ba890e14aecfe7e0f77f654d71e2e59e106e1a7e3114c780ab4fe23984000a2d

Sharing

Copy URL

Twitter E-mail

General

Target

ba890e14aecfe7e0f77f654d71e2e59e106e1a7e3114c780ab4fe23984000a2d
Size

11.3MB
MD5

c4e898f1507a53b17691251f10bd639b
SHA1

904be8f1e11db68cd9069558b15ccff52292f3e0
SHA256

ba890e14aecfe7e0f77f654d71e2e59e106e1a7e3114c780ab4fe23984000a2d
SHA512

3f33feef0f7a007c17e22eaa6069cedd291f64f9bb7248910661ffe9a8d363ac5dc2aab5b44fd19f6a1eefe008406c1446517539e28946cab8c089f662accf7f
SSDEEP

196608:4wXi7E5GfjoqUwA8iAVOs5WSnrYxC2D8WkWOhDp4vUdTKbNiGwS0Sge9S6auf8hj:44i1jojrI5ZrnWmt48Wh0SlS6/8hPPkG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba890e14aecfe7e0f77f654d71e2e59e106e1a7e3114c780ab4fe23984000a2d

Files

ba890e14aecfe7e0f77f654d71e2e59e106e1a7e3114c780ab4fe23984000a2d
.exe windows:6 windows x86

c74f5a52261dfdd6f7b36cca11fd7afd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty

ws2_32

ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
inet_pton
WSAIoctl
WSASetLastError
gethostname
socket
setsockopt
ntohs
htons
WSACloseEvent
WSACreateEvent
getsockopt
getsockname
send
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEnumNetworkEvents
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
shutdown
WSAEventSelect

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord145

kernel32

CompareStringW
FlushFileBuffers
GetFullPathNameW
LockFile
UnlockFile
DuplicateHandle
lstrcmpiW
GetThreadLocale
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalFlags
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalGetAtomNameW
FileTimeToSystemTime
SystemTimeToFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
VirtualProtect
SetErrorMode
GetTickCount64
GetProfileIntW
SearchPathW
GetTempFileNameW
EncodePointer
FindResourceExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
ConvertThreadToFiberEx
ExitProcess
HeapQueryInformation
SetStdHandle
GetCommandLineW
GetCommandLineA
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
OutputDebugStringW
GetCPInfo
LCMapStringEx
GetStringTypeW
FormatMessageA
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
lstrcpyW
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
ConvertFiberToThread
GetSystemDirectoryA
CreateFiberEx
DeleteFiber
GlobalFindAtomW
GetUserDefaultLCID
SwitchToFiber
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
ReadConsoleA
SetConsoleMode
GetEnvironmentVariableW
GetSystemTime
WaitNamedPipeA
CreateEventA
CancelIo
GetOverlappedResult
SetHandleInformation
CreateFileMappingA
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
HeapSize
GetLastError
GetCurrentThread
LoadLibraryA
OutputDebugStringA
MulDiv
LocalFree
GlobalLock
GlobalUnlock
GlobalSize
SuspendThread
SetThreadPriority
VerifyVersionInfoW
VerSetConditionMask
PeekNamedPipe
GetFileType
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExW
FormatMessageW
LoadLibraryW
FreeLibrary
QueryPerformanceFrequency
SleepEx
WaitForMultipleObjects
QueryPerformanceCounter
HeapReAlloc
CloseHandle
HeapAlloc
GetPrivateProfileIntW
CreateSemaphoreW
ResetEvent
InitializeCriticalSection
ReleaseSemaphore
VirtualAlloc
VirtualFree
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemInfo
GetVersionExW
LocalFileTimeToFileTime
GetCurrentProcessId
GetTickCount
GetTempPathW
MoveFileW
GetSystemDirectoryW
GetWindowsDirectoryW
GetCurrentDirectoryW
CompareFileTime
SetLastError
GetModuleHandleA
GetFileInformationByHandle
SetEndOfFile
WriteFile
SetFileTime
ReadFile
SetFilePointer
GetFileSize
GetDriveTypeW
MapViewOfFile
CreateFileMappingW
WideCharToMultiByte
CopyFileW
RaiseException
GetLogicalDriveStringsW
UnmapViewOfFile
CreateFileW
FindClose
GetStdHandle
FindNextFileW
FindFirstFileW
GetVolumeInformationW
SetEvent
GetCurrentThreadId
ResumeThread
CreateEventW
GlobalFree
Process32FirstW
GlobalAlloc
CreateFileA
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
DeviceIoControl
GetProcAddress
lstrlenW
GetCurrentProcess
GetModuleHandleW
Sleep
MultiByteToWideChar
GetSystemDefaultLangID
GetModuleFileNameW
FindResourceW
LoadResource
DeleteFileW
LockResource
SetFileAttributesW
GetFileAttributesW
SizeofResource
CreateDirectoryW
CreateProcessW
GetProcessHeap
DeleteCriticalSection
DecodePointer
VirtualQuery

