetAsyncKeyState
GetDC
GetShellWindow
ExitWindowsEx
GetMenuState
EnableWindow
IsCharAlphaNumericW
IsCharAlphaW
CharNextW
CallWindowProcW
CharLowerW
EnumThreadWindows
SetSysColors
SystemParametersInfoA
GetDesktopWindow
LoadImageA
SwitchToThisWindow
GetLayeredWindowAttributes
IsRectEmpty
UnregisterClassW
MonitorFromRect
InternalGetWindowText
GetWindowPlacement
IsIconic
CopyRect
ShowWindowAsync
PrintWindow
ModifyMenuW
EnumDisplayMonitors
DrawEdge
DrawTextExW
GetUpdateRect
SetWindowLongW
CalculatePopupWindowPosition
DrawIconEx
UnionRect
GetWindowRgnBox
SetRectEmpty
EnumWindows
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetCursorInfo
AllowSetForegroundWindow
GetIconInfo
CopyImage
SetCursorPos
SubtractRect
PostThreadMessageW
RegisterHotKey
GetDpiForSystem
SetActiveWindow
RegisterClipboardFormatW
ChildWindowFromPointEx
InsertMenuItemW
GetMessageW
GetCurrentInputMessageSource
GetCIMSSM
SetPropW
KillTimer
SetTimer
GetDpiForWindow
GetClientRect
GetPropW
GetAncestor
MapWindowPoints
GetWindowRect
GetParent
GetWindowTextW
FindWindowExW
PostMessageW
LoadStringW
GetSysColor
LoadCursorW
SetCursor
CreateIconIndirect
GetKeyState
wsprintfW
wsprintfA
RegisterWindowMessageW
ord2005
SetWindowCompositionAttribute
GetWindowBand
ord2509
ord2510
SetWindowBand
SetWinEventHook
GetDpiForMonitorInternal

kernel32

CompareFileTime
GetTempPathW
SetFileAttributesW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
lstrcmpiA
SetUnhandledExceptionFilter
LocalFree
PackageFamilyNameFromFullName
GetModuleFileNameW
CreateProcessW
CreateTimerQueueTimer
DeleteTimerQueueTimer
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
MoveFileW
lstrcpynW
TlsSetValue
TlsAlloc
FindPackagesByPackageFamily
TlsGetValue
GetPackagesByPackageFamily
ParseApplicationUserModelId
QueueUserAPC
QueueUserWorkItem
GlobalFree
GlobalAlloc
GetSystemFirmwareTable
CreateFileA
Sleep
SetEvent
UnregisterWaitEx
RegisterWaitForSingleObject
ExpandEnvironmentStringsW
SubmitThreadpoolWork
GetCurrentThread
LocalAlloc
MoveFileExW
DeleteFileW
CreateThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryW
GetWindowsDirectoryW
OpenProcess
QueryFullProcessImageNameW
CreateMutexW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
ResolveDelayLoadedAPI
GetProcessId
IsBadReadPtr
TerminateProcess
ExitThread
GlobalLock
GlobalUnlock
IsBadCodePtr
GetApplicationUserModelId
GetVersionExW
DisableThreadLibraryCalls
GetCurrentActCtx
GlobalAddAtomW
GetUserDefaultUILanguage
GetComputerNameExW
DebugBreak
lstrcpynA
RtlVirtualUnwind
RtlLookupFunctionEntry
LCMapStringW
GetThreadPriority
DeleteCriticalSection
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
GetModuleHandleExW
GetCurrentProcessId
QueryPerformanceCounter
UnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
DelayLoadFailureHook
WaitForSingleObjectEx
SleepEx
IsWow64Process2
ProcessIdToSessionId
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrlenW
CreateFileW
DeviceIoControl
CloseHandle
lstrcpyA
OutputDebugStringA
lstrlenA
lstrcatA
GetSystemTimeAsFileTime
FileTimeToSystemTime
lstrcpyW
lstrcmpiW
RaiseException
GetUserPreferredUILanguages
MulDiv
VirtualProtect
GetFileAttributesExW
InitOnceExecuteOnce
GetProcAddress
GetCurrentThreadId
LoadLibraryExW
InitOnceBeginInitialize
InitOnceComplete
lstrcmpW
FindResourceW
LoadResource
SizeofResource
CompareStringOrdinal
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
InitializeCriticalSection
WaitForSingleObject
CreateThread
SetThreadPriority
GetTickCount
ActivateActCtx
DeactivateActCtx
FindAtomW
AddAtomW
DeleteAtom
FreeLibrary
OpenEventW
CreateEventW

advapi32

RegSetValueW
GetUserNameW
RegQueryValueW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegDeleteKeyValueW
RegEnumKeyW
RegOpenKeyW
GetSidSubAuthority
RegGetValueW
RegSetKeyValueW
RegCreateKeyW
RegQueryInfoKeyW
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA

shell32

ord85
SHFileOperationW
SHAppBarMessage
ord62
ord645
ord644
SHCreateItemWithParent
ord155
ord152
ord16
ord18
ord25
ord190
ord256
SHCreateDataObject
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateShellItemArrayFromIDLists
SHGetStockIconInfo
SHCreateItemFromParsingName
ord6
SHCreateShellItemArrayFromDataObject
SHAssocEnumHandlers
SHGetKnownFolderPath
ord100
SHBindToObject
ShellExecuteExW
ord846
ord27
ord21
ord68
SHGetKnownFolderIDList
ord22
ord132
ord2
ord4
ord134
SHGetFileInfoW
SHGetIDListFromObject
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHCreateItemFromIDList
SHCreateDefaultExtractIcon
SHGetFolderPathW
SHChangeNotify
SHGetNameFromIDList
ord162
Shell_GetCachedImageIndexW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ord193
SHBindToParent
ord23
ord727
ord17
SHGetFolderLocation
SHGetDesktopFolder
ord98
SHParseDisplayName
ord88

ole32

StringFromGUID2
CoInitializeEx
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
ReleaseStgMedium
CoAllowSetForegroundWindow
CoCreateFreeThreadedMarshaler
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoWaitForMultipleHandles
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GlassControls
LoadSVG
LoadSVGOrb
PickGlyphDlg
Startup
UninstallW
Uninstall_AllUsersW

Sections

.text
Size: 490KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe2cf726ce90106629edb4b6147b55ad

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

dwmapi

uxtheme

api-ms-win-core-winrt-l1-1-0

ntdll

msvcrt

gdi32

user32

kernel32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 490KB - Virtual size: 489KB

.rdata Size: 131KB - Virtual size: 130KB

.data Size: 7KB - Virtual size: 14KB

.pdata Size: 19KB - Virtual size: 19KB

.rsrc Size: 135KB - Virtual size: 135KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 490KB - Virtual size: 489KB

.rdata
Size: 131KB - Virtual size: 130KB

.data
Size: 7KB - Virtual size: 14KB

.pdata
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 135KB - Virtual size: 135KB

.reloc
Size: 5KB - Virtual size: 5KB