4dfffbec322dcc14ca9c9cd75c6ccee9a5e1dd76b3a708133b63e68085f9418f

Sharing

Copy URL Twitter E-mail

General

Target

4dfffbec322dcc14ca9c9cd75c6ccee9a5e1dd76b3a708133b63e68085f9418f
Size

13.9MB
MD5

6a501195c054c9eee5d6bf146f795ec5
SHA1

87bd459627b26fd01ecc61052b3f28c68225bbfc
SHA256

4dfffbec322dcc14ca9c9cd75c6ccee9a5e1dd76b3a708133b63e68085f9418f
SHA512

55c0895ad9602086c475b5045d5eb53f5613408825bad855c8c4dd905882c5f001f6eaf538162d1fa90231515084988238947b586bcddb6989b5d199e0618e82
SSDEEP

196608:pxU6Tpk3tMVDjKRTw5fJ12HJ6+BqZ7px7/quUNuWm127PZe4UHvi2jWypNpiq:pGajYk52HM+Bm7bW3uWzZe4U62CONpi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dfffbec322dcc14ca9c9cd75c6ccee9a5e1dd76b3a708133b63e68085f9418f

Files

4dfffbec322dcc14ca9c9cd75c6ccee9a5e1dd76b3a708133b63e68085f9418f
.exe windows:6 windows x86 arch:x86

53a72f56aa4aa65eceb0f62bec983ee1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceExW
OpenMutexW
TlsAlloc
InitializeCriticalSectionAndSpinCount
PostQueuedCompletionStatus
GetCurrentThreadId
GetCurrentProcessId
CreateDirectoryA
GetFileAttributesA
OutputDebugStringW
TlsFree
CancelIoEx
GetModuleFileNameA
WriteFile
CreateFileW
CreateProcessW
GetThreadContext
ReadProcessMemory
VirtualAllocEx
VirtualAlloc
VirtualFreeEx
WriteProcessMemory
ResumeThread
VirtualFree
TerminateProcess
ReadFile
CreateIoCompletionPort
GetQueuedCompletionStatus
Sleep
GetSystemInfo
CreateSemaphoreW
ReleaseSemaphore
GetExitCodeThread
TerminateThread
FindResourceW
WaitForMultipleObjects
QueueUserAPC
SleepEx
SetWaitableTimer
SetLastError
CreateWaitableTimerW
GetModuleHandleA
GetSystemTimeAsFileTime
CreateMutexW
ReleaseMutex
TlsGetValue
TlsSetValue
FlushInstructionCache
GetCommandLineW
GlobalMemoryStatus
GetSystemTimes
CreateEventA
OpenProcess
GetExitCodeProcess
LoadLibraryW
CreateDirectoryW
FatalAppExitW
SetUnhandledExceptionFilter
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetDriveTypeW
SetConsoleMode
ReadConsoleInputA
LoadResource
LockResource
SizeofResource
GetCurrentProcess
GetProcAddress
GetModuleHandleW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
FindClose
GetLocalTime
CreateThread
CloseHandle
CreateEventW
SetEvent
WaitForSingleObject
GetCurrentDirectoryA
DecodePointer
HeapSize
GetLastError
RaiseException
InitializeCriticalSectionEx
MultiByteToWideChar
HeapDestroy
WideCharToMultiByte
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResetEvent
InitializeCriticalSection
FormatMessageA
lstrlenA
FlushConsoleInputBuffer
LoadLibraryA
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
GetStringTypeW
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
DeleteFileW
FindNextFileW
FindFirstFileExW
GetConsoleCP
GetFileType
SetFilePointerEx
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
VirtualProtect
GetVersionExW
UnregisterWaitEx
InitializeSListHead
DuplicateHandle
GetCurrentThread
ReadConsoleW
GetConsoleMode
RtlUnwind
GetTickCount
GetStartupInfoW
UnhandledExceptionFilter
GetModuleFileNameW
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
CreateTimerQueue
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
LoadLibraryExW
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation

user32

PostQuitMessage
SetTimer
CallWindowProcW
DefWindowProcW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetWindowLongW
CreateWindowExW
GetMessageW
wsprintfW
UnregisterClassW
LoadCursorW
GetClassInfoExW
RegisterClassExW
ShowWindow
DispatchMessageW
TranslateMessage
SetWindowLongW
PostMessageW
DestroyWindow
SendMessageW
FindWindowW

advapi32

CryptGenRandom
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptEnumProvidersA
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString
SysAllocStringLen

shlwapi

PathFileExistsW
PathAppendA
PathRemoveFileSpecA

dbghelp

MakeSureDirectoryPathExists
MiniDumpWriteDump

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSAEnumNetworkEvents
connect
WSACleanup
shutdown
closesocket
send
WSAIoctl
WSARecv
WSASend
WSASocketW
setsockopt
htons
WSAGetLastError
inet_addr
bind
ntohs
WSASetLastError
ioctlsocket
select
listen
WSAAddressToStringA
getaddrinfo
freeaddrinfo
ntohl
htonl
__WSAFDIsSet
accept
WSAStartup
getsockopt
getpeername
getsockname
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
recv

libcurl

curl_global_init
curl_easy_getinfo
curl_slist_free_all
curl_easy_init
curl_easy_perform
curl_easy_cleanup
curl_easy_reset
curl_slist_append
curl_easy_setopt
CRYPTO_thread_setup

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.6MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53a72f56aa4aa65eceb0f62bec983ee1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

dbghelp

version

ws2_32

libcurl

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 480KB - Virtual size: 480KB

.data Size: 87KB - Virtual size: 114KB

.tls Size: 512B - Virtual size: 21B

.rsrc Size: 11.6MB - Virtual size: 11.6MB

.reloc Size: 96KB - Virtual size: 96KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 480KB - Virtual size: 480KB

.data
Size: 87KB - Virtual size: 114KB

.tls
Size: 512B - Virtual size: 21B

.rsrc
Size: 11.6MB - Virtual size: 11.6MB

.reloc
Size: 96KB - Virtual size: 96KB