25cdc968a9bfff250225310d3e7940c0cf99379bfb265230029067307e2de39f

Sharing

Copy URL Twitter E-mail

General

Target

25cdc968a9bfff250225310d3e7940c0cf99379bfb265230029067307e2de39f
Size

6.8MB
MD5

f56a92c32931fa3d481994ce8a4a62fa
SHA1

8cb1752dedcf4bb36d2c479ee09a27556f8ba8b0
SHA256

25cdc968a9bfff250225310d3e7940c0cf99379bfb265230029067307e2de39f
SHA512

6658bbaea7e00efb40934bd9dd7bf15817b23a28b79179690559002ba1483a1d7a0a46becfafedd45fb7341359b0a147dfa74daa8ec9bb744a99add14325a03e
SSDEEP

196608:1MsDiG7nh64qHwVGxzBhmDy7Jk49VT9qvGYjOKxyubeSp/W:1MsDiG7nh64qHwVGxzBYyHAOKQuO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25cdc968a9bfff250225310d3e7940c0cf99379bfb265230029067307e2de39f

Files

25cdc968a9bfff250225310d3e7940c0cf99379bfb265230029067307e2de39f
.exe windows:6 windows x64

e2bdd7709cd363d5826f2474ef792c35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wininet

InternetCloseHandle
HttpSendRequestA
InternetCrackUrlA
InternetReadFile
InternetConnectA
InternetOpenA
InternetCanonicalizeUrlA
HttpOpenRequestA
HttpQueryInfoA
InternetGetConnectedState

d3d11

D3D11CreateDevice

dbghelp

MiniDumpWriteDump

winmm

timeBeginPeriod
timeEndPeriod
joyGetPosEx
joyGetPos
mciSendStringA
timeGetTime
timeGetDevCaps

ws2_32

WSAAddressToStringA
WSAGetLastError
freeaddrinfo
WSAStartup
socket
setsockopt
sendto
send
select
recvfrom
recv
ntohs
listen
htons
getsockopt
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
getaddrinfo
inet_pton
getpeername
getnameinfo
inet_ntop

gdiplus

GdiplusShutdown
GdiplusStartup

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

UuidToStringW
UuidCreate

mf

MFCreateMediaSession
MFCreateTopology
MFCreateTopologyNode
MFGetService
MFCreateAudioRendererActivate
MFCreateSampleGrabberSinkActivate

mfplat

MFStartup
MFCreateMediaType
MFCreateSourceResolver

iphlpapi

NotifyIpInterfaceChange
GetAdaptersAddresses

kernel32

WriteFile
GetStdHandle
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
MoveFileExW
SetFileAttributesW
GetFileAttributesExW
HeapWalk
HeapValidate
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetModuleHandleExW
RtlUnwind
LoadLibraryExW
RtlPcToFileHeader
RtlUnwindEx
GetStringTypeW
GetDateFormatW
LCMapStringEx
DecodePointer
EncodePointer
GetFileSizeEx
SetFilePointerEx
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
GetTimeFormatW
CompareStringW
LCMapStringW
GetCPInfo
OutputDebugStringA
GetCurrentProcess
GetCommandLineW
ExpandEnvironmentStringsW
CreateDirectoryW
CreateFileW
GetFinalPathNameByHandleW
GetFullPathNameW
CloseHandle
SetUnhandledExceptionFilter
GetLastError
SetErrorMode
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleW
MoveFileA
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapReAlloc
GetCurrentDirectoryA
GetFileAttributesW
GetFileSize
ReadFile
SetFilePointer
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerW
GetTickCount64
CreateThread
SetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetConsoleWindow
GetCurrentDirectoryW
DeleteFileW
SetLastError
GetExitCodeThread
FormatMessageW
GetVersionExW
GetLocaleInfoW
GetEnvironmentVariableW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
OpenThread
ResumeThread
CreateProcessW
K32GetProcessMemoryInfo
GlobalAlloc
GlobalUnlock
GlobalLock
GetEnvironmentVariableA
SetEnvironmentVariableA
CreateFileMappingW
MapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
ExitProcess
lstrlenA
GlobalFree
GetVersion
LoadLibraryA
DebugBreak
WaitForSingleObjectEx
CreateEventExA
ReleaseSRWLockExclusive
InitializeSRWLock
GetNativeSystemInfo
GetProcessHeap
HeapFree
HeapAlloc
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
LeaveCriticalSection
ReadConsoleW
SetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetEndOfFile
HeapSize
SetCurrentDirectoryA
WriteConsoleW

user32

GetRawInputDeviceInfoA
GetRawInputDeviceList
GetClipboardData
IsClipboardFormatAvailable
GetFocus
GetCursorPos
SetCursorPos
UpdateWindow
MessageBoxW
ReleaseDC
GetDC
EmptyClipboard
EnumDisplaySettingsW
LoadImageW
LoadCursorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowExA
FindWindowA
SetParent
GetWindowLongW
MapWindowPoints
ScreenToClient
SetClipboardData
CloseClipboard
EnumDisplayDevicesW
SetCursor
AdjustWindowRectEx
SetDlgItemTextA
SetForegroundWindow
GetSystemMetrics
ReleaseCapture
SetCapture
GetKeyState
BringWindowToTop
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostThreadMessageW
SendMessageW
SendMessageA
EnumWindows
GetWindowLongPtrW
IntersectRect
GetWindowRect
GetActiveWindow
IsWindowVisible
GetLayeredWindowAttributes
SetProcessDPIAware
EnumDisplaySettingsA
IsDialogMessageW
SetFocus
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
wsprintfW
MessageBoxA
keybd_event
GetAsyncKeyState
DrawTextW
GetDlgItemTextW
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxParamW
CreateDialogParamW
ClientToScreen
SetWindowTextW
MoveWindow
GetMonitorInfoW
OpenClipboard
MonitorFromWindow
GetClientRect
SetWindowLongPtrW

gdi32

SelectObject
GetRgnBox
DeleteObject
CreateRectRgnIndirect
GetStockObject
GetDeviceCaps
CombineRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoInitialize
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoCreateFreeThreadedMarshaler

dwmapi

DwmGetWindowAttribute
DwmGetCompositionTimingInfo

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 470KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mydata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2bdd7709cd363d5826f2474ef792c35

Headers

DLL Characteristics

File Characteristics

Imports

wininet

d3d11

dbghelp

winmm

ws2_32

gdiplus

comctl32

version

rpcrt4

mf

mfplat

iphlpapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

dwmapi

imm32

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 470KB - Virtual size: 2.8MB

.pdata Size: 218KB - Virtual size: 218KB

.mydata Size: 512B - Virtual size: 24B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 470KB - Virtual size: 2.8MB

.pdata
Size: 218KB - Virtual size: 218KB

.mydata
Size: 512B - Virtual size: 24B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 30KB - Virtual size: 30KB