216bd56a81b7e229b81a5b82712abcec05ab4394e0f6a23a4d8f8599c206b178

Sharing

Copy URL

Twitter E-mail

General

Target

216bd56a81b7e229b81a5b82712abcec05ab4394e0f6a23a4d8f8599c206b178
Size

7.7MB
MD5

90b60b86b4a8cfada1b0b239f48ff8ce
SHA1

848f3e2a17edb8f4a448610bca75f7c20d594f84
SHA256

216bd56a81b7e229b81a5b82712abcec05ab4394e0f6a23a4d8f8599c206b178
SHA512

d9f1bca7a0c188000a9d26d73f8c02d4d95276072265f567a9f47f3fc4beb06119314fcd1b46f7ac6fe4da279abbe3725fbbc6765c441559ee2ea58e75538780
SSDEEP

98304:7Eb/l7QM4k8vWplbKBe6rj+eX7BVHeorEQMSck/IDjNTQuNEd/A+:7o7xuT86/pjHeorEQmkSNTZNEd/A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
216bd56a81b7e229b81a5b82712abcec05ab4394e0f6a23a4d8f8599c206b178

Files

216bd56a81b7e229b81a5b82712abcec05ab4394e0f6a23a4d8f8599c206b178
.exe windows:6 windows x64 arch:x64

791d2d57fa3916d4eb380d3003b4af0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProfileIntA
SearchPathA
GetTempPathA
FindResourceExW
GetWindowsDirectoryA
WriteConsoleW
SetErrorMode
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExA
VerifyVersionInfoA
lstrcpyA
GetCPInfo
GetOEMCP
IsDebuggerPresent
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
GetACP
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SystemTimeToTzSpecificLocalTime
FindNextFileA
FileTimeToLocalFileTime
InitializeCriticalSectionAndSpinCount
ReplaceFileA
GetTempFileNameA
SetFileTime
GetFileTime
RtlUnwind
GetFileAttributesA
GetDiskFreeSpaceA
CreateEventW
WaitForSingleObjectEx
VirtualProtect
ResetEvent
OutputDebugStringW
RtlUnwindEx
RtlPcToFileHeader
IsProcessorFeaturePresent
GetLocalTime
GetCommandLineA
GetCommandLineW
GetTimeZoneInformation
ExitProcess
VirtualAlloc
VirtualQuery
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetFileType
GetFullPathNameW
HeapQueryInformation
QueryPerformanceFrequency
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CompareStringW
LCMapStringW
DeleteFileW
ReadConsoleW
GetStringTypeW
GetDriveTypeW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
ResumeThread
SetThreadPriority
SetEvent
GetCurrentThread
GetPrivateProfileStringA
GetStringTypeExA
GetVolumeInformationA
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
SetEnvironmentVariableW
CreateFileW
GetCurrentDirectoryW
FindFirstFileA
FindClose
DeleteFileA
CreateFileA
GetThreadLocale
SystemTimeToFileTime
FileTimeToSystemTime
GetCurrentProcessId
lstrcmpA
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
GetModuleFileNameW
SetLastError
CopyFileA
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
InitializeCriticalSection
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
LoadLibraryW
GetSystemInfo
VerifyVersionInfoW
VerSetConditionMask
GetVersionExA
CreateMutexA
FreeLibrary
GetProcAddress
LoadLibraryA
IsWow64Process
FreeConsole
GetStdHandle
AttachConsole
WriteConsoleA
FormatMessageA
GetLastError
GetPrivateProfileIntA
WritePrivateProfileStringA
GetTickCount64
OutputDebugStringA
FindResourceA
GetModuleHandleA
GetCurrentDirectoryA
GetModuleFileNameA
GetCurrentProcess
QueryFullProcessImageNameA
MultiByteToWideChar
lstrcpynA
Sleep
ReleaseMutex
GetTickCount
ReleaseSemaphore
WaitForSingleObject
CloseHandle
CreateThread
CreateSemaphoreA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
TerminateProcess

