85964d3f9c02436bb09162900a776c835badd49688e9e23ba3a1c42b2272b364

Sharing

Copy URL Twitter E-mail

General

Target

85964d3f9c02436bb09162900a776c835badd49688e9e23ba3a1c42b2272b364
Size

971KB
MD5

e8e0283901575d44f07c715aee365983
SHA1

d65e1ae9e4832b12d428e8df963dbe6d8c7cd940
SHA256

85964d3f9c02436bb09162900a776c835badd49688e9e23ba3a1c42b2272b364
SHA512

3573ed650df5a187bbd50aeaaebe11cb3ca569e60ed76e62ac307643fb38031c559fefa89a291d3cdde17e05d3bc48b44dc184a81c7999f0870fa09cb578462a
SSDEEP

24576:/YAA/mvrL+P3UuLICb/uAdO9X2zLTYy+Ql/nAGTU:/YAA/m/yUuLNOoManA+U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85964d3f9c02436bb09162900a776c835badd49688e9e23ba3a1c42b2272b364

Files

85964d3f9c02436bb09162900a776c835badd49688e9e23ba3a1c42b2272b364
.dll windows:5 windows x64

c656fcec7245e982e2d15c617b480d63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CompareStringW
GetVersionExA
LoadLibraryA
GlobalFindAtomW
GlobalFlags
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
RaiseException
RtlPcToFileHeader
CreateDirectoryW
HeapFree
HeapAlloc
FlsSetValue
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
GetSystemInfo
ExitProcess
HeapSize
HeapQueryInformation
GetCPInfo
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
LocalReAlloc
SetErrorMode
GetStdHandle
GetModuleFileNameA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStartupInfoA
HeapSetInformation
HeapCreate
HeapDestroy
LCMapStringA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetProcessHeap
SetEnvironmentVariableA
TlsSetValue
GlobalHandle
GetTimeZoneInformation
TlsFree
GlobalReAlloc
TlsAlloc
TlsGetValue
GetFileSizeEx
GetFileAttributesW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringW
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
lstrcmpW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
TerminateThread
LocalAlloc
VirtualAlloc
VirtualProtect
VirtualFree
GetACP
CreatePipe
GetStartupInfoW
GetVersionExW
WaitForMultipleObjects
ReadFile
CreateProcessW
VirtualQuery
LoadLibraryW
GetProcAddress
FreeLibrary
FindNextFileW
FindFirstFileW
FindClose
LocalFree
GetModuleHandleW
GetTickCount
MoveFileW
FreeResource
GetWindowsDirectoryW
GetSystemDirectoryW
CompareFileTime
GetFileTime
FormatMessageW
CreateThread
ResetEvent
CreateEventW
SetEvent
CreateFileW
WriteFile
OpenProcess
TerminateProcess
WaitForSingleObject
Process32FirstW
Module32NextW
Module32FirstW
Process32NextW
GetCurrentProcess
CreateToolhelp32Snapshot
CloseHandle
lstrlenA
CreateMutexW
GetLastError
MultiByteToWideChar
GetCurrentThreadId
GetModuleFileNameW
lstrlenW
DeleteFileW
GetTempPathW
GetTempFileNameW
Sleep
GetSystemDefaultLangID
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FlsAlloc
InitializeCriticalSection

user32

ShowWindow
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
PostThreadMessageW
PeekMessageW
LoadStringW
SendMessageW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowTextW
LoadCursorW
GetSysColorBrush
UnregisterClassW
GetSysColor
DestroyMenu
ReleaseDC
GetDC
GetClientRect
CopyRect
IsWindow
CharUpperW
GetSystemMetrics
GetMenuItemCount
DispatchMessageW
MsgWaitForMultipleObjects
GetSubMenu
GetMenuItemID
GetMenuState
PostMessageW
KillTimer
WaitMessage
SetTimer
EnableWindow
UnhookWindowsHookEx
PostQuitMessage
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
GetClassLongPtrW

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
ExtTextOutW
CreateBitmap
PtVisible

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
StartServiceW
QueryServiceStatus
CreateServiceW
OpenSCManagerW
LockServiceDatabase
QueryServiceLockStatusW
OpenServiceW
ChangeServiceConfigW
ChangeServiceConfig2W
UnlockServiceDatabase
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFindExtensionW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SysStringLen
VariantClear
VariantChangeType
VariantInit
SysAllocString

ws2_32

socket
recv
send
connect
WSACleanup
gethostbyname
htonl
accept
select
bind
WSAGetLastError
WSASetLastError
sendto
recvfrom
WSAAsyncSelect
WSAStartup
inet_addr
htons
closesocket

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCheckConnectionW
HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
HttpQueryInfoW
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetSetOptionW
InternetCloseHandle

iphlpapi

GetAdaptersInfo

Exports

Exports

InitializePrintMonitorUI

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c656fcec7245e982e2d15c617b480d63

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

version

wininet

iphlpapi

Exports

Exports

Sections

.text Size: 478KB - Virtual size: 477KB

.rdata Size: 166KB - Virtual size: 165KB

.data Size: 18KB - Virtual size: 41KB

.pdata Size: 41KB - Virtual size: 40KB

.rsrc Size: 253KB - Virtual size: 253KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 478KB - Virtual size: 477KB

.rdata
Size: 166KB - Virtual size: 165KB

.data
Size: 18KB - Virtual size: 41KB

.pdata
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 253KB - Virtual size: 253KB

.reloc
Size: 14KB - Virtual size: 13KB