379f66e6ef7c5af1204ade34f35f472eaf3f8c44847da2c8f9b7e5e5b4acf14e

Sharing

Copy URL

Twitter E-mail

General

Target

379f66e6ef7c5af1204ade34f35f472eaf3f8c44847da2c8f9b7e5e5b4acf14e
Size

14.0MB
MD5

3a6b7f5bb320edf5c5ccef663cf9d486
SHA1

16a62144ece22cfaf89745721d9fc17002b060f4
SHA256

379f66e6ef7c5af1204ade34f35f472eaf3f8c44847da2c8f9b7e5e5b4acf14e
SHA512

e79d9ccc0e8e331417c35f95d1836cce1bba9ce761d20e73211ef6250107f24c70f316f8be52256163eccbcc8265a9971066f8ba1c5447de9a7191c6bb7384b5
SSDEEP

393216:Xz6PXnaXVJCTmOj9D0VBE00eSciLVXWR/m9:X2/niJCTD4VBE0+WM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
379f66e6ef7c5af1204ade34f35f472eaf3f8c44847da2c8f9b7e5e5b4acf14e

Files

379f66e6ef7c5af1204ade34f35f472eaf3f8c44847da2c8f9b7e5e5b4acf14e
.exe windows:5 windows x86

853583c82909ffa189114b432e5176a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsUNCA
PathStripToRootA
PathFileExistsA
PathFindExtensionA
UrlUnescapeA
StrStrA
PathFindFileNameA

crypt32

CertCreateCertificateContext
CertFreeCertificateContext
CertNameToStrA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

InternetGetConnectedState
DeleteUrlCacheEntry
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpQueryInfoA
InternetQueryDataAvailable
InternetCrackUrlA
InternetCanonicalizeUrlA

kernel32

GetOEMCP
WritePrivateProfileStringA
SetErrorMode
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
VirtualQuery
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapReAlloc
ExitProcess
SetStdHandle
GetFileType
HeapSize
HeapCreate
VirtualFree
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetStdHandle
SetHandleCount
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetVersion
lstrcpyW
DisconnectNamedPipe
CreateEventW
GetOverlappedResult
ClearCommError
PurgeComm
OutputDebugStringW
GetCommState
SetCommState
SetupComm
SetCommTimeouts
EscapeCommFunction
SetConsoleTextAttribute
GetSystemDirectoryW
CreateFileW
lstrcatW
GetPrivateProfileStringW
GlobalFlags
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetTickCount
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetThreadLocale
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
FreeResource
GetModuleFileNameW
LocalAlloc
GetCurrentProcessId
SetLastError
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetDiskFreeSpaceA
CreateThread
OutputDebugStringA
GetExitCodeProcess
CreateProcessA
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
InitializeCriticalSection
GetPrivateProfileStringA
DeleteCriticalSection
LoadLibraryExA
RaiseException
lstrlenW
IsDBCSLeadByte
ReleaseMutex
WaitForSingleObject
CreateMutexA
LoadLibraryW
Sleep
DeviceIoControl
GetTempPathA
GetVersionExA
CreateToolhelp32Snapshot
GetModuleHandleA
GetModuleFileNameA
GetSystemInfo
Process32Next
TerminateProcess
OpenProcess
WriteFile
GetWindowsDirectoryA
GetProcessHeap
Process32First
HeapFree
GetCurrentProcess
HeapAlloc
CreateFileA
CopyFileA
DeleteFileA
lstrlenA
GetSystemDirectoryA
CloseHandle
OpenMutexA
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FormatMessageA
GlobalMemoryStatus

user32

PostThreadMessageA
DestroyMenu
UnregisterClassA
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
MessageBeep
GetNextDlgGroupItem
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatA
CharUpperA
GetProcessWindowStation
GetUserObjectInformationW
wsprintfW
GetSystemMetrics
PostQuitMessage
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
SetRect
IsRectEmpty
CopyAcceleratorTableA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
DispatchMessageA
wsprintfA
MessageBoxA
EnableWindow
CharNextA
RegisterWindowMessageA
PostMessageA
CharNextW
GetKeyState
GetAsyncKeyState
LoadIconA
SendMessageA
GetClientRect
IsIconic
DrawIcon
SetWindowPos
GetDesktopWindow
RegisterDeviceNotificationA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
GetWindowThreadProcessId
UnhookWindowsHookEx
EndDialog
GetNextDlgTabItem
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetWindow
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect

gdi32

DeleteObject
GetMapMode
DeleteDC
ExtSelectClipRgn
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetDeviceCaps
GetClipBox
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
SaveDC
RestoreDC
SetMapMode

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
CloseServiceHandle
ControlService
OpenServiceA
OpenSCManagerA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidA
GetTokenInformation
OpenProcessToken
CryptGetKeyParam
CryptGetUserKey
CryptReleaseContext
CryptGetProvParam
CryptAcquireContextA
RegQueryValueExA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

comctl32

InitCommonControlsEx

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
CoCreateInstance
StringFromGUID2
CoUninitialize
CoInitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
IIDFromString

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantCopy
VarUI4FromStr
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi
VariantChangeType
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy

urlmon

URLDownloadToFileA

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

ws2_32

WSACleanup
recv
socket
inet_addr
WSAStartup
htons
closesocket
connect
send

hid

HidD_SetNumInputBuffers
HidD_GetFeature
HidD_SetFeature
HidD_GetHidGuid
HidD_GetAttributes
HidD_FlushQueue

winscard

SCardTransmit
SCardDisconnect
SCardEstablishContext
SCardConnectW
SCardListReadersW
SCardStatusW
g_rgSCardT0Pci
SCardReleaseContext
SCardReconnect
g_rgSCardT1Pci

Sections

.text
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39.4MB - Virtual size: 39.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

853583c82909ffa189114b432e5176a9

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

crypt32

version

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

urlmon

setupapi

ws2_32

hid

winscard

Sections

.text Size: 531KB - Virtual size: 530KB

.rdata Size: 119KB - Virtual size: 119KB

.data Size: 100KB - Virtual size: 143KB

.rsrc Size: 39.4MB - Virtual size: 39.4MB

.reloc Size: 163KB - Virtual size: 163KB

.text
Size: 531KB - Virtual size: 530KB

.rdata
Size: 119KB - Virtual size: 119KB

.data
Size: 100KB - Virtual size: 143KB

.rsrc
Size: 39.4MB - Virtual size: 39.4MB

.reloc
Size: 163KB - Virtual size: 163KB