user32

TranslateAcceleratorW
CharUpperBuffW
RegisterClipboardFormatW
SubtractRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
UpdateLayeredWindow
WaitMessage
GetUpdateRect
SetClassLongW
DestroyAcceleratorTable
ModifyMenuW
SetMenuDefaultItem
GetMenuDefaultItem
GetMenuItemInfoW
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
DestroyMenu
LockWindowUpdate
CreatePopupMenu
BringWindowToTop
UnionRect
SetRect
SetCursorPos
NotifyWinEvent
WindowFromPoint
MessageBeep
DeleteMenu
GetSystemMenu
LoadMenuW
KillTimer
ReleaseCapture
SetCapture
GetAsyncKeyState
IsZoomed
TrackMouseEvent
MonitorFromPoint
SetParent
CopyImage
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IntersectRect
RealChildWindowFromPoint
MapVirtualKeyW
GetKeyNameTextW
SendDlgItemMessageA
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
InsertMenuItemW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassLongW
SetWindowLongW
EqualRect
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
GetClassNameW
GetUserObjectInformationW
GetProcessWindowStation
FindWindowA
UnregisterClassW
SendMessageW
EnumDisplayMonitors
GetMonitorInfoW
SystemParametersInfoW
CopyRect
SetRectEmpty
SetLayeredWindowAttributes
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
MapDialogRect
GetWindow
SetWindowContextHelpId
SetWindowPos
UnhookWindowsHookEx
ScreenToClient
ClientToScreen
GetDesktopWindow
SetActiveWindow
GetNextDlgTabItem
GetDlgItem
UnpackDDElParam
ReuseDDElParam
FrameRect
IsClipboardFormatAvailable
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
EndDialog
CreateDialogIndirectParamW
CreateMenu
HideCaret
InvertRect
DestroyCursor
GetWindowRgn
ShowWindow
EnableWindow
IsIconic
InvalidateRect
UpdateWindow
PtInRect
PostThreadMessageW
GetClientRect
LoadIconW
SetTimer
DrawIcon
GetSystemMetrics
GetWindowRect
EndPaint
BeginPaint
ReleaseDC
LoadImageW
GetParent
GetSysColorBrush
LoadCursorW
RedrawWindow
GetClassInfoW
FillRect
GetDC
DefWindowProcW
CharUpperW
CharPrevExA
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
IsWindow
GetCursorPos
SetWindowsHookExW
CallNextHookEx
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
RegisterWindowMessageW
DrawEdge
DrawFrameControl
DrawStateW
SetWindowRgn
MapWindowPoints
GetSysColor
DrawFocusRect
InflateRect
OffsetRect
IsRectEmpty
DrawIconEx
PostMessageW
PostQuitMessage
ShowOwnedPopups
SetCursor
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetWindowThreadProcessId
GetLastActivePopup
DestroyWindow

gdi32

CreatePen
CreatePatternBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetTextAlign
GetTextMetricsW
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateCompatibleBitmap
CreateDIBitmap
CreateFontIndirectW
EnumFontFamiliesW
GetTextCharsetInfo
GetMapMode
SetRectRgn
DPtoLP
RealizePalette
SetPixel
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
GetRgnBox
OffsetRgn
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
Polyline
Polygon
CreatePolygonRgn
ExtTextOutW
PatBlt
GetTextColor
GetBkColor
Ellipse
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
CombineRgn
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW
SelectObject
CreateCompatibleDC
StretchBlt
GetTextExtentPoint32W
GetObjectW
DeleteObject
DeleteDC
GetStockObject
RoundRect
BitBlt
CreateSolidBrush

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegCreateKeyW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptGenRandom
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptHashData
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
CryptDestroyHash

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHGetFileInfoW
SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

StrTrimA
PathFindExtensionW
PathFindFileNameW
PathIsDirectoryW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

DrawThemeParentBackground
CloseThemeData
DrawThemeBackground
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeText
IsAppThemed
OpenThemeData
GetThemeColor
GetCurrentThemeName

ole32

CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
ReleaseStgMedium
CoCreateGuid
CoCreateInstance
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
CoInitializeEx
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRegisterMessageFilter
CoRevokeClassObject
CoUninitialize
CoGetClassObject

oleaut32

VariantInit
VariantChangeType
LoadTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
VariantClear
SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipCreateBitmapFromHBITMAP
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0

iphlpapi

GetAdaptersInfo

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1018KB - Virtual size: 1018KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c74f5a52261dfdd6f7b36cca11fd7afd

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ws2_32

wldap32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

iphlpapi

oleacc

imm32

winmm

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 1018KB - Virtual size: 1018KB

.data Size: 81KB - Virtual size: 132KB

.rsrc Size: 9.2MB - Virtual size: 9.2MB

.reloc Size: 269KB - Virtual size: 269KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 1018KB - Virtual size: 1018KB

.data
Size: 81KB - Virtual size: 132KB

.rsrc
Size: 9.2MB - Virtual size: 9.2MB

.reloc
Size: 269KB - Virtual size: 269KB