49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee

Sharing

Copy URL

Twitter E-mail

General

Target

49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee
Size

4.8MB
MD5

ee78d63e919cb8603b76f900e221e543
SHA1

65f96985bfe97ef6559002a1301e84745bbbfd07
SHA256

49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee
SHA512

f16e2766ae3a498062e0d6d7d6b6e399265098cad556596553fb4842a8efd974e73dad65ddfcae024423a61de50d2a370cb276364b38b00f8f7528f2f4b07573
SSDEEP

49152:BGRl/jveTNl4+4ZzUl+hkr5kgg4+9+BPT8/ptNqI0EezUofk9AI6hlKlCcm8ZSRy:BGRRv+NIK+hkYLNqtKYcmH4lLkuGcf/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee

Files

49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee
.exe windows:5 windows x64 arch:x64

b86c1269f48d5fd4c5577a5c15c5e7fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

EnumSystemLocalesA
WriteConsoleW
CompareStringW
GetStringTypeW
LCMapStringW
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetTimeZoneInformation
GetStdHandle
GetVersion
HeapSetInformation
GetConsoleMode
GetConsoleCP
TerminateProcess
RtlCaptureContext
GetDriveTypeW
IsValidLocale
GetCurrentDirectoryW
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
ExpandEnvironmentStringsA
PeekNamedPipe
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
lstrcpynA
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
GetExitCodeThread
TerminateThread
GetLocalTime
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
HeapReAlloc
ExitThread
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
GetStartupInfoW
GetCommandLineA
DecodePointer
EncodePointer
GetTimeFormatA
GetDateFormatA
RtlPcToFileHeader
RaiseException
GetSystemTimeAsFileTime
RtlUnwindEx
RtlLookupFunctionEntry
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
InitializeCriticalSectionAndSpinCount
SetErrorMode
GetTempPathA
GetNumberFormatA
GetWindowsDirectoryA
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiA
GetOEMCP
GetCPInfo
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetACP
GlobalFlags
FileTimeToSystemTime
GetFullPathNameA
GetTempFileNameA
GetFileTime
GetUserDefaultLCID
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
GetModuleHandleW
lstrcmpA
GlobalReAlloc
WaitForMultipleObjects
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
GetModuleFileNameA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
FreeLibrary
CompareStringA
LoadLibraryW
lstrcmpW
CreateEventA
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SizeofResource
SetThreadPriority
CopyFileA
GlobalSize
GlobalAlloc
FormatMessageA
LocalFree
lstrlenW
MultiByteToWideChar
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FindResourceA
FreeResource
DeleteFileA
HeapAlloc
HeapCreate
HeapFree
HeapDestroy
ExitProcess
CreateThread
Sleep
GetTickCount
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
ResetEvent
SetEvent
WriteFile
SetFileTime
GetCurrentDirectoryA
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
lstrcpyA
lstrlenA
lstrcatA
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileA
SetFilePointer
WideCharToMultiByte
FindResourceW
LoadResource
LockResource

user32

SetCursorPos
ReleaseCapture
OffsetRect
InflateRect
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetWindowThreadProcessId
IsIconic
LoadAcceleratorsA
DestroyIcon
SetScrollRange
GetScrollRange
LoadImageA
SendMessageA
EnableWindow
DestroyMenu
SetForegroundWindow
ShowScrollBar
PostMessageA
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
LoadMenuA
TranslateAcceleratorA
BringWindowToTop
SetRectEmpty
IntersectRect
GetWindowPlacement
GetDlgCtrlID
CallWindowProcA
GetMenu
SetWindowLongA
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
SetScrollPos
GetWindow
ClientToScreen
InvalidateRect
SetCapture
DestroyCursor
LoadCursorW
InsertMenuItemA
SetCursor
ReuseDDElParam
UnpackDDElParam
PostQuitMessage
ShowOwnedPopups
SetRect
wsprintfA
LoadBitmapW
SetWindowRgn
GetWindowRect
GetClientRect
GetDC
SetMenu
ReleaseDC
IsWindowVisible
GetDesktopWindow
LoadCursorA
DefWindowProcA
GetClassInfoA
SystemParametersInfoA
IsWindow
GetFocus
SetWindowPos
UpdateWindow
RedrawWindow
LoadIconW
EnableMenuItem
GetSubMenu
LoadMenuW
GetCursorPos
RegisterWindowMessageA
EndDialog
InvalidateRgn
SetWindowContextHelpId
CharNextA
mouse_event
GetMenuStringW
LoadBitmapA
LookupIconIdFromDirectoryEx
GetCursor
ShowCaret
IsWindowUnicode
GetWindowLongPtrW
SetWindowLongPtrW
SendMessageTimeoutA
CreateIconFromResourceEx
CreateIconIndirect
GetClipboardData
GetKeyboardLayoutList
DefFrameProcA
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
GetWindowLongA
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
RemoveMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
GetMenuItemInfoA
GetSystemMetrics
RealChildWindowFromPoint
GetSysColorBrush
IsRectEmpty
DrawIcon
SetTimer
KillTimer
UnregisterClassA
EnumDisplayMonitors
SetLayeredWindowAttributes
DeleteMenu
GetSystemMenu
SetParent
UnionRect
WindowFromPoint
CharUpperA
LoadAcceleratorsW
CopyAcceleratorTableA
CreateMenu
PostThreadMessageA
GetTabbedTextExtentW
GetMenuDefaultItem
GetAsyncKeyState
InvertRect
DrawFocusRect
HideCaret
EnableScrollBar
NotifyWinEvent
MessageBeep
GetIconInfo
CopyImage
GetNextDlgGroupItem
DrawIconEx
IsZoomed
DestroyAcceleratorTable
SetClassLongPtrA
DrawStateA
DrawEdge
AppendMenuA
GetMenuStringA
DrawFrameControl
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
GetMenuState
ValidateRect
PeekMessageA
GetKeyState
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
CreateAcceleratorTableA
LockWindowUpdate
GetDCEx
IsClipboardFormatAvailable
WaitMessage
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
IsCharLowerA
MapVirtualKeyExA
UpdateLayeredWindow
MonitorFromPoint
IsMenu
GetTabbedTextExtentA
SetFocus
MapVirtualKeyA
GetKeyNameTextA
CopyRect
GetWindowRgn
MapDialogRect
SubtractRect
GetDoubleClickTime
CharUpperBuffA
CopyIcon
RegisterClipboardFormatA
GetUpdateRect
FrameRect
SetMenuDefaultItem
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
CreatePopupMenu

