6882b62f12a3c0867a384be14a1e6a25570ee8d7b33bff5c758a8ee8037b5008

Sharing

Copy URL Twitter E-mail

General

Target

6882b62f12a3c0867a384be14a1e6a25570ee8d7b33bff5c758a8ee8037b5008
Size

10.0MB
MD5

0d13b51c573b06ed8d5e20de0deb269a
SHA1

83df0532db0b1dc48036e8480397e3f96890e4c9
SHA256

6882b62f12a3c0867a384be14a1e6a25570ee8d7b33bff5c758a8ee8037b5008
SHA512

6b3ebf80f415246e72b22d6145a5c2062ae0c4e40f0b2322a7c09589d46fe0ebf6c036eed783d1cd82ea7d23bb62e7b399a34cfc131f06f66ee095dda539a805
SSDEEP

196608:1ZEIxkDzgzn8foJTRu39vcY5wBg+xdMrWqRTbRgkW:1iq8MT8fqlM5wqSirWqRTdtW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6882b62f12a3c0867a384be14a1e6a25570ee8d7b33bff5c758a8ee8037b5008

Files

6882b62f12a3c0867a384be14a1e6a25570ee8d7b33bff5c758a8ee8037b5008
.exe windows:5 windows x86

7027f04e0a57211919e61927e52a7193

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohs
setsockopt
WSACleanup
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostbyname
WSAStartup
inet_ntoa
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
WSAIoctl
recv
gethostname

kernel32

IsValidCodePage
GetOEMCP
FindFirstFileExW
HeapReAlloc
lstrcpyW
WideCharToMultiByte
GetNativeSystemInfo
Process32FirstW
GlobalAlloc
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WriteFile
CreateProcessW
GetProcAddress
CloseHandle
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
GetStartupInfoW
GetDriveTypeW
CopyFileW
DeleteFileW
MultiByteToWideChar
GetLogicalDrives
MoveFileW
GetTickCount
GetModuleHandleW
lstrcatW
WaitForSingleObject
GetTempPathW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
GetLastError
FreeResource
CreateMutexW
GetCommandLineW
SizeofResource
GetModuleFileNameA
OutputDebugStringA
GetFileAttributesExW
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
GetTimeZoneInformation
HeapSize
WriteConsoleW
FlushFileBuffers
GetFullPathNameW
ReadConsoleW
SetStdHandle
SetEnvironmentVariableA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FormatMessageW
FreeLibrary
LoadLibraryW
VirtualAlloc
VirtualFree
VirtualProtect
HeapAlloc
HeapFree
GetProcessHeap
LoadLibraryA
IsBadReadPtr
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
GetFileInformationByHandle
GetStdHandle
GetCurrentProcessId
GetSystemDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
SetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
InitializeCriticalSection
SleepEx
VerSetConditionMask
VerifyVersionInfoW
WaitForMultipleObjects
GetFileType
PeekNamedPipe
ExpandEnvironmentStringsA
FormatMessageA
GlobalLock
GlobalUnlock
lstrlenW
GetACP
ExitProcess
MulDiv
SystemTimeToFileTime
LocalFileTimeToFileTime
LocalFree
DecodePointer
RaiseException
GetLocalTime
lstrcpynW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetStringTypeW
CompareStringW
LCMapStringW
FreeEnvironmentStringsW

user32

DestroyWindow
IsWindowVisible
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetParent
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
IsWindow
GetPropW
LoadCursorW
SetCursor
InflateRect
SetWindowRgn
MessageBoxW
UpdateLayeredWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
EnableMenuItem
AppendMenuW
TrackPopupMenu
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
IsWindowEnabled
EqualRect
SetWindowTextW
DestroyMenu
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
SetTimer
MoveWindow
KillTimer
PostMessageW
ShowWindow
FindWindowW
SetForegroundWindow
CreateWindowExW
SetWindowPos
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
GetWindowRect
SetWindowLongW
GetWindowLongW
GetShellWindow
GetWindowThreadProcessId
wsprintfW
CreatePopupMenu
AttachThreadInput
GetForegroundWindow
SetPropW
GetWindowTextW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
OpenProcessToken
DuplicateTokenEx
CryptImportKey
CryptEncrypt
RegCloseKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

shell32

CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
DragQueryFileW

ole32

CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

PathFindFileNameW
PathAddBackslashW
PathRemoveFileSpecW
PathIsRootW
PathRemoveBackslashW
PathFileExistsW

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wldap32

ord167
ord133
ord147
ord142
ord79
ord127
ord27
ord26
ord118
ord41
ord208
ord216
ord14
ord46
ord219
ord145
ord301

gdi32

CreateDIBSection
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
PtInRegion
GetObjectW
SetTextColor
GetObjectA
TextOutW
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
CreateRectRgn
CreateRoundRectRgn
StretchBlt
SetWindowOrgEx
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
BitBlt
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantClear

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateTexture
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipFillPath
GdipCreateSolidFill
GdipCreateLineBrushFromRect
GdipSetLinePresetBlend
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

Sections

.text
Size: 934KB - Virtual size: 934KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14.7MB - Virtual size: 14.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7027f04e0a57211919e61927e52a7193

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

shlwapi

iphlpapi

version

wldap32

gdi32

oleaut32

comctl32

gdiplus

imm32

Sections

.text Size: 934KB - Virtual size: 934KB

.rdata Size: 228KB - Virtual size: 228KB

.data Size: 14KB - Virtual size: 22KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 14.7MB - Virtual size: 14.7MB

.reloc Size: 53KB - Virtual size: 53KB

.text
Size: 934KB - Virtual size: 934KB

.rdata
Size: 228KB - Virtual size: 228KB

.data
Size: 14KB - Virtual size: 22KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 14.7MB - Virtual size: 14.7MB

.reloc
Size: 53KB - Virtual size: 53KB