18ecad5142bc99e4059200d22ce7d01bb16f26765786e55b40136ba1701dda32

Sharing

Copy URL Twitter E-mail

General

Target

18ecad5142bc99e4059200d22ce7d01bb16f26765786e55b40136ba1701dda32
Size

7.7MB
MD5

44df668db3c5f83b364ae00af585e632
SHA1

3fa51e67898d5abb438bb781dafa8cf0fb8a76e2
SHA256

18ecad5142bc99e4059200d22ce7d01bb16f26765786e55b40136ba1701dda32
SHA512

145b7bb7782917ca9f3cb97461a979550f08277dfbc9a2d3e028a05c94c52bdd7d8c8bcd3a384890f29844757c699867ec6c22f77cc09ebbf2400d66bad5b302
SSDEEP

196608:Es2azKEmg1y61yL0tK/SKBFNyEhIpOtWPbVYKJh7fW:tPj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18ecad5142bc99e4059200d22ce7d01bb16f26765786e55b40136ba1701dda32

Files

18ecad5142bc99e4059200d22ce7d01bb16f26765786e55b40136ba1701dda32
.exe windows:6 windows x86 arch:x86

359ec3e0b04e22c62cf3c457d9cf5631

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAStartup
accept
listen
WSAGetLastError
ntohl
inet_addr
htons
setsockopt
socket
closesocket
send
recv
htonl
ntohs
bind

winmm

waveOutPrepareHeader
waveOutWrite
waveOutSetVolume
waveOutReset
waveOutUnprepareHeader
PlaySoundA
mixerGetLineControlsA
mixerSetControlDetails
mixerOpen
mixerGetDevCapsA
mixerGetLineInfoA
waveOutClose
waveOutOpen
mixerGetControlDetailsA

gdiplus

GdiplusStartup
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipSetInterpolationMode
GdipDrawImageI
GdiplusShutdown
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipDrawImageRectI
GdipBitmapUnlockBits

d3d9

Direct3DCreate9

d3dx9_42

D3DXCreateLine
D3DXCreateSprite
D3DXMatrixTransformation2D
D3DXCreateFontA
D3DXSaveSurfaceToFileA
D3DXCreateFontW

crtdll

_close
_fdopen
_hypot
_isatty
_read

kernel32

lstrcmpiA
GetVolumeInformationA
GetThreadLocale
SuspendThread
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalFlags
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetEndOfFile
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
GetFileAttributesA
GetFileAttributesExA
GetFileSizeEx
GetFileTime
SetErrorMode
GetCurrentDirectoryA
lstrcpyA
VerSetConditionMask
VerifyVersionInfoA
GetTempFileNameA
GetUserDefaultLCID
GetTempPathA
GetProfileIntA
SearchPathA
VirtualProtect
FindResourceExW
HeapAlloc
HeapFree
ExitThread
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCommandLineA
IsProcessorFeaturePresent
HeapReAlloc
CreateFileW
GetFileType
RaiseException
RtlUnwind
VirtualQuery
IsDebuggerPresent
HeapSize
HeapQueryInformation
SetStdHandle
GetProcessHeap
GetConsoleCP
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
IsValidCodePage
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
OutputDebugStringW
WriteConsoleW
IsValidLocale
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
LCMapStringW
SetEnvironmentVariableA
LockFile
GetFullPathNameA
FlushFileBuffers
FindFirstFileA
FindClose
CompareStringA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetVersion
GetFileAttributesW
SetLastError
CopyFileA
GlobalSize
GetModuleFileNameA
GetCurrentProcessId
IsDBCSLeadByteEx
GetSystemTimeAsFileTime
GetACP
VirtualAlloc
VirtualFree
MultiByteToWideChar
GetProcessAffinityMask
GetCurrentProcess
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
FileTimeToSystemTime
GetSystemInfo
GetOverlappedResult
CancelIo
DeviceIoControl
MulDiv
GetCurrentThread
GetThreadPriority
LocalLock
LocalAlloc
LocalUnlock
InitializeCriticalSectionEx
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
GetVersionExA
OpenEventA
lstrcpynA
lstrlenA
lstrcmpA
InterlockedExchange
GetFileSize
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
LocalFree
FormatMessageA
FreeResource
CreateThread
GetSystemTime
SystemTimeToFileTime
GetLocalTime
FindResourceA
GetLastError
ReadFile
Sleep
GetTickCount
ResumeThread
SetThreadPriority
SetFilePointer
SetEvent
WaitForSingleObject
CreateEventA
OutputDebugStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileA
WriteFile
CloseHandle
CreateFileA
GlobalReAlloc
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
DuplicateHandle
GlobalGetAtomNameA
UnlockFile
GlobalHandle

