22d97be44ae5790711a62d13e029e1e656cb94bd39c3663919128760cd5e7676

Sharing

Copy URL

Twitter E-mail

General

Target

22d97be44ae5790711a62d13e029e1e656cb94bd39c3663919128760cd5e7676
Size

8.6MB
MD5

a979c9deeae0de1103ce3faa2494f724
SHA1

f0bd1cd68b90b70d7a97f0edb8e4112748177d14
SHA256

22d97be44ae5790711a62d13e029e1e656cb94bd39c3663919128760cd5e7676
SHA512

32cec2971d946d96dedd73e46f10f019c67d0f52e793f05ba65a68e6be1ba71a0075a26126069fdc12a0a7c07ef950e5d7bafd77979547cc5242dbd31161c179
SSDEEP

98304:5WzsnOzNB/q0VetXJb2HBg0x/STrYDpvDDSwTIMx1fPZX/3P6RKIsK4PuYLHCuK+:5xoDSIIaRXfy17YLU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22d97be44ae5790711a62d13e029e1e656cb94bd39c3663919128760cd5e7676

Files

22d97be44ae5790711a62d13e029e1e656cb94bd39c3663919128760cd5e7676
.exe windows:6 windows x64

4a717d754466c5281119f0e4a561d309

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentThread
MultiByteToWideChar
SetLastError
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
FormatMessageW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
CreateDirectoryW
GetProcAddress
GetModuleHandleA
WakeConditionVariable
SleepConditionVariableSRW
CreatePipe
SetHandleInformation
SetFileCompletionNotificationModes
SetConsoleTextAttribute
lstrlenW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
RtlCaptureContext
DeleteFileW
MoveFileExW
OpenProcess
GetProcessTimes
GetCurrentProcess
ReadProcessMemory
VirtualQueryEx
GetSystemTimes
GetProcessIoCounters
WakeAllConditionVariable
LocalFree
CreateNamedPipeW
GlobalMemoryStatusEx
GetCurrentProcessId
TerminateProcess
GetDiskFreeSpaceExW
GetExitCodeProcess
WaitForSingleObject
CreateFileW
WriteConsoleW
ReadFile
Sleep
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
PostQueuedCompletionStatus
ReleaseSRWLockShared
AcquireSRWLockShared
LoadLibraryW
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
TlsFree
CreateIoCompletionPort
HeapReAlloc
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetConsoleScreenBufferInfo
GetStdHandle
CopyFileExW
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemInfo
FindNextFileW
FindFirstFileW
SetEnvironmentVariableW
FindClose
InitializeSListHead
CloseHandle
GetTickCount64
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwindEx
GetLastError
GetModuleHandleW
RtlPcToFileHeader
GetConsoleMode
GetProcessId
RaiseException
EncodePointer
DeleteCriticalSection
RtlVirtualUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
TlsAlloc
GetCurrentThreadId
TlsGetValue
TlsSetValue
OutputDebugStringW
OutputDebugStringA
GetSystemTime
LCIDToLocaleName
GetUserDefaultUILanguage
AcquireSRWLockExclusive
FreeLibrary
ReleaseSRWLockExclusive
SwitchToThread
HeapFree

user32

ToUnicodeEx
SetWindowTextW
GetKeyboardState
GetKeyboardLayout
TranslateMessage
GetMessageW
DispatchMessageW
PeekMessageW
MapVirtualKeyExW
GetWindowTextLengthW
GetWindowTextW
PostThreadMessageW
GetWindowLongPtrW
ReleaseCapture
SetWindowLongW
SendMessageW
EnableMenuItem
GetSystemMenu
GetMonitorInfoW
SetWindowPlacement
ChangeDisplaySettingsExW
MonitorFromRect
MonitorFromWindow
GetDC
MsgWaitForMultipleObjectsEx
SystemParametersInfoA
GetWindowPlacement
TrackPopupMenu
SetForegroundWindow
GetCursorPos
GetWindowRect
ClientToScreen
ShowWindow
PostQuitMessage
SendInput
SetMenuItemInfoW
AppendMenuW
CreateIcon
UnregisterHotKey
VkKeyScanW
DefWindowProcW
RegisterClassExW
GetActiveWindow
DestroyAcceleratorTable
DestroyIcon
AdjustWindowRectEx
GetMenu
GetWindowLongW
InvalidateRgn
SetWindowPos
RegisterWindowMessageA
PostMessageW
GetClipCursor
GetSystemMetrics
ClipCursor
ShowCursor
GetKeyState
LoadCursorW
GetAsyncKeyState
EnumChildWindows
TrackMouseEvent
DispatchMessageA
GetMessageA
GetClientRect
RedrawWindow
CreateMenu
CreatePopupMenu
SetCursorPos
GetForegroundWindow
GetAncestor
TranslateAcceleratorW
CreateWindowExW
SetWindowLongPtrW
RegisterRawInputDevices
GetRawInputData
ValidateRect
GetUpdateRect
MapVirtualKeyW
DestroyWindow
FlashWindowEx
CreateAcceleratorTableW
ScreenToClient
SetCapture
GetTouchInputInfo
OpenClipboard
RegisterTouchWindow
SetWindowDisplayAffinity
EmptyClipboard
SetMenu
EnumDisplayMonitors
MonitorFromPoint
SetClipboardData
IsWindowVisible
IsIconic
CloseClipboard
CheckMenuItem
RegisterHotKey
IsWindow
RegisterClassW
SetCursor
IsProcessDPIAware
CloseTouchInputHandle

