6a246ab4a7e43ccc595e904c0308641048175d24f25534545a2f4c2183f936b9

Sharing

Copy URL Twitter E-mail

General

Target

6a246ab4a7e43ccc595e904c0308641048175d24f25534545a2f4c2183f936b9
Size

940KB
MD5

5305fa6f1add501e5b3382d032482805
SHA1

de1d2c8b65d9223599a97064bf0540517a7fd6b1
SHA256

6a246ab4a7e43ccc595e904c0308641048175d24f25534545a2f4c2183f936b9
SHA512

c5c3268a8c4522c80c677e5f0d6add933b194d2fd49d3deb5f310bdd1b033aea48c122b2288b68aa74933cf5f38da37ddecef9f4331a11e2103d3ea2b732a3a1
SSDEEP

12288:JP04rwogOU76VWWa7ilfSpFWlms5IbG9nYPW0XLcLIBvh5Q2:JP04rwbOjcpFWlmROYP2IB5C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a246ab4a7e43ccc595e904c0308641048175d24f25534545a2f4c2183f936b9

Files

6a246ab4a7e43ccc595e904c0308641048175d24f25534545a2f4c2183f936b9
.exe windows:4 windows x86 arch:x86

2f04dd9685e9d9f113c74b23aad1712d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rtlics

ord4
ord8
CheckICS
ord7
ord3
ord2
ord5
ord1

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

gdiplus

GdipCreatePen1
GdipFree
GdipCloneBrush
GdipAlloc
GdipCreateFromHDC
GdipDrawImageRectI
GdipDrawLineI
GdipDeleteFontFamily
GdipCreateSolidFill
GdipDrawString
GdipDeleteBrush
GdipDeleteFont
GdipSetPenStartCap
GdipSetPenEndCap
GdipDeletePen
GdipDeleteGraphics
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDisposeImage
GdipCloneBitmapAreaI
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCloneImage
GdiplusStartup
GdipCreateFont
GdiplusShutdown

enumdevlib

GetDeviceInfo
ShowDevice8180
EnumDevicesChange

rtllib

RT_GetStatusDriverInfo
RT_GetStatusPerformanceInfo
RT_GetStatusPowerMode
RT_GetStatistics
RT_SiteSurvey_WS2
RT_WPSAPSurvey
RT_WPS_Registrar_APConfig
RT_WPS_External_Registrar
RT_GetMacAddress
RT_Get_Cert_CA_URL
RT_Get_Cert_CA_List
RT_UIDlgView_Cert
RT_Disassociate
RT_GetStatusLinkInfo
RT_GetSSID
RT_SetSSID
RT_SetWEPKey
RT_SetDefaultKeyID
RT_SetAuthenticaionMode
RT_SetPrivacy
RT_SetBSSID
RT_SetChannel
RT_SetNetworkType
RT_Set802_1xStatus
RT_CustomRequest
RT_AutoCfgScan
RT_Passphrase128
RT_Passphrase64
RT_GetMeshMode
RT_EnableZeroConfig
RT_ReNewIPAddress
RT_SetNicTcpipAddr
RT_AP_SwitchToStationMode
RT_SetMeshMode
RT_Set_HW_PBCStatus
RT_AP_SwitchToAPMode
RT_SetRadioOff
RT_AP_GetIsAPMode
RT_IsXPConfig
RT_ZeroConfigService
RT_GetIsRadioOff
RT_GetStatusHardwareRadioOff
RT_Stop
RT_SetIsWDS_MODE
RT_GetIsWDS_MODE
RT_AP_IsSupported
RT_NicChangeState
RT_RegisterMessageHandler
RT_GetAdapterList
RT_GetStatusMediaStatus
RT_GetPacFileInfo
RT_GetPacFileNameList
RT_WPS_External_Registrar_Add_New_Device
RT_RefreshPacFileNameList
RT_GetUserCertList
RT_GetAUTOChannel
RT_GetStatusChannelInfo
RT_GetChannelList
RT_PasswordHash
RT_CertUrlWin32String
RT_GetLoginInfo
RT_GetStatusSecurityInfo
RT_GetStatusSignalInfo
RT_GetNicGuid
RT_SetOID
RT_SetEncryptionStatus
RT_GetMacAddressString
RT_SetPreambleMode
RT_GetPreambleMode
RT_SetRates
RT_GetRates
RT_SetPowerSaveMode
RT_GetPowerSaveMode
RT_SetLoginInfo
RT_SetMeshID
RT_AP_SetPassphrase
RT_ADD_PMK_CONX
RT_ADD_PSK_CONX
RT_credServerVerify
RT_SetPacFileIndex
RT_Set_8021x_tunnle
RT_Set_8021x_conf
RT_GetDefaultEncryptionAlgorithm
RT_SetMHSecurityInfo
RT_ConfigCCX
RT_SetAUTOChannel
RT_REMOVE_PSK_CONX
RT_CCX_ENABLE_RM
RT_SetDATA_RATE_STA
RT_SetIsHidden_SSID
RT_SetLOCKED_STA_ADDRESS
RT_SetFILTER_STA_ADDRESS
RT_Set_Filter_Type
RT_Rescan
RT_SetUserLogOff
RT_GetUserLogOff
RT_GetDriverPath
RT_CCX_InitCallback
RT_Initialize
RT_SetDefaultAdapterIndex
RT_GetStatusWEPKeyMisMatch
RT_Get_HW_PBCStatus
RT_GetRTSThreshold
RT_GetFragmentationThreshold
RT_SetChannelPlan
RT_GetWirelessMode
RT_GetSupportedWirelessMode
RT_GetTurboMode
RT_Set_WMM_QoS_APSD
RT_Get_WMM_QoS_APSD
RT_SetIsXlink
RT_GetIsXlink
RT_SetTurboMode
RT_SetRTSThreshold
RT_SetFragmentationThreshold
RT_SetAdhocDefaultWirelessMode
RT_SetWirelessMode
RT_EnableWirelessMode
RT_SaveLog
RT_SendMagicPacket
RT_GetDTIMPeriod
RT_GetBeaconInterval
RT_SetDTIMPeriod
RT_SetBeaconInterval
RT_GetLiveTime
RT_AP_GetStationList
RT_GetMeshID
RT_SetWDS_AP_LIST
RT_SiteSurveyEx
RT_GetEapFastVersion
RT_CCX_SetTpower
RT_SetEapFastVersion
RT_CCX_GetTpower
RT_CCX_GetTxPowerRange
RT_DebuggCmdReturn
RT_DebugCmdCheck
RT_DebugCmdSend
RT_Get_11N_Retry_Count
RT_GetInitial_11N_Txrate
RT_GetStatus_11N_Rxrate
RT_GetStatus_11N_Txrate
RT_GetStatusSignalInfoMIMO
RT_GetStatusDynamicRate
RT_GetExtendedStatistics
RT_GetPort_Auth_State
RT_CCX_GetTxPowerPercentage
RT_CCX_SetTxPowerPercentage
RT_VERIFY_PIN
RT_GEN_PIN
RT_WS2_stop
RT_Check_Session_Overlap
RT_WSC_Connect
RT_GetPIN_WS2
RT_Debug_Methodflag
RT_WPS
RT_WS2_init

