4547e282a973cd7f643ab09ee2caee9c87639e512f9c2c1d846a625dc447312b

Sharing

Copy URL Twitter E-mail

General

Target

4547e282a973cd7f643ab09ee2caee9c87639e512f9c2c1d846a625dc447312b
Size

1.7MB
MD5

233b8a7b2f0624575da0f52cba5a84f6
SHA1

1beced102d90a6c60e34e3e2018a8ec8be3a4e5d
SHA256

4547e282a973cd7f643ab09ee2caee9c87639e512f9c2c1d846a625dc447312b
SHA512

9eae5c3d2db1ca666e1afdf9dc98ea842f47cafcf55022706ade80ff88b26de0d46ff41375ac3cfa4f55192743cc5c1f13c55cde402d884f8b865774cbb8aefd
SSDEEP

24576:Ns4jGeYCK7kbzbKSyC60YgGuzkTHB77wFfGM63VGLgLHAU9y+:N/jfYlke7/oWHBvwEMWVdTL9y+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4547e282a973cd7f643ab09ee2caee9c87639e512f9c2c1d846a625dc447312b

Files

4547e282a973cd7f643ab09ee2caee9c87639e512f9c2c1d846a625dc447312b
.exe windows:6 windows x86

b945da91aaf614b7a21c53536147fde8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceExW
LoadResource
FindResourceW
GetCurrentDirectoryW
GlobalLock
LocalFree
FreeLibrary
lstrcmpiW
GlobalUnlock
lstrcmpW
MulDiv
LoadLibraryExW
CopyFileW
GetModuleFileNameA
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringA
CreateDirectoryA
FindFirstFileW
FindNextFileW
FindClose
Sleep
TerminateProcess
GetModuleHandleA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
LoadLibraryExA
InitializeCriticalSection
ExitProcess
GetTickCount
GetTickCount64
FlushFileBuffers
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFullPathNameW
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
GetTimeZoneInformation
SetFilePointerEx
SetStdHandle
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
CloseHandle
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
GlobalAlloc
WriteFile
ReadConsoleW
GetConsoleMode
ReadFile
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
LockResource
FormatMessageW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SizeofResource
CreateThread
WaitForSingleObject
GetModuleFileNameW
MapViewOfFile
CreateProcessA
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
CreateFileMappingA
VirtualAllocEx
GetProcAddress
HeapDestroy
DecodePointer
QueueUserAPC
HeapAlloc
HeapReAlloc
HeapSize
UnmapViewOfFile
ResumeThread
InitializeCriticalSectionEx
HeapFree
WriteProcessMemory
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
FormatMessageA
GetLastError
SetLastError
QueryPerformanceCounter
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
RaiseException
GetConsoleOutputCP
SystemTimeToTzSpecificLocalTime
OutputDebugStringW
SetEndOfFile

user32

GetClassNameW
LoadCursorW
CharNextW
SetFocus
CreateAcceleratorTableW
MoveWindow
GetSysColor
GetDlgItemTextW
SetDlgItemTextW
IsChild
DestroyAcceleratorTable
SetCapture
RedrawWindow
GetDlgItemTextA
InvalidateRgn
IsWindow
RegisterClassExW
SetWindowTextW
EndDialog
SendMessageW
ScreenToClient
CreateWindowExW
GetClientRect
ClientToScreen
FillRect
SetWindowPos
GetDC
DestroyWindow
GetFocus
GetWindow
PostMessageW
CallWindowProcW
DefWindowProcW
GetWindowTextLengthW
GetWindowLongW
GetDlgItemInt
GetCursorPos
SetForegroundWindow
PostQuitMessage
KillTimer
AppendMenuW
AppendMenuA
LoadIconW
TranslateMessage
GetMenuStringW
DestroyMenu
EnumWindows
IsDialogMessageW
SetTimer
DispatchMessageW
SetClassLongW
ShowWindow
TrackPopupMenu
CreatePopupMenu
GetSystemMetrics
GetMenuItemCount
IsWindowVisible
GetMenu
GetMenuItemID
GetWindowRect
GetKeyState
ModifyMenuW
CloseWindow
CreateDialogParamW
GetMessageW
SetDlgItemTextA
BringWindowToTop
GetWindowThreadProcessId
RegisterClassW
SwitchToThisWindow
GetClassInfoW
GetDlgItem
GetDesktopWindow
GetClassInfoExW
GetParent
wsprintfW
SetWindowLongW
RegisterWindowMessageW
DialogBoxParamW
ReleaseCapture
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
EnableWindow
GetWindowTextW
UnregisterClassW

