7b0abb31914d53cac31feeae961b7261d0b9f1abc534e7f733eac35c76b9349e

Sharing

Copy URL Twitter E-mail

General

Target

7b0abb31914d53cac31feeae961b7261d0b9f1abc534e7f733eac35c76b9349e
Size

4.6MB
MD5

f2ae87134ae64c12e1ee6bfe42649e73
SHA1

439a64e8fcd15be7e85045eaf6d300284de39074
SHA256

7b0abb31914d53cac31feeae961b7261d0b9f1abc534e7f733eac35c76b9349e
SHA512

f768437317f6e103dc639e3122acd5073376a63563c4c3711ca73109fcfd30dc6cc7897c54f6759dfec8f76565e49480ed66b55fd9f6f27654b94614c7c55aef
SSDEEP

98304:m0xu1QDwLO0CyOOGEuqLjJHLMskBShKryD:mSwQDwLOQxJJAskIqyD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b0abb31914d53cac31feeae961b7261d0b9f1abc534e7f733eac35c76b9349e

Files

7b0abb31914d53cac31feeae961b7261d0b9f1abc534e7f733eac35c76b9349e
.exe windows:6 windows x86 arch:x86

5ae3d7c7bff8d1d3576a5fedfeaed6d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
SetCurrentDirectoryW
CreateProcessW
CopyFileW
VirtualQuery
GetQueuedCompletionStatus
SetEvent
ResetEvent
GetLocalTime
GetSystemTimeAsFileTime
lstrlenW
VerSetConditionMask
VerifyVersionInfoW
lstrcmpiW
LoadLibraryExW
SetFileTime
SetFileAttributesW
PostQueuedCompletionStatus
CreateIoCompletionPort
GlobalFlags
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
RemoveDirectoryW
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetFileType
GetStdHandle
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringEx
LocalFree
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
GetEnvironmentVariableW
OutputDebugStringA
GetCurrentProcess
FindNextFileW
GetCommandLineW
CreateDirectoryW
FreeLibrary
LoadLibraryW
GetUserDefaultLCID
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
GlobalReAlloc
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
GetTickCount
TerminateProcess
OpenProcess
Process32NextW
GetSystemInfo
Process32FirstW
CreateToolhelp32Snapshot
TerminateThread
GetExitCodeThread
CreateThread
SetWaitableTimer
CreateWaitableTimerW
OpenEventW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetFileAttributesW
ExitProcess
Sleep
MultiByteToWideChar
DeleteFileW
CreateEventW
LeaveCriticalSection
WriteFile
SetFilePointerEx
ReadFile
SetFilePointer
CreateFileW
FindClose
FindFirstFileW
GetModuleFileNameW
GetTempPathW
GetSystemDirectoryW
GetWindowsDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTickCount64
GetTimeZoneInformation
WideCharToMultiByte
MoveFileW
TryEnterCriticalSection
EnterCriticalSection
GetModuleFileNameA
InitializeCriticalSection
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
CreateMutexExW
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
HeapSize
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSectionEx
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetACP

user32

GetMenu
GetMenuItemCount
DeleteMenu
CreatePopupMenu
TrackPopupMenu
GetSubMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
DestroyMenu
TranslateAcceleratorW
CheckMenuItem
AppendMenuW
EnableMenuItem
CreateMenu
GetWindowThreadProcessId
MonitorFromWindow
SetActiveWindow
WaitForInputIdle
OpenClipboard
GetMonitorInfoW
CloseClipboard
EmptyClipboard
MoveWindow
EnumWindows
SetClipboardData
EnumDisplaySettingsW
wsprintfW
EndPaint
BeginPaint
GetClassInfoExW
IsRectEmpty
RegisterClassExW
DrawEdge
DrawTextW
DrawFrameControl
RegisterWindowMessageW
SystemParametersInfoW
UnregisterClassW
GetSystemMetrics
DestroyIcon
DestroyCursor
MessageBoxW
SetRect
SendMessageW
SetWindowPos
SetWindowLongW
DrawFocusRect
RedrawWindow
OffsetRect
InflateRect
GetMessagePos
CharNextW
PostQuitMessage
FindWindowExW
GetNextDlgTabItem
IsIconic
GetClassNameW
IntersectRect
FrameRect
IsWindowEnabled
IsChild
GetDlgCtrlID
IsDialogMessageW
DrawIcon
SetWindowRgn
GetSystemMenu
GetLastActivePopup
SetParent
MessageBeep
ChildWindowFromPointEx
WindowFromPoint
PostMessageW
GetPropW
CreateWindowExW
RemovePropW
InvalidateRect
GetWindowTextW
GetWindowTextLengthW
GetActiveWindow
DefWindowProcW
CallWindowProcW
WinHelpW
DestroyWindow
IsWindow
SetScrollRange
GetScrollRange
GetScrollPos
GetSysColor
GetDlgItem
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SetWindowTextW
IsWindowVisible
ShowWindow
EnableWindow
LoadCursorW
GetCursorPos
SetCursorPos
GetWindowRect
GetParent
ScreenToClient
GetFocus
GetTopWindow
SetFocus
GetClientRect
GetKeyState
SetCursor
GetWindow
AdjustWindowRectEx
SetTimer
KillTimer
MsgWaitForMultipleObjects
ReleaseDC
GetWindowDC
GetDC
LoadImageW
GetDesktopWindow
LoadIconW
SetPropW
RegisterClassW
GetClassInfoW
LoadStringW
CopyRect
FillRect
ReleaseCapture
PtInRect
SetCapture
GetCapture
SetScrollPos
IsZoomed
ModifyMenuW
UpdateWindow
SetMenu
ClientToScreen
GetWindowLongW