iplib

GetIpInformation

kernel32

IsBadCodePtr
IsBadReadPtr
GetDriveTypeA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetACP
HeapSize
HeapReAlloc
GetFileType
RaiseException
ExitThread
GetStartupInfoA
GetSystemTimeAsFileTime
TerminateProcess
ExitProcess
HeapAlloc
HeapFree
InterlockedExchange
GetProfileStringA
RtlUnwind
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentDirectoryA
SizeofResource
GetOEMCP
GetCPInfo
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
FormatMessageA
GetLastError
Sleep
GetCommandLineA
OutputDebugStringA
CloseHandle
GetFileSize
CreateFileA
GetLocalTime
CreateThread
TerminateThread
WaitForSingleObject
ResumeThread
lstrlenW
GetVersionExA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
GlobalLock
WinExec
SetEvent
GetTickCount
ResetEvent
WaitForMultipleObjects
GetModuleFileNameA
ConnectNamedPipe
CreateNamedPipeA
DisconnectNamedPipe
FlushFileBuffers
GetComputerNameA
WriteFile
ReadFile
Process32Next
Process32First
CreateToolhelp32Snapshot
CopyFileA
CreateMutexA
FreeLibrary
lstrcpynA
ProcessIdToSessionId
GetCurrentProcessId
SuspendThread
SetThreadPriority
GetCurrentThreadId
CreateEventA
InterlockedIncrement
InterlockedDecrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
SetLastError
GetProcAddress
GetModuleHandleA
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
lstrcatA
GetVersion
LockResource
LoadResource
FindResourceA
LoadLibraryA
GlobalFree
GetCurrentThread
lstrcmpA
GlobalAlloc
MulDiv
ReleaseMutex
FindClose
FindFirstFileA
FindNextFileA
WritePrivateProfileStringA
GetFileAttributesA
GetTempFileNameA
GetFullPathNameA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessVersion
GlobalFlags
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
DuplicateHandle
GetCurrentProcess
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
MoveFileA
DeleteFileA
GetVolumeInformationA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
LocalFileTimeToFileTime
SystemTimeToFileTime

