61ce37f2b1ac54a394292463dfacade55c2990054809dca20d4b70178c377595

Sharing

Copy URL Twitter E-mail

General

Target

61ce37f2b1ac54a394292463dfacade55c2990054809dca20d4b70178c377595
Size

2.9MB
MD5

4e280be19472439658812eb03d14db1e
SHA1

114bde7994944ed936c8a1251f62a14f4586090e
SHA256

61ce37f2b1ac54a394292463dfacade55c2990054809dca20d4b70178c377595
SHA512

7868a4fbfd8425e2eb8a30dbd8df6898b255c7702ea0ba9a0ef51bb752c51dde12cba91a4e0da53b13f512ca60c3ad646eb6aefbfb3eaf3c28429a0455381bf0
SSDEEP

24576:dTixdy0y6PE9yuYzRlKqWY/1hTmMC4DV3Q9ZZYmvJk/YPNf+U9UB54XiBT8j9hgW:JVGXKqDzfBmZZFaYQbnmiUTTPMXyJC2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61ce37f2b1ac54a394292463dfacade55c2990054809dca20d4b70178c377595

Files

61ce37f2b1ac54a394292463dfacade55c2990054809dca20d4b70178c377595
.exe windows:5 windows x64

550b1fccb3e7cec6fc83b013d494320a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WaitForMultipleObjects
WriteFile
SetEndOfFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
TlsAlloc
TlsSetValue
TlsFree
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
GetDiskFreeSpaceExW
IsBadReadPtr
IsBadWritePtr
TerminateThread
SuspendThread
GetModuleHandleA
GetCurrentThread
DuplicateHandle
ResetEvent
WideCharToMultiByte
GetVersionExW
GetFileAttributesW
CreateFileW
CreateDirectoryW
GetTempFileNameW
GetTempPathW
GetCommandLineW
LoadLibraryW
SetUnhandledExceptionFilter
GetCurrentProcessId
VirtualQuery
VirtualFree
VirtualAlloc
OpenMutexW
CreateMutexW
ReleaseMutex
OpenProcess
DeleteFileW
CreateProcessW
CreatePipe
GetTickCount
SetHandleInformation
ReadFile
GetStdHandle
Sleep
InitializeCriticalSection
ResumeThread
SetLastError
SetThreadPriority
GetExitCodeProcess
CreateEventW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
WriteConsoleW
PeekNamedPipe
GetFileType
GetFullPathNameW
GetConsoleMode
GetConsoleCP
ExitThread
RtlUnwindEx
RtlPcToFileHeader
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
WaitForSingleObject
SetEvent
CreateThread
LockResource
FreeResource
MultiByteToWideChar
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
CloseHandle
SizeofResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetProcAddress
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
RtlCaptureContext
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
WaitForSingleObjectEx
GetPrivateProfileStringA
CreateEventA
GetFileAttributesA
GetTimeZoneInformation
GetDriveTypeW
lstrcpyW
SetFileAttributesW
lstrlenA
ExitProcess
FindResourceExW
MulDiv
GetWindowsDirectoryW
GetSystemDirectoryW
UnregisterWaitEx
RegisterWaitForSingleObject
SetFilePointerEx
FlushFileBuffers
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
TlsGetValue
GetModuleHandleExW
lstrlenW
GetUserDefaultLangID
lstrcmpA
DeviceIoControl
TryEnterCriticalSection
ReplaceFileW
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
GetFileAttributesExW
RemoveDirectoryW
GetCurrentDirectoryW
FindClose
GetFileSize
GetLongPathNameW
AssignProcessToJobObject
GetModuleHandleExA
GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
IsDebuggerPresent
OutputDebugStringA
FormatMessageA
GetNativeSystemInfo
LocalFree

user32

EndPaint
SetWindowPos
IsWindowVisible
SetCursor
GetMessageExtraInfo
RegisterWindowMessageW
GetMessageW
GetKeyState
MapWindowPoints
ScreenToClient
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetForegroundWindow
ShowWindow
GetForegroundWindow
SetActiveWindow
GetSystemMetrics
IsZoomed
BeginPaint
UpdateLayeredWindow
UpdateWindow
SetCapture
GetCapture
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
ReleaseCapture
TrackMouseEvent
AdjustWindowRectEx
InvalidateRect
GetFocus
InvalidateRgn
DrawIconEx
GetIconInfo
WindowFromDC
MsgWaitForMultipleObjectsEx
GetQueueStatus
CallMsgFilterW
WaitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
FindWindowExW
MessageBoxW
InflateRect
PtInRect
GetWindowLongW
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetDesktopWindow
GetParent
GetWindowThreadProcessId
GetWindow
LoadCursorW
UnregisterClassW
DestroyWindow
CharNextW
PostQuitMessage
IsWindow
SetTimer
KillTimer
GetCursorPos
CopyRect
DefWindowProcW
AttachThreadInput
IntersectRect
SendMessageW
PostMessageW
IsIconic
GetLastActivePopup
SetWindowRgn
IsWindowEnabled
EnableWindow
SetFocus
EndDialog
DialogBoxParamW
FindWindowW
OffsetRect
SubtractRect
FillRect
ReleaseDC
GetDC
DrawTextW
AllowSetForegroundWindow
ReplyMessage
SendMessageTimeoutW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW

