ef0d04e62720664005abd87e6d820ee20d1c5aa4e737ca3b1a6872e38bb6a686

Sharing

Copy URL Twitter E-mail

General

Target

ef0d04e62720664005abd87e6d820ee20d1c5aa4e737ca3b1a6872e38bb6a686
Size

5.2MB
MD5

a7e9a229e6172bd6afbbd2d439863394
SHA1

9472d790934d2d47518e9e72e91450d9ec4cfccb
SHA256

ef0d04e62720664005abd87e6d820ee20d1c5aa4e737ca3b1a6872e38bb6a686
SHA512

dd11f92e5a4d6b88f422578a9d7a8dc96dc68a3a3ebf4b1dd3bd45275409e057440e9b833dbb98283997d303bcadeee060944f4b9016f512ccc10ca93f9dcd67
SSDEEP

98304:HC3saCCVWYRfgV3vTzpljPG8hRiCu/CVUdVEy9qMBNP/qxct8qoZOMA44fj:baCCVWYd8C4UdVEy9qMBNLt4ZOMA44

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef0d04e62720664005abd87e6d820ee20d1c5aa4e737ca3b1a6872e38bb6a686

Files

ef0d04e62720664005abd87e6d820ee20d1c5aa4e737ca3b1a6872e38bb6a686
.exe windows:6 windows x86 arch:x86

42665c26ae6a8760eef80f93efb34211

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstChangeNotificationW
CompareFileTime
GetFileInformationByHandle
RtlCaptureStackBackTrace
GetDriveTypeW
WritePrivateProfileStringW
lstrcmpiW
LoadLibraryExW
ExitThread
GetCommandLineW
VerifyVersionInfoW
VerSetConditionMask
CreateThread
GetCurrentThreadId
InitializeCriticalSectionEx
RaiseException
DecodePointer
lstrcpynW
GetLocalTime
WaitForMultipleObjects
Sleep
CreateEventW
WaitForSingleObject
SetEvent
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
IsWow64Process
GetTickCount
OpenProcess
lstrcmpA
GetCurrentProcess
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
GetFileSize
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
DeleteCriticalSection
GetModuleFileNameW
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
MoveFileExW
MoveFileW
lstrlenW
FindResourceW
SizeofResource
FindCloseChangeNotification
LockResource
LoadResource
FindResourceExW
GetWindowsDirectoryW
CreateDirectoryW
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
DeviceIoControl
GetSystemWindowsDirectoryW
WriteConsoleW
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
RtlUnwind
WaitForMultipleObjectsEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetFullPathNameW
GetFileAttributesW
FindNextFileW
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetProcessHeap
SearchPathW
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
FindFirstFileW
FindClose
DeleteFileW
CloseHandle
WriteFile
GetFileAttributesExW
SetFilePointer
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLongPathNameW
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CopyFileW
GetShortPathNameW
OutputDebugStringA
OutputDebugStringW
GetFileSizeEx
ResetEvent
GetSystemInfo
GetTempFileNameW
LocalFree
FormatMessageW
GetEnvironmentVariableW
GetVersionExW
GetDiskFreeSpaceExW
GetSystemDirectoryW
LocalAlloc
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FlushFileBuffers
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WaitForSingleObjectEx
GetStartupInfoW
lstrcpyW
SetCurrentDirectoryW
GetCurrentDirectoryW
MulDiv
GetACP
IsBadReadPtr
ExitProcess
FreeResource
lstrcmpW
FileTimeToLocalFileTime
GetFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFileTime
GetSystemTime
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetVersion
ResumeThread
SignalObjectAndWait
SetThreadPriority

