d325b626866db7620369d12d53efec46babeabe7cd2be3869943f74bc9cd1720

Sharing

Copy URL Twitter E-mail

General

Target

d325b626866db7620369d12d53efec46babeabe7cd2be3869943f74bc9cd1720
Size

3.5MB
MD5

e3783031035e8dd43dd2694e077fc401
SHA1

01c25d8bf97c749e4631df88b9515b16ae9f2dc1
SHA256

d325b626866db7620369d12d53efec46babeabe7cd2be3869943f74bc9cd1720
SHA512

e2620a12233eff7d1cf33b2778aa511b1a2e65067aa9ce6ce2ef495a458e8e63c32d29caac28248f7e39a693a8aa419a7bfe335e23c86e67c69951020731d56b
SSDEEP

98304:0rzi2j1z73pcO9s75GmJRfdlSN6Zk/dztxQmsw6J7RmVWK3RYpQe74:QVIGIdlCtZszmVWK3kQe7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d325b626866db7620369d12d53efec46babeabe7cd2be3869943f74bc9cd1720

Files

d325b626866db7620369d12d53efec46babeabe7cd2be3869943f74bc9cd1720
.exe windows:5 windows x86

c38267bcd2aa9f0ad89c77c0670c5779

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

tpsvc

ord22
ord10
ord9
ord11
ord4
ord8

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryW
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrlenW
GetVersionExW
LocalAlloc
LocalFree
GetLastError
CloseHandle
SetLastError
GetCurrentProcess
lstrlenA
lstrcmpA
HeapFree
GetProcessHeap
GetModuleHandleA
GetVersion
GetEnvironmentVariableW
HeapAlloc
MultiByteToWideChar
CreateEventW
WaitForSingleObject
Sleep
WideCharToMultiByte
LoadLibraryA
GetSystemDirectoryA
GlobalFree
SetEnvironmentVariableA
WriteConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
FatalAppExitA
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
HeapDestroy
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
CreateThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
ExitProcess
DecodePointer
EncodePointer
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
LocalLock
LocalUnlock
FindResourceExW
GetDiskFreeSpaceW
ReplaceFileW
GetUserDefaultLCID
VirtualProtect
GetNumberFormatW
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
GetTickCount
GetTempPathW
GetTempFileNameW
FreeResource
GlobalFindAtomW
InitializeCriticalSectionAndSpinCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SetFileAttributesW
GetFileAttributesExW
SetErrorMode
GlobalFlags
lstrcpyW
GetCurrentDirectoryW
SystemTimeToFileTime
FileTimeToSystemTime
GetAtomNameW
CompareStringW
TlsFree
DeleteCriticalSection
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GetPrivateProfileStringW
WritePrivateProfileStringW
GetComputerNameW
GlobalAlloc
LockResource
WriteProfileStringW
GetSystemDirectoryW
InterlockedExchange
GetPrivateProfileIntW
GlobalGetAtomNameW
GlobalAddAtomW
InterlockedIncrement
InterlockedCompareExchange
InterlockedDecrement
FreeConsole
SuspendThread
ResumeThread
SetEvent
WaitForMultipleObjects
HeapReAlloc
SetThreadPriority
ReleaseActCtx
CreateActCtxW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
MoveFileW
DeleteFileW
CreateFileW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GlobalDeleteAtom
GetCurrentThreadId
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
ActivateActCtx
DeactivateActCtx
lstrcmpW
LoadLibraryExW
CopyFileW
GlobalSize
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
CreateMutexA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateWaitableTimerA
SetWaitableTimer
CreateEventA
GetOverlappedResult
ReadFile
CancelIo
DeleteFileA
GetWindowsDirectoryA
CreateFileA
WriteFile
GetVersionExA
ResetEvent
GetCurrentThread
GetLocaleInfoW
GetModuleFileNameW
SetConsoleCtrlHandler
GetConsoleWindow
LocalReAlloc
GetCurrentProcessId
OpenEventW
OpenMutexW
ReleaseMutex
CreateMutexW
WaitForSingleObjectEx

user32

GetTabbedTextExtentW
EnumChildWindows
GetWindowRgn
WindowFromDC
DestroyCursor
DrawIcon
MapDialogRect
GetDialogBaseUnits
GetNextDlgGroupItem
HideCaret
InvertRect
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetIconInfo
GetDoubleClickTime
CharUpperBuffW
CopyIcon
RegisterClipboardFormatW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetMenuDefaultItem
GetUpdateRect
FrameRect
SendNotifyMessageW
IsClipboardFormatAvailable
SetMenuDefaultItem
PostThreadMessageW
CreateMenu
InSendMessage
IsMenu
UpdateLayeredWindow
EnableScrollBar
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetDCEx
CopyImage
LockWindowUpdate
SetCursorPos
SetRect
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
SetCapture
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
DestroyAcceleratorTable
SetWindowRgn
IsZoomed
UnionRect
SetParent
GetSystemMenu
IsRectEmpty
MapVirtualKeyW
GetKeyNameTextW
GetMenuItemInfoW
InflateRect
RegisterWindowMessageW
SendDlgItemMessageA
IsChild
GetClassLongW
SetPropW
GetPropW
RemovePropW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CallWindowProcW
UnregisterClassW
RealChildWindowFromPoint
GetWindowRect
PtInRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
DefWindowProcW
MapWindowPoints
GetClientRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
GetMonitorInfoW
DeleteMenu
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
MessageBoxW
ShowOwnedPopups
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetClassNameW
GetSysColor
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
GetMenuBarInfo
WinHelpW
LoadImageW
DestroyIcon
GetWindowThreadProcessId
EqualRect
LoadIconW
SetCursor
GetCapture
ReleaseCapture
LoadAcceleratorsW
SetActiveWindow
InvalidateRect
UpdateWindow
IsIconic
InsertMenuItemW
CreatePopupMenu
GetClassInfoW
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetMenu
GetLastActivePopup
BringWindowToTop
SetMenu
GetDesktopWindow
TranslateAcceleratorW
GetWindowTextLengthW
GetFocus
SetFocus
SetWindowPos
ScrollWindowEx
GetParent
IsWindowEnabled
MoveWindow
SetWindowLongW
GetDlgCtrlID
IsWindow
SetWindowTextW
GetWindowLongW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetWindow
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
GetCursorPos
ValidateRect
EnableWindow
WaitMessage
DispatchMessageW
UnhookWindowsHookEx
CharUpperW
GetSystemMetrics
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
CharLowerW
KillTimer
ShowWindow
EnumWindows
SetTimer
GetWindowTextW
PeekMessageW
PostQuitMessage
PostMessageW
SendMessageTimeoutW
GetForegroundWindow