gdi32

DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
SetViewportOrgEx
GetDeviceCaps
GetRandomRgn
GdiAlphaBlend
GetLayout
SetLayout
GetCurrentObject
SetBkMode
LPtoDP
SetGraphicsMode
SetWorldTransform
CreateDIBSection
GetTextExtentPoint32W
SetWindowOrgEx
RectVisible
CreateRectRgnIndirect
SelectClipRgn
GetRgnBox
OffsetRgn
CombineRgn
CreateRectRgn
GetDIBits
GetStockObject
IntersectClipRect
RestoreDC
SaveDC
SelectObject
GetObjectW
BitBlt
ModifyWorldTransform
GetObjectType

shell32

SHFileOperationW
CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
SHAppBarMessage
DragQueryFileW
SHGetSpecialFolderPathW
SHGetDesktopFolder

ole32

ReleaseStgMedium
OleInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
RegisterDragDrop
RevokeDragDrop
DoDragDrop

oleaut32

SysFreeString
VarUI4FromStr
CreateStdDispatch
VariantInit
VariantClear
CreateDispTypeInfo
VariantChangeType
SysAllocString
VariantCopy
VarCmp

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CreateProcessAsUserW

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetReadFileExA
InternetWriteFile
InternetQueryOptionW
InternetSetOptionA
InternetSetOptionW
InternetGetLastResponseInfoW
InternetSetStatusCallbackW
InternetCrackUrlW
FtpCommandW
FtpGetFileSize
HttpOpenRequestW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetOpenUrlW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoA
InternetErrorDlg
FtpOpenFileW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

SHGetValueW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameA
PathFindFileNameW
StrStrIW
PathGetDriveNumberW
PathFileExistsA
PathIsRootW
PathIsDirectoryW
PathAddBackslashW

gdiplus

GdipDrawImagePointRectI
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetInterpolationMode
GdiplusStartup
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