user32

SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableA
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
IsClipboardFormatAvailable
LoadAcceleratorsW
InvalidateRgn
CopyAcceleratorTableA
CharNextA
PostThreadMessageA
LockWindowUpdate
GetDCEx
SetMenuDefaultItem
GetMenuDefaultItem
SetRect
LoadImageW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetComboBoxInfo
LoadMenuW
TrackMouseEvent
MonitorFromPoint
UnionRect
UpdateLayeredWindow
DrawFrameControl
DrawEdge
EnumDisplayMonitors
SetLayeredWindowAttributes
RealChildWindowFromPoint
GetSysColorBrush
SetWindowRgn
DrawIcon
ShowOwnedPopups
TranslateMessage
GetMessageA
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
SetParent
DeleteMenu
GetSystemMenu
ReuseDDElParam
UnpackDDElParam
IntersectRect
InsertMenuItemA
CreatePopupMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
BringWindowToTop
DrawStateA
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
IsZoomed
CharUpperA
GetWindowThreadProcessId
GetWindowDC
TabbedTextOutA
GrayStringA
SetClassLongPtrA
DrawTextA
GetIconInfo
DrawIconEx
CopyImage
LoadImageA
DestroyIcon
OffsetRect
WindowFromPoint
GetNextDlgGroupItem
ReleaseDC
GetDC
MapVirtualKeyA
GetKeyNameTextA
NotifyWinEvent
LoadCursorW
LoadCursorA
IsRectEmpty
InflateRect
InvertRect
FillRect
DrawFocusRect
ClientToScreen
HideCaret
GetCursorPos
SetCursor
MessageBeep
EnableScrollBar
InvalidateRect
ReleaseCapture
SetCapture
GetAsyncKeyState
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxA
AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetDoubleClickTime
CopyIcon
ModifyMenuA
WaitMessage
FrameRect
CharUpperBuffA
IsCharLowerA
MapVirtualKeyExA
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
GetUpdateRect
SubtractRect
GetScrollRange
SetScrollRange
GetScrollPos
CreateMenu
DestroyCursor
GetWindowRgn
DrawTextExA
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetCapture
GetKeyState
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
IsDialogMessageA
GetWindow
SetWindowLongA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
SetFocus
SendDlgItemMessageA
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
SetWindowPos
MoveWindow
ShowWindow
GetParent
GetWindowLongA
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuState
GetMenuStringA
GetFocus
UnregisterClassA
GetDesktopWindow
GetSystemMetrics
PostMessageA
ExitWindowsEx
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
GetClientRect
SetActiveWindow
UpdateWindow
GetDlgCtrlID
SetTimer
IsWindow
KillTimer
wsprintfA
LoadBitmapW
SetRectEmpty
GetWindowRect
SendMessageA
EnableWindow
RegisterClipboardFormatA

gdi32

SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreatePalette
SetTextAlign
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateCompatibleBitmap
CreateFontA
GetCharWidthA
StretchDIBits
CreateEllipticRgn
Ellipse
CreateDIBSection
DPtoLP
LPtoDP
CombineRgn
GetMapMode
SetRectRgn
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
GetTextColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
SetPixel
StretchBlt
SetWindowExtEx
CreateRoundRectRgn
GetRgnBox
EnumFontFamiliesExA
OffsetRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
SetROP2
SetViewportOrgEx
SetViewportExtEx
ExtTextOutA
TextOutA
MoveToEx
CreateSolidBrush
GetStockObject
GetTextExtentPoint32A
SetDIBColorTable
SelectObject
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
BitBlt
GetObjectType
DeleteObject
CreateCompatibleDC
PatBlt
GetTextMetricsA
DeleteDC
CopyMetaFileA
CreateDCA
GetDeviceCaps
SetBkColor
SetTextColor
GetObjectA
CreateBitmap
CreateFontIndirectA
CreateRectRgnIndirect

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueA
RegDeleteKeyA
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
RegOpenKeyExW
OpenProcessToken
RegDeleteKeyValueA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegSetValueExA

shell32

DragFinish
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetFolderPathA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteA
SHAppBarMessage
ExtractIconA
DragQueryFileA

comctl32

InitCommonControlsEx
ImageList_AddMasked

shlwapi

PathFindExtensionA
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
PathFindFileNameA

uxtheme

DrawThemeText
IsThemeBackgroundPartiallyTransparent
OpenThemeData
DrawThemeParentBackground
GetThemeSysColor
GetWindowTheme
GetThemePartSize
GetCurrentThemeName
GetThemeColor
IsAppThemed
DrawThemeBackground
CloseThemeData

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
DoDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
CoLockObjectExternal
CoRevokeClassObject
CoGetClassObject
CreateStreamOnHGlobal
CoDisconnectObject
OleUninitialize
RegisterDragDrop
RevokeDragDrop
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoUninitialize
CLSIDFromProgID
CoInitialize

oleaut32

LoadTypeLi
VarBstrFromDate
VariantCopy
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
SysAllocString
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
VariantChangeType
VariantInit
GetErrorInfo
VariantClear

oledlg

ord8

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage

netapi32

NetApiBufferFree
NetWkstaGetInfo

ws2_32

htons

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 736KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.2MB - Virtual size: 563.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 890KB - Virtual size: 889KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

791d2d57fa3916d4eb380d3003b4af0f

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

netapi32

ws2_32

oleacc

imm32

winmm

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 736KB - Virtual size: 736KB

.data Size: 3.2MB - Virtual size: 563.0MB

.pdata Size: 109KB - Virtual size: 109KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 890KB - Virtual size: 889KB

.reloc Size: 69KB - Virtual size: 69KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 736KB - Virtual size: 736KB

.data
Size: 3.2MB - Virtual size: 563.0MB

.pdata
Size: 109KB - Virtual size: 109KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 890KB - Virtual size: 889KB

.reloc
Size: 69KB - Virtual size: 69KB