gdi32

CreateEllipticRgn
Polyline
Ellipse
Polygon
OffsetRgn
GetRgnBox
SetDIBColorTable
GetDIBits
RealizePalette
StretchBlt
SetPixel
RoundRect
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
GetTextColor
GetBoundsRect
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
StartPage
EndPage
GetCurrentObject
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetPolyFillMode
SetBkColor
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
SetPixelV
GetBkColor
CreatePolygonRgn
CreateRoundRectRgn
FrameRgn
CreateDIBSection
StretchDIBits
CreateFontW
GetCharWidthW
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
PatBlt
GetTextExtentPoint32W
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
CreateDIBitmap
GetStockObject
CreatePen
CreateSolidBrush
CreatePatternBrush
CreateFontIndirectW
GetObjectW
CreateRectRgnIndirect
BitBlt
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
DeleteObject
SaveDC
SetLayout
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SetAbortProc
SelectClipPath
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
RestoreDC

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ord203
GetPrinterW
OpenPrinterW
EnumPrintersW
ClosePrinter
SetPrinterW
AddPrinterConnectionW
GetPrinterDataW
DeletePrinterConnectionW
ord204
GetJobW

advapi32

SetSecurityDescriptorDacl
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
InitializeAcl
SetEntriesInAclW
LookupAccountNameW
GetFileSecurityW
SetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueW
RegQueryValueA
RegEnumKeyExA
ConvertSidToStringSidA
RegDeleteKeyA
EqualPrefixSid
RegCreateKeyExA
RevertToSelf
RegisterEventSourceA
ReportEventA
SetThreadToken
RegSetValueExA
RegOpenKeyExA
OpenThreadToken
LookupAccountSidW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RegOpenKeyW
EqualSid
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegNotifyChangeKeyValue
GetUserNameW
RegOpenKeyA
RegQueryValueExA
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenProcessToken
ConvertStringSidToSidW
GetTokenInformation
CopySid
ConvertSidToStringSidW
AllocateAndInitializeSid
GetLengthSid
InitializeSecurityDescriptor
FreeSid

shell32

SHGetFileInfoW
DragFinish
DragQueryFileW
SHAddToRecentDocs
ExtractIconW
ShellExecuteW
SHAppBarMessage
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
ShellExecuteExW

comctl32

ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathRemoveExtensionW
PathFindFileNameW
PathRemoveFileSpecW

ole32

StringFromGUID2
OleRun
OleRegGetMiscStatus
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
OleGetIconOfClass
CoCreateGuid
PropVariantCopy
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
OleGetClipboard
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
CoTreatAsClass
OleDuplicateData
CoDisconnectObject
CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize
CoInitializeEx
StgCreateDocfile
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateFileMoniker
StgOpenStorage
StgIsStorageFile
OleCreateMenuDescriptor
OleCreateLinkToFile
OleCreateFromFile
OleSetContainedObject
GetHGlobalFromILockBytes
OleLoad
OleCreate
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleSetMenuDescriptor
CreateStreamOnHGlobal
OleSetClipboard
OleIsCurrentClipboard
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateDataAdviseHolder
CreateOleAdviseHolder
CoGetMalloc
GetRunningObjectTable
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
DoDragDrop
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleSaveToStream
WriteClassStm
OleSave
StgCreateDocfileOnILockBytes
OleFlushClipboard

oleaut32

VariantInit
VarBstrFromDate
VarBstrFromDec
VarBstrFromCy
SysFreeString
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantChangeType
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysStringByteLen
VarDecFromStr
SysAllocStringByteLen
SafeArrayPtrOfIndex

oledlg

OleUIBusyW

wsock32

gethostbyname
htonl
getservbyname
htons
gethostbyaddr
getservbyport
ntohs
WSASetLastError
recv
send
WSAAsyncSelect
WSAGetLastError
sendto
connect
getpeername
getsockname
bind
select
socket
accept
closesocket
WSACleanup
WSAStartup
recvfrom
inet_addr
ioctlsocket

userenv

EnterCriticalPolicySection
LeaveCriticalPolicySection

dnsapi

DnsRecordListFree
DnsQuery_W

ws2_32

WSAStringToAddressA

gdiplus

GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipFree

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 630KB - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c38267bcd2aa9f0ad89c77c0670c5779

Headers

DLL Characteristics

File Characteristics

Imports

tpsvc

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

wsock32

userenv

dnsapi

ws2_32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 630KB - Virtual size: 630KB

.data Size: 36KB - Virtual size: 70KB

.rsrc Size: 399KB - Virtual size: 398KB

.reloc Size: 185KB - Virtual size: 185KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 630KB - Virtual size: 630KB

.data
Size: 36KB - Virtual size: 70KB

.rsrc
Size: 399KB - Virtual size: 398KB

.reloc
Size: 185KB - Virtual size: 185KB