69fda5e070f82843981163f35b504151e46e9dc3aca8ca4debb1bacf9525635d

Sharing

Copy URL Twitter E-mail

General

Target

69fda5e070f82843981163f35b504151e46e9dc3aca8ca4debb1bacf9525635d
Size

2.7MB
MD5

4ceca4d3ebc912240232b60fd3ffa5c0
SHA1

821c8463c426c7320cabcd36fdc672ad05c49c52
SHA256

69fda5e070f82843981163f35b504151e46e9dc3aca8ca4debb1bacf9525635d
SHA512

ca6da2ecccd6ae65669ea44393504e37442fd860ce1cc8c59f5a051c5aa31b189d224572f58630f3a6ce7e6f1270a74354c78b72e8316e94eb85165362bcfc63
SSDEEP

49152:/GrXIwIYe+XwVG+x40KUobVGRuXNG+9oKlaNvj0tB46yTwCp/WwfU2YwJodsf:/EXr2+gVT40KUo+uX0oonNvQZEi2Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69fda5e070f82843981163f35b504151e46e9dc3aca8ca4debb1bacf9525635d

Files

69fda5e070f82843981163f35b504151e46e9dc3aca8ca4debb1bacf9525635d
.exe windows:5 windows x86 arch:x86

fa0e6723682b3a276428266bf92b83ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
MoveFileW
MoveFileA
GetLocalTime
CreateFileMappingW
MapViewOfFile
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
OpenMutexW
CreateMutexW
SetErrorMode
GetFileAttributesA
CreateFileMappingA
OpenFileMappingA
CreateMutexA
ReleaseMutex
CopyFileW
CreateEventW
FreeLibrary
LoadLibraryW
GetProcAddress
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
MoveFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyA
lstrlenA
lstrcatA
GetFullPathNameA
GetLogicalDriveStringsA
QueryDosDeviceA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetDriveTypeA
GetDriveTypeW
ExitProcess
ExitThread
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
SetEvent
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
HeapReAlloc
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetCurrentDirectoryA
GetFullPathNameW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileInformationByHandle
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
HeapValidate
FormatMessageW
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
SystemTimeToFileTime
HeapCompact
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
GetFileAttributesExW
OutputDebugStringA
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
TerminateProcess
OpenProcess
GetVersionExW
Process32NextW
SleepEx
GetVersionExA
FormatMessageA
CreateThread
GetLastError
Process32FirstW
CreateToolhelp32Snapshot
WriteFile
CreateFileA
FindNextFileW
DeleteFileW
FindFirstFileW
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
GlobalUnlock
GlobalLock
ReadFile
GetFileSize
CreateFileW
WaitForSingleObject
CloseHandle
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
SetConsoleMode
ReadConsoleInputA
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalAlloc
GetCurrentThreadId
CopyFileA
GetTickCount
GetModuleFileNameA
lstrlenW
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesW
DeleteCriticalSection
GetModuleHandleW
GetModuleFileNameW
HeapDestroy
InitializeCriticalSection

user32

TrackPopupMenu
CallWindowProcW
GetParent
LoadIconW
LoadCursorW
GetWindowLongW
AppendMenuW
CreatePopupMenu
GetCursorPos
UnregisterHotKey
DestroyWindow
RegisterHotKey
MessageBoxW
DrawIcon
DefWindowProcW
GetWindowRgn
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
SendMessageA
FindWindowA
SetLastErrorEx
BeginPaint
InvalidateRect
KillTimer
SetTimer
PostMessageW
RegisterWindowMessageW
wsprintfW
CreateWindowExW
RegisterClassExW
LoadImageW
SetForegroundWindow
SetWindowsHookExW
GetSystemMetrics
SetWindowPos
SetWindowLongW
SetWindowTextW
IsWindowVisible
IsWindow
CallNextHookEx
MoveWindow
GetWindowRect
ScreenToClient
UnhookWindowsHookEx
ShowWindow
DrawTextW
GetClientRect
EndPaint

advapi32

CryptCreateHash
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptDecrypt
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptEncrypt

ole32

CoCreateInstance
CoUninitialize
CoInitialize

shell32

ShellExecuteW
ShellExecuteA
Shell_NotifyIconW
ShellExecuteExA

oleaut32

VariantClear
VariantInit

shlwapi

PathFindExtensionW

gdi32

CreateCompatibleBitmap
SetBkMode
SetTextColor
CreateFontIndirectW
Rectangle
GetStockObject
GetObjectW
SetDIBColorTable
SelectObject
GetDIBColorTable
DeleteDC
CreateCompatibleDC
CreatePen
MoveToEx
LineTo
CreateSolidBrush
RoundRect
CreateRectRgn
PtInRegion
BitBlt
CreateDIBSection
DeleteObject
SetStretchBltMode
StretchBlt

