8155bcdc677185cb7acb5b469e0bcebe9cf8c90905c63e6b90ad872824e7cda1

Sharing

Copy URL

Twitter E-mail

General

Target

8155bcdc677185cb7acb5b469e0bcebe9cf8c90905c63e6b90ad872824e7cda1
Size

5.5MB
MD5

5fda9ea6564ae2787324c3e18feffed6
SHA1

8de911d411da33dcb1481dac62a7e0c9fccab923
SHA256

8155bcdc677185cb7acb5b469e0bcebe9cf8c90905c63e6b90ad872824e7cda1
SHA512

eb1383a279bbb393f9a647cd9436acba30c93e836199750ba4317cdbce0f7508fceb67cd3139332acbe29ce678aeed6e26cbccdbdd0b21685d73ef5148460cc7
SSDEEP

98304:PmaBXVkGgnxCgFc2cj+EJO/+CMXBwjmYQR1JKxdXBHjIhzuTA:PlXV0nxCgFclde+xYLjXBDszuT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8155bcdc677185cb7acb5b469e0bcebe9cf8c90905c63e6b90ad872824e7cda1

Files

8155bcdc677185cb7acb5b469e0bcebe9cf8c90905c63e6b90ad872824e7cda1
.exe windows:5 windows x86

b7c4688817ac0b7a44b08523b26f8f67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeKillEvent
mciSendStringW
timeSetEvent

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

kernel32

DeleteFileW
GetFileAttributesExW
GetCurrentDirectoryW
MapViewOfFile
GetVolumeInformationW
GetFileAttributesW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
GetFileInformationByHandle
CreateToolhelp32Snapshot
GetFileSizeEx
FormatMessageW
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetVersionExW
GetSystemInfo
GetSystemDirectoryW
GetTimeZoneInformation
GetUserDefaultLangID
FindFirstChangeNotificationW
FindCloseChangeNotification
WaitForMultipleObjects
FindNextChangeNotification
Process32FirstW
Process32NextW
ResetEvent
OpenFileMappingW
IsBadReadPtr
GetSystemTime
GetCurrentDirectoryA
GetModuleFileNameA
GetVersionExA
HeapCreate
FreeResource
GetFullPathNameW
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
VerifyVersionInfoW
QueryPerformanceCounter
MoveFileExA
GetSystemTimeAsFileTime
CompareFileTime
GetFileType
GetStdHandle
PeekNamedPipe
FormatMessageA
InterlockedDecrement
CreateFileMappingW
GetFileSize
WriteFile
UnmapViewOfFile
SuspendThread
lstrlenA
InterlockedIncrement
GlobalAlloc
GlobalLock
GetThreadContext
VirtualFree
VirtualAlloc
FlushInstructionCache
VirtualProtect
GetEnvironmentVariableW
GetEnvironmentVariableA
CreateProcessW
ResumeThread
TerminateProcess
ReadProcessMemory
LoadLibraryExA
LoadLibraryA
FindNextFileW
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
ReadConsoleA
SetConsoleMode
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetDriveTypeW
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
LocalFree
InitializeCriticalSectionEx
GetStringTypeW
GetExitCodeThread
WaitForSingleObjectEx
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetLocalTime
OutputDebugStringW
IsBadWritePtr
SetLastError
lstrcmpW
GetCurrentThreadId
ExitProcess
GlobalAddAtomA
Sleep
GetTickCount
InterlockedCompareExchange
FindFirstFileW
FindClose
ReadFile
CreateFileW
GlobalUnlock
MulDiv
GetComputerNameA
WideCharToMultiByte
OutputDebugStringA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GetProcAddress
FreeLibrary
GetLastError
GetCurrentProcess
GetCurrentProcessId
GetCommandLineA
LoadLibraryW
GetModuleHandleA
CloseHandle
SetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCommandLineW
GetModuleHandleW
SetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
lstrcmpiW
LockResource
SizeofResource
FindResourceExW
DecodePointer
RaiseException
MultiByteToWideChar
LoadResource
FindResourceW
LoadLibraryExW
GetCurrentThread
GetModuleFileNameW
VirtualQuery
SetUnhandledExceptionFilter

