35639ac849049457746603297e08901b2edefa1d4b5ae985428e50f43a962714

Sharing

Copy URL Twitter E-mail

General

Target

35639ac849049457746603297e08901b2edefa1d4b5ae985428e50f43a962714
Size

2.1MB
MD5

cbf64f25ae9ddf8354a3118865058e79
SHA1

7076328a7073fccb54fc9e811111dc151d98e36d
SHA256

35639ac849049457746603297e08901b2edefa1d4b5ae985428e50f43a962714
SHA512

251edfe6c6966ad5a03852f4730010f11f50f7f0ec9e4670b2e0414e9d33d5c648126d3245cbd92638d0660427bfb40562aae65f45d36b320a40d06892f2dc97
SSDEEP

49152:Du4wAo3e8rhQgiDN6L5tj1XUNgASK4CTfVf1WZ62IsD/bP7T1wikfUqO:D0FGZ/sDDGl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35639ac849049457746603297e08901b2edefa1d4b5ae985428e50f43a962714

Files

35639ac849049457746603297e08901b2edefa1d4b5ae985428e50f43a962714
.dll windows:5 windows x86 arch:x86

0c33ea2749a5a593b18424d15c323e4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlCaptureStackBackTrace
IsBadReadPtr
GetModuleHandleA
LoadLibraryA
GetVersionExA
GetModuleHandleW
GetVersionExW
GetTickCount
MulDiv
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentProcess
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
FlushInstructionCache
GetFileAttributesW
FindFirstFileW
GetFullPathNameW
FindResourceW
FindClose
SizeofResource
LoadResource
SetLastError
LockResource
FreeResource
MultiByteToWideChar
GetLastError
SetEndOfFile
HeapSize
WriteConsoleW
CreateFileW
FlushFileBuffers
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetProcessHeap
SetConsoleCtrlHandler
OutputDebugStringA
DecodePointer
SetStdHandle
GetConsoleCP
WriteFile
SetFilePointerEx
ReadConsoleW
GetConsoleMode
HeapReAlloc
GetStringTypeW
MoveFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
ReadFile
GetFileAttributesExW
RaiseException
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
EncodePointer
OutputDebugStringW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
WideCharToMultiByte
GetPrivateProfileStringW
GetLocalTime
GetCurrentThreadId
FreeLibrary
GetCurrentProcessId
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateDirectoryW
lstrcpyW
InterlockedIncrement
Sleep
WaitForSingleObject
CloseHandle
CreateThread
SetEvent
SetCurrentDirectoryW
GetModuleFileNameW
InterlockedDecrement
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalUnlock
lstrlenA
GlobalLock
GlobalAlloc
LocalFree
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageW
TryEnterCriticalSection
GetNativeSystemInfo
GetExitCodeThread
CreateEventW
GetProcAddress
GetTimeZoneInformation
LoadLibraryW
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle

user32

MessageBoxW
DestroyWindow
SetForegroundWindow
SetWindowPos
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
SetFocus
GetCapture
PostMessageW
LoadCursorW
TrackMouseEvent
DestroyCursor
LoadImageW
CreateIconFromResource
AttachThreadInput
GetForegroundWindow
ReleaseDC
GetDC
MonitorFromRect
GetWindowRect
IsWindow
EnumWindows
IsWindowVisible
SendMessageW
LoadBitmapW
GetWindowThreadProcessId
FindWindowW
PostQuitMessage
EqualRect
SetCapture
MsgWaitForMultipleObjects
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
CheckMenuItem
DestroyMenu
CreatePopupMenu
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
GetWindowPlacement
GetSystemMetrics
GetSysColor
EnableMenuItem
ClientToScreen
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadIconW
GetIconInfo
OffsetRect
CharNextW
PtInRect
DrawIconEx
SetRect
SetCursor
GetKeyState
GetFocus
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
EnableWindow
GetWindow
MapWindowPoints
GetActiveWindow
GetDlgItem
CreateWindowExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
GetMonitorInfoW
MonitorFromWindow
DestroyIcon
GetClassNameW
GetParent
SetWindowLongW
GetWindowLongW
IsRectEmpty
UnionRect
IntersectRect
InflateRect
CopyRect
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
GetCursorPos
GetClientRect
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
KillTimer
SetTimer
ReleaseCapture
FillRect
InvertRect
ShowWindow

gdi32

CreatePen
GetCurrentObject
Polyline
ExtCreatePen
SetViewportOrgEx
CreateCompatibleBitmap
StretchBlt
GetDCOrgEx
GetObjectW
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
CreateRoundRectRgn
EnumFontsW
DeleteObject
BitBlt
GetDeviceCaps
CreateDIBSection
Arc
CombineRgn
CreateEllipticRgnIndirect
GetViewportOrgEx
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
Ellipse
ExcludeClipRect
GetClipRgn
GetRgnBox
GetTextColor
GetTextExtentPoint32W
IntersectClipRect
OffsetRgn
Pie
PtInRegion
RectInRegion
RestoreDC
RoundRect
SaveDC
ExtSelectClipRgn
SetRectRgn
SetROP2
SetTextColor
GetWorldTransform
SetWorldTransform

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
ShellExecuteW

ole32

OleUninitialize
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CreateBindCtx
CreateStreamOnHGlobal
OleInitialize
CoCreateInstance

oleaut32

VariantClear
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocString
SysFreeString
VariantChangeType
VariantInit

shlwapi

StrToIntExW
PathFileExistsW
PathIsRootW
PathRemoveBackslashW
PathRemoveFileSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipGraphicsClear
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown

msimg32

GradientFill
AlphaBlend

Exports

Exports

CheckAppStart
GetCreateIcon
GetInstallPath
GetMyTempInfo
SetInstallDate
SetIsInstalled
SetSetupInstallPath
SetupInit
SetupUninit
SetupWaitCompleted
SetupWaitUserAction
UninstallComplete
UpdateProgress

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 485KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c33ea2749a5a593b18424d15c323e4c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

version

imm32

gdiplus

msimg32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 322KB - Virtual size: 322KB

.data Size: 34KB - Virtual size: 105KB

.rsrc Size: 485KB - Virtual size: 485KB

.reloc Size: 84KB - Virtual size: 83KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 322KB - Virtual size: 322KB

.data
Size: 34KB - Virtual size: 105KB

.rsrc
Size: 485KB - Virtual size: 485KB

.reloc
Size: 84KB - Virtual size: 83KB