645be242c53fc4ddff7907c00861abb17ab2dd3e10f3c5b8d55c8a04df47082f

Sharing

Copy URL

Twitter E-mail

General

Target

645be242c53fc4ddff7907c00861abb17ab2dd3e10f3c5b8d55c8a04df47082f
Size

2.1MB
MD5

6d4115807b44d347aa60aa919262b3bd
SHA1

b695895e085a5984a38cbb2fbe64246a4183e375
SHA256

645be242c53fc4ddff7907c00861abb17ab2dd3e10f3c5b8d55c8a04df47082f
SHA512

851d7c00230b723581f2216d1934017dae320dc86d77f345e53f08edd4605bd4748d7aef54f4af2f5cede76468609d4f7e2236726948f44878eaa2c478878b1c
SSDEEP

49152:sZ655wUr+HVmECUTIzNcRhlcZdNkr8PTZGL20r:BXLECjvZdNkryZG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
645be242c53fc4ddff7907c00861abb17ab2dd3e10f3c5b8d55c8a04df47082f

Files

645be242c53fc4ddff7907c00861abb17ab2dd3e10f3c5b8d55c8a04df47082f
.exe windows:5 windows x86

ada48e02c59c32e54db6cbc845480cd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetDeviceInstallParamsW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsExW
SetupUninstallOEMInfW
SetupDiOpenDevRegKey

kernel32

GetVersion
GetFileType
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateThread
SetThreadPriority
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetTimeZoneInformation
GetFullPathNameA
SetStdHandle
WriteConsoleW
SetHandleCount
GetEnvironmentStringsW
InitializeCriticalSection
FreeEnvironmentStringsW
FreeLibrary
VerifyVersionInfoW
VerSetConditionMask
GetSystemDirectoryW
LoadLibraryW
GetStringTypeW
HeapCreate
IsValidCodePage
GetOEMCP
GetLocaleInfoW
SleepEx
FileTimeToLocalFileTime
IsDebuggerPresent
GetCurrentProcessId
GlobalMemoryStatus
LoadLibraryA
GetModuleHandleA
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
RtlUnwind
SetConsoleMode
ReadConsoleInputA
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
ExitThread
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
GetStartupInfoW
HeapSetInformation
GetCommandLineW
PeekNamedPipe
GetProcessHeap
HeapSize
ExpandEnvironmentStringsA
QueryPerformanceFrequency
FileTimeToSystemTime
GetSystemTimeAsFileTime
SetLastError
FormatMessageA
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
QueryPerformanceCounter
SystemTimeToFileTime
GetFileSizeEx
LocalFree
GetStdHandle
RaiseException
DecodePointer
EncodePointer
FlushConsoleInputBuffer
SetUnhandledExceptionFilter
GetCurrentThreadId
MulDiv
ExitProcess
GetACP
GetFileSize
FormatMessageW
SetFilePointer
DuplicateHandle
DosDateTimeToFileTime
SetFileTime
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocalTime
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
FindClose
GetCurrentDirectoryW
CreateFileW
ReadFile
GetFileAttributesW
GetFileAttributesA
WriteFile
CreateFileA
FlushFileBuffers
GetUserDefaultLCID
CreateThread
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
GetDriveTypeW
CompareStringW
SetEnvironmentVariableA
lstrlenA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedExchangeAdd
GetExitCodeProcess
WaitForSingleObject
lstrlenW
FindResourceExW
LockResource
SizeofResource
FreeResource
Sleep
CreateMutexW
CreateProcessW
MoveFileExW
CopyFileW
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetTickCount
GetModuleFileNameW
LoadResource
FindResourceW
CloseHandle
GetVersionExW
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
GetLastError
InterlockedDecrement
IsProcessorFeaturePresent

