0b2a536f359ef29ae2ed5bd0d490677f811d08114f66a634f9d1516a24f35181

Sharing

Copy URL

Twitter E-mail

General

Target

0b2a536f359ef29ae2ed5bd0d490677f811d08114f66a634f9d1516a24f35181
Size

1.8MB
MD5

8b29b17f6bedc6b7fab6bb9d57e3f22f
SHA1

a742e4ef1242d3373de85ba1ac458acb024e84f0
SHA256

0b2a536f359ef29ae2ed5bd0d490677f811d08114f66a634f9d1516a24f35181
SHA512

d7f726e17d8087f23c962820ecae8ef1a2e82edddf51d5874ee580ac6ffc4950d35cdd4ab1e3cf965f8943e07897566ec9358102832b8753a21b6d8a6133ea97
SSDEEP

49152:o6eION6cQMvFWIaNzz1koooooooooooooooooooooooooooooooomooooooooook:o6P4A3NvQ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b2a536f359ef29ae2ed5bd0d490677f811d08114f66a634f9d1516a24f35181

Files

0b2a536f359ef29ae2ed5bd0d490677f811d08114f66a634f9d1516a24f35181
.exe windows:4 windows x86 arch:x86

3f2c32e8c666821275933411e84e3546

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlEscapeA
PathFileExistsA
StrStrA
PathFindFileNameA
SHGetValueA
SHDeleteValueA
SHSetValueA
PathFindExtensionA
StrChrA
StrStrIA
SHDeleteKeyA
StrTrimA
PathRemoveBackslashA
PathRemoveFileSpecA
PathAddBackslashA
StrRChrA
PathIsURLA
StrNCatA
StrFormatByteSize64A

msimg32

GradientFill
AlphaBlend

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
HttpQueryInfoA
InternetSetCookieA
InternetGetCookieA
InternetQueryOptionA
InternetReadFile
InternetCrackUrlA
InternetCreateUrlA

mfc42

ord2642
ord5148
ord2122
ord556
ord2864
ord6111
ord4284
ord3317
ord3499
ord4224
ord6877
ord3874
ord4476
ord1899
ord3708
ord781
ord940
ord3093
ord3089
ord2582
ord4402
ord3640
ord693
ord4243
ord283
ord4220
ord2584
ord3654
ord2438
ord2863
ord1644
ord2587
ord4406
ord3394
ord3729
ord804
ord6215
ord4299
ord2086
ord6785
ord602
ord6907
ord3610
ord656
ord2289
ord861
ord2515
ord355
ord4278
ord1979
ord6385
ord665
ord5186
ord354
ord2452
ord3742
ord818
ord1270
ord1232
ord2299
ord5981
ord2297
ord2363
ord6197
ord6380
ord1768
ord3721
ord795
ord6453
ord6880
ord4496
ord3631
ord683
ord6007
ord3998
ord2080
ord1200
ord3226
ord3301
ord3286
ord2614
ord500
ord772
ord5860
ord3986
ord6142
ord2938
ord2298
ord6646
ord3019
ord2516
ord361
ord2513
ord293
ord1816
ord2645
ord1771
ord6366
ord2413
ord2024
ord4694
ord2581
ord4401
ord3639
ord692
ord3803
ord1834
ord4750
ord5016
ord4375
ord4852
ord4229
ord5232
ord1180
ord1176
ord1568
ord5268
ord4834
ord4608
ord4716
ord4607
ord4635
ord5067
ord2859
ord6569
ord6876
ord5601
ord5651
ord3127
ord3616
ord920
ord3810
ord350
ord1105
ord1929
ord809
ord6358
ord1088
ord3693
ord4133
ord4297
ord5788
ord3873
ord3876
ord5787
ord3797
ord6605
ord4123
ord2135
ord1949
ord3005
ord6270
ord668
ord3178
ord4058
ord2781
ord2770
ord356
ord2405
ord6178
ord1601
ord6170
ord4034
ord4202
ord2152
ord1233
ord2448
ord5834
ord2044
ord2567
ord2919
ord6378
ord926
ord398
ord913
ord3439
ord700
ord3452
ord4189
ord6379
ord802
ord542
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord4622
ord3738
ord815
ord561
ord2621
ord6438
ord1134
ord1223
ord1206
ord2725
ord5715
ord5289
ord3706
ord2089
ord4809
ord6762
ord3567
ord2754
ord2639
ord801
ord541
ord5861
ord5606
ord613
ord289
ord1570
ord1197
ord955
ord472
ord6883
ord2071
ord3185
ord3181
ord3287
ord2566
ord2116
ord6779
ord3903
ord2358
ord2362
ord793
ord790
ord616
ord3582
ord4398
ord2578
ord4218
ord2023
ord2411
ord3719
ord3716
ord3303
ord4000
ord3914
ord2379
ord3297
ord6008
ord2096
ord1168
ord2860
ord1146
ord2862
ord384
ord810
ord686
ord3733
ord3398
ord4271
ord609
ord3574
ord3402
ord4396
ord2575
ord539
ord5683
ord5710
ord2301
ord3619
ord6394
ord6383
ord5440
ord5450
ord2107
ord2763
ord4129
ord858
ord923
ord6927
ord939
ord2915
ord5572
ord2764
ord6929
ord535
ord823
ord2841
ord537
ord941
ord3092
ord6199
ord924
ord922
ord4376
ord4710
ord6334
ord4234
ord2302
ord2370
ord324
ord860
ord641
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4853
ord5265
ord470
ord540
ord2818
ord5875
ord800
ord755
ord5785
ord3663
ord323
ord1640
ord6194
ord1641
ord2414
ord640
ord3626
ord3573
ord3571
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord4275
ord765
ord825
ord567
ord3698
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord4219
ord1576

