d92c388ea9715485fca7ac648e32146e2015e0b63a558abe0b44f184cd599152

Sharing

Copy URL Twitter E-mail

General

Target

d92c388ea9715485fca7ac648e32146e2015e0b63a558abe0b44f184cd599152
Size

11.8MB
MD5

bf9634529dfa03641b0b7ce3e23af9a1
SHA1

d169b20d3449271b3281ac4806ab7c05cf49d15a
SHA256

d92c388ea9715485fca7ac648e32146e2015e0b63a558abe0b44f184cd599152
SHA512

93a78a18952d51581e2b3f44b8a1e20cb55d775f2dd362ec4afc2aa05f695f794a52a91b4857561008ddd734874d783968350f438bcf643b9f851e53c22cd739
SSDEEP

196608:GiRV8zN387yojtF4ieYQoKK+c0eeQC8Zs544bKa4D0fbYoONV3o8j:ghsZFsYQoKKiLz8+O4bi0JONV3Pj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d92c388ea9715485fca7ac648e32146e2015e0b63a558abe0b44f184cd599152

Files

d92c388ea9715485fca7ac648e32146e2015e0b63a558abe0b44f184cd599152
.exe windows:5 windows x86

187d627c7003774591b5fba6cae62d40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryW
CreateFileW
GlobalUnlock
GlobalLock
GlobalAlloc
GetTempPathW
FindResourceW
WriteFile
SizeofResource
LoadResource
LockResource
SetCurrentDirectoryW
Process32NextW
GetCurrentDirectoryW
FreeLibraryAndExitThread
ExitThread
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryW
GetLastError
GetCurrentProcessId
LocalFree
LocalAlloc
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
DeviceIoControl
ExpandEnvironmentStringsW
PeekNamedPipe
WaitForMultipleObjects
GetSystemDirectoryA
SleepEx
ResetEvent
lstrlenA
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
GetFileInformationByHandle
InterlockedCompareExchange
GetModuleHandleW
CloseHandle
DeleteFileW
GetVersionExW
VirtualAlloc
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
WritePrivateProfileStringW
GetModuleFileNameW
ReadFile
GetFileSize
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
Sleep
GetProcAddress
GetDriveTypeW
FindNextFileW
MulDiv
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetPrivateProfileStringW
GlobalFree
GetExitCodeProcess
CreateProcessW
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetSystemInfo
FormatMessageW
GetVolumeInformationW
GetTickCount
GetLongPathNameW
FindClose
lstrcpyW
FindFirstFileW
FreeLibrary
CreateDirectoryW
MoveFileExW
FileTimeToSystemTime
ReleaseMutex
CreateMutexW
AreFileApisANSI
SetPriorityClass
HeapCreate
FlushInstructionCache
GetFullPathNameW
FreeResource
GetLocalTime
GetVersionExA
GetModuleHandleA
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetStringTypeW
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
OutputDebugStringW
WaitForSingleObjectEx
SetStdHandle
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetExitCodeThread
VirtualFree
TerminateThread
CreateThread
QueryDosDeviceW
GetWindowsDirectoryW
GetLogicalDriveStringsW
lstrcmpiW
OpenProcess
LoadLibraryA
lstrlenW
SetLastError
GetProcessHeap
HeapFree
HeapAlloc

user32

GetCursorPos
CreateCaret
GetCaretBlinkTime
HideCaret
SetCaretPos
ScreenToClient
GetClassNameW
DestroyIcon
LoadBitmapW
CreateIconFromResource
LoadImageW
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
ClientToScreen
EnableMenuItem
GetSysColor
GetSystemMetrics
IsWindowVisible
DrawTextW
SystemParametersInfoA
CharLowerBuffW
MapVirtualKeyA
UpdateLayeredWindow
IsMenu
IsWindowEnabled
CreatePopupMenu
DestroyMenu
GetMenuItemCount
AppendMenuW
TrackPopupMenu
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
MsgWaitForMultipleObjects
InvalidateRect
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetWindowLongW
GetFocus
SetFocus
PtInRect
EqualRect
IsRectEmpty
UnionRect
CopyRect
SetRect
SetCursor
KillTimer
SetTimer
DestroyWindow
DestroyCursor
LoadCursorW
IntersectRect
GetKeyState
GetForegroundWindow
wsprintfW
UnregisterClassW
LoadStringW
GetIconInfo
OffsetRect
InflateRect
ReleaseDC
GetDC
SendMessageW
ShowWindow
SetWindowPos
SetWindowTextW
IsWindow
SetForegroundWindow
FindWindowW
DrawIconEx
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
PostMessageW
TrackMouseEvent
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
SystemParametersInfoW
MapWindowPoints
SetWindowLongW
GetWindowRect
GetClientRect
GetActiveWindow
GetDlgItem

advapi32

RegOpenKeyExW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx
CreateProcessAsUserW
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetTokenInformation
GetTokenInformation
OpenProcessToken
RegQueryValueExW

shell32

SHBrowseForFolderW
SHChangeNotify
SHGetFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleLockRunning
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CreateBindCtx
CoCreateGuid

shlwapi

SHDeleteKeyW
SHDeleteValueW
SHGetValueW
SHSetValueW
StrToIntExW
PathFileExistsW

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses
GetProcessImageFileNameW

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject

gdiplus

GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipImageGetFrameDimensionsCount
GdipGetImageGraphicsContext
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipImageGetFrameCount
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipGraphicsClear
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipSaveImageToFile
GdipDrawImageI

imm32

ImmReleaseContext
ImmGetContext
ImmAssociateContext

gdi32

CreateFontIndirectW
CreateCompatibleDC
SetGraphicsMode
GetDeviceCaps
CreateBitmap
CreateRoundRectRgn
EnumFontsW
BitBlt
GetViewportOrgEx
GetCurrentObject
SetViewportOrgEx
GetObjectW
CreateSolidBrush
GetStockObject
StretchBlt
SetBkMode
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextColor
SetTextAlign
GetTextMetricsW
SetWorldTransform
ExtTextOutW
GetTextFaceW
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
IntersectClipRect
GetRegionData
ExtCreateRegion
DeleteObject
DeleteDC
Rectangle

oleaut32

SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSASetLastError
htonl
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
getservbyname
__WSAFDIsSet
select
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
connect
WSAStartup
WSACleanup
recv
send
WSAGetLastError
closesocket
socket
bind

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

187d627c7003774591b5fba6cae62d40

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

psapi

crypt32

gdiplus

imm32

gdi32

oleaut32

iphlpapi

userenv

ws2_32

usp10

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 472KB - Virtual size: 471KB

.data Size: 58KB - Virtual size: 156KB

.gfids Size: 512B - Virtual size: 444B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9.6MB - Virtual size: 9.6MB

.reloc Size: 120KB - Virtual size: 120KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 472KB - Virtual size: 471KB

.data
Size: 58KB - Virtual size: 156KB

.gfids
Size: 512B - Virtual size: 444B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9.6MB - Virtual size: 9.6MB

.reloc
Size: 120KB - Virtual size: 120KB