0cb26657883edda36a2cbe96f727ec835f6c0300ff96740d6cf8f1438e76d78c

Sharing

Copy URL Twitter E-mail

General

Target

0cb26657883edda36a2cbe96f727ec835f6c0300ff96740d6cf8f1438e76d78c
Size

4.5MB
MD5

f03e90646f450c2cc51804de8c8e8b91
SHA1

017670d4509650b30087831317a5bde0500128ea
SHA256

0cb26657883edda36a2cbe96f727ec835f6c0300ff96740d6cf8f1438e76d78c
SHA512

ec21e28b880cce4f04201341959546a702547fc09a7a693e30585182880cbc1ccc72830cf282cf004a764a73e956f323e5ba7cf2ce3dfce33ef80b5ce99ba395
SSDEEP

98304:u7Wgu8H5ITXzYQkzANSRfbB/F1X2j3SripC3pxtLFLOAkGkzdnEVomFHKnPs:u7WgqRRm6yipC3pxZFLOyomFHKnPs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cb26657883edda36a2cbe96f727ec835f6c0300ff96740d6cf8f1438e76d78c

Files

0cb26657883edda36a2cbe96f727ec835f6c0300ff96740d6cf8f1438e76d78c
.exe windows:5 windows x86 arch:x86

98684a6396d40f178d63e979c83a17fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SleepEx
WaitForMultipleObjects
PeekNamedPipe
MoveFileExW
GetEnvironmentVariableA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleCP
WriteConsoleW
EnumSystemLocalesW
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
HeapQueryInformation
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetSystemInfo
GetFileType
SetStdHandle
ExitProcess
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
QueryPerformanceFrequency
RtlUnwind
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
GetComputerNameA
InitializeCriticalSectionEx
TryEnterCriticalSection
IsValidLocale
GetDriveTypeW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
InitializeSRWLock
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetErrorMode
GetWindowsDirectoryW
FindResourceExW
GetProfileIntW
GetTempPathW
SearchPathW
SystemTimeToTzSpecificLocalTime
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
GetStringTypeExW
MoveFileW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
LockResource
GetUserDefaultLCID
ReplaceFileW
SetFileTime
GetTempFileNameW
GetFullPathNameW
GetFileTime
GetDiskFreeSpaceW
GetTickCount
GetPrivateProfileIntW
CompareStringA
lstrcmpA
GetCurrentThread
GetThreadLocale
SystemTimeToFileTime
FileTimeToSystemTime
GetCurrentDirectoryW
GlobalReAlloc
GetFileSize
GetFileAttributesW
CreateFileW
VerifyVersionInfoW
VerSetConditionMask
GlobalGetAtomNameW
ResumeThread
SetThreadPriority
CreateEventW
WaitForSingleObject
SetEvent
GetVersionExW
GetCurrentProcessId
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryA
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalSize
SetLastError
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetSystemDefaultLCID
CreateMutexW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
WritePrivateProfileStringW
GetPrivateProfileStringW
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyW
DeleteFileW
OutputDebugStringW
CloseHandle
Sleep
CreateThread
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LoadResource
GetLastError
GetEnvironmentStringsW

user32

InsertMenuItemW
DestroyMenu
TranslateAcceleratorW
LoadAcceleratorsW
TranslateMessage
GetMessageW
DrawStateW
GetWindowThreadProcessId
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SendDlgItemMessageA
GetDesktopWindow
UnionRect
SetRect
RegisterClipboardFormatW
DrawEdge
DrawFrameControl
WindowFromPoint
LockWindowUpdate
SetCursor
EnableWindow
GetClientRect
SetRectEmpty
GetUpdateRect
KillTimer
SetTimer
GetAsyncKeyState
BringWindowToTop
IsRectEmpty
IntersectRect
GetCursorPos
SetWindowRgn
CreatePopupMenu
ReleaseCapture
SetCapture
SetClassLongW
GetSysColorBrush
IsDialogMessageW
DestroyIcon
UnpackDDElParam
ReuseDDElParam
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsZoomed
GetMenuDefaultItem
SetMenuDefaultItem
DrawIconEx
GetKeyNameTextW
MapVirtualKeyW
SetWindowTextW
IsWindowEnabled
GetMenuItemInfoW
SetLayeredWindowAttributes
LoadCursorW
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
SendMessageW
GetDC
ReleaseDC
InflateRect
GetWindowRect
IsChild
GetFocus
LoadMenuW
GetSubMenu
UpdateWindow
InvalidateRect
ScreenToClient
GetSysColor
GetParent
LoadBitmapW
GetWindowLongW
OffsetRect
CharUpperW
GetSystemMetrics
GetMenuState
CheckMenuItem
ModifyMenuW
RedrawWindow
LoadImageW
SystemParametersInfoW
UnregisterClassW
IsIconic
PostMessageW
ShowWindow
MoveWindow
ClientToScreen
SetWindowLongW
SetParent
FindWindowW
GetMenuStringW
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
FillRect
EnableMenuItem
MapVirtualKeyExW
IsCharLowerW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetDlgItem
GetDlgCtrlID
SetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
DrawFocusRect
TrackMouseEvent
GetSystemMenu
DeleteMenu
MessageBeep
NotifyWinEvent
UpdateLayeredWindow
EnableScrollBar
MonitorFromPoint
DestroyAcceleratorTable
GetIconInfo
CharUpperBuffW
FrameRect
HideCaret
InvertRect
PostQuitMessage
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
GetNextDlgGroupItem
PostThreadMessageW
WaitMessage
DrawIcon
RealChildWindowFromPoint
SetCursorPos
CopyIcon
SubtractRect
DestroyCursor
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
CopyAcceleratorTableW
IsClipboardFormatAvailable
GetDoubleClickTime
EnumChildWindows
GetComboBoxInfo
CopyImage
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
AdjustWindowRectEx
MessageBoxW
MapWindowPoints
CopyRect
EqualRect
PtInRect
GetClassLongW
GetClassNameW
GetTopWindow
GetLastActivePopup
GetWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
SetDlgItemTextW
CheckDlgButton
GetWindowRgn
CreateMenu
InvalidateRgn
CharNextW

