936b2d0a98e038e5c6345d5ff7cbb781d9261b1e3b32fbe13adc3e2654161f6c

Sharing

Copy URL

Twitter E-mail

General

Target

936b2d0a98e038e5c6345d5ff7cbb781d9261b1e3b32fbe13adc3e2654161f6c
Size

12.9MB
MD5

bd1005de2fd46bcbd9cc2ee2bc166c92
SHA1

06483d3bd287fe9c0b23cca5bc6959449688c2df
SHA256

936b2d0a98e038e5c6345d5ff7cbb781d9261b1e3b32fbe13adc3e2654161f6c
SHA512

ec5812de26d184a5295d4e45eeac656fa319d9a919123b87a7489fc0a258a34543cb9129b203d2a85de5200bc55fa1ac53bfc3f8f32160e1adf465b4b2a9535b
SSDEEP

196608:cMJ5y1BBaNovlkxNJsv6tWKFdu9Cl8A1FCav:3GCpNJsv6tWKFdu9CVyav

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
936b2d0a98e038e5c6345d5ff7cbb781d9261b1e3b32fbe13adc3e2654161f6c

Files

936b2d0a98e038e5c6345d5ff7cbb781d9261b1e3b32fbe13adc3e2654161f6c
.exe windows:6 windows x86

5f6f1a940fe8345c053f0516482a6b51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcef

cef_cookie_manager_get_global_manager
cef_string_multimap_alloc
cef_string_multimap_free
cef_request_create
cef_v8value_create_undefined
cef_v8value_create_bool
cef_v8value_create_int
cef_v8value_create_string
cef_v8value_create_function
cef_v8context_get_current_context
cef_string_utf8_to_utf16
cef_process_message_create
cef_value_create
cef_string_multimap_append
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_map_append
cef_string_map_value
cef_string_ascii_to_utf16
cef_log
cef_string_wide_to_utf8
cef_get_min_log_level
cef_waitable_event_create
cef_shared_process_message_builder_create
cef_string_map_key
cef_string_map_size
cef_string_list_append
cef_string_list_value
cef_string_list_size
cef_dictionary_value_create
cef_uriencode
cef_base64encode
cef_enable_highdpi_support
cef_shutdown
cef_initialize
cef_execute_process
cef_register_scheme_handler_factory
cef_register_extension
cef_post_task
cef_currently_on
cef_api_hash
cef_command_line_create
cef_string_map_free
cef_string_map_alloc
cef_string_userfree_utf16_free
cef_browser_host_create_browser
cef_string_list_free
cef_string_list_alloc
cef_string_utf16_to_utf8
cef_string_utf16_cmp
cef_string_utf8_clear
cef_string_utf16_set
cef_string_utf16_clear

kernel32

GetACP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
SetStdHandle
SetFileAttributesW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
GetStdHandle
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
SetLastError
RtlUnwind
GetStringTypeW
GetCPInfo
LCMapStringEx
EncodePointer
GetOEMCP
Sleep
GetCommandLineW
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetLongPathNameW
RemoveDirectoryW
CloseHandle
SetUnhandledExceptionFilter
GetLastError
CreateMutexW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
CopyFileW
MoveFileW
ReadFile
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetOverlappedResult
WaitForSingleObject
CreateEventW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
InitOnceExecuteOnce
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
DecodePointer
RaiseException
InitializeCriticalSectionEx
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
VirtualFree
VirtualAlloc
ReleaseMutex
WriteConsoleW
QueryPerformanceFrequency
GetExitCodeProcess
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
GetModuleHandleExW
FindFirstFileExW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
LCMapStringW
CompareStringW
RegisterWaitForSingleObject
UnregisterWaitEx
SetFilePointerEx
SetEndOfFile
GetFileType
FlushFileBuffers
GetFileInformationByHandleEx
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
MoveFileExW
DeviceIoControl
SetErrorMode
GetVolumePathNamesForVolumeNameW
GetTempPathW
SetFileTime
GetLogicalDrives
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
GetCurrentDirectoryW
GetTickCount64
GetFileAttributesExW
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
WaitForMultipleObjects
DuplicateHandle
GetSystemDirectoryW
GetLocalTime
GetSystemTime
OutputDebugStringW
CompareStringEx
InitializeCriticalSection
ExitProcess
GetConsoleWindow
GetDriveTypeW
GetVolumeInformationW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
GetUserDefaultLangID
GlobalSize
LoadLibraryA
GetLocaleInfoW
lstrcmpW
LocalFree
FormatMessageW
WTSGetActiveConsoleSessionId
CreateProcessW
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalUnlock
GlobalLock