user32

LoadAcceleratorsA
TranslateAcceleratorA
GetDesktopWindow
ReuseDDElParam
UnpackDDElParam
IsZoomed
ShowOwnedPopups
SetWindowContextHelpId
RegisterClipboardFormatA
SetRect
GetSysColorBrush
GetClassNameA
CharUpperA
InsertMenuA
WindowFromPoint
DestroyIcon
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
GetTabbedTextExtentA
GetDCEx
LockWindowUpdate
SetParent
EndDialog
CreateDialogIndirectParamA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
CheckRadioButton
SendDlgItemMessageA
MapWindowPoints
SetActiveWindow
SetFocus
AdjustWindowRectEx
DeferWindowPos
CopyRect
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetTopWindow
WinHelpA
GetClassInfoA
RegisterClassA
GetMenuItemID
TrackPopupMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
DestroyWindow
GetClassLongA
SetRectEmpty
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
GetWindow
SetWindowLongA
GrayStringA
RegisterWindowMessageA
IntersectRect
GetWindowPlacement
GetScrollPos
SetScrollPos
GetCapture
SetCursor
LoadCursorA
DestroyCursor
BeginDeferWindowPos
EndDeferWindowPos
EqualRect
IsIconic
SetCursorPos
PtInRect
ReleaseCapture
ClientToScreen
ScreenToClient
SetCapture
GetDlgCtrlID
IsChild
CreateWindowExA
WaitMessage
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
GetMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
GetNextDlgTabItem
GetFocus
DrawTextA
SystemParametersInfoA
GetSubMenu
DeleteMenu
GetCursorPos
GetDC
ReleaseDC
SetForegroundWindow
UpdateWindow
OffsetRect
BringWindowToTop
GetSysColor
GetAsyncKeyState
LoadImageA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
SetPropA
SetTimer
KillTimer
InflateRect
FrameRect
IsRectEmpty
InvalidateRect
CloseWindow
RegisterDeviceNotificationA
GetMenu
PeekMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetWindowRect
LoadStringA
GetSystemMetrics
IsWindow
LoadMenuA
GetMenuItemCount
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
MapDialogRect
SetWindowPos
PostQuitMessage
ModifyMenuA
RemoveMenu
GetMenuStringA
CheckMenuItem
GetMenuState
SetMenu
DestroyMenu
DrawMenuBar
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
FillRect
LoadBitmapA
LoadIconA
wsprintfA
FindWindowA
PostThreadMessageA
RedrawWindow
EnableWindow
SendMessageA
ShowScrollBar
PostMessageA
GetParent
MessageBoxA
GetClientRect

gdi32

SelectClipRgn
ExcludeClipRect
ScaleWindowExtEx
SetWindowExtEx
GetClipBox
SetWindowOrgEx
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
RestoreDC
SaveDC
StartDocA
DeleteDC
CreateRectRgnIndirect
SetBkColor
IntersectClipRect
PatBlt
CreateBitmap
CreateFontA
GetStockObject
GetObjectA
GetTextExtentPointA
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
DeleteObject
CreatePalette
GetDeviceCaps
RealizePalette
SetTextColor
CreateDIBitmap
GetWindowOrgEx
GetTextFaceA
GetROP2
GetBkMode
GetTextAlign
GetPolyFillMode
GetStretchBltMode
GetNearestColor
GetBkColor
GetTextColor
CreateDCA
SetAbortProc
StartPage
EndPage
EndDoc
AbortDoc
GetViewportOrgEx
Rectangle
LPtoDP
GetTextMetricsA
GetTextExtentPoint32A
GetCharWidthA
StretchDIBits
DPtoLP
CreateFontIndirectA
CombineRgn
SetRectRgn
GetMapMode
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePatternBrush
CreateSolidBrush
CreatePen
GetWindowExtEx
GetViewportExtEx
CreateRectRgn

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
PrintDlgA
CommDlgExtendedError

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegFlushKey
RegDeleteValueA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
SetFileSecurityA
GetFileSecurityA
RegSetValueA
RegCloseKey

shell32

SHGetFileInfoA
DragQueryFileA
DragFinish
Shell_NotifyIconA
ExtractIconA

comctl32

ImageList_SetOverlayImage
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_Create
ImageList_GetIcon
ord17
ImageList_Destroy
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject

olepro32

ord253

oleaut32

SysAllocStringByteLen
SysFreeString
VariantCopy
VariantClear
VariantChangeType
SysAllocStringLen
SysAllocString
VariantTimeToSystemTime
SysStringLen

wsock32

setsockopt
WSAGetLastError
inet_addr
gethostname
htonl
htons
ntohs
WSACleanup
WSAStartup
ntohl
WSASetLastError
connect
sendto
recvfrom
socket
inet_ntoa
WSAAsyncSelect
send
recv
gethostbyname
closesocket
bind
ioctlsocket
accept

shlwapi

StrStrIA

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
WTSEnumerateSessionsA

Sections

.text
Size: 624KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2f04dd9685e9d9f113c74b23aad1712d

Headers

File Characteristics

Imports

rtlics

version

gdiplus

enumdevlib

rtllib

iplib

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

shlwapi

wtsapi32

Sections

.text Size: 624KB - Virtual size: 620KB

.rdata Size: 124KB - Virtual size: 121KB

.data Size: 44KB - Virtual size: 279KB

.rsrc Size: 116KB - Virtual size: 116KB

.text
Size: 624KB - Virtual size: 620KB

.rdata
Size: 124KB - Virtual size: 121KB

.data
Size: 44KB - Virtual size: 279KB

.rsrc
Size: 116KB - Virtual size: 116KB