9a0dc5ea44265b8a91e8c36fda2e860eaa78ec2a3410160ba2b426d2b19ce579

Sharing

Copy URL Twitter E-mail

General

Target

9a0dc5ea44265b8a91e8c36fda2e860eaa78ec2a3410160ba2b426d2b19ce579
Size

4.8MB
MD5

2d56673a7295e8b58250b16f42c712c9
SHA1

b81677a98e4567582c49dfb6da78411ebd2140e8
SHA256

9a0dc5ea44265b8a91e8c36fda2e860eaa78ec2a3410160ba2b426d2b19ce579
SHA512

e87b3a9919e6e5f4b0b608508687bccece34638da6839aabba9094846cc0ed5a616ca150ad73e8110c935f61868c35979f0a3f643da808cd3cfb278478d31567
SSDEEP

49152:Bq3nw65PotHhyBJairicPD1iYbyyOzjyWgH5p2WUw1+VHrtDtqT6ntkIHorGjhOT:YIhyXaizqpVxDtqK3omkX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a0dc5ea44265b8a91e8c36fda2e860eaa78ec2a3410160ba2b426d2b19ce579

Files

9a0dc5ea44265b8a91e8c36fda2e860eaa78ec2a3410160ba2b426d2b19ce579
.exe windows:6 windows x86

f0f9f9d28c179ae3cf3bb170ff331fd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
lstrlenW
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileW
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetLogicalDriveStringsW
QueryDosDeviceW
ReadFile
K32GetProcessImageFileNameW
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
MoveFileExW
MoveFileW
GetPrivateProfileStringW
QueryFullProcessImageNameW
lstrcatW
lstrcpyW
lstrcmpiW
LocalFree
LocalAlloc
ReadProcessMemory
GetWindowsDirectoryW
OpenProcess
GetProcAddress
GetProcessId
GetStartupInfoW
lstrcpynW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
CreateProcessW
HeapDestroy
SetLastError
GetLastError
GetCurrentThreadId
GetCurrentThread
Sleep
LeaveCriticalSection
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
SetStdHandle
ReadConsoleW
HeapQueryInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
HeapValidate
QueryPerformanceFrequency
VirtualProtect
VirtualAlloc
GetSystemInfo
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
VirtualQuery
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetTempFileNameW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetVersion
SystemTimeToFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTime
LocalFileTimeToFileTime
GetFileTime
FileTimeToLocalFileTime
GetACP
IsBadStringPtrA
lstrcmpW
FreeResource
IsBadStringPtrW
MulDiv
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
IsBadWritePtr
IsBadReadPtr
FlushFileBuffers
FindNextFileA
FindFirstFileW
FindFirstFileA
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetCurrentProcessId
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
EnterCriticalSection
CloseHandle
OutputDebugStringW
GetTempPathW
WriteFile
SetFileAttributesW
SetFileAttributesA
SetEndOfFile
HeapAlloc
TlsGetValue
TlsAlloc
SwitchToThread
RaiseException
DecodePointer
RemoveDirectoryW
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetVersionExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetFileSizeEx
SetFilePointer
IsDebuggerPresent
GetStringTypeW
FormatMessageW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileTime
AreFileApisANSI
DeviceIoControl
CreateDirectoryExW
CopyFileW
CreateHardLinkW
GetCPInfo
EncodePointer
CreateEventW

user32

GetMonitorInfoW
EnumDisplayMonitors
LoadStringW
MonitorFromPoint
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
DialogBoxParamW
EndDialog
LoadAcceleratorsW
TranslateAcceleratorW
UpdateWindow
BeginPaint
EndPaint
LoadCursorW
LoadIconW
GetIconInfo
DestroyIcon
GetWindowThreadProcessId
CopyRect
GetWindowDC
GetSysColor
ClientToScreen
MonitorFromRect
WindowFromPoint
GetCursorPos
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
BringWindowToTop
MoveWindow
IsWindow
ShowCaret
HideCaret
AttachThreadInput
UnregisterClassW
GetMessageW
wsprintfW
UnregisterClassA
SendMessageW
PostMessageW
IsChild
UpdateLayeredWindow
SetWindowPos
IsWindowVisible
IsZoomed
CharNextW
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetUpdateRect
InvalidateRect
GetClientRect
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetClassNameW
GetWindow
MonitorFromWindow
CharPrevW
DrawTextW
SetRect
LoadImageW
DrawIconEx
wvsprintfW
SetCursor
InflateRect
OffsetRect
CopyImage

gdi32

GetDeviceCaps
CreateCompatibleBitmap
CreateFontIndirectW
CreatePen
SelectObject
GetObjectW
CreateDIBSection
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
GetStockObject
Rectangle
RestoreDC
SaveDC
GetTextMetricsW
SetWindowOrgEx
CombineRgn
CreateRectRgnIndirect
CreateRoundRectRgn
GetCharABCWidthsW
GetClipBox
GetObjectType
GetTextExtentPoint32W
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
SetDIBColorTable
TextOutW
ExtTextOutW
GdiFlush
CreateDCW
SetDIBitsToDevice

advapi32

CryptDestroyHash
CryptCreateHash
CryptGetHashParam
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegGetValueW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptHashData
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptContextAddRef
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

shell32

ord165
ord727
SHCreateDirectoryExW
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

PathIsRelativeW
PathIsDirectoryW
PathAppendA
PathIsRootW
StrToIntExW
wnsprintfW
PathAppendW
PathCombineW
PathFileExistsW
PathFindExtensionW
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
SHCreateStreamOnFileEx
StrStrIA
SHGetValueA
SHSetValueA
PathFindFileNameW
StrStrIW
PathCompactPathW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

URLDownloadToCacheFileW

wininet

InternetGetConnectedState

dwmapi

DwmGetWindowAttribute

gdiplus

GdipDrawImageRectRectI
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipSaveImageToStream
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipBitmapSetPixel
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDrawImageRectRect
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillEllipseI
GdipClosePathFigure
GdipCreateTexture
GdipCreateBitmapFromStream
GdipDrawImagePointsI
GdipFillPath
GdipGraphicsClear
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM

msimg32

GradientFill
AlphaBlend

crypt32

CryptStringToBinaryA
CryptBinaryToStringW
CryptBinaryToStringA
CryptStringToBinaryW
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW
CertFindCertificateInStore

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

comctl32

_TrackMouseEvent
ord17

Sections

.textbss
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0f9f9d28c179ae3cf3bb170ff331fd5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

urlmon

wininet

dwmapi

gdiplus

msimg32

crypt32

wintrust

comctl32

Sections

.textbss Size: - Virtual size: 1.8MB

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 660KB - Virtual size: 659KB

.data Size: 22KB - Virtual size: 59KB

.idata Size: 15KB - Virtual size: 15KB

.msvcjmc Size: 2KB - Virtual size: 1KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 112KB - Virtual size: 111KB

.reloc Size: 131KB - Virtual size: 130KB

.textbss
Size: - Virtual size: 1.8MB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 660KB - Virtual size: 659KB

.data
Size: 22KB - Virtual size: 59KB

.idata
Size: 15KB - Virtual size: 15KB

.msvcjmc
Size: 2KB - Virtual size: 1KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 112KB - Virtual size: 111KB

.reloc
Size: 131KB - Virtual size: 130KB