eb18548839cc96c21d94938daba1dc728c149feede57eb9e877c6f5aa6fca6aa

Sharing

Copy URL

Twitter E-mail

General

Target

eb18548839cc96c21d94938daba1dc728c149feede57eb9e877c6f5aa6fca6aa
Size

4.8MB
MD5

ed2cdb77622ce539715f7888f2b62dee
SHA1

6959d28eb3d8c5c223a09188345a2827e18d0a11
SHA256

eb18548839cc96c21d94938daba1dc728c149feede57eb9e877c6f5aa6fca6aa
SHA512

7497d2cb2eee0d602cb5642779fff90d71c5922bf3f6f651a968867409fb945496ad7875de8d89e596e6459f2d521d4020c447ded7a70a241bed1d546a094579
SSDEEP

98304:mKB7OOzqrZoeNqI3kErrIQLTozOBUPIhsVXzTudXTzAjqQltqN4uWvY3GgSO+HyX:mKB7O2KnTRskdDz6SWvY3GU+Sji0k//C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb18548839cc96c21d94938daba1dc728c149feede57eb9e877c6f5aa6fca6aa

Files

eb18548839cc96c21d94938daba1dc728c149feede57eb9e877c6f5aa6fca6aa
.exe windows:5 windows x86 arch:x86

87de70064e0c29d8abbf869e7a1c6f7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFileExistsW
PathFindExtensionW

kernel32

SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
IsProcessorFeaturePresent
GetCPInfo
HeapQueryInformation
GetOEMCP
IsValidCodePage
SetStdHandle
FatalAppExitA
SetCurrentDirectoryW
GetProcessHeap
WriteConsoleW
SetConsoleCtrlHandler
LCMapStringW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
ExitThread
GetConsoleMode
GetConsoleCP
GetFileType
GetFullPathNameA
VirtualQuery
VirtualAlloc
GetStringTypeW
HeapSize
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
GetDateFormatA
GetTimeFormatA
MoveFileA
HeapAlloc
HeapFree
RaiseException
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RtlUnwind
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
LocalLock
LocalUnlock
FindResourceExW
ReplaceFileW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
SetErrorMode
GetAtomNameW
GlobalGetAtomNameW
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
lstrcpyW
lstrlenA
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesExW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
MoveFileW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GlobalFindAtomW
CompareStringW
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
CopyFileW
GlobalSize
FormatMessageW
LocalFree
MulDiv
FreeResource
GetCurrentProcessId
GlobalAddAtomW
GetPrivateProfileStringW
lstrlenW
WritePrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameW
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
ActivateActCtx
DeactivateActCtx
lstrcmpW
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
GetDiskFreeSpaceW
SetVolumeLabelW
GetDriveTypeW
SetFileAttributesW
GetFileAttributesW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
ReleaseMutex
GetSystemDirectoryW
CreateDirectoryA
GetCurrentProcess
Process32FirstW
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
GetModuleFileNameA
LoadLibraryW
GetProcAddress
GetSystemInfo
WideCharToMultiByte
CreateDirectoryW
GetVersionExW
CreateProcessW
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
LoadLibraryA
SetLastError
FindResourceA
FreeLibrary
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesA
DeleteFileA
CreateFileA
SetFilePointer
ReadFile
WriteFile
CreateFileW
GetFileSize
DeleteFileW
MultiByteToWideChar
CreateThread
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
ReleaseSemaphore
GetCommandLineW
CreateSemaphoreW
CloseHandle
GetModuleHandleW
WinExec
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ExitProcess
Sleep
CreateMutexW
GetLastError
GetACP

user32

GetTabbedTextExtentW
GetDCEx
EnumChildWindows
GetWindowRgn
WindowFromDC
DestroyCursor
MapDialogRect
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
CharUpperBuffW
CopyIcon
RegisterClipboardFormatW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetUpdateRect
FrameRect
SendNotifyMessageW
IsClipboardFormatAvailable
SetMenuDefaultItem
PostThreadMessageW
CreateMenu
IsMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
GetNextDlgGroupItem
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
UnpackDDElParam
ReuseDDElParam
GetMenuBarInfo
LoadImageW
InsertMenuItemW
TranslateAcceleratorW
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
GetSystemMenu
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
CopyImage
DestroyMenu
GetMenuItemInfoW
UnregisterClassW
IntersectRect
InflateRect
GetDialogBaseUnits
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
KillTimer
SetTimer
InvalidateRect
RealChildWindowFromPoint
GetSysColorBrush
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
DeleteMenu
CharUpperW
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
ScrollWindowEx
ShowWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
LoadIconW
EnableWindow
MoveWindow
SetWindowLongW
GetWindowRect
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
CopyRect
PtInRect
GetWindow
UnhookWindowsHookEx
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetSysColor
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GetWindowLongW
SendMessageW
DrawIcon
GetClientRect
InSendMessage
GetSystemMetrics
IsIconic
PostMessageW
GetParent
PostMessageA
EndPaint
BeginPaint
ScreenToClient
MessageBoxW
FindWindowA
GetWindowThreadProcessId
FindWindowExW
IsWindow
FindWindowW
wsprintfW
PostQuitMessage
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
SetCursor
ShowOwnedPopups
IsWindowEnabled
GetLastActivePopup
EndDialog
GetNextDlgTabItem
GetDlgItem
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetDesktopWindow
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW

gdi32

StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
SetPaletteEntries
GetTextAlign
GetTextFaceW
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
SetPixelV
PatBlt
GetBoundsRect
CreateDCW
GetStretchBltMode
ExtFloodFill
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExW
Rectangle
RoundRect
SetPixel
StretchBlt
GetDIBits
SetDIBColorTable
GetRgnBox
OffsetRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
GetBkColor
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetCurrentObject
StretchDIBits
GetCharWidthW
DPtoLP
GetMapMode
CombineRgn
CopyMetaFileW
CreateHatchBrush
ExtCreatePen
CreatePen
GetDeviceCaps
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
SetRectRgn
GetTextExtentPoint32W
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
CreateCompatibleBitmap
CreateFontIndirectW
SetArcDirection
CreateRectRgnIndirect
SetColorAdjustment
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
CreateSolidBrush
DeleteObject
CreateFontW
GetObjectW
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
CreateDIBitmap

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

GetJobW
DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegEnumKeyExA
RegQueryValueExW
RegOpenKeyExA
OpenProcessToken
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
GetFileSecurityW
SetFileSecurityW
RegEnumKeyExW
RegEnumValueW
RegSetValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSaveKeyA
RegRestoreKeyA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
CreateProcessWithTokenW
DuplicateTokenEx
RegQueryValueExA
RegOpenKeyW
RegEnumValueA
LookupPrivilegeValueW

shell32

SHGetMalloc
SHAppBarMessage
SHGetDesktopFolder
DragQueryFileW
DragFinish
ExtractIconW
SHAddToRecentDocs
SHGetFileInfoW
SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteExW
ShellExecuteExA
ShellExecuteW
SHGetSpecialFolderLocation
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx

ole32

StgOpenStorageOnILockBytes
StgCreateDocfile
CoInitializeEx
CoDisconnectObject
CLSIDFromString
StringFromGUID2
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
GetRunningObjectTable
OleIsRunning
OleRegEnumVerbs
StgOpenStorage
StgIsStorageFile
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleSetMenuDescriptor
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
PropVariantCopy
StgCreateDocfileOnILockBytes
OleSave
CreateILockBytesOnHGlobal
OleSaveToStream
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreate
OleLoad
GetHGlobalFromILockBytes
OleSetContainedObject
OleCreateFromFile
OleCreateLinkToFile
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateDataAdviseHolder
CreateOleAdviseHolder
OleQueryLinkFromData
OleQueryCreateFromData
RevokeDragDrop
CoLockObjectExternal
CreateBindCtx
ReadClassStg
WriteClassStm
CreateFileMoniker
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
GetHGlobalFromStream
RegisterDragDrop
OleGetClipboard
CoCreateGuid
OleRun
OleRegGetMiscStatus
CoGetMalloc
CoInitialize

oleaut32

LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
VarBstrFromCy

oledlg

OleUIBusyW

gdiplus

GdipAlloc
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDrawImageRectI
GdipDeleteGraphics
GdipCloneImage
GdipDisposeImage
GdipFree
GdiplusStartup
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdiplusShutdown

ws2_32

connect
closesocket
send
WSAStartup
socket
htons
inet_ntoa
recv
select
__WSAFDIsSet
getsockopt
gethostbyname

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExA

imagehlp

MakeSureDirectoryPathExists

netapi32

Netbios

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 588KB - Virtual size: 587KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87de70064e0c29d8abbf869e7a1c6f7e

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

oledlg

gdiplus

ws2_32

version

psapi

imagehlp

netapi32

oleacc

imm32

winmm

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 588KB - Virtual size: 587KB

.data Size: 36KB - Virtual size: 70KB

.rsrc Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 190KB - Virtual size: 189KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 588KB - Virtual size: 587KB

.data
Size: 36KB - Virtual size: 70KB

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 190KB - Virtual size: 189KB