229d13610e04219c8eabb612bd10a48192996e8e508cde1d4beec635b838d9d2

Sharing

Copy URL Twitter E-mail

General

Target

229d13610e04219c8eabb612bd10a48192996e8e508cde1d4beec635b838d9d2
Size

764KB
MD5

ea8fa63fcfdc585e787a9d19b3362529
SHA1

c8b50505c80147c9e19c957644de0308d05d1f8d
SHA256

229d13610e04219c8eabb612bd10a48192996e8e508cde1d4beec635b838d9d2
SHA512

d4b67f5a72e9a2b30612b2dadf153b63901386cb5cb6e68977aa71c072e5c18829f0f7f6a302c47d581a23c5e6c7beea54f70f7969f275b114e153566c866f84
SSDEEP

12288:ubN3seWmH402+QyLhd8QVagYyj3XMjsHMQMvFNH3EfM2WthMB:uZceQ0JvLrJnj3XGsV6NXEfPB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
229d13610e04219c8eabb612bd10a48192996e8e508cde1d4beec635b838d9d2

Files

229d13610e04219c8eabb612bd10a48192996e8e508cde1d4beec635b838d9d2
.exe windows:6 windows x86

4892b99afd2dd81dd3aae57ebd0d0217

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AreFileApisANSI
GetFileAttributesExW
CreateFileW
FormatMessageA
LocalFree
InitOnceBeginInitialize
InitOnceComplete
SetFileInformationByHandle
GetFileInformationByHandleEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetDiskFreeSpaceExA
WinExec
LoadLibraryW
GetFileSize
SetFilePointer
WriteFile
lstrcatA
WideCharToMultiByte
Process32Next
GetLastError
MultiByteToWideChar
ReadFile
CreateToolhelp32Snapshot
Process32First
CreateProcessA
GetStartupInfoA
GetSystemInfo
CloseHandle
GetVersionExA
CreateFileA
Sleep
WaitForSingleObject
CreatePipe
OutputDebugStringA

user32

SetWindowLongA
SetTimer
GetClientRect
PostMessageA
GetWindowRect
SetWindowRgn
ScreenToClient
IsIconic
GetWindowLongA
PostQuitMessage
KillTimer
SetWindowPos

gdi32

DeleteObject
CreateRoundRectRgn

advapi32

RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid

libcurl

curl_slist_free_all
curl_easy_setopt
curl_easy_cleanup
curl_slist_append
curl_global_init
curl_easy_perform
curl_easy_getinfo
curl_easy_init

msvcp140

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
_Xtime_get_ticks
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xlength_error@std@@YAXPBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exceptions@std@@YAHXZ
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

duilib

?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PBDKKHHHHPAUHMENU__@@@Z
??HCDuiString@DuiLib@@QBE?AV01@PBD@Z
??BCDuiString@DuiLib@@QBEPBDXZ
??1CDuiString@DuiLib@@QAE@XZ
?SetPosition@CWndShadow@@QAE_NHH@Z
?SetDarkness@CWndShadow@@QAE_NI@Z
?SetSharpness@CWndShadow@@QAE_NI@Z
?SetSize@CWndShadow@@QAE_NH@Z
??1CWndShadow@@UAE@XZ
??0CWndShadow@@QAE@XZ
?SetNormalImage@CButtonUI@DuiLib@@QAEXPBD@Z
?MessageHandler@CPaintManagerUI@DuiLib@@QAE_NIIJAAJ@Z
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@UtagPOINT@@@Z
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PBD@Z
?AddNotifier@CPaintManagerUI@DuiLib@@QAE_NPAVINotifyUI@2@@Z
?AttachDialog@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@@Z
?GetRoundCorner@CPaintManagerUI@DuiLib@@QBE?AUtagSIZE@@XZ
?GetCaptionRect@CPaintManagerUI@DuiLib@@QAEAAUtagRECT@@XZ
?Init@CPaintManagerUI@DuiLib@@QAEXPAUHWND__@@PBD@Z
?ShowWindow@CWindowWnd@DuiLib@@QAEX_N0@Z
??0CPaintManagerUI@DuiLib@@QAE@XZ
?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@VSTRINGorID@2@PBDPAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z
??0CDialogBuilder@DuiLib@@QAE@XZ
?SelectItem@CTabLayoutUI@DuiLib@@QAE_NH_N@Z
??0STRINGorID@DuiLib@@QAE@PBD@Z
?SetBkImage@CControlUI@DuiLib@@QAEXPBD@Z
?Offset@CDuiRect@DuiLib@@QAEXHH@Z
??0CDuiRect@DuiLib@@QAE@XZ
?HandleMessage@CWindowWnd@DuiLib@@MAEJIIJ@Z
?GetSuperClassName@CWindowWnd@DuiLib@@MBEPBDXZ
?ResizeClient@CWindowWnd@DuiLib@@QAEXHH@Z
?SetIcon@CWindowWnd@DuiLib@@QAEXI@Z
?Close@CWindowWnd@DuiLib@@QAEXI@Z
??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
?GetHWND@CWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
??0CWindowWnd@DuiLib@@QAE@XZ
?SetValue@CProgressUI@DuiLib@@QAEXH@Z
??8CDuiString@DuiLib@@QBE_NPBD@Z
?GetData@CDuiString@DuiLib@@QBEPBDXZ
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
?GetInstancePath@CPaintManagerUI@DuiLib@@SA?AVCDuiString@2@XZ
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?SetResourcePath@CPaintManagerUI@DuiLib@@SAXPBD@Z
?MessageLoop@CPaintManagerUI@DuiLib@@SAHXZ
??1CPaintManagerUI@DuiLib@@QAE@XZ
?Create@CWndShadow@@QAEXPAUHWND__@@@Z
??1CDialogBuilder@DuiLib@@QAE@XZ
??0INotifyUI@DuiLib@@QAE@XZ
?Initialize@CWndShadow@@SA_NPAUHINSTANCE__@@@Z

unrar

RARReadHeaderEx
RAROpenArchiveEx
RARProcessFile
RARCloseArchive

netapi32

NetApiBufferFree
NetWkstaGetInfo

vcruntime140

_except_handler4_common
memset
__current_exception_context
__current_exception
memmove
_CxxThrowException
__std_terminate
_purecall
memchr
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memcpy

api-ms-win-crt-runtime-l1-1-0

_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_wide_winmain_command_line
terminate
_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
_beginthreadex
exit
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_invalid_parameter_noinfo_noreturn
abort
_seh_filter_exe
_initterm_e
_errno

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
fread
fsetpos
fputc
fflush
fclose
_fseeki64
_get_stream_buffer_pointers
__p__commode
__stdio_common_vsprintf_s
fgetc
_set_fmode
__acrt_iob_func
fwrite
ungetc
__stdio_common_vsprintf
fgetpos
setvbuf
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
_callnewh

api-ms-win-crt-math-l1-1-0

_dclass
__setusermatherr

api-ms-win-crt-convert-l1-1-0

strtoull
strtod
strtoll

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
_findfirst64i32
_rmdir
_findnext64i32
_unlock_file
rename
_findclose
_access

api-ms-win-crt-string-l1-1-0

tolower
strcpy_s

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv
___lc_codepage_func
setlocale

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp
_mbscmp

api-ms-win-crt-time-l1-1-0

_time64

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 570KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4892b99afd2dd81dd3aae57ebd0d0217

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

libcurl

msvcp140

duilib

unrar

netapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 570KB - Virtual size: 569KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 570KB - Virtual size: 569KB

.reloc
Size: 8KB - Virtual size: 8KB