user32

LoadImageA
DrawIconEx
GetIconInfo
GetAsyncKeyState
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
BringWindowToTop
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
InsertMenuItemA
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatA
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
LoadImageW
DrawFrameControl
UnionRect
IsMenu
UpdateLayeredWindow
MonitorFromPoint
TrackMouseEvent
GetComboBoxInfo
IsZoomed
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
SetParent
GetKeyboardState
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
DestroyAcceleratorTable
SetCursorPos
LockWindowUpdate
SetClassLongA
GetDoubleClickTime
SetMenuDefaultItem
ModifyMenuA
CharUpperBuffA
FrameRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
GetUpdateRect
SubtractRect
CreateMenu
DestroyCursor
GetWindowRgn
WaitMessage
MessageBeep
IsClipboardFormatAvailable
CopyImage
UnregisterClassA
GetSysColorBrush
RealChildWindowFromPoint
IntersectRect
InflateRect
GetMenuItemInfoA
DestroyMenu
ShowOwnedPopups
GetMessageA
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
CharUpperA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
SetDlgItemTextA
MoveWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
SetWindowsHookExA
GetWindow
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
SetRectEmpty
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
CreateWindowExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
CopyRect
MapVirtualKeyA
GetKeyNameTextA
IsWindow
UnhookWindowsHookEx
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringA
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxA
IsWindowEnabled
FillRect
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
GetMonitorInfoA
MonitorFromWindow
SetRect
PostThreadMessageA
GetNextDlgGroupItem
DrawFocusRect
DrawEdge
WindowFromPoint
GetCapture
GetWindowLongA
CopyIcon
CloseWindow
SystemParametersInfoA
UpdateWindow
KillTimer
GetSubMenu
LoadMenuW
SetWindowRgn
DrawIcon
IsIconic
AppendMenuA
GetSystemMenu
ShowWindow
FindWindowA
GetCursorPos
GetSystemMetrics
GetSysColor
LoadIconW
DispatchMessageA
TranslateMessage
PeekMessageA
SetTimer
ReleaseDC
RedrawWindow
SetForegroundWindow
GetDC
IsRectEmpty
ScreenToClient
ClientToScreen
GetWindowRect
LoadCursorA
OffsetRect
GetClientRect
SetCursor
ReleaseCapture
GetParent
PostMessageA
SendMessageA
SetCapture
InvalidateRect
EnableWindow
PtInRect
LoadBitmapW
GetMenuDefaultItem
CreatePopupMenu
DestroyIcon
InvalidateRgn
CopyAcceleratorTableA
CharNextA
EqualRect
LoadCursorW
GetClassInfoExA
DeleteMenu

gdi32

CreateRectRgn
CombineRgn
GetBitmapBits
CreateBitmap
GetPixel
CreatePen
CreatePatternBrush
Escape
ExcludeClipRect
GetClipBox
CreateHatchBrush
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
ExtSelectClipRgn
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileA
CreateRectRgnIndirect
PatBlt
CreateFontIndirectA
GetTextExtentPoint32A
Rectangle
SetRectRgn
DPtoLP
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
GetNearestPaletteIndex
GetPaletteEntries
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
EnumFontFamiliesExA
OffsetRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceA
SetTextAlign
SetTextColor
CreateRoundRectRgn
CreateSolidBrush
CreatePalette
GetSystemPaletteEntries
RealizePalette
SelectPalette
CreateDCA
DeleteDC
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
DeleteObject
GetStockObject
BitBlt
StretchBlt
CreateCompatibleDC
SelectClipRgn
GetMapMode
GetObjectA

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegCloseKey
RegQueryValueExA

shell32

DragQueryFileA
ShellExecuteA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHAppBarMessage
SHGetFileInfoA
DragFinish

comctl32

_TrackMouseEvent

shlwapi

PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindFileNameA
PathFindExtensionA
StrFormatKBSizeA

uxtheme

GetWindowTheme
GetThemeSysColor
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
DrawThemeText

ole32

CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoInitializeEx
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
StgOpenStorageOnILockBytes
CoCreateInstance
CoGetClassObject

oleaut32

SysAllocStringByteLen
SysAllocStringLen
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
SysAllocString
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
VariantClear
VariantChangeType
SafeArrayDestroy
SysStringLen

oledlg

ord8

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Exports

Exports

HI_VOICE_DecReset
HI_VOICE_DecodeFrame
HI_VOICE_EncReset
HI_VOICE_EncodeFrame
HI_VOICE_GetVersion
HI_VOICE_TransCodeFrame
HI_VOICE_TransCodeReset

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text.un
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.drectve
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_i
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_r
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_s
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_f
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_p
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_p
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 509KB - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

359ec3e0b04e22c62cf3c457d9cf5631

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winmm

gdiplus

d3d9

d3dx9_42

crtdll

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

oleacc

imm32

Exports

Exports

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.text.un Size: 103KB - Virtual size: 103KB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 39KB - Virtual size: 1.1MB

.eh_fram Size: 219KB - Virtual size: 219KB

.drectve Size: 2KB - Virtual size: 2KB

.rodata Size: 3KB - Virtual size: 2KB

.debug_i Size: 145KB - Virtual size: 144KB

.debug_a Size: 7KB - Virtual size: 6KB

.debug_l Size: 136KB - Virtual size: 135KB

.debug_a Size: 1024B - Virtual size: 736B

.debug_r Size: 15KB - Virtual size: 15KB

.debug_l Size: 29KB - Virtual size: 29KB

.debug_s Size: 1024B - Virtual size: 702B

.debug_f Size: 3KB - Virtual size: 3KB

.debug_p Size: 1KB - Virtual size: 1KB

.debug_p Size: 1KB - Virtual size: 1KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 509KB - Virtual size: 509KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.text.un
Size: 103KB - Virtual size: 103KB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 39KB - Virtual size: 1.1MB

.eh_fram
Size: 219KB - Virtual size: 219KB

.drectve
Size: 2KB - Virtual size: 2KB

.rodata
Size: 3KB - Virtual size: 2KB

.debug_i
Size: 145KB - Virtual size: 144KB

.debug_a
Size: 7KB - Virtual size: 6KB

.debug_l
Size: 136KB - Virtual size: 135KB

.debug_a
Size: 1024B - Virtual size: 736B

.debug_r
Size: 15KB - Virtual size: 15KB

.debug_l
Size: 29KB - Virtual size: 29KB

.debug_s
Size: 1024B - Virtual size: 702B

.debug_f
Size: 3KB - Virtual size: 3KB

.debug_p
Size: 1KB - Virtual size: 1KB

.debug_p
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 509KB - Virtual size: 509KB