45d8dd8d648ccc0d4e36f0091db274bc68f4bce4f9356fbfd85b69f27fef3caa

Sharing

Copy URL

Twitter E-mail

General

Target

45d8dd8d648ccc0d4e36f0091db274bc68f4bce4f9356fbfd85b69f27fef3caa
Size

4.4MB
MD5

954afa54fbf42ca2f3ef2279d0675ced
SHA1

d3472397f4b8ed2503c8f02cf3f351143287ef90
SHA256

45d8dd8d648ccc0d4e36f0091db274bc68f4bce4f9356fbfd85b69f27fef3caa
SHA512

806120f59fbce8e60a01ef18c049340235efc2cb5cc53f4ed693a665785b932e025afcabebffe1e707529bc7254e9524c020e51ef673d46ec403a1ada858991f
SSDEEP

49152:vQnmJwRuTv4NDwzhAujAK0/fqJSuikwV+FJNIps3ca4AwEDR3DN1eP85SBO+fLji:vAcMNkzDdUeX7nV5d+ruefW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45d8dd8d648ccc0d4e36f0091db274bc68f4bce4f9356fbfd85b69f27fef3caa

Files

45d8dd8d648ccc0d4e36f0091db274bc68f4bce4f9356fbfd85b69f27fef3caa
.exe windows:6 windows x86

84aae8c96f34c00619923043d421f275

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
QueryFullProcessImageNameW
lstrcatW
lstrcpyW
lstrcmpiW
LocalFree
LocalAlloc
ReadProcessMemory
OpenProcess
Sleep
LeaveCriticalSection
EnterCriticalSection
CloseHandle
WriteFile
SetFileAttributesA
SetEndOfFile
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
GetFileSize
GetFileAttributesA
CreateFileW
CreateFileA
CreateDirectoryW
lstrlenW
K32GetProcessImageFileNameW
lstrcpynW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
GetCurrentProcess
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
SetStdHandle
ReadConsoleW
HeapQueryInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
GetCurrentThread
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
HeapValidate
VirtualProtect
VirtualAlloc
GetSystemInfo
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
VirtualQuery
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetTempFileNameW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetVersion
SystemTimeToFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTime
SetFilePointer
LocalFileTimeToFileTime
GetFileTime
FindFirstFileW
FileTimeToLocalFileTime
GetACP
IsBadStringPtrA
lstrcmpW
FreeResource
IsBadStringPtrW
MulDiv
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
IsBadWritePtr
IsBadReadPtr
FlushFileBuffers
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
DecodePointer
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
FormatMessageW
SetCurrentDirectoryW
GetCurrentDirectoryW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
SetFileAttributesW
SetFileTime
GetTempPathW
AreFileApisANSI
DeviceIoControl
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
GetCPInfo
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetFileSizeEx
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

user32

UnregisterClassW
IsWindow
MoveWindow
GetDC
ReleaseDC
GetWindowTextW
GetWindowTextLengthW
GetWindowRect
GetCursorPos
WindowFromPoint
CopyRect
GetWindowThreadProcessId
DestroyIcon
GetIconInfo
MonitorFromPoint
MonitorFromRect
GetMonitorInfoW
EnumDisplayMonitors
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
DialogBoxParamW
EndDialog
LoadAcceleratorsW
SetRect
TranslateAcceleratorW
UpdateWindow
BeginPaint
EndPaint
LoadCursorW
LoadIconW
GetWindowDC
GetSysColor
ClientToScreen
wsprintfW
UnregisterClassA
SendMessageW
PostMessageW
IsChild
UpdateLayeredWindow
SetWindowPos
IsWindowVisible
IsZoomed
CharNextW
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetUpdateRect
InvalidateRect
GetClientRect
CreateCaret
GetCaretBlinkTime
ShowCaret
ScreenToClient
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetClassNameW
GetWindow
MonitorFromWindow
CharPrevW
DrawTextW
SetCaretPos
LoadImageW
DrawIconEx
wvsprintfW
SetCursor
InflateRect
OffsetRect
CopyImage
HideCaret

gdi32

GetTextMetricsW
SetWindowOrgEx
SaveDC
CreateRectRgnIndirect
CreateRoundRectRgn
GetCharABCWidthsW
GetClipBox
GetObjectType
GetTextExtentPoint32W
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
SetDIBColorTable
TextOutW
ExtTextOutW
GdiFlush
CreateDCW
BitBlt
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject
CreateDIBSection
GetObjectW
RestoreDC
Rectangle
GetStockObject
CreatePen
CreateFontIndirectW
CreateCompatibleBitmap
GetDeviceCaps
CombineRgn
SetDIBitsToDevice

advapi32

CryptAcquireContextW
CryptHashData
CryptCreateHash
CryptGetHashParam
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
CryptContextAddRef
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptDestroyHash

shell32

SHGetSpecialFolderPathW
ord165
ord727
SHGetFileInfoW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

shlwapi

SHGetValueA
StrToIntExW
SHSetValueA
PathIsDirectoryW
StrStrIW
PathFindFileNameW
PathCompactPathW
wnsprintfW
PathAppendW
PathCombineW
PathFileExistsW
PathFindExtensionW
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
SHCreateStreamOnFileEx

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetGetConnectedState

dwmapi

DwmGetWindowAttribute

gdiplus

GdipCreateTexture
GdipCreateBitmapFromStream
GdipClosePathFigure
GdipFillEllipseI
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipAddPathLineI
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreatePen1
GdipCreateFromHDC
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipSaveImageToStream
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipBitmapSetPixel
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDrawImageRectRect
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreatePath
GdipCreateBitmapFromStreamICM
GdipDrawImageRectRectI
GdipDrawImagePointsI
GdipFillPath
GdipGraphicsClear
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipCreateHBITMAPFromBitmap
GdipDeletePath

msimg32

AlphaBlend
GradientFill

comctl32

ord17
_TrackMouseEvent

crypt32

CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW
CertGetNameStringW

ole32

CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoInitialize

Sections

.textbss
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 612KB - Virtual size: 611KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84aae8c96f34c00619923043d421f275

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

shlwapi

version

wininet

dwmapi

gdiplus

msimg32

comctl32

crypt32

ole32

Sections

.textbss Size: - Virtual size: 1.6MB

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 612KB - Virtual size: 611KB

.data Size: 21KB - Virtual size: 56KB

.idata Size: 14KB - Virtual size: 14KB

.msvcjmc Size: 1KB - Virtual size: 1KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 112KB - Virtual size: 111KB

.reloc Size: 116KB - Virtual size: 116KB

.textbss
Size: - Virtual size: 1.6MB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 612KB - Virtual size: 611KB

.data
Size: 21KB - Virtual size: 56KB

.idata
Size: 14KB - Virtual size: 14KB

.msvcjmc
Size: 1KB - Virtual size: 1KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 112KB - Virtual size: 111KB

.reloc
Size: 116KB - Virtual size: 116KB