18fd02a85f4ed44bb192ec23c2d322c5f3f69875fb3e441828c1f1c87a63a8aa

Sharing

Copy URL Twitter E-mail

General

Target

18fd02a85f4ed44bb192ec23c2d322c5f3f69875fb3e441828c1f1c87a63a8aa
Size

6.7MB
MD5

2bb29c32ec5a9f18383e78c9c1da4b16
SHA1

db4aa0b9da1a5a3a378865d3d26f2f3ff1611a96
SHA256

18fd02a85f4ed44bb192ec23c2d322c5f3f69875fb3e441828c1f1c87a63a8aa
SHA512

f0c63c2da1d2b70079c97d25a2332f1790c9508a472c743ef9aeb93ec4fcb91e8e1088a9066158168aeb8acb6e55afb031a34c7ca89fefe963d8e516976502e1
SSDEEP

196608:pydE7TnavqteZKQfzEOgnEmDymwXdLZDnkk5:pyd8TnavqtafzrTmMdLBkk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18fd02a85f4ed44bb192ec23c2d322c5f3f69875fb3e441828c1f1c87a63a8aa

Files

18fd02a85f4ed44bb192ec23c2d322c5f3f69875fb3e441828c1f1c87a63a8aa
.exe windows:5 windows x86 arch:x86

a08e3820b0d60c702a4864473dec4399

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertOpenSystemStoreW
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptQueryObject
CertFreeCertificateContext
CryptDecodeObject
CryptMsgGetParam
CertFindCertificateInStore

kernel32

GetModuleHandleW
DeleteFileW
BeginUpdateResourceW
GetPrivateProfileStringW
CopyFileW
GetFileAttributesExW
UpdateResourceW
EndUpdateResourceW
ReadFile
SetFilePointer
GetExitCodeProcess
WritePrivateProfileStringW
QueryDosDeviceW
GetCurrentProcessId
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
OutputDebugStringW
FreeResource
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
WriteFile
FlushFileBuffers
GetFileSize
CreateDirectoryW
SetEndOfFile
GetCurrentProcess
CreateProcessW
MoveFileExW
GetPrivateProfileStringA
RemoveDirectoryW
SetFileAttributesW
GetCurrentDirectoryW
GetACP
ExitProcess
GetFileType
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
SystemTimeToFileTime
GetLocalTime
GetStdHandle
GetEnvironmentVariableW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
FormatMessageW
ConvertFiberToThread
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SleepEx
SizeofResource
CompareFileTime
GetEnvironmentVariableA
PeekNamedPipe
WaitForMultipleObjects
GetModuleHandleA
GetSystemTime
lstrcmpA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
CreatePipe
SetStdHandle
SetEnvironmentVariableW
IsValidLocale
GetConsoleCP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
FreeLibraryAndExitThread
GetCurrentThread
GetProcessAffinityMask
ChangeTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetFileSizeEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureStackBackTrace
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetComputerNameA
GetWindowsDirectoryA
InitializeCriticalSection
OutputDebugStringA
GetTempPathA
IsDebuggerPresent
GetStringTypeW
GetCPInfo
TryEnterCriticalSection
GetExitCodeThread
SwitchToThread
CreateHardLinkW
DeviceIoControl
SetFilePointerEx
GetFullPathNameW
GetFileInformationByHandle
FindFirstFileExW
DeleteCriticalSection
CreateFileW
GetFileAttributesW
GetLongPathNameW
FindResourceW
LockResource
LoadResource
FindResourceExW
QueryPerformanceFrequency
AreFileApisANSI
CloseHandle
RaiseException
GetLastError
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
GetProcessHeap
HeapSize
HeapDestroy
GetCommandLineW
GetTempPathW
VerifyVersionInfoW
GetPrivateProfileIntW
FindNextFileW
FindFirstFileW
FindClose
VerSetConditionMask
EnumSystemLocalesW
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
UnregisterWait
RegisterWaitForSingleObject
MulDiv
SetThreadAffinityMask
ConvertThreadToFiber
LocalFree
LocalAlloc
LoadLibraryW
GetProcAddress
GetModuleFileNameW
WriteConsoleW
FreeLibrary
DeleteTimerQueueTimer
CreateTimerQueueTimer
VirtualFree
VirtualProtect
VirtualAlloc
GetNativeSystemInfo
GetVersionExW
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetThreadTimes
GetCurrentThreadId
TerminateProcess
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore

user32

GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
CreateWindowExW
IsWindow
DestroyWindow
IsWindowVisible
IsIconic
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
PtInRect
SetWindowLongW
GetParent
GetWindow
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
GetWindowLongW
GetClientRect
GetMenu
PostQuitMessage
MessageBoxW
LoadImageW
SendMessageW
MonitorFromWindow
AdjustWindowRectEx
ReleaseDC
GetDC
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetProcessWindowStation
GetUserObjectInformationW
SetWindowPos
ShowWindow
CreateCaret
EnableWindow
SetPropW
GetPropW
LoadCursorW
GetMonitorInfoW
MoveWindow
GetWindowRgn
wvsprintfW
SetCursor
OffsetRect
IsZoomed
SetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
GetCaretBlinkTime

gdi32

GdiFlush
ExtTextOutW
TextOutW
MoveToEx
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
GetObjectA
CreateRoundRectRgn
CreateDIBSection
PtInRegion
CreateRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
CreatePatternBrush

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetUserNameA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
BuildExplicitAccessWithNameW
RegCloseKey

shell32

ord165
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteExW
SHChangeNotify
SHCreateDirectoryExW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitializeEx
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysFreeString
SysStringLen
VariantInit

shlwapi

PathCombineW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
SHDeleteValueW
wnsprintfW
PathIsPrefixW
PathIsDirectoryW
PathFindExtensionW
SHGetValueW

ws2_32

socket
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
select
WSAWaitForMultipleEvents
getpeername
WSAIoctl
htonl
recvfrom
sendto
gethostname
__WSAFDIsSet
setsockopt
listen
connect
closesocket
bind
accept
send
recv
freeaddrinfo
ntohs
getsockopt
getsockname
ioctlsocket
htons
WSACleanup
WSASetLastError
WSAStartup
getaddrinfo
WSAGetLastError
WSAResetEvent

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

setupapi

SetupIterateCabinetW

gdiplus

GdipGetImageWidth
GdipCloneImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipDisposeImage
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream
GdipGetImageHeight
GdipLoadImageFromStreamICM
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectI
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipSetCompositingQuality
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipGetFamily
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipDrawImage
GdipGraphicsClear
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipFree

imm32

ImmDisableIME
ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext

comctl32

ord17
_TrackMouseEvent

dbghelp

SymFromAddr
UnDecorateSymbolName
SymInitialize
SymSetOptions
SymCleanup

wldap32

ord167
ord127
ord27
ord142
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145
ord79
ord147
ord133
ord301
ord26

Exports

Exports

_Compatible_GetNamedPipeClientProcessId@8
_Compatible_GetTickCount64@0
_Compatible_InitializeCriticalSectionEx@12
_Compatible_RegDeleteKeyExW@16
_Compatible_RegDeleteKeyValueW@12

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a08e3820b0d60c702a4864473dec4399

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

psapi

setupapi

gdiplus

imm32

comctl32

dbghelp

wldap32

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 668KB - Virtual size: 667KB

.data Size: 33KB - Virtual size: 122KB

.rsrc Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 113KB - Virtual size: 113KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 668KB - Virtual size: 667KB

.data
Size: 33KB - Virtual size: 122KB

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 113KB - Virtual size: 113KB