ce87537e418441fa9213c0701e1e81c9d6a875d5cb5eeeb819621867127e5cde

Sharing

Copy URL Twitter E-mail

General

Target

ce87537e418441fa9213c0701e1e81c9d6a875d5cb5eeeb819621867127e5cde
Size

2.9MB
MD5

60d6777ecad453b0742bcd0778c3ba55
SHA1

3aeb2113f920927b4497b9f5598a779809774219
SHA256

ce87537e418441fa9213c0701e1e81c9d6a875d5cb5eeeb819621867127e5cde
SHA512

46105d562bd17cda74b1e62514ee1f9052a76a0005231be9012c397ebf3aa07fb791cc2bc9fe2c0e41ff6ea0c607dc11b8d85a9d16ed177f344974b1726f7a98
SSDEEP

49152:a49KFjC1PR0gQXZFE3/RQNmsEoU6XPNmTjmiCulb:IypN6i3l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce87537e418441fa9213c0701e1e81c9d6a875d5cb5eeeb819621867127e5cde

Files

ce87537e418441fa9213c0701e1e81c9d6a875d5cb5eeeb819621867127e5cde
.exe windows:5 windows x64

abd189fa6aa5576f8611a18d7ce0c579

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CancelWaitableTimer
GetDiskFreeSpaceExW
IsBadReadPtr
IsBadWritePtr
GetStdHandle
SetHandleInformation
CreatePipe
CreateProcessW
FindResourceExW
FindClose
FindFirstFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateThread
SuspendThread
GlobalLock
GlobalAlloc
LockResource
FreeResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
MultiByteToWideChar
FindResourceW
SetWaitableTimer
CreateWaitableTimerW
TlsFree
TlsSetValue
TlsAlloc
SystemTimeToFileTime
SetFileTime
SetFilePointer
SetEndOfFile
WriteFile
WaitForMultipleObjects
ResetEvent
SetLastError
WideCharToMultiByte
GetVersionExW
DeleteFileW
GetFileAttributesW
CreateFileW
CreateDirectoryW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetACP
WriteConsoleW
GetFileType
GetConsoleMode
GetConsoleCP
GetModuleHandleW
FreeLibraryAndExitThread
ExitThread
VirtualProtect
RtlUnwindEx
RtlPcToFileHeader
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
lstrlenA
ExitProcess
MulDiv
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetCommandLineW
LoadLibraryW
ReadFile
InitializeCriticalSection
SetUnhandledExceptionFilter
GetCurrentProcessId
VirtualQuery
VirtualFree
VirtualAlloc
OpenMutexW
CreateMutexW
CloseHandle
Sleep
ReleaseMutex
OpenProcess
CreateEventW
GetTickCount
WaitForSingleObject
SetEvent
CreateThread
GetModuleHandleA
GlobalFree
GlobalUnlock
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
TlsGetValue
GetModuleHandleExW
lstrlenW
SetFilePointerEx
FlushFileBuffers
lstrcmpA
DeviceIoControl
QueryPerformanceFrequency
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
ExpandEnvironmentStringsW
AssignProcessToJobObject
GetModuleHandleExA
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetSystemInfo
GetSystemTimeAsFileTime
ResumeThread
IsDebuggerPresent
OutputDebugStringA
FormatMessageA
ReplaceFileW
MoveFileExW
MoveFileW
FindNextFileW
GetFileAttributesExW
RemoveDirectoryW
GetCurrentDirectoryW
FileTimeToSystemTime
GetFileSize
GetLongPathNameW
DecodePointer
GetNativeSystemInfo
LocalFree
GetCurrentThreadId
RaiseException
TerminateProcess
GetCurrentProcess
GetProcAddress
FreeLibrary