user32

UnionRect
OffsetRect
EqualRect
DestroyCursor
DrawFocusRect
MoveWindow
IsChild
IsWindowVisible
IsZoomed
GetKeyState
GetUpdateRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
IntersectRect
IsRectEmpty
GetClassNameW
wvsprintfW
InflateRect
PostQuitMessage
RegisterClassW
EnableWindow
GetSystemMetrics
GetMenu
SetPropW
GetPropW
AdjustWindowRectEx
LoadImageW
RemovePropW
IsIconic
SetWindowRgn
MonitorFromPoint
CopyImage
CharPrevW
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
GetMessagePos
MessageBoxW
HideCaret
ShowCaret
ClientToScreen
GetSysColor
GetWindowDC
CreateAcceleratorTableW
InvalidateRgn
IsWindowEnabled
SystemParametersInfoW
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
GetActiveWindow
DialogBoxParamW
FindWindowW
CharNextW
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
FillRect
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DrawTextW
GetAsyncKeyState
GetFocus
UpdateLayeredWindow
ShowWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
wsprintfW
DefWindowProcW
DestroyWindow
GetMonitorInfoW
MonitorFromWindow
IsDialogMessageW
LoadCursorW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
MapWindowPoints
SetCursor
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
SetFocus
EndDialog
CopyRect
SetWindowPos
SendMessageW
GetShellWindow
LoadStringW
GetWindowThreadProcessId
FindWindowExW
PostMessageW
KillTimer
SetTimer
SendMessageTimeoutW
GetDlgCtrlID
CallWindowProcW

gdi32

GetTextExtentPoint32W
ExtSelectClipRgn
StretchBlt
SetStretchBltMode
SetDIBColorTable
TextOutW
ExtTextOutW
GdiFlush
GetTextColor
CreateDCW
GetDIBits
SetDIBitsToDevice
GetClipBox
GetCharABCWidthsW
CombineRgn
GetDeviceCaps
CreateRoundRectRgn
GetTextMetricsW
Rectangle
CreatePen
CreateFontIndirectW
OffsetViewportOrgEx
RectVisible
EnumFontFamiliesW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
SetViewportOrgEx
CreateFontW
CreateRectRgnIndirect
CreateSolidBrush
GetStockObject
RestoreDC
SaveDC
SelectClipRgn
SetBkColor
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
SetWindowOrgEx

advapi32

SetNamedSecurityInfoW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DeleteAce
EqualSid
LookupAccountSidW
LookupAccountNameW
SetEntriesInAclW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
BuildExplicitAccessWithNameW
GetTrusteeNameW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptContextAddRef
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCreateKeyW
GetTokenInformation
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
GetUserNameW

shell32

ShellExecuteExW
SHFileOperationW
ord165
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHChangeNotify

ole32

OleRun
CoCreateGuid
StringFromGUID2
CLSIDFromString
OleLockRunning
CreateStreamOnHGlobal
CLSIDFromProgID
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr
VariantCopy
SafeArrayPutElement
SafeArrayCreate
SysAllocStringLen
CreateErrorInfo
SetErrorInfo
VarBstrCmp
VariantClear
SysFreeString
SysStringByteLen
VariantChangeType
GetErrorInfo
VariantInit
SysStringLen
SysAllocStringByteLen
SysAllocString

shlwapi

AssocQueryStringW
wnsprintfW
PathIsPrefixW
SHSetValueW
PathIsRootW
SHAutoComplete
StrCmpNIW
StrTrimA
StrStrIA
StrCmpIW
SHSetValueA
PathIsRelativeW
SHGetValueW
PathFindFileNameA
PathAppendW
PathCombineW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathCompactPathW
PathRemoveFileSpecW
PathIsDirectoryW
StrStrIW

comctl32

ord17
ImageList_DrawEx
_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize

gdiplus

GdipImageGetFrameDimensionsList
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipImageGetFrameCount
GdiplusStartup
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipLoadImageFromStreamICM
GdipGetPropertyItemSize
GdipImageGetFrameDimensionsCount
GdipAlloc
GdipFree
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipSetPenMode
GdipSetPenDashStyle
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawPath
GdipFillEllipseI
GdipClosePathFigure
GdipCreateTexture
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipGraphicsClear
GdipFillPath
GdipDrawImagePointsI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipAddPathArc
GdipDrawEllipseI
GdiplusShutdown

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupIterateCabinetW

crypt32

CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW
CryptStringToBinaryA

msimg32

GradientFill
AlphaBlend

Exports

Exports

BasicEntry
InstallEntryW
_BasicEntry@12
_CreateApp@0
_Start@4
_Uninst@4

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42665c26ae6a8760eef80f93efb34211

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

iphlpapi

wininet

urlmon

version

setupapi

crypt32

msimg32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 402KB - Virtual size: 402KB

.data Size: 36KB - Virtual size: 90KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 105KB - Virtual size: 104KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 402KB - Virtual size: 402KB

.data
Size: 36KB - Virtual size: 90KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 105KB - Virtual size: 104KB