9557277fc7ac830f288e2ac354dc571c19b42955e15b47d4a8bb8a5249cec673

Sharing

Copy URL Twitter E-mail

General

Target

9557277fc7ac830f288e2ac354dc571c19b42955e15b47d4a8bb8a5249cec673
Size

4.3MB
MD5

9d6e4bf0c16d53443ac35e207a6a465e
SHA1

0f4115a0d98a97b69ee4f4dc997a0fe670df321f
SHA256

9557277fc7ac830f288e2ac354dc571c19b42955e15b47d4a8bb8a5249cec673
SHA512

53a1b28dbc95c800127168ed9170a36d67c08fa9187c512c387b0f94d67110ba2a8cbf19b7f0e2233c3a50a8b3583d0a14e3f049b5ef740a72d796d963a619cb
SSDEEP

98304:SHlhX+TkSh6HVjQVpX8F+fvOtZ4SShkz4:SHwaV8vX8Ev

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9557277fc7ac830f288e2ac354dc571c19b42955e15b47d4a8bb8a5249cec673

Files

9557277fc7ac830f288e2ac354dc571c19b42955e15b47d4a8bb8a5249cec673
.exe windows:5 windows x86 arch:x86

b730b68012a6e9db654c127c4fbd7f1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
GetSystemTime
LocalFree
GetModuleHandleA
Module32FirstW
CreateFileMappingW
LocalAlloc
GlobalFree
GlobalUnlock
GetTimeZoneInformation
SetTimeZoneInformation
GlobalAlloc
GlobalLock
UnmapViewOfFile
MapViewOfFile
SetFilePointer
WinExec
MultiByteToWideChar
CreateSemaphoreA
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetCurrentDirectoryW
FatalAppExitW
SetUnhandledExceptionFilter
FreeResource
LockResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetEndOfFile
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryA
GetVersionExW
GetStringTypeW
GetStringTypeA
IsValidLocale
LoadResource
SizeofResource
FindResourceW
CreateFileA
GetFileAttributesExW
WideCharToMultiByte
CreateDirectoryW
InterlockedDecrement
GetProfileStringW
FindClose
FindNextFileW
FindFirstFileW
GetLogicalDriveStringsW
WaitForMultipleObjects
CreateIoCompletionPort
LoadLibraryW
TerminateProcess
OpenProcess
lstrcpyW
CreateProcessW
InterlockedIncrement
GetLocalTime
GetCurrentThreadId
Sleep
GetProfileIntW
lstrlenW
WriteProfileStringW
GetComputerNameA
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetPrivateProfileStringW
GetModuleHandleW
CopyFileW
GetTickCount
GetPrivateProfileIntW
DeleteFileW
GetFileAttributesW
ReadFile
GetFileSize
GetLastError
CreateFileW
GetModuleFileNameW
CloseHandle
TerminateThread
ResumeThread
SuspendThread
OpenThread
WritePrivateProfileStringW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleCP
HeapCreate
VirtualFree
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
GetProcAddress
GetSystemDirectoryW
GetFileInformationByHandle
SetFileTime
ReleaseMutex
OpenFileMappingW
WriteFile
OpenMutexW
ExitProcess
GetDriveTypeA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoA
GetCommandLineA
VirtualAlloc
CreateThread
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
GetProcessHeap
HeapFree
FlushConsoleInputBuffer
GlobalMemoryStatus
QueryPerformanceCounter
FindFirstFileA
LoadLibraryA
VerSetConditionMask
VerifyVersionInfoA
ExpandEnvironmentStringsA
PeekNamedPipe
SleepEx
GetStdHandle
GetFileType
GetVersion
FormatMessageA
SetLastError
MulDiv
GetACP
InterlockedExchange
DuplicateHandle
FreeLibrary
PostQueuedCompletionStatus
GetWindowsDirectoryW
GetQueuedCompletionStatus
SetEvent
CreateEventW
ResetEvent
GlobalMemoryStatusEx
GetSystemInfo
GetComputerNameW
OutputDebugStringW
GetCurrentProcess
GetStartupInfoW
CreatePipe
GetExitCodeProcess
CreateProcessA
GetSystemDirectoryA
OutputDebugStringA
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetFullPathNameA
InitializeCriticalSection