user32

OffsetRect
GetDesktopWindow
FindWindowW
LoadImageW
MonitorFromWindow
GetMonitorInfoW
PostQuitMessage
IsWindow
SetTimer
KillTimer
GetCursorPos
SendMessageTimeoutW
PtInRect
GetMessageExtraInfo
UpdateWindow
GetCapture
ReleaseCapture
TrackMouseEvent
AdjustWindowRectEx
SubtractRect
CopyRect
GetFocus
InvalidateRgn
DrawIconEx
GetIconInfo
WindowFromDC
MsgWaitForMultipleObjectsEx
FillRect
CallMsgFilterW
WaitMessage
PeekMessageW
FindWindowExW
MessageBoxW
ReplyMessage
AllowSetForegroundWindow
GetWindowThreadProcessId
PostMessageW
AttachThreadInput
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
ShowWindow
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
DialogBoxParamW
SetFocus
GetKeyState
GetSystemMetrics
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
SetWindowTextW
GetWindowRect
ReleaseDC
GetDC
DrawTextW
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
GetWindowTextW
GetWindowTextLengthW
GetClientRect
ScreenToClient
MapWindowPoints
InflateRect
GetWindowLongW
SetWindowLongW
SetClipboardData
CloseClipboard
OpenClipboard
SendMessageW
UnregisterClassW
CharNextW
DestroyWindow
GetQueueStatus
UpdateLayeredWindow
GetGUIThreadInfo
MonitorFromRect
MonitorFromPoint
IsRectEmpty
IntersectRect
WindowFromPoint
ClientToScreen
SetCursor
InvalidateRect
EndPaint
BeginPaint
SetCapture
GetAsyncKeyState
DispatchMessageW
TranslateMessage
GetMessageW
DestroyIcon
RegisterWindowMessageW
EnableWindow
EndDialog
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowRgn
LoadStringW
SystemParametersInfoW
LoadCursorW
GetWindow
GetParent
SetWindowLongPtrW
GetWindowLongPtrW

gdi32

ExtTextOutW
GdiAlphaBlend
SetTextColor
StretchBlt
SetBkMode
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateRoundRectRgn
GetObjectW
CreateDIBSection
SelectObject
SaveDC
RestoreDC
IntersectClipRect
GetStockObject
GetDIBits
GetDeviceCaps
DeleteObject
DeleteDC
CreateFontIndirectW
CreateDCW
CreateCompatibleDC
BitBlt
SetViewportOrgEx
GetObjectType
GetRandomRgn
GetLayout
SetLayout
GetCurrentObject
LPtoDP
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetWindowOrgEx
RectVisible
CreateRectRgnIndirect
SelectClipRgn
GetRgnBox
OffsetRgn
CombineRgn
CreateRectRgn

shell32

SHGetSpecialFolderPathW
SHAppBarMessage
ShellExecuteW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
CommandLineToArgvW
SHFileOperationW
SHGetFolderPathW
Shell_NotifyIconW

ole32

DoDragDrop
RevokeDragDrop
RegisterDragDrop
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
CoCreateInstance
CoInitialize

oleaut32

VarCmp
CreateDispTypeInfo
CreateStdDispatch
VariantCopy
VariantChangeType
SysFreeString
SysAllocString
VariantInit
VarBstrCmp
VariantClear
VarUI4FromStr

advapi32

RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CreateProcessAsUserW

wininet

InternetReadFile
InternetReadFileExA
InternetWriteFile
InternetQueryOptionW
InternetSetOptionA
InternetSetOptionW
InternetGetLastResponseInfoW
InternetSetStatusCallbackW
FtpOpenFileW
InternetConnectW
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetOpenUrlW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoA
InternetErrorDlg
InternetOpenW
InternetCrackUrlW
FtpGetFileSize
FtpCommandW

libcurl

curl_easy_init
curl_easy_cleanup
curl_easy_perform
curl_global_init
curl_easy_setopt

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathRemoveFileSpecW
PathFileExistsW
SHGetValueW
PathFindFileNameA
PathFindFileNameW
PathIsURLW
StrStrIW
PathGetDriveNumberW
PathAddBackslashW
StrStrW

comctl32

ImageList_GetIconSize
ImageList_Remove
ImageList_Draw
ImageList_Add
ImageList_Destroy
ImageList_Create

gdiplus

GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipDisposeImageAttributes
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipDrawImagePointRectI
GdipSetImageAttributesColorMatrix
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesWrapMode
GdipGetImageHeight
GdipCreateImageAttributes
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth

winhttp

WinHttpOpen
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

netapi32

Netbios

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 819KB - Virtual size: 818KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abd189fa6aa5576f8611a18d7ce0c579

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

wininet

libcurl

version

shlwapi

comctl32

gdiplus

winhttp

userenv

winmm

netapi32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 819KB - Virtual size: 818KB

.data Size: 117KB - Virtual size: 546KB

.pdata Size: 81KB - Virtual size: 80KB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 179KB - Virtual size: 178KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 819KB - Virtual size: 818KB

.data
Size: 117KB - Virtual size: 546KB

.pdata
Size: 81KB - Virtual size: 80KB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 179KB - Virtual size: 178KB

.reloc
Size: 36KB - Virtual size: 35KB