8171b0f37157e7ee77d231bad04334e474c7f33e413467c884eaf3dc6a2c4aef

Sharing

Copy URL

Twitter E-mail

General

Target

8171b0f37157e7ee77d231bad04334e474c7f33e413467c884eaf3dc6a2c4aef
Size

4.8MB
MD5

b6d7d6b96e8cb2412ab43e89dd7ae11d
SHA1

0992e86055c3398c2b74f75466ae6ce1632e9f97
SHA256

8171b0f37157e7ee77d231bad04334e474c7f33e413467c884eaf3dc6a2c4aef
SHA512

53aeb5b891837066565e8ef5847a57c3c51a395981b413bf7c4ad0bfb0e424c7d386cf5b6324aacbb86780d051ea0f1aa49eaf6f1b7e54a9d73a7278e39f63b8
SSDEEP

98304:oMrHTqfMnrUlt7lIVghD1EpJofZ5QJf53:oMrHQwUzligVO/o6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8171b0f37157e7ee77d231bad04334e474c7f33e413467c884eaf3dc6a2c4aef

Files

8171b0f37157e7ee77d231bad04334e474c7f33e413467c884eaf3dc6a2c4aef
.exe windows:5 windows x86 arch:x86

ee12df86b690add5290b251e19bd1f86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConvertThreadToFiber
ConvertFiberToThread
GlobalMemoryStatus
CreateFiber
DeleteFiber
SwitchToFiber
SetConsoleMode
ReadConsoleA
GetEnvironmentVariableW
GetSystemTime
SetCurrentDirectoryA
lstrcpyW
lstrcpynW
GetFullPathNameW
ExitThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
WaitForMultipleObjects
GetEnvironmentVariableA
CompareFileTime
SleepEx
GetLocalTime
GetModuleHandleA
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
WriteConsoleW
SetEndOfFile
SetStdHandle
ReadConsoleW
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
GetStdHandle
GetModuleHandleExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileType
GetTimeZoneInformation
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetFilePointer
ExitProcess
GetACP
GetCurrentDirectoryW
lstrlenW
GetTickCount
GlobalUnlock
GlobalLock
VerifyVersionInfoW
MulDiv
VerSetConditionMask
TerminateProcess
GlobalAlloc
GetVersionExW
FormatMessageW
SetErrorMode
SetUnhandledExceptionFilter
GetCurrentProcess
CreateMutexW
ReleaseMutex
GetSystemDirectoryA
DeviceIoControl
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
OpenProcess
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetSystemDirectoryW
GetLogicalDriveStringsW
MoveFileExW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesExW
GetFileAttributesW
SetFileAttributesW
CreateFileW
CreateFileA
CreateDirectoryW
GetTempPathW
FileTimeToSystemTime
FindClose
ReadFile
WriteFile
GetFileSize
InitializeCriticalSection
MoveFileW
WideCharToMultiByte
VirtualQuery
LoadLibraryW
WaitForSingleObject
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetModuleHandleW
GetProcAddress
FreeResource
InterlockedDecrement
GetDriveTypeW
FindResourceExW
CreateThread
CloseHandle
GetCommandLineW
DeleteCriticalSection
GetCurrentThreadId
GetProcessHeap
GetCurrentProcessId
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
RaiseException
HeapReAlloc
LockResource
GetLastError
Sleep
HeapSize
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
HeapFree
SizeofResource
SetEnvironmentVariableA
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
SetLastError
TryEnterCriticalSection
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
GetModuleFileNameA

user32

RegisterClassExW
CreateWindowExW
DestroyWindow
GetCursor
GetUserObjectInformationW
GetProcessWindowStation
UpdateWindow
GetDC
ReleaseDC
MonitorFromPoint
IsWindow
SetWindowPos
IsWindowVisible
IsIconic
GetFocus
GetKeyState
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
PostMessageW
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetMessageW
DispatchMessageW
GetSysColor
IntersectRect
UnionRect
DefWindowProcW
PeekMessageW
CharNextW
TranslateMessage
MessageBoxW
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
SetCursor
SendMessageW
GetActiveWindow
SetTimer
ActivateKeyboardLayout
KillTimer
PostQuitMessage
InflateRect
LoadCursorW
SetWindowRgn
wsprintfW
CallWindowProcW
RegisterClassW
GetClassInfoExW
SetFocus
GetClientRect
ShowWindow
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
UpdateLayeredWindow
IsZoomed
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
SetRect
CreatePopupMenu
DestroyMenu
FillRect
EnableMenuItem
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
SetForegroundWindow
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
DrawIconEx
DestroyIcon
PrivateExtractIconsW
IsWindowEnabled
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW

gdi32

CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
CreatePenIndirect
SetStretchBltMode

advapi32

CryptSetHashParam
DeregisterEventSource
CryptGetProvParam
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegisterEventSourceW
CryptGetUserKey
ReportEventW

shell32

CommandLineToArgvW
ShellExecuteExW
SHBrowseForFolderW
ShellExecuteW
SHGetFolderPathW
DragQueryFileW
SHGetFileInfoW
SHGetPathFromIDListW

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CoTaskMemRealloc
CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysAllocString
VarUI4FromStr
SysFreeString
VariantInit

shlwapi

PathRemoveExtensionW
PathFileExistsW
PathRemoveFileSpecW
PathIsSameRootW
PathStripToRootW
SHDeleteKeyW
PathIsDirectoryW
PathCombineW
PathFindFileNameW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

gdiplus

GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipCloneBrush
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawPath
GdipDeleteBrush
GdipDisposeImage
GdipImageGetFrameDimensionsList
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipFillRectangleI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
ord1
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

crypt32

CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
CertCloseStore
CertFreeCertificateContext
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertGetNameStringW
CryptQueryObject
CryptMsgClose
CryptMsgGetParam
CertGetCertificateContextProperty

ws2_32

ntohs
htons
setsockopt
WSAStartup
gethostname
gethostbyname
shutdown
socket
WSASetLastError
recvfrom
WSAEventSelect
WSAIoctl
WSACleanup
htonl
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
sendto
listen
getnameinfo
accept
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

psapi

GetProcessImageFileNameW
EnumProcessModules
GetModuleFileNameExW

dbghelp

MiniDumpWriteDump

urlmon

ObtainUserAgentString

wldap32

ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord301
ord46
ord219
ord145

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 565KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16.7MB - Virtual size: 16.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee12df86b690add5290b251e19bd1f86

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

imm32

crypt32

ws2_32

version

psapi

dbghelp

urlmon

wldap32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 565KB - Virtual size: 564KB

.data Size: 47KB - Virtual size: 73KB

.rsrc Size: 16.7MB - Virtual size: 16.7MB

.reloc Size: 108KB - Virtual size: 107KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 565KB - Virtual size: 564KB

.data
Size: 47KB - Virtual size: 73KB

.rsrc
Size: 16.7MB - Virtual size: 16.7MB

.reloc
Size: 108KB - Virtual size: 107KB