6a460329aa870e47585de22c2de7a8dc114a15760f70ee310854287e49df919e

Sharing

Copy URL Twitter E-mail

General

Target

6a460329aa870e47585de22c2de7a8dc114a15760f70ee310854287e49df919e
Size

10.6MB
MD5

6eec0a79e84f8eab0730d2143b18160b
SHA1

f59396407b453c191b54acc2b510335e5dafbf01
SHA256

6a460329aa870e47585de22c2de7a8dc114a15760f70ee310854287e49df919e
SHA512

9c65e2a33c61c3563ff8ad6af7b2289349d4c9cfa3b260efd7685f739b76c280dcf231a78d0413fbb5f37305e73800aa5b90e665997d43ecf8d068039f895b0d
SSDEEP

196608:HedO7nB8mbRCGngAe/TYZHISBVu7UVGzzNc082a62FLOyomFHKnP:JrS5FkZHu1zz3sF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a460329aa870e47585de22c2de7a8dc114a15760f70ee310854287e49df919e

Files

6a460329aa870e47585de22c2de7a8dc114a15760f70ee310854287e49df919e
.exe windows:5 windows x86

c3158f6d3532aadee3f95a78683fb90b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
recv
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
WSAStartup
WSASetLastError
select
getservbyname
__WSAFDIsSet
socket
WSAGetLastError
WSAIoctl
WSACleanup
gethostbyname
htonl
shutdown

kernel32

GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
SetErrorMode
FindResourceExW
SearchPathW
GetProfileIntW
GetUserDefaultLCID
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GlobalReAlloc
IsDebuggerPresent
GetStartupInfoW
EnumSystemLocalesW
IsValidLocale
GetOEMCP
GetLocaleInfoW
GetConsoleCP
ReadConsoleW
GetConsoleMode
ExitProcess
VirtualQuery
QueryPerformanceFrequency
HeapQueryInformation
SetStdHandle
GetCommandLineW
GetCommandLineA
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
LCMapStringW
GetCPInfo
GetStringTypeW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
GetThreadLocale
CompareStringW
LocalReAlloc
IsValidCodePage
GlobalHandle
lstrcmpiW
UnlockFile
LockFile
GetFullPathNameW
FlushFileBuffers
LocalAlloc
ResumeThread
SetThreadPriority
GetPrivateProfileIntW
GetCurrentThread
GetVersionExW
lstrcmpA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
GlobalFree
GlobalSize
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleA
FreeResource
EncodePointer
OutputDebugStringA
VerifyVersionInfoW
VerSetConditionMask
FormatMessageA
GetFileType
ExpandEnvironmentStringsA
SleepEx
GetFileSize
GetSystemInfo
CreateMutexA
VirtualAlloc
InterlockedCompareExchange
VirtualFree
LocalFileTimeToFileTime
SetFileTime
WaitForMultipleObjects
PeekNamedPipe
TerminateThread
CreateThread
DuplicateHandle
OpenProcess
TerminateProcess
SetLastError
ReadFile
CreatePipe
GetCurrentProcess
GlobalUnlock
GlobalLock
GlobalAlloc
MoveFileExW
CopyFileW
GetExitCodeProcess
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
LocalFree
FormatMessageW
GetACP
SetThreadExecutionState
GetModuleHandleW
SetEvent
GetTempPathW
GetLongPathNameW
GetLocalTime
GetTempFileNameW
CreateEventW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryW
GetDiskFreeSpaceExW
GetVolumeInformationW
DeviceIoControl
CreateDirectoryW
FindVolumeClose
FindNextVolumeW
GetDriveTypeW
GetVolumePathNamesForVolumeNameW
QueryDosDeviceW
FindFirstVolumeW
MulDiv
WriteFile
GetStdHandle
WriteConsoleW
OutputDebugStringW
SetEndOfFile
SetFilePointer
CreateFileW
MoveFileW
DeleteFileW
InitializeCriticalSection
GlobalMemoryStatus
GetTickCount
SystemTimeToFileTime
GetSystemTime
GetCurrentThreadId
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetCurrentDirectoryW
GetModuleFileNameW
SetConsoleMode
WinExec
lstrlenW
lstrcatW
InterlockedDecrement
MultiByteToWideChar
WideCharToMultiByte
Sleep
CreateProcessW
GetCurrentProcessId
GetLastError
lstrcpyW
FindResourceW
LoadResource
LockResource
SizeofResource
FindClose
FindNextFileW
FindFirstFileW
ReleaseMutex
CloseHandle
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
GetTimeZoneInformation
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
FlushConsoleInputBuffer
LoadLibraryExA
ReadConsoleInputA
InitializeSListHead