gdi32

DeleteDC
SetTextColor
SetPixel
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
GetDeviceCaps
SetBkMode
GetObjectW
DeleteObject
CreateSolidBrush
SelectObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteValueW
RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW

ole32

OleUninitialize
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
CreateStreamOnHGlobal
OleInitialize
CoTaskMemRealloc
CLSIDFromString
CoGetClassObject
OleLockRunning
CoInitialize
CoUninitialize

oleaut32

VariantInit
LoadTypeLi
SysFreeString
OleCreateFontIndirect
SysAllocString
SysStringLen
SysAllocStringLen
VariantClear
VarUI4FromStr
LoadRegTypeLi

ws2_32

socket
send
inet_addr
WSAStartup
listen
shutdown
ntohl
gethostbyname
connect
closesocket
bind
accept
__WSAFDIsSet
gethostname
inet_ntoa
recvfrom
recv
getsockopt
htons
sendto
ioctlsocket
select
WSAGetLastError
setsockopt

shlwapi

PathFileExistsW

comctl32

CreateStatusWindowW

gdiplus

GdipSetPenEndCap
GdipSetTextRenderingHint
GdipCreateCustomLineCap
GdipDrawEllipse
GdipCloneBrush
GdipMeasureString
GdipGetImageGraphicsContext
GdipFillRectangleI
GdipDrawImage
GdipDeleteGraphics
GdipDeleteFont
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipDeletePen
GdipCreatePen1
GdipDeleteMatrix
GdipTranslateMatrix
GdipResetWorldTransform
GdipDrawString
GdipFree
GdipClosePathFigure
GdipScaleWorldTransform
GdipFillRectangle
GdipAddPathLineI
GdipDeleteCustomLineCap
GdipCreateFromHDC
GdipDrawLine
GdipSetPenCustomEndCap
GdipCreateSolidFill
GdipSetInterpolationMode
GdipCreateFont
GdipCreatePath
GdipSetWorldTransform
GdipSetSmoothingMode
GdipDisposeImage
GdipCreateMatrix
GdipDeletePath
GdipAlloc
GdipCreateAdjustableArrowCap
GdipSetPenCustomStartCap
GdipRotateMatrix
GdipDeleteBrush
GdipCloneImage
GdipCreateFontFamilyFromName
GdipReleaseDC
GdipGetImageHeight
GdipDeleteFontFamily
GdiplusShutdown
GdiplusStartup
GdipDrawRectangleI
GdipCreateLineBrushFromRectI
GdipGetDC

iphlpapi

GetAdaptersInfo

msvcrt

strncpy

psapi

GetMappedFileNameW

Sections

.text
Size: 732KB - Virtual size: 732KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 944KB - Virtual size: 944KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b945da91aaf614b7a21c53536147fde8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

comctl32

gdiplus

iphlpapi

msvcrt

psapi

Sections

.text Size: 732KB - Virtual size: 732KB

.sedata Size: 944KB - Virtual size: 944KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 68KB - Virtual size: 68KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 732KB - Virtual size: 732KB

.sedata
Size: 944KB - Virtual size: 944KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 68KB - Virtual size: 68KB

.sedata
Size: 4KB - Virtual size: 4KB