71b7e1295ff7d5c0714d647264db59f092e99e8e9c194f865b05132c30b78bf6

Sharing

Copy URL

Twitter E-mail

General

Target

71b7e1295ff7d5c0714d647264db59f092e99e8e9c194f865b05132c30b78bf6
Size

4.9MB
MD5

cb16e81733f5d4bc2e7cc85fd78d6212
SHA1

34b732c2e805eeaeef05d1daf13691450456af46
SHA256

71b7e1295ff7d5c0714d647264db59f092e99e8e9c194f865b05132c30b78bf6
SHA512

067ff49f56a3ece0589117c5e6e7d826dbcebb4a5792bbfb86c610ff194b156a51ba21bfb68e718a5e9cf6e416666104b3afbd57da24b8d1c0a8e96b8988fd67
SSDEEP

98304:GyQllJ6bh8FzgCUMy9eW1BXBBImmBSq7Nmhv4eUov:vQljCCHyD1fjaAGeP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71b7e1295ff7d5c0714d647264db59f092e99e8e9c194f865b05132c30b78bf6

Files

71b7e1295ff7d5c0714d647264db59f092e99e8e9c194f865b05132c30b78bf6
.exe windows:5 windows x86

05f329108e21311616be2755dcc0300f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMenuItemCount
AppendMenuW
TrackPopupMenu
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
MsgWaitForMultipleObjects
GetCaretBlinkTime
CreateCaret
GetCursorPos
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
IsWindowVisible
GetSystemMetrics
GetSysColor
DestroyMenu
CreatePopupMenu
SetCapture
GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
EnableMenuItem
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
SetWindowLongW
MapWindowPoints
GetWindowRect
GetClientRect
GetActiveWindow
IsWindowEnabled
SetWindowPos
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetWindowLongW
GetFocus
SetFocus
DestroyIcon
CharNextW
PtInRect
EqualRect
IsRectEmpty
UnionRect
IntersectRect
CopyRect
SetCursor
KillTimer
SetTimer
DestroyWindow
IsWindow
DestroyCursor
LoadCursorW
GetKeyState
SetForegroundWindow
GetForegroundWindow
UnregisterClassW
wsprintfW
GetIconInfo
DrawIconEx
OffsetRect
InflateRect
ReleaseDC
GetDC
ClientToScreen
PeekMessageW
SystemParametersInfoW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
DispatchMessageW
TranslateMessage
GetMessageW
LoadImageW
CreateIconFromResource
LoadBitmapW
GetClassNameW
IsMenu
GetDlgItem
UpdateLayeredWindow
ScreenToClient
SetCaretPos
TrackMouseEvent
HideCaret
SendMessageW
SetWindowTextW
ShowWindow
PostQuitMessage
SetRect
PostMessageW

ole32

OleLockRunning
CLSIDFromString
CLSIDFromProgID
CreateBindCtx
CoInitializeEx
CoUninitialize
CoCreateInstance
CoCreateGuid
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitialize

shlwapi

StrToIntExW
PathFileExistsW

gdiplus

GdipGetImageEncodersSize
GdipDrawImageRectI
GdipGraphicsClear
GdipSaveImageToFile
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImageEncoders
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipAlloc
GdipFree
GdiplusStartup
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown

gdi32

ExtCreateRegion
CreateFontIndirectW
IntersectClipRect
SelectClipRgn
SelectObject
CreateDIBSection
GetObjectW
SetViewportOrgEx
DeleteObject
BitBlt
GetTextMetricsW
SetWorldTransform
ExtTextOutW
GetTextFaceW
GdiFlush
DeleteDC
CreateCompatibleDC
EnumFontsW
SetGraphicsMode
CreateRoundRectRgn
CreateBitmap
GetDeviceCaps
CreateSolidBrush
GetStockObject
Rectangle
SetBkMode
SetTextAlign
StretchBlt
GetCurrentObject
GetViewportOrgEx
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextColor
GetRegionData

wininet

InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetSetOptionW
InternetQueryOptionW
HttpQueryInfoW
InternetOpenW

kernel32

DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleW
SetCurrentDirectoryW
GetTempPathW
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
MulDiv
GetLastError
MultiByteToWideChar
GetVersionExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetLongPathNameW
DeleteFileW
GetTempFileNameW
CopyFileW
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
LocalFree
GetSystemInfo
GetSystemDirectoryW
GetVolumeInformationW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
FindClose
lstrcpyW
FindFirstFileW
FindNextFileW
ReleaseMutex
CreateMutexW
CreateDirectoryW
GetFileAttributesExW
MoveFileExW
RemoveDirectoryW
GlobalFree
LocalAlloc
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FileTimeToSystemTime
LeaveCriticalSection
SetPriorityClass
HeapCreate
FlushInstructionCache
GetFullPathNameW
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
GetLocalTime
GetVersionExA
GetModuleHandleA
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryA
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
VirtualProtect
VirtualFree
VirtualAlloc
GetFileAttributesW
CreateFileW
OutputDebugStringA
LoadLibraryW
GetTickCount
CloseHandle
ReadFile
WriteFile
GetFileSize
Sleep
GetProcAddress
GetCurrentDirectoryW
SetConsoleMode
ReadConsoleInputA
SystemTimeToTzSpecificLocalTime
lstrlenA
CreateFileMappingW
GetDriveTypeW
SystemTimeToFileTime
GetSystemTime
EnterCriticalSection
InitializeCriticalSection
DeviceIoControl
CreateThread
GlobalMemoryStatus
FlushConsoleInputBuffer
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
GetFileAttributesExA
ResetEvent
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
FreeLibrary
RtlUnwind
ExitThread
GetModuleHandleExW
GetStdHandle
ExitProcess
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
SetEndOfFile
InterlockedCompareExchange
GetFileInformationByHandle
GetFileSizeEx
MapViewOfFile
UnmapViewOfFile

advapi32

RegSetValueExW
OpenProcessToken
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RevertToSelf
ImpersonateLoggedOnUser
RegEnumKeyW
RegOpenKeyW
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
DuplicateTokenEx
RegOpenKeyExW
DeregisterEventSource
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA

shell32

ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW

imm32

ImmAssociateContext
ImmReleaseContext
ImmGetContext

iphlpapi

GetAdaptersInfo

oleaut32

SysAllocString
SysFreeString
SysStringLen

wldap32

ord50
ord143
ord217
ord46
ord211
ord60
ord301
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord200
ord30
ord79

ws2_32

htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
getservbyname
gethostbyname
htonl
shutdown
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
recv

crypt32

CertFindCertificateInStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 760KB - Virtual size: 759KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 103KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1014KB - Virtual size: 1016KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05f329108e21311616be2755dcc0300f

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

shlwapi

gdiplus

gdi32

wininet

kernel32

advapi32

shell32

imm32

iphlpapi

oleaut32

wldap32

ws2_32

crypt32

usp10

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 760KB - Virtual size: 759KB

.data Size: 103KB - Virtual size: 213KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1014KB - Virtual size: 1016KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 760KB - Virtual size: 759KB

.data
Size: 103KB - Virtual size: 213KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1014KB - Virtual size: 1016KB