user32

RegisterPowerSettingNotification
UnregisterPowerSettingNotification
UnregisterClassW
GetClassInfoW
RegisterClassExW
GetFocus
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
FindWindowExA
GetAncestor
RegisterDeviceNotificationW
CharNextExA
KillTimer
CreateMenu
CreatePopupMenu
DestroyMenu
SetParent
GetParent
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
TranslateMessage
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
BeginPaint
GetForegroundWindow
EnableMenuItem
GetSystemMenu
GetMenu
ReleaseCapture
DrawIconEx
MessageBoxW
ChangeWindowMessageFilterEx
GetKeyboardLayoutList
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
GetWindowThreadProcessId
UnregisterDeviceNotification
SetCapture
EnumWindows
GetPropW
IsIconic
ShowWindow
SetForegroundWindow
MoveWindow
EndPaint
RealGetWindowClassW
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
EnumDisplayDevicesW
RegisterClassW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
GetSystemMetrics
SystemParametersInfoW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
AttachThreadInput
CreateWindowExW
IsChild
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
InsertMenuW

advapi32

RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
GetLengthSid
FreeSid
DuplicateToken
CopySid
AllocateAndInitializeSid
AccessCheck
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
SystemFunction036
RegOpenKeyExW
RegQueryValueExW

shlwapi

PathRemoveExtensionW
PathRemoveFileSpecW
PathCombineW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

uxtheme

GetThemeEnumValue
GetThemeMargins
GetThemeInt
GetThemeColor
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName
GetThemePartSize
OpenThemeData

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

imm32

ImmGetOpenStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmNotifyIME
ImmGetVirtualKey

userenv

GetUserProfileDirectoryW

netapi32

NetApiBufferFree
NetShareEnum

oleaut32

SysFreeString
SafeArrayPutElement
SafeArrayCreateVector
SysAllocString
SysAllocStringLen
VariantInit
LoadTypeLi
GetActiveObject
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayGetVartype
OleCreateFontIndirect
OleCreatePictureIndirect
VariantClear

shell32

CommandLineToArgvW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
ord75
ShellExecuteExW
SHGetKnownFolderPath

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

timeSetEvent
timeKillEvent
PlaySoundW

ws2_32

WSAStartup
WSACleanup
WSAAsyncSelect

gdi32

SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
ExtTextOutW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
GetObjectW
GetBitmapBits
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SetLayout
OffsetRgn
BitBlt
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
CombineRgn
GetDIBits
GetGlyphOutlineW

ole32

RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
CoUninitialize
CoInitializeEx
CoInitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
CoLockObjectExternal
CoTaskMemFree
ReleaseStgMedium
CoGetMalloc
CoCreateGuid
CoGetClassObject
CoFreeUnusedLibraries
CLSIDFromProgID
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleCreateFromFile
StringFromGUID2
DoDragDrop

Sections

.text
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 305KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f6f1a940fe8345c053f0516482a6b51

Headers

DLL Characteristics

File Characteristics

Imports

libcef

kernel32

user32

advapi32

shlwapi

wtsapi32

uxtheme

dwmapi

imm32

userenv

netapi32

oleaut32

shell32

version

winmm

ws2_32

gdi32

ole32

Sections

.text Size: 8.7MB - Virtual size: 8.7MB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 305KB - Virtual size: 359KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 315KB - Virtual size: 315KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 291KB - Virtual size: 291KB

.text
Size: 8.7MB - Virtual size: 8.7MB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 305KB - Virtual size: 359KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 291KB - Virtual size: 291KB