msvcrt

fgets
_strdate
_strtime
_makepath
_mbsstr
_except_handler3
exit
_stricmp
rand
srand
_mbsicoll
_mbscmp
_mbstok
toupper
_ltoa
strtok
_strdup
fopen
fclose
fwrite
fputc
strncpy
iswdigit
_mbsnbicmp
_itoa
_mbsnbcpy
wcscmp
atof
sscanf
_mbsrchr
strrchr
time
localtime
strftime
malloc
free
_access
_beginthreadex
_splitpath
atoi
sprintf
atol
_purecall
_mbsicmp
memmove
_snprintf
_ftol
__CxxFrameHandler
wcslen
wcstok
strstr
fread
ftell
fseek
calloc
_CxxThrowException
_endthreadex
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
vsprintf
_wcsicmp
_setmbcp
_controlfp

kernel32

GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
GetCurrentThreadId
GetLastError
GlobalAddAtomA
GetDriveTypeA
GetVolumeInformationA
GlobalAlloc
GlobalFree
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
WriteFile
CreateFileA
GetFileSize
ReadFile
lstrcpyA
lstrlenA
GetModuleHandleA
GetProcAddress
TerminateThread
CloseHandle
lstrcmpA
WideCharToMultiByte
MulDiv
InterlockedDecrement
LoadLibraryA
FreeLibrary
MultiByteToWideChar
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
lstrcmpiA
Sleep
InterlockedIncrement
GetLocaleInfoA
FlushInstructionCache
SetUnhandledExceptionFilter
SetFilePointer
VirtualQuery
IsBadWritePtr
LockResource
SizeofResource
LoadResource
FindResourceA
ExitProcess
CopyFileA
MoveFileA
GetFullPathNameA
SetFileTime
CreateEventA
SetEvent
SystemTimeToFileTime
GetStartupInfoA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
SetSystemPowerState
GetCurrentProcess
CreateDirectoryA
lstrcpynA
FindClose
FindFirstFileA
CreateProcessA
SetEnvironmentVariableA
GetEnvironmentVariableA
FindNextFileA
GlobalUnlock
GlobalLock
FormatMessageA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetLocalTime
SetThreadExecutionState
GetShortPathNameA
GetWindowsDirectoryA
GetTickCount
GetVersion
VirtualFree
SetPriorityClass
GetCommandLineA
CreateMutexA
GetCurrentProcessId
SetThreadPriority
GetThreadPriority
GetCurrentThread
WaitForSingleObject
TerminateProcess
OpenProcess
MoveFileExA
SetLastError
VirtualProtect
FlushFileBuffers
GetSystemTime
FileTimeToSystemTime
InterlockedExchange
lstrcatA
HeapDestroy