gdi32

SetTextColor
Rectangle
CreatePen
CreateEllipticRgn
CreateRoundRectRgn
ExcludeClipRect
GetTextMetricsW
DPtoLP
RoundRect
SetROP2
SetMapMode
LPtoDP
Ellipse
MoveToEx
GetViewportExtEx
LineTo
SetBkMode
SelectObject
SetPolyFillMode
CreateDCW
GetWindowExtEx
PatBlt
GetViewportOrgEx
CombineRgn
CreateBitmap
SetViewportOrgEx
ExtCreateRegion
CreatePatternBrush
GetWindowOrgEx
SetWindowExtEx
SetWindowOrgEx
CreateHatchBrush
CreateBrushIndirect
SetPixel
SelectClipRgn
SetBkColor
ExtSelectClipRgn
ExtTextOutW
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GdiAlphaBlend
StretchBlt
RealizePalette
GetDIBits
GetDeviceCaps
GetSystemPaletteEntries
SelectPalette
CreatePalette
DeleteObject
GetStockObject
GetClipBox
CreateSolidBrush
GetCurrentObject
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap
SetStretchBltMode
GetObjectW
DeleteDC
CreateFontIndirectW
GetPixel
CreateRectRgn

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
ChooseColorW

advapi32

RegGetValueW
EventWriteTransfer
EventSetInformation
EventRegister
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
EventUnregister

shell32

DragQueryFileW
DragFinish
ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromProgID
OleRun
CLSIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx

oleaut32

SysFreeString
VariantTimeToSystemTime
VarUI4FromStr
SystemTimeToVariantTime
VarUdateFromDate
LHashValOfNameSys
VariantInit
LoadTypeLi
VariantCopyInd
RegisterTypeLi
SysAllocString
VariantCopy
VarCmp
VariantChangeType
VariantClear

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_Destroy
ImageList_Create
ImageList_GetImageCount

libcrypto-1_1

EVP_CIPHER_CTX_new
EVP_CipherInit_ex
EVP_CIPHER_CTX_set_padding
EVP_CipherUpdate
EVP_CIPHER_CTX_free
OPENSSL_init_crypto
CONF_modules_unload
EVP_rc4

sqlite3

sqlite3_config
sqlite3_column_text
sqlite3_column_int
sqlite3_step
sqlite3_column_count
sqlite3_last_insert_rowid
sqlite3_free
sqlite3_exec
sqlite3_close_v2
sqlite3_open_v2
sqlite3_finalize
sqlite3_prepare_v2

libcurl

curl_easy_cleanup
curl_global_init
curl_global_cleanup
curl_slist_append
curl_easy_pause
curl_slist_free_all
curl_easy_setopt
curl_easy_init
curl_easy_getinfo
curl_easy_perform

cximagecrt

?GetWidth@CxImage@@QBEIXZ
?GetHeight@CxImage@@QBEIXZ
?GetType@CxImage@@QBEIXZ
?Load@CxImage@@QAE_NPB_WI@Z
?Save@CxImage@@QAE_NPB_WI@Z
?Destroy@CxImage@@QAE_NXZ
?Mirror@CxImage@@QAE_N_N0@Z
??0CxImage@@QAE@I@Z
?Encode@CxImage@@QAE_NPAVCxFile@@I@Z
?Open@CxMemFile@@QAE_NXZ
?Decode@CxImage@@QAE_NPAVCxFile@@I@Z
?Rotate@CxImage@@QAE_NMPAV1@@Z
?Expand@CxImage@@QAE_NHHHHUtagRGBQUAD@@PAV1@@Z
?Crop@CxImage@@QAE_NHHHHPAV1@@Z
?Size@CxMemFile@@UAEHXZ
?DestroyFrames@CxImage@@QAE_NXZ
?GetBuffer@CxMemFile@@QAEPAE_N@Z
?RGBtoRGBQUAD@CxImage@@SA?AUtagRGBQUAD@@K@Z
??0CxMemFile@@QAE@PAEI@Z
??1CxMemFile@@UAE@XZ

libxl

xlBookSetKeyW
xlCreateBookCW
xlCreateXMLBookCW
xlBookLoadW
xlSheetReadStrW
xlSheetLastRowW
xlBookReleaseW
xlBookGetSheetW

skinhu

SkinH_AttachEx
SkinH_Detach

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipSetCompositingMode
GdipGetImagePalette
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageHeight

ws2_32

WSACleanup

shlwapi

ord214
PathFindFileNameW
PathFindExtensionW
SHCreateStreamOnFileEx

uxtheme

SetWindowTheme
DrawThemeBackground
CloseThemeData
OpenThemeData

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ae3d7c7bff8d1d3576a5fedfeaed6d2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

libcrypto-1_1

sqlite3

libcurl

cximagecrt

libxl

skinhu

gdiplus

ws2_32

shlwapi

uxtheme

msvcrt

iphlpapi

psapi

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.sedata Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 11KB - Virtual size: 12KB

.rsrc Size: 10KB - Virtual size: 12KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.sedata
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 10KB - Virtual size: 12KB

.sedata
Size: 4KB - Virtual size: 4KB