user32

GetMessageW
EnumDisplayMonitors
SystemParametersInfoW
SetLayeredWindowAttributes
DrawIconEx
IsRectEmpty
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawEdge
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DrawStateW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
GetWindowDC
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassLongW
EqualRect
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
TranslateMessage
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
GetMenuItemCount
IsZoomed
SetMenu
GetMenu
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
SetCapture
GetSystemMenu
DeleteMenu
MessageBeep
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
GetSubMenu
LoadMenuW
wsprintfW
GetNextDlgGroupItem
ReleaseCapture
ClientToScreen
WindowFromPoint
GetCursorPos
GetCapture
GetWindowLongW
UpdateLayeredWindow
EnableScrollBar
UnionRect
CreateAcceleratorTableW
MonitorFromPoint
CopyAcceleratorTableW
InvalidateRgn
SetRect
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DestroyIcon
LoadImageW
GrayStringW
DrawTextExW
TabbedTextOutW
ShowOwnedPopups
CharUpperW
CharNextW
DestroyMenu
GetMenuItemInfoW
CopyImage
SendDlgItemMessageA
RealChildWindowFromPoint
GetAsyncKeyState
ValidateRect
TrackMouseEvent
SetCursorPos
UpdateWindow
BringWindowToTop
LockWindowUpdate
GetDoubleClickTime
GetIconInfo
CopyIcon
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
GetUpdateRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
GetWindowRgn
DestroyCursor
InvertRect
HideCaret
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
DefFrameProcW
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
IsClipboardFormatAvailable
SubtractRect
WaitMessage
PostThreadMessageW
FrameRect
ReuseDDElParam
UnpackDDElParam
RedrawWindow
EnableWindow
GetClientRect
InsertMenuItemW
SendMessageW
InvalidateRect
GetParent
IsWindow
PostMessageW
GetWindowRect
GetSysColor
DrawFrameControl
InflateRect
GetSystemMetrics
DrawTextW
IntersectRect
KillTimer
SetTimer
CopyRect
FillRect
LoadCursorW
SetWindowLongW
GetMessagePos
ScreenToClient
PtInRect
SetCursor
GetDC
ReleaseDC
UnregisterClassW
GetWindowTextW
GetClassNameW
GetWindowThreadProcessId
EnumWindows
SendMessageTimeoutW
LoadIconW
IsIconic
DrawIcon
TranslateAcceleratorW
CharUpperBuffW
RegisterClipboardFormatW
GetMenuItemID
GetScrollInfo
OffsetRect
SetRectEmpty

gdi32

LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileW
CreateDCW
CombineRgn
CreateRectRgnIndirect
SetRectRgn
IntersectClipRect
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
GetRgnBox
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
EnumFontFamiliesExW
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetDeviceCaps
GetClipBox
ExcludeClipRect
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateBitmap
SetBkColor
Escape
ExtTextOutW
RectVisible
PtVisible
TextOutW
CreatePen
GetMapMode
Rectangle
DeleteDC
GetTextExtentPoint32W
DeleteObject
GetStockObject
SetBkMode
SetTextColor
SelectObject
BitBlt
PatBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
CreateFontIndirectW
DPtoLP
CreateSolidBrush

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegEnumValueW
RegQueryValueW
RegCloseKey
RegQueryValueExW
CryptEnumProvidersA
CryptSignHashA
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDestroyKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
CryptGetHashParam
CryptDecrypt
CryptReleaseContext
CryptDestroyHash

shell32

SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoW
ShellExecuteW
DragQueryFileW
DragFinish
SHCreateDirectoryExW
SHAppBarMessage
SHGetPathFromIDListW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathRemoveExtensionW
PathFindExtensionW
PathIsDirectoryW
PathCombineW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
StrFormatKBSizeW

uxtheme

OpenThemeData
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
IsAppThemed
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
DrawThemeParentBackground
DrawThemeText
GetWindowTheme

ole32

CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoRegisterMessageFilter
CoRevokeClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleInitialize
CoFreeUnusedLibraries
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
StringFromGUID2
CoSetProxyBlanket
OleUninitialize

oleaut32

SysStringLen
OleCreateFontIndirect
LoadTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VarBstrFromDate
VariantChangeType
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipDeleteFont
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawString
GdiplusStartup
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipGetDpiY
GdipDeleteStringFormat
GdipCreateStringFormat
GdipGraphicsClear
GdipSetSolidFillColor
GdipAddPathEllipseI
GdipResetPath
GdipDrawPath
GdipClosePathFigure
GdipAddPathArcI
GdipDeletePen
GdipCreatePen1
GdipDeletePath
GdipCreatePath
GdipFillPath
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipReleaseDC
GdiplusShutdown
GdipDrawImageRectI
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCloneImage
GdipDisposeImage
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipFree

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

wininet

InternetGetLastResponseInfoW
InternetSetStatusCallbackW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpQueryInfoW

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3158f6d3532aadee3f95a78683fb90b

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

version

oleacc

wininet

imm32

winmm

crypt32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 68KB - Virtual size: 108KB

.gfids Size: 108KB - Virtual size: 108KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 208KB - Virtual size: 207KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 68KB - Virtual size: 108KB

.gfids
Size: 108KB - Virtual size: 108KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 208KB - Virtual size: 207KB