user32

GetWindowTextW
EnumWindows
GetDlgCtrlID
DefWindowProcW
CreateWindowExW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
EnableWindow
GetWindow
GetDesktopWindow
ExitWindowsEx
CloseClipboard
GetWindowLongW
SetWindowLongW
ScreenToClient
GetMonitorInfoW
PostMessageW
PtInRect
IntersectRect
CharNextW
FindWindowW
ShowWindow
SetWindowPos
MessageBoxW
GetSystemMetrics
SetTimer
GetWindowRect
KillTimer
IsWindowVisible
IsIconic
GetParent
RegisterClassW
LoadCursorW
RegisterClassExW
GetClassInfoExW
CallWindowProcW
GetPropW
SetPropW
AdjustWindowRectEx
GetMenu
ReleaseDC
DestroyWindow
GetDC
GetKeyState
GetFocus
MapWindowPoints
SetClipboardData
OpenClipboard
IsWindow
MonitorFromWindow
GetClientRect
GetUpdateRect
IsRectEmpty
EndPaint
BeginPaint
GetActiveWindow
UnionRect
InvalidateRect
SetForegroundWindow
BringWindowToTop
FindWindowExW
wsprintfW
SetFocus
GetCursorPos
CreatePopupMenu
AppendMenuW
TrackPopupMenu
SetWindowRgn
ClientToScreen
SendMessageW
RegisterWindowMessageW
LoadIconW
DestroyIcon
GetWindowThreadProcessId
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
SetWindowTextW
GetWindowTextLengthW
GetGUIThreadInfo
CreateAcceleratorTableW
InvalidateRgn
GetCaretBlinkTime
MoveWindow
SetCapture
ReleaseCapture
SetCursor
OffsetRect
wvsprintfW
GetSysColor
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CreateCaret
SetRect
CharPrevW
DrawTextW
FillRect
EmptyClipboard

gdi32

BitBlt
CreatePatternBrush
GetDeviceCaps
GetObjectA
GdiFlush
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetObjectW
MoveToEx
LineTo
SelectObject
CreatePenIndirect
DeleteObject
CreateRoundRectRgn
CreatePen
CreateFontIndirectW
GetStockObject
SetWindowOrgEx
Rectangle
RestoreDC
SaveDC
CreateCompatibleBitmap
AddFontMemResourceEx
GetTextMetricsW
SelectClipRgn
CombineRgn
CreateRectRgnIndirect
GetClipBox
StretchBlt
SetStretchBltMode
CreateSolidBrush
RoundRect
SetTextColor
SetBkMode
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
SetBkColor
ExtSelectClipRgn

comdlg32

GetOpenFileNameW

advapi32

StartServiceA
ReportEventA
DeregisterEventSource
RegOpenKeyExW
RegDeleteValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
OpenProcessToken
RegSetValueExW
RegFlushKey
ControlService
OpenSCManagerA
QueryServiceStatusEx
QueryServiceStatus
RegisterEventSourceA
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
OpenServiceA
CreateServiceW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW

shell32

SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteA
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoUninitialize
OleInitialize
OleUninitialize
CoInitialize

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

iphlpapi

GetIpAddrTable
GetAdaptersAddresses
GetAdaptersInfo
GetIfTable
CreateIpForwardEntry
DeleteIpForwardEntry
GetIpForwardTable
SendARP

gdiplus

GdipLoadImageFromStream
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRect
GdipDrawLine
GdipFillRectangleI
GdipCreatePen2
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetPageUnit
GdipCreatePath
GdipDeletePath
GdipAddPathArcI
GdipAddPathLineI
GdipCreateRegionRect
GdipDeleteRegion
GdipCreateRegionPath
GdipCombineRegionRegion
GdipCreatePathGradientFromPath
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneBrush
GdipSetPathGradientCenterColor
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientFocusScales
GdipFillRegion
GdipCreateLineBrushFromRectI
GdipSetLinePresetBlend
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipCreatePen1
GdipDeletePen
GdipDrawPath
GdipDrawCurve
GdiplusStartup
GdipLoadImageFromStreamICM
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipSetPenStartCap
GdipSetPenEndCap
GdipDrawImageI
GdipGetFamily
GdipCreateLineBrushI
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipGraphicsClear
GdipDrawImage
GdipDeleteFontFamily
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteStringFormat
GdipDrawString
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipSetSolidFillColor
GdiplusShutdown

