2796c9c9262dee82d336b19aa28c1dc4836452b9f9b0a736fe56078784f32277

Sharing

Copy URL Twitter E-mail

General

Target

2796c9c9262dee82d336b19aa28c1dc4836452b9f9b0a736fe56078784f32277
Size

1.2MB
MD5

6780b2fdebbf65a91ff7fd852624fee6
SHA1

4f58485f54c01e332c404885172918e4e67bb69d
SHA256

2796c9c9262dee82d336b19aa28c1dc4836452b9f9b0a736fe56078784f32277
SHA512

cb7666c731b9c75e138b69716b488441014555586e470fc917924a358f1d16bf0564f5679462719b78624255989595368a18d432aad9381b62af3d5b47fa049d
SSDEEP

24576:cEM3dZLPFL+4pntyiC91TwdsrREqH0d3Kl1QvLazyomdjW0cStJ:cEMj7Fy4pI1N8srRrH0d3Kfwiyoms0cC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2796c9c9262dee82d336b19aa28c1dc4836452b9f9b0a736fe56078784f32277

Files

2796c9c9262dee82d336b19aa28c1dc4836452b9f9b0a736fe56078784f32277
.exe windows:5 windows x86 arch:x86

53a60d9f470bce651b133a1af0459de9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
GetFileSizeEx
GetThreadLocale
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
MoveFileW
GetStringTypeExW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetShortPathNameW
GlobalFlags
GetCurrentDirectoryW
SetErrorMode
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
RaiseException
HeapSize
GetDiskFreeSpaceW
LocalFileTimeToFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFullPathNameW
GetFileTime
GetStdHandle
GetFileAttributesExW
SetFileTime
WritePrivateProfileStringW
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
GetModuleHandleA
InterlockedDecrement
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
GlobalGetAtomNameW
GlobalAddAtomW
GetModuleFileNameW
GetTickCount
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
FreeLibrary
GetFileSize
VirtualProtect
VirtualAlloc
VirtualFree
GetCurrentThread
WriteProcessMemory
VirtualAllocEx
VirtualProtectEx
SetLastError
ReadProcessMemory
VirtualQueryEx
ExitProcess
GetVersionExW
lstrcatW
QueryDosDeviceW
lstrcmpiW
GetModuleFileNameA
GetProcessId
lstrcpyW
ExpandEnvironmentStringsW
SetFilePointer
FreeResource
GetCurrentThreadId
DeviceIoControl
GlobalFree
GlobalAlloc
GetCurrentProcessId
DeleteFileA
CreateMutexW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
WriteFile
WaitNamedPipeW
GetTempFileNameW
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
AssignProcessToJobObject
SetInformationJobObject
CreateJobObjectW
GetSystemDirectoryW
ReadFile
CreateFileW
WaitForSingleObject
TerminateProcess
ResumeThread
CreateProcessW
CopyFileW
CreateDirectoryW
GetTempPathW
lstrcmpW
GetPrivateProfileStringW
GetPrivateProfileIntW
Sleep
Process32NextW
OpenProcess
lstrlenW
OutputDebugStringW
Process32FirstW
CreateToolhelp32Snapshot
lstrlenA
GetLastError
CloseHandle
GetCurrentProcess
GetModuleHandleW
VirtualQuery
LoadLibraryW
GetProcAddress
GetDiskFreeSpaceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLogicalDriveStringsW
MultiByteToWideChar
GetSystemInfo
WideCharToMultiByte

user32

UnionRect
IsRectEmpty
IsZoomed
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SystemParametersInfoW
GetMenuItemInfoW
InflateRect
RegisterWindowMessageW
SendDlgItemMessageA
GetClassLongW
SetPropW
RemovePropW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetScrollPos
GetScrollPos
CreateWindowExW
GetClassInfoExW
RegisterClassW
DeferWindowPos
DefWindowProcW
PtInRect
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
ReleaseDC
GetDC
SetRect
AdjustWindowRectEx
GetClassNameW
GetSysColor
UnpackDDElParam
ReuseDDElParam
DestroyMenu
WinHelpW
EqualRect
LoadIconW
SetCursor
GetCapture
ReleaseCapture
LoadAcceleratorsW
SetActiveWindow
InvalidateRect
InsertMenuItemW
GetClassInfoW
UpdateWindow
EnableWindow
GetClientRect
SendMessageW
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetMenu
BringWindowToTop
SetMenu
GetDesktopWindow
TranslateAcceleratorW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
GetWindowTextLengthW
GetWindowTextW
GetFocus
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
WindowFromPoint
RedrawWindow
SetCapture
SetCursorPos
DestroyCursor
LoadCursorW
PostQuitMessage
ShowOwnedPopups
GetSysColorBrush
PostThreadMessageW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
GetDlgItem
CharUpperW
DeleteMenu
UnregisterClassW
IsChild
IsWindow
LockWindowUpdate
GetCursorPos
ScreenToClient
ClientToScreen
LoadMenuW
GetSubMenu
CheckMenuItem
LoadBitmapW
GetWindowRect
GetMenuState
wsprintfW
SetForegroundWindow
PostMessageW
FindWindowW
MessageBoxW
CreatePopupMenu
GetMenuItemCount
SetWindowLongW
CallWindowProcW
GetPropW
SetTimer
KillTimer
InsertMenuW
GetMenuItemID
GetMenuStringW
ValidateRect
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
DestroyIcon
IsIconic
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
RegisterClipboardFormatW

gdi32

GetMapMode
GetRgnBox
GetTextColor
GetBkColor
StretchDIBits
CreateFontW
GetCharWidthW
GetTextMetricsW
CreateSolidBrush
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
GetPixel
GetWindowExtEx
GetViewportExtEx
DeleteObject
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateFontIndirectW
GetObjectW
SetBkColor
SetTextColor
GetClipBox
PatBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
GetDeviceCaps
PtVisible

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

GetUserNameW
OpenProcessToken
RegOpenKeyExW
GetFileSecurityW
SetFileSecurityW
RegQueryValueW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyW
RegSetValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyW
InitializeSecurityDescriptor
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegCloseKey
RegSetValueExW

shell32

SHGetFileInfoW
SHGetFileInfoA
DragAcceptFiles
DragQueryFileW
DragFinish
SHGetSpecialFolderPathW
ShellExecuteExW
SHFileOperationW
SHBrowseForFolderW
SHGetMalloc
ExtractIconW
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteW
SHGetPathFromIDListW

comctl32

InitCommonControlsEx

shlwapi

PathIsDirectoryW
PathFileExistsA
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
PathFileExistsW

oledlg

OleUIBusyW

ole32

CoUninitialize
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoCreateInstance
CoInitializeEx
CoGetClassObject
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoTaskMemAlloc

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

volumecontrol

IsSupportSparse
GetMountVolumeNo
Out_DisMount
Out_Mount

ensecctrl

_CPSecCtrl_SuspendDriver@0
_CPSecCtrl_Install@8
_CPSecCtrl_InsertPid@4
_CPSecCtrl_SetDrive@8
_CPSecCtrl_ResumeDriver@0

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

Exports

Exports

_ResInitInstance@4
_RunDll@16

Sections

.text
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 716KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53a60d9f470bce651b133a1af0459de9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

volumecontrol

ensecctrl

psapi

Exports

Exports

Sections

.text Size: 384KB - Virtual size: 384KB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 716KB - Virtual size: 716KB

.text
Size: 384KB - Virtual size: 384KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 716KB - Virtual size: 716KB