user32

IsWindowVisible
GetFocus
GetDlgItem
GetDlgCtrlID
IsChild
GetWindow
SetFocus
RedrawWindow
GetActiveWindow
RegisterClassExW
MessageBoxW
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
MsgWaitForMultipleObjects
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
ReleaseDC
GetDC
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
DefWindowProcW
CreateAcceleratorTableW
FillRect
DestroyAcceleratorTable
GetSysColor
GetParent
ShowWindow
SetWindowPos
DestroyWindow
SendMessageW
UnregisterClassW
CharNextW
OffsetRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindow
FindWindowW
GetWindowRect
MonitorFromRect
PostMessageW
UnhookWinEvent
SetWinEventHook
GetForegroundWindow
BringWindowToTop
SetWindowLongW
GetCursorPos
PtInRect
SetForegroundWindow
GetUserObjectInformationW
GetProcessWindowStation
DrawIconEx
CallWindowProcW
WindowFromPoint
EqualRect
IsIconic
MonitorFromPoint
GetSystemMetrics
GetMonitorInfoW
GetAsyncKeyState
UnregisterHotKey
RegisterHotKey
EnumDisplayMonitors
CopyRect
ScreenToClient
GetWindowLongW
MonitorFromWindow
GetClassNameW
GetShellWindow
GetAncestor
ClientToScreen
GetWindowThreadProcessId
SystemParametersInfoW
AttachThreadInput
LockWorkStation
SetCursor
SetCapture
ReleaseCapture
GetDesktopWindow
CreateWindowExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
GetClientRect
BeginPaint
EndPaint
SetClassLongW
GetClassLongW
RemovePropW
GetPropW
SetPropW
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsMenu
GetIconInfo
SetLayeredWindowAttributes
EnumDisplayDevicesW
SetTimer
KillTimer
DestroyIcon
SendMessageA
GetWindowDC
GetWindowRgn
IsZoomed
SetSysColors
DestroyCursor
GetKeyState
EnableMenuItem
SetRect
InflateRect
InvalidateRect
SetActiveWindow
IsWindowEnabled
EnableWindow
LoadImageW
CreateIconFromResource
LoadBitmapW
MapWindowPoints
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
UpdateWindow
GetCapture
AnimateWindow
PostQuitMessage
TrackMouseEvent
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
IsRectEmpty
UnionRect
IntersectRect
InvalidateRgn

gdi32

ExcludeClipRect
CreateRoundRectRgn
SetGraphicsMode
Rectangle
FrameRgn
SetROP2
CreateRectRgn
SetDeviceGammaRamp
RestoreDC
GetObjectW
GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
GetDeviceCaps
SaveDC
EnumFontsW
CreateBitmap
CreateFontIndirectW
SetBkMode
StretchBlt
SetViewportOrgEx
ExtCreateRegion
GetRegionData
IntersectClipRect
SelectClipRgn
CreateDIBSection
GetCurrentObject
GetViewportOrgEx
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextColor
SetTextAlign
GetTextMetricsW
CreatePen
SetWorldTransform
ExtTextOutW
GetTextFaceW
GdiFlush
SelectObject
CreateHatchBrush
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges

comdlg32

ChooseColorW
GetOpenFileNameW

advapi32

CryptGetUserKey
CryptSignHashW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegNotifyChangeKeyValue
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
RegQueryValueExW
GetUserNameA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
DeregisterEventSource
CryptEnumProvidersW

shell32

ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ord680
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
Shell_NotifyIconW

ole32

CreateStreamOnHGlobal
IIDFromString
CreateBindCtx
CoCreateGuid
OleLockRunning
StringFromGUID2
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemRealloc
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

LoadTypeLi
LoadRegTypeLi
VariantClear
OleCreateFontIndirect
DispCallFunc
VarUdateFromDate
SysStringLen
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString
VarUI4FromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFindExtensionW
PathIsDirectoryW
PathFileExistsW
StrToIntExW
PathQuoteSpacesW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipSaveImageToFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGraphicsClear
GdipImageGetFrameCount
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCreateBitmapFromFile
GdipGetImageEncodersSize
GdipAlloc
GdipFree
GdipGetImageEncoders
GdipImageSelectActiveFrame

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA

dwmapi

DwmGetWindowAttribute

ws2_32

getnameinfo
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
shutdown

iphlpapi

GetAdaptersInfo

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore

wldap32

ord127
ord167
ord145
ord208
ord219
ord26
ord14
ord216
ord27
ord117
ord142
ord79
ord133
ord147
ord46
ord41
ord301

usp10

ScriptItemize
ScriptFreeCache
ScriptShape

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 578KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7c4688817ac0b7a44b08523b26f8f67

Headers

DLL Characteristics

File Characteristics

Imports

winmm

wtsapi32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

version

dwmapi

ws2_32

iphlpapi

imm32

crypt32

wldap32

usp10

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 86KB - Virtual size: 190KB

.rsrc Size: 578KB - Virtual size: 580KB

.reloc Size: 204KB - Virtual size: 204KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 86KB - Virtual size: 190KB

.rsrc
Size: 578KB - Virtual size: 580KB

.reloc
Size: 204KB - Virtual size: 204KB