user32

WindowFromPoint
SetCursor
CreateIconIndirect
GetIconInfo
GetSysColorBrush
DrawIconEx
DestroyIcon
SetDlgItemTextA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
WaitForInputIdle
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
ShowCursor
ExitWindowsEx
CallNextHookEx
GetFocus
IsWindowEnabled
SetWindowsHookExA
UnhookWindowsHookEx
PostQuitMessage
SetFocus
UnregisterHotKey
RegisterHotKey
GetSystemMetrics
SetWindowPos
IsIconic
InflateRect
FrameRect
IsWindow
MoveWindow
ShowWindow
PtInRect
GetUpdateRect
IsRectEmpty
GetClassInfoA
DefWindowProcA
LoadCursorA
GetWindowRect
GetParent
GetCursorPos
LoadMenuA
MapWindowPoints
GetMessagePos
DestroyCursor
GetSubMenu
TrackPopupMenuEx
PostMessageA
GetDesktopWindow
GetDC
ReleaseDC
SetWindowTextA
InvalidateRect
GetActiveWindow
GetDlgItem
LoadBitmapA
LoadIconA
GetMenuStringA
SetMenuItemInfoA
TranslateAcceleratorA
CreateAcceleratorTableA
DestroyAcceleratorTable
TranslateMessage
DispatchMessageA
PeekMessageA
CopyIcon
GetAsyncKeyState
GetMessageA
SetRectEmpty
wvsprintfA
DestroyWindow
EnableWindow
GrayStringA
DrawTextA
TabbedTextOutA
GetClientRect
SetRect
ModifyMenuA
GetMenuItemInfoA
EnableMenuItem
CheckMenuItem
SendMessageTimeoutA
CharNextA
BeginPaint
EndPaint
ReplyMessage
CreateDialogParamA
EndDialog
BringWindowToTop
InvalidateRgn
IsWindowVisible
MessageBoxA
SetParent
GetMenuItemID
CreatePopupMenu
GetMenuItemCount
ShowOwnedPopups
GetWindowRgn
GetCapture
ClientToScreen
IsZoomed
SystemParametersInfoA
SetWindowRgn
ScreenToClient
UpdateWindow
SetClassLongA
DrawEdge
wsprintfA
CallWindowProcA
SetWindowLongA
CopyRect
OffsetRect
FillRect
SendMessageA
GetSysColor
IntersectRect
DrawFocusRect
CopyImage
RemoveMenu
CheckMenuRadioItem
AppendMenuA
PostThreadMessageA
SetCapture
ReleaseCapture
SetTimer
KillTimer

gdi32

SetBkColor
GetMapMode
CreateBitmap
DPtoLP
SetTextColor
StretchBlt
CombineRgn
GetStockObject
GetTextExtentPoint32A
SetDIBits
PtInRegion
CreateRectRgnIndirect
EqualRgn
SetBkMode
CreateDIBitmap
OffsetRgn
SetRectRgn
GetRgnBox
GetBkColor
LPtoDP
GetObjectA
GetDeviceCaps
CreateFontIndirectA
SetBoundsRect
DeleteObject
DeleteDC
SelectObject
GetDIBits
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreatePen
Rectangle
CreateFontA
SetPixel
GetBitmapBits
SetBitmapBits
GetPixel
BitBlt
CreateRectRgn

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

LookupPrivilegeValueA
OpenProcessToken
QueryServiceStatus
CloseServiceHandle
AdjustTokenPrivileges
OpenSCManagerA
OpenServiceA

shell32

SHGetFolderPathA
ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderPathA
DragQueryFileA
CommandLineToArgvW
SHChangeNotify
SHBrowseForFolderA
SHGetMalloc

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_AddMasked
ImageList_GetImageCount
_TrackMouseEvent

ole32

CoInitialize
CoCreateInstance
CoGetMalloc
StringFromIID
CLSIDFromProgID
CLSIDFromString
OleRun
RegisterDragDrop
RevokeDragDrop
OleInitialize
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize

oleaut32

SysStringLen
GetErrorInfo
SysFreeString
LoadRegTypeLi
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
DispGetParam
VariantCopy
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantChangeType
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen

wsock32

recv
htons
gethostbyname
WSAGetLastError
select
__WSAFDIsSet
connect
send
ioctlsocket
inet_ntoa
socket
closesocket
WSACleanup
WSAStartup

msvcp60

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 924KB - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 698KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3f2c32e8c666821275933411e84e3546

Headers

File Characteristics

Imports

shlwapi

msimg32

wininet

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

oleaut32

wsock32

msvcp60

version

Sections

.text Size: 924KB - Virtual size: 922KB

.rdata Size: 188KB - Virtual size: 185KB

.data Size: 64KB - Virtual size: 88KB

.rsrc Size: 698KB - Virtual size: 712KB

.text
Size: 924KB - Virtual size: 922KB

.rdata
Size: 188KB - Virtual size: 185KB

.data
Size: 64KB - Virtual size: 88KB

.rsrc
Size: 698KB - Virtual size: 712KB