4b4d68a24aa82656e001505ca40dd9fd89144942988ddf9ba48560f8edc0df59

Sharing

Copy URL Twitter E-mail

General

Target

4b4d68a24aa82656e001505ca40dd9fd89144942988ddf9ba48560f8edc0df59
Size

1.5MB
MD5

2d13182001a385ab8ba0607b115dbbd9
SHA1

7a15e78357382a31b373b8dbb4b046c76421f674
SHA256

4b4d68a24aa82656e001505ca40dd9fd89144942988ddf9ba48560f8edc0df59
SHA512

48bf8be86d1c7ecd2d75f3775bab39e2156c89dfaa10695cf7d35afce094455e97a7fe8e93c9d798a368926c21d4a70bba7a17a5b697b1c0676a7acdc1d080d1
SSDEEP

49152:haV49B9gOUOgJEggggM/cy0ltShIkcpk6leiE3Cbm:TwOgJt10ltShgkCNm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b4d68a24aa82656e001505ca40dd9fd89144942988ddf9ba48560f8edc0df59

Files

4b4d68a24aa82656e001505ca40dd9fd89144942988ddf9ba48560f8edc0df59
.exe windows:5 windows x86 arch:x86

faa5877324960d0d66a170afb89d8ba5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
SetErrorMode
GlobalFree
DeviceIoControl
GetSystemDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
WriteConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
FlushFileBuffers
GetStdHandle
GetModuleHandleExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileType
GetTimeZoneInformation
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
MoveFileExW
CreateFileA
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceCounter
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
SetLastError
EncodePointer
GetStringTypeW
TryEnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
VirtualQuery
FindNextFileW
MoveFileW
DeleteFileW
QueryDepthSList
FindClose
GetTempPathW
TerminateProcess
GetCurrentProcess
LocalAlloc
GetCommandLineW
GetModuleHandleA
lstrcpyW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
lstrcpynW
GetLocalTime
GlobalAlloc
GetFileAttributesW
CreateDirectoryW
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFilePointer
WriteFile
MulDiv
GetCurrentProcessId
OpenProcess
ExitProcess
MultiByteToWideChar
GetACP
WideCharToMultiByte
CreateFileW
GetCurrentDirectoryW
GetModuleHandleW
lstrlenW
ReadFile
GetFileSize
GlobalUnlock
GlobalLock
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetTickCount
CreateThread
TerminateThread
FindResourceExW
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExW
HeapReAlloc
HeapSize
HeapDestroy
GetModuleFileNameW
SetFileAttributesW
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
CopyFileW
GetCurrentThreadId
Sleep
SetEvent
OpenEventW
CloseHandle
CreateEventW
WaitForSingleObject
LocalFree
GetLastError
FormatMessageW
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedFlushSList

user32

GetKeyboardLayout
GetKeyNameTextW
GetGUIThreadInfo
InvalidateRgn
TranslateMessage
GetMessageW
wsprintfW
PostMessageW
PostQuitMessage
DefWindowProcW
SetWindowPos
DestroyIcon
DrawIconEx
SetForegroundWindow
CreateAcceleratorTableW
DrawTextA
wsprintfA
IsWindowEnabled
DispatchMessageW
SendMessageW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
SetFocus
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
GetClientRect
GetWindowRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadCursorW
LoadImageW
MonitorFromWindow
GetMonitorInfoW
DestroyWindow
IsWindowVisible
IsIconic
IsZoomed
CharNextW
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
IsRectEmpty
PtInRect
SetCursor
InflateRect
MapVirtualKeyExW
PrivateExtractIconsW
ShowWindow
SetWindowRgn
MessageBoxW
UpdateLayeredWindow
ClientToScreen
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
UpdateWindow

gdi32

GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
GetClipBox
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
CreateDIBSection
GdiFlush

advapi32

LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
GetUserNameW
RegOpenKeyExW
RegSetValueExW

shell32

SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW
DragQueryFileW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

shlwapi

PathCombineW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsW

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

gdiplus

GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCreateFromHDC
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipMeasureString
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
ord1
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

ws2_32

gethostname
gethostbyname
WSAStartup

psapi

GetProcessImageFileNameW
EnumProcesses

dbghelp

MiniDumpWriteDump

winhttp

WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpConnect

Sections

.text
Size: 1024KB - Virtual size: 1023KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

faa5877324960d0d66a170afb89d8ba5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

imm32

ws2_32

psapi

dbghelp

winhttp

Sections

.text Size: 1024KB - Virtual size: 1023KB

.rdata Size: 195KB - Virtual size: 194KB

.data Size: 15KB - Virtual size: 30KB

.rsrc Size: 186KB - Virtual size: 186KB

.reloc Size: 113KB - Virtual size: 116KB

.text
Size: 1024KB - Virtual size: 1023KB

.rdata
Size: 195KB - Virtual size: 194KB

.data
Size: 15KB - Virtual size: 30KB

.rsrc
Size: 186KB - Virtual size: 186KB

.reloc
Size: 113KB - Virtual size: 116KB