aa83182fd3b11e4ae4ce03d36048dac9b70543de958a3513649b862efc7a66b2

Sharing

Copy URL Twitter E-mail

General

Target

aa83182fd3b11e4ae4ce03d36048dac9b70543de958a3513649b862efc7a66b2
Size

1005KB
MD5

1664b947cfe169b31875495e98af6ad4
SHA1

05b7fed0c1c42c2acbfb30383ab5f8456cf930e8
SHA256

aa83182fd3b11e4ae4ce03d36048dac9b70543de958a3513649b862efc7a66b2
SHA512

6b76b4f50b166b71e87b2179e62c50ba337225ddbc5e4d897f502f5bdebcaad4484c945876f0b528e6f3042527a9e968ecce15455c97dfa1b3193ddea86fd3a6
SSDEEP

24576:dDv7jz2lNZRaIBYnMpDy0HCS+ixKQoq1qZWuOPpq+bcfV:9v7jz2lNZwqYnm20HCS+ixdMDepq+w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa83182fd3b11e4ae4ce03d36048dac9b70543de958a3513649b862efc7a66b2

Files

aa83182fd3b11e4ae4ce03d36048dac9b70543de958a3513649b862efc7a66b2
.exe windows:5 windows x86 arch:x86

c8fa1be07201ab164945dd0647b7df38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDrawImageRectRect
GdipGetImageHeight
GdipCreateSolidFill
GdipDeleteBrush
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFree
GdipAlloc
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdiplusShutdown
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipFillRectangleI
GdiplusStartup

kernel32

WriteFile
ReadFile
FlushFileBuffers
DeviceIoControl
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
RemoveDirectoryW
InitializeCriticalSection
OutputDebugStringW
LoadLibraryExW
lstrcmpiW
InterlockedDecrement
SetEndOfFile
WriteConsoleW
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetFileType
GetCurrentThreadId
GetUserDefaultLCID
IsValidLocale
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemWindowsDirectoryW
FreeResource
Sleep
CreateFileA
InterlockedIncrement
lstrcmpiA
lstrcmpA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
DecodePointer
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCommandLineW
CreateMutexW
WaitForSingleObjectEx
ReleaseMutex
GetShortPathNameW
SetLastError
RaiseException
LocalFree
GlobalFindAtomW
GlobalAddAtomW
GetStartupInfoW
CreateProcessW
CreateFileW
GetVersionExW
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
QueryDosDeviceW
FindResourceExW
FindResourceW
GetLogicalDriveStringsW
lstrlenW
SizeofResource
LoadResource
GetCurrentProcessId
OpenProcess
GetLongPathNameW
FreeLibrary
LockResource
LoadLibraryW
GetTickCount
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
GetCurrentProcess
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
TerminateProcess
GetSystemDirectoryW
GetModuleFileNameW
InterlockedCompareExchange
GetLocalTime
EnumSystemLocalesW

user32

PtInRect
EqualRect
UnionRect
OffsetRect
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
DestroyWindow
SetTimer
KillTimer
GetWindowLongW
SetWindowLongW
LoadCursorW
SendMessageTimeoutW
FindWindowExW
GetWindowThreadProcessId
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
GetForegroundWindow
GetWindowRect
WindowFromPoint
GetDesktopWindow
SetWinEventHook
FindWindowW
GetWindowTextW
WaitForInputIdle
SendMessageW
DrawFocusRect
SetCursor
GetShellWindow
FillRect
GetWindowTextLengthW
DrawTextW
EnableWindow
GetFocus
PostQuitMessage
RegisterWindowMessageW
SystemParametersInfoW
GetParent
CopyRect
ScreenToClient
GetClientRect
InvalidateRect
SetWindowRgn
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetAsyncKeyState
IsWindowVisible
SetWindowPos
UpdateLayeredWindow
ShowWindow
GetAncestor
GetWindowInfo
GetMonitorInfoW
MonitorFromPoint
GetWindow

gdi32

RectVisible
ExtTextOutW
SetTextColor
SetBkMode
SetBkColor
GetStockObject
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
SaveDC
RestoreDC
DeleteObject
DeleteDC
CreateRectRgnIndirect
CreateRectRgn
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
BitBlt
SetViewportOrgEx
CreateFontW
EnumFontFamiliesW
OffsetViewportOrgEx

advapi32

RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
LookupPrivilegeValueW
GetTokenInformation
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegQueryValueExW
RegEnumKeyExA

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
SHLoadInProc
ord165

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize
StringFromGUID2
CoCreateGuid

oleaut32

VarUI4FromStr
SysAllocString
SysFreeString

shlwapi

SHSetValueA
StrCmpNIW
StrTrimA
StrStrIA
PathCombineW
PathFileExistsW
SHGetValueW
PathIsRootW
PathIsRelativeW
StrCmpIW
SHSetValueW
PathFindFileNameW
PathRemoveFileSpecW
StrStrIW
SHGetValueA
PathAppendW

comctl32

InitCommonControlsEx
_TrackMouseEvent

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

ws2_32

WSAStartup
WSACleanup

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c8fa1be07201ab164945dd0647b7df38

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

psapi

ws2_32

crypt32

wintrust

iphlpapi

Sections

.text Size: 487KB - Virtual size: 486KB

.rdata Size: 151KB - Virtual size: 150KB

.data Size: 17KB - Virtual size: 33KB

.rsrc Size: 238KB - Virtual size: 238KB

.reloc Size: 94KB - Virtual size: 96KB

.text
Size: 487KB - Virtual size: 486KB

.rdata
Size: 151KB - Virtual size: 150KB

.data
Size: 17KB - Virtual size: 33KB

.rsrc
Size: 238KB - Virtual size: 238KB

.reloc
Size: 94KB - Virtual size: 96KB