netapi32

Netbios

libmlt-6

mlt_animation_get_item
mlt_animation_get_length
mlt_animation_interpolate
mlt_animation_key_count
mlt_animation_key_get
mlt_animation_key_set_frame
mlt_animation_key_set_type
mlt_animation_next_key
mlt_animation_prev_key
mlt_animation_remove
mlt_animation_serialize_cut
mlt_animation_serialize_cut_tf
mlt_animation_set_length
mlt_animation_shift_frames
mlt_audio_format_size
mlt_consumer_close
mlt_consumer_is_stopped
mlt_consumer_position
mlt_consumer_purge
mlt_consumer_service
mlt_consumer_start
mlt_consumer_stop
mlt_event_block
mlt_event_close
mlt_event_data_none
mlt_event_data_to_frame
mlt_event_data_to_int
mlt_event_data_to_object
mlt_event_data_to_string
mlt_event_inc_ref
mlt_event_unblock
mlt_events_block
mlt_events_close_wait_for
mlt_events_fire
mlt_events_listen
mlt_events_setup_wait_for
mlt_events_unblock
mlt_events_wait_for
mlt_factory_close
mlt_factory_consumer
mlt_factory_event_object
mlt_factory_filter
mlt_factory_init
mlt_factory_producer
mlt_factory_transition
mlt_filter_close
mlt_filter_connect
mlt_filter_get_in
mlt_filter_get_length
mlt_filter_get_length2
mlt_filter_get_out
mlt_filter_get_position
mlt_filter_get_progress
mlt_filter_get_track
mlt_filter_process
mlt_filter_service
mlt_filter_set_in_and_out
mlt_frame_close
mlt_frame_get_audio
mlt_frame_get_image
mlt_frame_get_original_producer
mlt_frame_get_position
mlt_frame_get_waveform
mlt_frame_init
mlt_frame_properties
mlt_frame_set_alpha
mlt_frame_set_image
mlt_frame_unique_properties
mlt_image_format_size
mlt_log_get_level
mlt_log_set_callback
mlt_log_set_level
mlt_pool_alloc
mlt_pool_release
mlt_producer_clear
mlt_producer_close
mlt_producer_cut
mlt_producer_cut_parent
mlt_producer_frame
mlt_producer_frame_time
mlt_producer_get_creation_time
mlt_producer_get_fps
mlt_producer_get_in
mlt_producer_get_length
mlt_producer_get_length_time
mlt_producer_get_out
mlt_producer_get_playtime
mlt_producer_get_speed
mlt_producer_is_blank
mlt_producer_is_cut
mlt_producer_optimise
mlt_producer_position
mlt_producer_prepare_reopen
mlt_producer_probe
mlt_producer_seek
mlt_producer_seek_time
mlt_producer_service
mlt_producer_set_creation_time
mlt_producer_set_in_and_out
mlt_producer_set_speed
mlt_profile_close
mlt_profile_dar
mlt_profile_fps
mlt_profile_from_producer
mlt_profile_init
mlt_profile_list
mlt_profile_load_properties
mlt_profile_sar
mlt_profile_scale_height
mlt_profile_scale_width
mlt_properties_anim_get
mlt_properties_anim_get_color
mlt_properties_anim_get_double
mlt_properties_anim_get_int
mlt_properties_anim_get_rect
mlt_properties_anim_set
mlt_properties_anim_set_color
mlt_properties_anim_set_double
mlt_properties_anim_set_int
mlt_properties_anim_set_rect
mlt_properties_clear
mlt_properties_close
mlt_properties_copy
mlt_properties_count
mlt_properties_debug
mlt_properties_dec_ref
mlt_properties_dump
mlt_properties_exists
mlt_properties_frames_to_time
mlt_properties_get
mlt_properties_get_animation
mlt_properties_get_color
mlt_properties_get_data
mlt_properties_get_data_at
mlt_properties_get_double
mlt_properties_get_int
mlt_properties_get_int64
mlt_properties_get_lcnumeric
mlt_properties_get_name
mlt_properties_get_properties
mlt_properties_get_properties_at
mlt_properties_get_rect
mlt_properties_get_time
mlt_properties_get_value
mlt_properties_get_value_tf
mlt_properties_inc_ref
mlt_properties_inherit
mlt_properties_is_anim
mlt_properties_is_sequence
mlt_properties_load
mlt_properties_lock
mlt_properties_mirror
mlt_properties_new
mlt_properties_parse
mlt_properties_parse_yaml
mlt_properties_pass
mlt_properties_pass_list
mlt_properties_pass_property
mlt_properties_preset
mlt_properties_ref_count
mlt_properties_rename
mlt_properties_save
mlt_properties_serialise_yaml
mlt_properties_set
mlt_properties_set_color
mlt_properties_set_data
mlt_properties_set_double
mlt_properties_set_int
mlt_properties_set_int64
mlt_properties_set_lcnumeric
mlt_properties_set_properties
mlt_properties_set_rect
mlt_properties_set_string
mlt_properties_time_to_frames
mlt_properties_unlock
mlt_repository_consumers
mlt_repository_create
mlt_repository_filters
mlt_repository_init
mlt_repository_languages
mlt_repository_links
mlt_repository_metadata
mlt_repository_presets
mlt_repository_producers
mlt_repository_register
mlt_repository_register_metadata
mlt_repository_transitions
mlt_service_attach
mlt_service_cache_set_size
mlt_service_close
mlt_service_connect_producer
mlt_service_consumer
mlt_service_detach
mlt_service_disconnect_all_producers
mlt_service_disconnect_producer
mlt_service_filter
mlt_service_filter_count
mlt_service_get_frame
mlt_service_identify
mlt_service_insert_producer
mlt_service_lock
mlt_service_move_filter
mlt_service_producer
mlt_service_profile
mlt_service_properties
mlt_service_set_profile
mlt_service_unlock
mlt_transition_close
mlt_transition_connect
mlt_transition_get_a_track
mlt_transition_get_b_track
mlt_transition_get_in
mlt_transition_get_length
mlt_transition_get_out
mlt_transition_get_position
mlt_transition_get_progress
mlt_transition_get_progress_delta
mlt_transition_service
mlt_transition_set_in_and_out
mlt_transition_set_tracks

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 821KB - Virtual size: 821KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

550b1fccb3e7cec6fc83b013d494320a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

comdlg32

advapi32

wininet

version

shlwapi

gdiplus

winmm

userenv

netapi32

libmlt-6

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 821KB - Virtual size: 821KB

.data Size: 121KB - Virtual size: 556KB

.pdata Size: 87KB - Virtual size: 86KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 29B

.rsrc Size: 165KB - Virtual size: 165KB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 821KB - Virtual size: 821KB

.data
Size: 121KB - Virtual size: 556KB

.pdata
Size: 87KB - Virtual size: 86KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 29B

.rsrc
Size: 165KB - Virtual size: 165KB

.reloc
Size: 37KB - Virtual size: 36KB