19ca4e6f2a923777e2643419dd8e0a423006fd865534d63fd165cddb5935de95

Sharing

Copy URL Twitter E-mail

General

Target

19ca4e6f2a923777e2643419dd8e0a423006fd865534d63fd165cddb5935de95
Size

5.0MB
MD5

daed791f22b812097e323321d56c3e79
SHA1

5c92a5f1c702f41ef04c47abd907ba6365a610ec
SHA256

19ca4e6f2a923777e2643419dd8e0a423006fd865534d63fd165cddb5935de95
SHA512

c08396ef3140245345e3ec018096e71c13459b7393686d86af85da61b855689fc1be2f86e9cfe86e162c1111ebc2e00114d57c76e9bc092105886446f9714299
SSDEEP

98304:PJn5Kgo9pZSjr7Gi5/o6IpWASq+P3j10zT8vEUJcSFT0VdmibcsM5dTiyJm:Pnn6CjvGigpWAr+v50zbURmrbcHBiz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19ca4e6f2a923777e2643419dd8e0a423006fd865534d63fd165cddb5935de95

Files

19ca4e6f2a923777e2643419dd8e0a423006fd865534d63fd165cddb5935de95
.exe windows:6 windows x86

9368365885f90f51078cb8b4eb7f7652

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW
PathStripPathW
PathCombineW
PathRemoveExtensionW

kernel32

GetLocalTime
lstrcpynW
InitializeCriticalSectionEx
lstrcpyW
DecodePointer
GetDiskFreeSpaceW
SystemTimeToFileTime
WriteFile
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
GetFileAttributesW
GlobalLock
GlobalUnlock
GlobalAlloc
GetCurrentProcessId
MulDiv
GetACP
WideCharToMultiByte
MultiByteToWideChar
WriteConsoleW
FlushFileBuffers
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetFileSizeEx
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
HeapAlloc
HeapFree
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringEx
EncodePointer
GetStringTypeW
IsProcessorFeaturePresent
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
FreeLibrary
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
OutputDebugStringA
lstrlenW
LoadLibraryW
FreeResource
GetTickCount
GetCurrentThreadId
ReadFile
GetFileSize
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCommandLineW
FindFirstFileExW
Process32NextW
TerminateProcess
OpenProcess
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
CreateProcessW
GetProductInfo
GetVersionExW
GetModuleHandleA
FindNextFileW
FindClose
GetTempPathW
CreateDirectoryW
CreateDirectoryExW
GetFileAttributesExW
DeviceIoControl
CreateFileW
CloseHandle
GetFullPathNameW
GetProcAddress
SizeofResource
LockResource
LoadResource
GetLastError
GetModuleHandleW
InitOnceComplete
InitOnceBeginInitialize
QueryPerformanceFrequency
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetExitCodeThread
Sleep
WaitForSingleObjectEx
GetLocaleInfoEx
RaiseException
FindFirstFileW
FormatMessageA
FindResourceW
GetModuleFileNameW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LocalFree
VirtualFree
VirtualAlloc
SetLastError
SetFileAttributesW
DeleteFileW
GetFileInformationByHandle
GetStdHandle
SetEndOfFile
GetSystemTimeAsFileTime
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
OpenEventA
CreateEventA
SetEvent
GetCurrentProcess

user32

IsWindow
CreateWindowExW
SendMessageW
DispatchMessageW
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
CharUpperW
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
TranslateMessage
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
SetWindowRgn
InflateRect
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
RegisterClassExW
GetMessageW
GetClassInfoExW
ShowWindow
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
LoadCursorW
MessageBoxA
PostMessageW
MessageBoxW
DestroyWindow
GetUpdateRect
LoadImageW
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
SetForegroundWindow
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
EqualRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
SystemParametersInfoW
wsprintfW
GetSysColor
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
SetRect
FillRect
DrawTextW
CharPrevW
SetCursor
MonitorFromPoint
GetWindowRgn
MoveWindow
UpdateLayeredWindow

gdi32

SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CreateCompatibleBitmap
CombineRgn
SelectClipRgn
GetDeviceCaps
GetObjectA
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
BitBlt
SetTextColor
MoveToEx
TextOutW
GdiFlush
CreatePatternBrush
GetTextExtentPointA
FillRgn
GetBitmapBits
SetBitmapBits
CreateDIBSection

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHChangeNotify

ole32

CLSIDFromProgID
CoInitializeEx
CLSIDFromString
CoCreateInstance
CoCreateGuid
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
OleLockRunning

oleaut32

SysFreeString
SysAllocString
VariantClear
SysStringLen
SysAllocStringLen
VariantInit

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdiplusStartup
GdipDeleteBrush
GdipFree
GdipAlloc
GdiplusShutdown
GdipMeasureString

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

winhttp

WinHttpCheckPlatform
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCrackUrl

advapi32

RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW

Sections

.text
Size: 756KB - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66.7MB - Virtual size: 66.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9368365885f90f51078cb8b4eb7f7652

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

shell32

ole32

oleaut32

comctl32

gdiplus

imm32

winhttp

advapi32

Sections

.text Size: 756KB - Virtual size: 755KB

.rdata Size: 173KB - Virtual size: 173KB

.data Size: 17KB - Virtual size: 23KB

.rsrc Size: 66.7MB - Virtual size: 66.7MB

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 756KB - Virtual size: 755KB

.rdata
Size: 173KB - Virtual size: 173KB

.data
Size: 17KB - Virtual size: 23KB

.rsrc
Size: 66.7MB - Virtual size: 66.7MB

.reloc
Size: 44KB - Virtual size: 44KB