c43cafe67bd9a36b460353f9aba700a3b2e278bcbf35ec7d85cff73bb2966ebc

Sharing

Copy URL Twitter E-mail

General

Target

c43cafe67bd9a36b460353f9aba700a3b2e278bcbf35ec7d85cff73bb2966ebc
Size

10.0MB
MD5

a62af4825d411076b3482483e7ef1e41
SHA1

5935abf85e720fef5aba6ab1d00dfd95b259e04c
SHA256

c43cafe67bd9a36b460353f9aba700a3b2e278bcbf35ec7d85cff73bb2966ebc
SHA512

c44cbfccac07b109154847d5b3341133c7d17c95a05ebba355d27e4babaaad732bd3d6e66d37866019b9a31b5c30cd617f5f470f4cb13cc7d4548a0f0b569ee6
SSDEEP

196608:HlmOBED8/TpBhT8p7UtHJjTytBOaq0QT0TJu3o1ccSBX1f7Nu/6M1SzRZ8:HlmOBEITlCUTjTDaVZg3accST7Nu/6NM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c43cafe67bd9a36b460353f9aba700a3b2e278bcbf35ec7d85cff73bb2966ebc

Files

c43cafe67bd9a36b460353f9aba700a3b2e278bcbf35ec7d85cff73bb2966ebc
.exe windows:6 windows x86 arch:x86

a1e052ec74e0065d7534a3444a15a909

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
SetFileTime
SetFilePointer
ReadFile
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
WritePrivateProfileStringW
lstrcpyW
OpenProcess
GetCurrentThreadId
TerminateProcess
Sleep
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
RaiseException
DecodePointer
OutputDebugStringW
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetLogicalDriveStringsW
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetStringTypeW
FormatMessageW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileAttributesW
SetFilePointerEx
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
GetCPInfo
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetACP
GetFileSize
LoadLibraryW
GlobalUnlock
GlobalLock
lstrlenW
ExitProcess
MulDiv
LocalFree
GetCurrentProcessId
GetVersionExW
GlobalAlloc
GetLocalTime
lstrcmpiW
lstrcpynW
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
MoveFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
ResumeThread
GetModuleHandleExW
SetEnvironmentVariableW
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetTimeZoneInformation
GetConsoleMode
ReadConsoleW
FlushFileBuffers
GetConsoleCP
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
GetDriveTypeW
DeleteFileW
CreateDirectoryW
GetUserDefaultUILanguage
GetPrivateProfileStringW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FreeResource
CloseHandle
WriteFile
GetShortPathNameW
CreateFileW

user32

SetPropW
GetPropW
SetWindowRgn
MessageBoxW
EqualRect
UpdateLayeredWindow
MoveWindow
IsWindowEnabled
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
UpdateWindow
SetWindowTextW
EnableWindow
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
GetFocus
GetActiveWindow
SetFocus
CharNextW
IsZoomed
IsIconic
DestroyWindow
IsWindow
CreateWindowExW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
UnionRect
InflateRect
SetCursor
SetCapture
ReleaseCapture
GetDC
ReleaseDC
GetSystemMetrics
GetClassInfoExW
RegisterClassExW
RegisterClassW
GetWindowTextW
wsprintfW
ShowWindow
PostMessageW
PostQuitMessage
CallWindowProcW
DefWindowProcW
LoadImageW
GetWindow
PtInRect
IsRectEmpty
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
GetParent
OffsetRect
GetWindowRect
SetWindowPos
SetWindowLongW
GetWindowLongW
GetCursorPos
IsWindowVisible
SetTimer
KillTimer
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetKeyState

gdi32

Rectangle
RestoreDC
SaveDC
SelectObject
CloseEnhMetaFile
CreateCompatibleBitmap
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CreateRectRgn
PtInRegion
CreateDIBSection
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
AddFontMemResourceEx
GetClipBox
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
SetViewportOrgEx
GetLayout
SetLayout
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
RemoveFontMemResourceEx
CreateCompatibleDC
GetCharABCWidthsW
BitBlt
SetBitmapBits

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW

shell32

DragQueryFileW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHBrowseForFolderW
ShellExecuteW
ShellExecuteExW

ole32

DoDragDrop
OleDuplicateData
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
OleLockRunning

shlwapi

PathIsRootW
PathRemoveBackslashW
PathRemoveFileSpecW
PathFileExistsW

ws2_32

gethostname
gethostbyname
WSAStartup

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipDrawImageRectI
GdipGetPropertyItem
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipAddPathArc
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 877KB - Virtual size: 877KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50.5MB - Virtual size: 50.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1e052ec74e0065d7534a3444a15a909

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

ws2_32

oleaut32

comctl32

gdiplus

imm32

Sections

.text Size: 877KB - Virtual size: 877KB

.rdata Size: 211KB - Virtual size: 211KB

.data Size: 15KB - Virtual size: 23KB

.rsrc Size: 50.5MB - Virtual size: 50.5MB

.reloc Size: 50KB - Virtual size: 50KB

.text
Size: 877KB - Virtual size: 877KB

.rdata
Size: 211KB - Virtual size: 211KB

.data
Size: 15KB - Virtual size: 23KB

.rsrc
Size: 50.5MB - Virtual size: 50.5MB

.reloc
Size: 50KB - Virtual size: 50KB