comctl32

TaskDialogIndirect
SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc

secur32

QueryContextAttributesW
DeleteSecurityContext
AcquireCredentialsHandleA
FreeCredentialsHandle
ApplyControlToken
DecryptMessage
EncryptMessage
AcceptSecurityContext
FreeContextBuffer
InitializeSecurityContextW

crypt32

CertFreeCertificateChain
CertCloseStore
CertAddCertificateContextToStore
CertOpenStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertDuplicateCertificateChain

ws2_32

connect
closesocket
getsockopt
bind
getaddrinfo
accept
WSASocketW
WSACleanup
select
getsockname
send
recv
listen
WSAIoctl
getpeername
WSAStartup
ioctlsocket
WSAGetLastError
WSASend
freeaddrinfo
shutdown
setsockopt

shell32

Shell_NotifyIconGetRect
DragQueryFileW
SHGetKnownFolderPath
Shell_NotifyIconW
DragFinish
ShellExecuteW
SHAppBarMessage
ShellExecuteExW
CommandLineToArgvW

advapi32

RegCloseKey
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegQueryValueExW
IsValidSid
CopySid
RegOpenKeyExW
RegGetValueW
GetLengthSid
RegSetValueExW
CheckTokenMembership
IsWellKnownSid
CreateWellKnownSid
DuplicateTokenEx
OpenProcessToken
SystemFunction036
GetTokenInformation
RegDeleteValueW

dwmapi

DwmEnableBlurBehindWindow
DwmExtendFrameIntoClientArea

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitializeSecurity
CoTaskMemAlloc
CoInitializeEx
RevokeDragDrop
RegisterDragDrop
OleInitialize
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket

bcrypt

BCryptGenRandom

ntdll

RtlGetVersion
NtDeviceIoControlFile
NtCancelIoFileEx
NtWriteFile
NtReadFile
NtQuerySystemInformation
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationProcess

pdh

PdhRemoveCounter
PdhCollectQueryData
PdhAddEnglishCounterW
PdhCloseQuery
PdhGetFormattedCounterValue
PdhOpenQueryA

iphlpapi

GetIfEntry2

powrprof

CallNtPowerInformation

oleaut32

VariantClear
SysAllocString
SysStringLen
GetErrorInfo
SetErrorInfo
SysFreeString

wininet

InternetSetOptionA

uxtheme

SetWindowTheme

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

psapi

GetModuleFileNameExW
GetPerformanceInfo

api-ms-win-crt-math-l1-1-0

_dsign
_fdclass
sinh
fmod
sqrt
tan
tanh
hypot
cbrt
acosh
acos
log1p
expm1
atanh
log2
sin
log10
pow
asin
atan
lrint
_dclass
fabs
trunc
__setusermatherr
floor
round
fmax
ceil
fmin
exp
cosh
cos
atan2
log
asinh

api-ms-win-crt-string-l1-1-0

strlen
strcat
strcpy_s
strcmp
strcpy
wcslen
wcsncmp
_wcsicmp

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
_msize
realloc
_set_new_mode
malloc
free

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
terminate
_initialize_onexit_table
_wassert
fesetround
_register_thread_local_exe_atexit_callback
_c_exit
_register_onexit_function
abort
_cexit
__p___argv
_seh_filter_exe
_set_app_type
_configure_narrow_argv
__p___argc
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_crt_atexit

api-ms-win-crt-convert-l1-1-0

wcstol
strtod
atoi
_ultow_s

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsprintf
__stdio_common_vfprintf
__acrt_iob_func
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a717d754466c5281119f0e4a561d309

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

secur32

crypt32

ws2_32

shell32

advapi32

dwmapi

ole32

bcrypt

ntdll

pdh

iphlpapi

powrprof

oleaut32

wininet

uxtheme

gdi32

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 3.9MB - Virtual size: 3.9MB

.data Size: 12KB - Virtual size: 17KB

.pdata Size: 100KB - Virtual size: 100KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 12KB - Virtual size: 17KB

.pdata
Size: 100KB - Virtual size: 100KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 42KB - Virtual size: 41KB