ad4f2e97b3b154ed3313d466f2055ffe16a2a419ab6bcc7cca8c58a487b39aad

Sharing

Copy URL Twitter E-mail

General

Target

ad4f2e97b3b154ed3313d466f2055ffe16a2a419ab6bcc7cca8c58a487b39aad
Size

3.5MB
MD5

840a55dd28b2f88410ce3d6f8c388850
SHA1

50d05dc1e0d37dc23056bbbe5f33e352f7356bab
SHA256

ad4f2e97b3b154ed3313d466f2055ffe16a2a419ab6bcc7cca8c58a487b39aad
SHA512

16e581a15e27ca3a7db09fc39bedd6696202a2579d0d0282f7f1b49e049dc422db13750e250b134c71c12893623243c9a1bb0dc9e68860255b2f679a14984f07
SSDEEP

49152:w+WZ1Zc5UVhWZr6Y79jGM6eG9qxrsPy1scZgxQpWvhCLeb7p:cZ8chWZr6YpGM6N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad4f2e97b3b154ed3313d466f2055ffe16a2a419ab6bcc7cca8c58a487b39aad

Files

ad4f2e97b3b154ed3313d466f2055ffe16a2a419ab6bcc7cca8c58a487b39aad
.exe windows:5 windows x86

3725a5242f0e1b1f25d201aa04110335

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegQueryValueW
RegSetValueExW

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize
ImageList_LoadImageW
ImageList_ReplaceIcon
ImageList_SetBkColor
InitCommonControlsEx
PropertySheetW
_TrackMouseEvent

kernel32

AllocConsole
CloseHandle
CompareFileTime
CreateDirectoryW
CreateEventW
CreateFileW
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
FreeLibrary
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLastError
GetLocalTime
GetLogicalDriveStringsW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberFormatW
GetProcAddress
GetStartupInfoW
GetStdHandle
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
GetVersion
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
IsBadReadPtr
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
LocalFree
MoveFileExW
MulDiv
MultiByteToWideChar
OpenEventW
OpenProcess
OutputDebugStringW
QueryPerformanceCounter
ReleaseSemaphore
RemoveDirectoryW
SetCurrentDirectoryW
SetErrorMode
SetEvent
SetLastError
SetProcessShutdownParameters
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenW

msimg32

AlphaBlend

msvcrt

__dllonexit
__doserrno
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_assert
_cexit
_dup2
_errno
_fdopen
_filelengthi64
_fileno
_fmode
_fpreset
_fstat64
_initterm
_iob
_lock
_lseeki64
_onexit
_open_osfhandle
_snwprintf
_stricmp
_strnicmp
_unlock
_vsnwprintf
_wcmdln
_wcsdup
_wcsicmp
_wcsicoll
_wcsnicmp
_wfopen
_write
_wsplitpath
_wtoi
abort
atoi
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fputws
fread
free
fsetpos
fwrite
getc
getenv
getwc
gmtime
isalnum
isspace
iswctype
iswspace
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
puts
putwc
qsort
realloc
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strerror
strftime
strlen
strncmp
strxfrm
swprintf
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscat
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsncmp
wcsncpy
wcsrchr
wcsstr
wcsxfrm
wprintf
_write
_read
_fileno
_fdopen

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
GetErrorInfo
OleDuplicateData
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocString
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

shell32

DragQueryFileW
ExtractIconExW
ExtractIconW
SHAddToRecentDocs
ord723
SHCreateShellFolderView
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHRestricted
ShellAboutW
ShellExecuteA
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

shlwapi

PathFileExistsW
PathRemoveBackslashW

ws2_32

WSAStartup
accept
bind
htonl
htons
listen
recv
send
socket

notifyhook

DeinstallNotifyHook
GetWindowModulePathCopyData
InstallNotifyHook

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreateFontW
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
ExtSelectClipRgn
GetClipRgn
GetDeviceCaps
GetObjectW
GetPixel
GetStockObject
GetTextExtentPoint32W
LineTo
MoveToEx
PatBlt
Rectangle
SelectClipRgn
SelectObject
SetBkMode
SetTextColor

user32

AdjustWindowRectEx
AppendMenuW
BeginDeferWindowPos
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerW
CheckDlgButton
CheckMenuItem
CheckRadioButton
ClientToScreen
CopyImage
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeferWindowPos
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawTextW
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
EnumWindows
FillRect
GetAsyncKeyState
GetCapture
GetClassLongW
GetClassNameW
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetFocus
GetForegroundWindow
GetMenu
GetMenuItemCount
GetMessagePos
GetMessageW
GetParent
GetScrollPos
GetShellWindow
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
GrayStringW
InsertMenuW
InvalidateRect
IsDialogMessageW
IsDlgButtonChecked
IsIconic
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadAcceleratorsW
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
LoadStringW
MessageBeep
MessageBoxA
MessageBoxW
MoveWindow
MsgWaitForMultipleObjects
PaintDesktop
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassExW
RegisterClipboardFormatW
RegisterHotKey
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
ScrollWindowEx
SendMessageTimeoutW
SendMessageW
SetCapture
SetClassLongW
SetCursor
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetMenuDefaultItem
SetRect
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookExW
ShowWindow
ShowWindowAsync
SystemParametersInfoW
TrackPopupMenu
TrackPopupMenuEx
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UpdateWindow
WinHelpW
WindowFromPoint
wsprintfW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rossym
Size: 955KB - Virtual size: 955KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3725a5242f0e1b1f25d201aa04110335

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

msimg32

msvcrt

ole32

oleaut32

shell32

shlwapi

ws2_32

notifyhook

gdi32

user32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 25KB - Virtual size: 25KB

.rdata Size: 80KB - Virtual size: 79KB

/4 Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 6KB

.idata Size: 12KB - Virtual size: 12KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.rossym Size: 955KB - Virtual size: 955KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 25KB - Virtual size: 25KB

.rdata
Size: 80KB - Virtual size: 79KB

/4
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 6KB

.idata
Size: 12KB - Virtual size: 12KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.rossym
Size: 955KB - Virtual size: 955KB