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptQueryObject
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertGetNameStringW
CertDeleteCertificateFromStore
CertCloseStore
CryptStringToBinaryW
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore

ws2_32

sendto
recvfrom
connect
getpeername
getsockopt
ntohs
getsockname
setsockopt
WSAIoctl
WSAStartup
WSACleanup
socket
select
__WSAFDIsSet
WSASetLastError
send
closesocket
bind
htons
recv
WSAGetLastError
ntohl
htonl
gethostname
ioctlsocket
getaddrinfo
WSASetEvent
listen
accept
freeaddrinfo

wldap32

ord145
ord118
ord14
ord167
ord208
ord26
ord133
ord147
ord127
ord142
ord79
ord219
ord301
ord27
ord41
ord46
ord216
ord73

iphlpapi

GetAdaptersInfo

user32

ShowCaret
HideCaret
CreateCaret
SetRect
CharPrevW
DrawTextW
FillRect
GetWindowRgn
ClientToScreen
MoveWindow
CharNextW
IntersectRect
wvsprintfW
SetCursor
OffsetRect
MessageBoxW
GetClassInfoExW
LoadCursorW
RegisterClassW
SetPropW
GetPropW
CallWindowProcW
EnableWindow
GetMessageW
GetParent
GetWindow
BeginPaint
IsRectEmpty
UpdateLayeredWindow
EndPaint
MapWindowPoints
SetFocus
CloseWindow
SetWindowPos
PtInRect
ReleaseCapture
SetCapture
IsWindow
InvalidateRect
GetDC
DestroyWindow
UnregisterClassW
WaitMessage
GetQueueStatus
TranslateMessage
RegisterClassExW
CallMsgFilterW
PeekMessageW
MsgWaitForMultipleObjectsEx
CreateWindowExW
DefWindowProcW
DispatchMessageW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
PostQuitMessage
LoadImageW
MonitorFromWindow
SetWindowRgn
KillTimer
SetTimer
PostMessageW
SendMessageW
GetWindowLongW
SetWindowLongW
ShowWindow
CreateAcceleratorTableW
InvalidateRgn
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
GetSysColor
IsIconic
GetWindowRect
GetKeyState
GetCursorPos
EnumDisplayMonitors
GetMonitorInfoW
GetFocus
SetCaretPos
GetUpdateRect
EnumDisplaySettingsW
IsZoomed
GetClientRect
ScreenToClient
ReleaseDC

gdi32

GetCharABCWidthsW
GetObjectW
GetStockObject
CreatePen
GetTextExtentPoint32W
TextOutW
SetBkMode
SetTextColor
RoundRect
CreateCompatibleDC
CreatePenIndirect
MoveToEx
LineTo
CreateSolidBrush
SetBkColor
ExtTextOutW
SetStretchBltMode
StretchBlt
CombineRgn
GetClipBox
CreateRectRgnIndirect
CreateDIBSection
SaveDC
BitBlt
RestoreDC
Rectangle
ExtSelectClipRgn
SelectClipRgn
CreateRectRgn
SetWindowOrgEx
DeleteDC
CreateFontIndirectW
SelectObject
GetTextMetricsW
GetObjectA
CreateRoundRectRgn
DeleteObject
GetDeviceCaps
PtInRegion
CreateDCW

advapi32

RegCloseKey
RegOpenKeyExW
CloseServiceHandle
ChangeServiceConfigW
StartServiceW
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegDeleteKeyW
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegisterEventSourceA
ReportEventA
DeregisterEventSource

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHFileOperationW

ole32

CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CLSIDFromString

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

gdiplus

GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipSetImageAttributesColorMatrix
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdiplusShutdown
GdipDeleteBrush

shlwapi

SHDeleteKeyW

comctl32

_TrackMouseEvent
ord17

msimg32

AlphaBlend

winmm

timeGetTime

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 509KB - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ada48e02c59c32e54db6cbc845480cd9

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

crypt32

ws2_32

wldap32

iphlpapi

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

comctl32

msimg32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 323KB - Virtual size: 322KB

.data Size: 17KB - Virtual size: 36KB

.rsrc Size: 509KB - Virtual size: 509KB

.reloc Size: 81KB - Virtual size: 80KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 323KB - Virtual size: 322KB

.data
Size: 17KB - Virtual size: 36KB

.rsrc
Size: 509KB - Virtual size: 509KB

.reloc
Size: 81KB - Virtual size: 80KB