d2df0fdd4bba69838de826a889a22fb763a5f0fc145aa4a6c9e746f0b17f2a7b

Sharing

Copy URL

Twitter E-mail

General

Target

d2df0fdd4bba69838de826a889a22fb763a5f0fc145aa4a6c9e746f0b17f2a7b
Size

1.7MB
MD5

1853ac1b61da6e777e542e18133bcf64
SHA1

2041676f7f15f553b30d91bc96fd45bc60ed7e30
SHA256

d2df0fdd4bba69838de826a889a22fb763a5f0fc145aa4a6c9e746f0b17f2a7b
SHA512

3d1fbdbb24a4b525617470bfdf24f7b81b598592a4dd5ede32998310ef74c3f6628ad70552b5dae1257af3c62963c37aba9cf9d477aa751522abf87572b2eeb4
SSDEEP

24576:+HRGjddHRvDR8ImLGjq2U3pCqeAyECfFyV4qimm6PFxnShxD/pBjpf0HiIjjyHFf:eRq7ZgaAgfsV6mm6bST/iH7jwFb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2df0fdd4bba69838de826a889a22fb763a5f0fc145aa4a6c9e746f0b17f2a7b

Files

d2df0fdd4bba69838de826a889a22fb763a5f0fc145aa4a6c9e746f0b17f2a7b
.exe windows:6 windows x86 arch:x86

5047ad0373336b01f6e5e3246fc398d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindAtomW
AddAtomW
DeleteAtom
CopyFileW
TerminateThread
GetVersionExW
GetProcessId
OutputDebugStringW
lstrcpynW
Sleep
GetTickCount
GetCommandLineW
ResumeThread
WaitForSingleObjectEx
GetCurrentThread
GetOverlappedResult
CreateNamedPipeW
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
WriteFile
ReadFile
CreateFileW
ReleaseMutex
ResetEvent
WideCharToMultiByte
LoadLibraryExW
CreateMutexW
WaitForMultipleObjects
CreateEventW
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetStartupInfoW
CreateProcessW
TerminateProcess
IsBadReadPtr
VirtualProtect
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject
SetUnhandledExceptionFilter
CloseHandle
lstrlenW
SetLastError
GetTempPathW
GetFullPathNameW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
GetModuleHandleW
GetCurrentProcess
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
MultiByteToWideChar
lstrcmpiW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
FreeLibrary
FindResourceExW
DeleteCriticalSection
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
InitializeCriticalSectionEx
GetProcessHeap
GetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
ExitThread
GetFileAttributesExW
RtlUnwind
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
RaiseException
DecodePointer
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
FormatMessageW
DuplicateHandle
SwitchToThread
GetExitCodeThread
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetFileSizeEx
SetFilePointer
InterlockedIncrement
InterlockedDecrement
LocalFree
GetACP
MulDiv
ExitProcess
FreeResource
GetFileSize
lstrcmpW
SetEndOfFile
GetVersion
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetTempFileNameW
GetLocalTime
UnhandledExceptionFilter
FlushFileBuffers
DeviceIoControl
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
InterlockedCompareExchange
GetSystemWindowsDirectoryW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA

user32

GetUpdateRect
InvalidateRect
GetClientRect
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
IntersectRect
IsRectEmpty
GetParent
GetClassNameW
GetWindow
MonitorFromWindow
RegisterClassW
ShowWindow
EnableWindow
SetPropW
GetPropW
EndPaint
IsIconic
SetWindowRgn
MessageBoxW
BeginPaint
DrawTextW
SetRect
DrawIconEx
GetIconInfo
GetMessagePos
GetDlgCtrlID
DrawFocusRect
FillRect
HideCaret
ShowCaret
ClientToScreen
GetSysColor
GetWindowDC
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
RemovePropW
FindWindowExW
IsWindowEnabled
ReleaseCapture
SetCapture
GetKeyState
GetFocus
IsZoomed
IsWindowVisible
UpdateLayeredWindow
IsChild
SendMessageW
MonitorFromPoint
ReleaseDC
GetDC
OffsetRect
UnionRect
InflateRect
SetCursor
wvsprintfW
FindWindowW
PostMessageW
UnregisterClassW
wsprintfW
LoadImageW
EnumDisplayMonitors
GetMonitorInfoW
SystemParametersInfoW
GetWindowThreadProcessId
PtInRect
CopyRect
GetWindowRect
GetForegroundWindow
BringWindowToTop
SetWindowPos
AttachThreadInput
SetFocus
GetCursorPos
SetForegroundWindow
MoveWindow
DestroyIcon
LoadIconW
PostQuitMessage
RegisterWindowMessageW
LoadCursorW
SetWindowLongW
GetWindowLongW
KillTimer
SetTimer
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
CharNextW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CharPrevW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyW
RegGetValueW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
OpenThreadToken
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
EqualSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
FreeSid

shell32

Shell_NotifyIconW
ord680
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CLSIDFromString

oleaut32

SafeArrayCreate
VarUI4FromStr
VariantChangeType
VariantClear
VariantInit
SysAllocString
SysFreeString
SafeArrayPutElement

shlwapi

StrStrIW
PathCombineW
PathRemoveFileSpecW
PathFileExistsW
wnsprintfW
StrCmpIW
StrTrimA
StrCmpNIW
SHSetValueA
PathAppendW
SHGetValueA
SHAutoComplete
StrStrIA
PathIsDirectoryW
PathFindFileNameW
StrCpyW
wnsprintfA

comctl32

ImageList_DrawEx
_TrackMouseEvent
ord17
InitCommonControlsEx
ImageList_GetIconSize

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

secur32

GetUserNameExW

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

gdi32

GetTextExtentPoint32W
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
SetDIBColorTable
TextOutW
ExtTextOutW
CreateSolidBrush
Rectangle
CreateDCW
GetDIBits
SetDIBitsToDevice
GetClipBox
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
GetCharABCWidthsW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
CombineRgn
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
GetObjectW
CreateRoundRectRgn
SetWindowOrgEx
CreateRectRgnIndirect
GetTextColor

msimg32

AlphaBlend
GradientFill

gdiplus

GdipImageGetFrameDimensionsList
GdipDrawEllipseI
GdipLoadImageFromFile
GdipGetImagePixelFormat
GdipGetImageEncoders
GdipAddPathArc
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectRectI
GdipDrawImagePointsI
GdipDrawImageRectI
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipGetImageEncodersSize
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillEllipseI
GdipClosePathFigure
GdipCreateTexture
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipGraphicsClear
GdipFillPath

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5047ad0373336b01f6e5e3246fc398d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

urlmon

secur32

crypt32

wintrust

wininet

iphlpapi

gdi32

msimg32

gdiplus

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 270KB - Virtual size: 270KB

.data Size: 26KB - Virtual size: 50KB

.rsrc Size: 182KB - Virtual size: 182KB

.reloc Size: 74KB - Virtual size: 73KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 270KB - Virtual size: 270KB

.data
Size: 26KB - Virtual size: 50KB

.rsrc
Size: 182KB - Virtual size: 182KB

.reloc
Size: 74KB - Virtual size: 73KB