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageEncoders
GdipSaveImageToFile

msimg32

TransparentBlt

libcef

cef_run_message_loop
cef_string_list_copy
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_map_alloc
cef_string_map_free
cef_string_list_size
cef_string_list_value
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_multimap_append
cef_string_map_append
cef_string_list_append
cef_string_utf16_cmp
cef_browser_host_create_browser
cef_string_utf16_set
cef_string_utf16_to_utf8
cef_string_utf16_clear
cef_string_utf8_to_utf16
cef_string_utf8_clear
cef_log
cef_string_userfree_utf16_free
cef_string_list_free
cef_string_list_alloc
cef_v8value_create_int
cef_v8value_create_string
cef_v8value_create_function
cef_shutdown
cef_quit_message_loop
cef_execute_process
cef_api_hash
cef_initialize

wsock32

socket
gethostbyname
inet_addr
htons
sendto
select
recv
send
ioctlsocket
bind
htonl
ntohs
listen
accept
WSAStartup
WSACleanup
ntohl
setsockopt
connect
recvfrom
gethostbyaddr
getpeername
closesocket
__WSAFDIsSet
inet_ntoa
gethostname
getsockname
WSAGetLastError

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comdlg32

GetSaveFileNameA

libzbar-0

zbar_scan_image
zbar_image_scanner_destroy
zbar_image_scanner_create
zbar_image_get_symbols
zbar_image_set_data
zbar_image_set_size
zbar_image_set_format
_zbar_error_string
zbar_image_scanner_set_config
zbar_symbol_set_ref
zbar_symbol_ref
zbar_symbol_get_data_length
zbar_symbol_get_type
zbar_symbol_get_data
zbar_symbol_set_first_symbol
zbar_image_create
zbar_image_set_userdata
zbar_image_ref

ws2_32

shutdown
getaddrinfo
freeaddrinfo
getsockopt
WSAIoctl
WSASetLastError

wldap32

ord211
ord22
ord60
ord143
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

opencv_core2413

?_interlockedExchangeAdd@cv@@YAHPAHH@Z
?fastFree@cv@@YAXPAX@Z
?copyTo@Mat@cv@@QBEXABV_OutputArray@2@@Z
??0_OutputArray@cv@@QAE@AAVMat@1@@Z
??0_InputArray@cv@@QAE@ABVMat@1@@Z
?deallocate@Mat@cv@@QAEXXZ
??0Mat@cv@@QAE@ABV01@ABV?$Rect_@H@1@@Z
??0_OutputArray@cv@@QAE@ABVMat@1@@Z

opencv_objdetect2413

??1CascadeClassifier@cv@@UAE@XZ
??0CascadeClassifier@cv@@QAE@XZ
?load@CascadeClassifier@cv@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

opencv_highgui2413

??0VideoCapture@cv@@QAE@XZ
?imwrite@cv@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV_InputArray@1@ABV?$vector@HV?$allocator@H@std@@@3@@Z
?imread@cv@@YA?AVMat@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z

opencv_imgproc2413

?resize@cv@@YAXABV_InputArray@1@ABV_OutputArray@1@V?$Size_@H@1@NNH@Z
?equalizeHist@cv@@YAXABV_InputArray@1@ABV_OutputArray@1@@Z
?cvtColor@cv@@YAXABV_InputArray@1@ABV_OutputArray@1@HH@Z

winmm

mciSendCommandW
mciSendCommandA

psapi

GetProcessImageFileNameA
GetModuleBaseNameA
EnumProcesses

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa0e6723682b3a276428266bf92b83ca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

gdiplus

msimg32

libcef

wsock32

version

comdlg32

libzbar-0

ws2_32

wldap32

opencv_core2413

opencv_objdetect2413

opencv_highgui2413

opencv_imgproc2413

winmm

psapi

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 444KB - Virtual size: 443KB

.data Size: 64KB - Virtual size: 88KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 119KB - Virtual size: 119KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 444KB - Virtual size: 443KB

.data
Size: 64KB - Virtual size: 88KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 119KB - Virtual size: 119KB