gdi32

GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
CreateDIBSection
GetTextColor
CombineRgn
GetMapMode
PatBlt
SetRectRgn
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetDIBits
RealizePalette
GetObjectW
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetBkColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
Rectangle
RoundRect
LPtoDP
GetRgnBox
OffsetRgn
CreatePalette
GetPaletteEntries
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetNearestPaletteIndex
GetSystemPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
SetPixelV
CreateFontIndirectW
GetTextMetricsW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
GetStockObject
StretchBlt
GetTextExtentPoint32W
DeleteDC
DeleteObject
EnumFontsW
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateBitmap
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
SetMapMode
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
SetLayout
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetPixel
DPtoLP

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetSaveFileNameW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

CryptAcquireContextW
RegCloseKey
RegSetValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegQueryValueW
GetFileSecurityW
SetFileSecurityW
RegEnumKeyExW
RegEnumValueW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext

shell32

DragQueryFileW
DragFinish
SHAppBarMessage
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
ExtractIconW
SHAddToRecentDocs
ShellExecuteW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_AddMasked

shlwapi

PathFindFileNameW
PathFileExistsW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW
PathFindExtensionW

uxtheme

GetWindowTheme
GetThemePartSize
IsAppThemed
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
DrawThemeText

ole32

OleFlushClipboard
CoInitializeSecurity
OleIsCurrentClipboard
DoDragDrop
OleLockRunning
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoDisconnectObject
CLSIDFromProgID
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CLSIDFromString
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
OleGetClipboard
IsAccelerator

oleaut32

OleCreateFontIndirect
LoadTypeLi
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantInit
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipCreatePath
GdiplusStartup
GdipFree
GdipAlloc
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipDeleteGraphics
GdipDeletePath
GdipFillRectangleI
GdipFillEllipseI
GdipFillPieI
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipGetPathWorldBounds
GdipAddPathString
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipGetFamily
GdipGetFontStyle
GdipGetFontSize
GdipDrawString
GdipCreateStringFormat
GdiplusShutdown
GdipSetSmoothingMode
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipSetStringFormatLineAlign

ch375dll

CH375SetDeviceNotify

wch55xispdll

WCH55x_EnumDevices
WCH55x_SetIspOption

ws2_32

ntohs
recv
send
socket
WSAStartup
WSACleanup
sendto
inet_addr
getsockname
listen
getaddrinfo
freeaddrinfo
setsockopt
WSAIoctl
htonl
htons
getpeername
__WSAFDIsSet
select
gethostname
ioctlsocket
connect
recvfrom
bind
inet_pton
inet_ntop
WSASetLastError
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACloseEvent
inet_ntoa
WSACreateEvent
accept
getsockopt

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertOpenStore
CryptDecodeObjectEx
CertAddCertificateContextToStore

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 509KB - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98684a6396d40f178d63e979c83a17fc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

ch375dll

wch55xispdll

ws2_32

oleacc

imm32

winmm

bcrypt

crypt32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 509KB - Virtual size: 509KB

.data Size: 32KB - Virtual size: 53KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 188KB - Virtual size: 187KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 509KB - Virtual size: 509KB

.data
Size: 32KB - Virtual size: 53KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 188KB - Virtual size: 187KB