gdi32

GetViewportExtEx
GetWindowExtEx
GetPixel
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
DPtoLP
GetViewportOrgEx
Rectangle
GetTextMetricsA
SetRectRgn
CombineRgn
GetMapMode
CreateEllipticRgn
LPtoDP
Ellipse
CreateDIBSection
CreateDIBitmap
GetTextCharsetInfo
GetCharWidthA
CreateFontA
StretchDIBits
GetBkColor
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetTextExtentPoint32W
GetWindowOrgEx
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
CreateRectRgn
GetSystemPaletteEntries
GetCurrentObject
CreatePolygonRgn
Polyline
Polygon
SetDIBColorTable
GetDIBits
StretchBlt
SetPixel
OffsetRgn
GetRgnBox
EnumFontFamiliesExA
PtInRegion
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetClipRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SelectObject
CreateBitmap
SetBkColor
ExtCreateRegion
GetBitmapBits
ExtTextOutW
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
SetTextColor
PtVisible
PatBlt
CreateRectRgnIndirect
CreateDCA
CopyMetaFileA
GetDeviceCaps
GetObjectA
GetTextExtentPoint32A
BitBlt
RoundRect
FillRgn
CreateCompatibleDC
CreateRoundRectRgn
CreateCompatibleBitmap
RealizePalette
DeleteObject
EnumFontFamiliesA
CreateFontIndirectA

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

CryptGenRandom
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCloseKey
RegEnumValueA
RegEnumKeyExA

shell32

SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetFileInfoA
DragQueryFileA
DragFinish
ShellExecuteA
ExtractIconExA

comctl32

ImageList_GetIconSize
ImageList_Destroy
ImageList_DrawEx
_TrackMouseEvent
ImageList_GetImageCount

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW

ole32

IsAccelerator
OleTranslateAccelerator
CoInitializeEx
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CLSIDFromString
CoCreateInstance
CoCreateGuid
CoDisconnectObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
OleCreateMenuDescriptor
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleLockRunning
StgOpenStorageOnILockBytes
CoLockObjectExternal
OleGetClipboard
OleFlushClipboard
DoDragDrop
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
RegisterDragDrop
RevokeDragDrop
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
OleDestroyMenuDescriptor
OleIsCurrentClipboard

oleaut32

VarBstrFromDate
SafeArrayDestroy
VariantCopy
SysAllocString
LoadTypeLi
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
OleLoadPicturePath
VarUdateFromDate
VariantChangeTypeEx
VarCmp
OleCreateFontIndirect

oledlg

ord1
ord8

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

gdiplus

GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdiplusShutdown

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundA

wldap32

ord30
ord22
ord46
ord41
ord27
ord301
ord33
ord79
ord211
ord32
ord200
ord35
ord26
ord50
ord60
ord143

ws2_32

ioctlsocket
gethostname
WSACleanup
WSAStartup
WSASetLastError
htonl
ntohl
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
listen

crypt32

CertFreeCertificateContext

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 366KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b86c1269f48d5fd4c5577a5c15c5e7fb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

oleacc

gdiplus

imm32

winmm

wldap32

ws2_32

crypt32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 66KB - Virtual size: 122KB

.pdata Size: 171KB - Virtual size: 170KB

text Size: 6KB - Virtual size: 5KB

data Size: 12KB - Virtual size: 11KB

.rsrc Size: 366KB - Virtual size: 368KB

.reloc Size: 147KB - Virtual size: 147KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 66KB - Virtual size: 122KB

.pdata
Size: 171KB - Virtual size: 170KB

text
Size: 6KB - Virtual size: 5KB

data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 366KB - Virtual size: 368KB

.reloc
Size: 147KB - Virtual size: 147KB