ws2_32

WSAAddressToStringA
WSAStartup
sendto
recvfrom
send
WSAAddressToStringW
shutdown
setsockopt
WSASend
WSASendTo
WSARecvFrom
WSARecv
socket
WSAIoctl
__WSAFDIsSet
bind
listen
WSASocketW
WSAGetLastError
closesocket
inet_ntoa
htons
WSAStringToAddressA
accept
getaddrinfo
freeaddrinfo
getsockopt
ntohs
getsockname
WSASetLastError
WSACloseEvent
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
gethostbyname
htonl
ntohl
getpeername
ioctlsocket
gethostname
connect
select
WSACleanup
recv
getservbyname
inet_addr
WSAWaitForMultipleEvents

wldap32

ord27
ord41
ord46
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22

proxysdk

IsBlackProcessUser
IsPcLowConfig
GetRegedit
GetFlowData
FnAddBlockRule
GetTcpRemoteIp
GetUdpRemoteIp
DeleteRuleAll
DeleteVpn
InitDriverFirst
InitDriver
GetTdxNumber
DriverIsRun
InsertDropPort
InsertProcessForPot
AddPidFromProcess
CreateVpn
SetLoadingFlow
FNInsertBlackProcesName
IsVirtualMachineNow
ProcessMd5AndSign

acmanage

StopACProcess
QueryACFlow
StartACProcess

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgClose
CertCloseStore
CertGetNameStringW
CryptMsgGetParam
CertAddCertificateContextToStore
CertOpenStore
CertCreateCertificateContext
CryptStringToBinaryA
CryptQueryObject

shlwapi

wnsprintfW
PathIsDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW

dbghelp

MiniDumpWriteDump

nfapi

?nf_init@nfapi@@YA?AW4_NF_STATUS@@PBDPAVNF_EventHandler@1@@Z
?nf_addRule@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE@1@H@Z
?nf_udpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z
?nf_getProcessNameW@nfapi@@YAHKPA_WK@Z
?nf_tcpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_tcpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_udpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z
?nf_registerDriver@nfapi@@YA?AW4_NF_STATUS@@PBD@Z
?nf_free@nfapi@@YAXXZ

nfsrvapi

?nf_srv_tcpPostReceive@nfsrvapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_srv_tcpPostSend@nfsrvapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_srv_getUDPRemoteAddress@nfsrvapi@@YA?AW4_NF_STATUS@@_KPAEH@Z
?nf_srv_udpSetProxy@nfsrvapi@@YA?AW4_NF_STATUS@@_KW4SRV_PROXY_TYPE@1@PBDH22@Z
?nf_srv_udpPostReceive@nfsrvapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@nfapi@@@Z
?nf_srv_udpPostSend@nfsrvapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@nfapi@@@Z
?nf_srv_free@nfsrvapi@@YAXXZ
?nf_srv_unRegisterDriver@nfsrvapi@@YA?AW4_NF_STATUS@@PBD@Z
?nf_srv_init@nfsrvapi@@YA?AW4_NF_STATUS@@PBDPAVNF_EventHandler@nfapi@@PAU_NF_SRV_OPTIONS@1@@Z
?nf_srv_addRule@nfsrvapi@@YA?AW4_NF_STATUS@@PAU_NF_SRV_RULE@1@H@Z
?nf_srv_deleteRules@nfsrvapi@@YA?AW4_NF_STATUS@@XZ
?nf_srv_tcpSetProxy@nfsrvapi@@YA?AW4_NF_STATUS@@_KW4SRV_PROXY_TYPE@1@PBDH22@Z

psapi

GetModuleFileNameExW

comctl32

_TrackMouseEvent
ord17

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmSetCompositionFontW

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b730b68012a6e9db654c127c4fbd7f1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

iphlpapi

gdiplus

ws2_32

wldap32

proxysdk

acmanage

crypt32

shlwapi

version

dbghelp

nfapi

nfsrvapi

psapi

comctl32

imm32

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 718KB - Virtual size: 718KB

.data Size: 55KB - Virtual size: 79KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 69KB - Virtual size: 68KB

.reloc Size: 160KB - Virtual size: 159KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 718KB - Virtual size: 718KB

.data
Size: 55KB - Virtual size: 79KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 69KB - Virtual size: 68KB

.reloc
Size: 160KB - Virtual size: 159KB