2189407296b14a65050a8bfc7acbf4fc

Sharing

Copy URL

Twitter E-mail

General

Target

2189407296b14a65050a8bfc7acbf4fc
Size

771KB
MD5

2189407296b14a65050a8bfc7acbf4fc
SHA1

67b75635a449aa675c6cf536c4e6ba31c889e7af
SHA256

6985415c1242c48f595ce2dfa03f7d2b47b2f92049ffcbe7dbae91509b441a1f
SHA512

df584813a581363500cde0c36880512fe2306addc7c732cec4652c20f38471f33f7ac0eeb3e982c32d4dca1b60406baf49269dc43f83e70fee2655d5aad39f0e
SSDEEP

12288:QNp51L0Z775xs2qnf8PtVXJSLKlK4pKJe5d0nocsxa3k48118t/HY4EErtkTd2h9:WJL0Z/mnet60yocssl8gY4hkTd2hCM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2189407296b14a65050a8bfc7acbf4fc

Files

2189407296b14a65050a8bfc7acbf4fc
.exe windows:5 windows x86 arch:x86

213e0a4928f644955b6c40c3acf835d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetThreadLocale
SetErrorMode
GetFileAttributesExW
GetFileSizeEx
GetTickCount
GetUserDefaultLCID
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetFullPathNameW
FlushFileBuffers
GetCurrentDirectoryW
SwitchToThread
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwind
ExitProcess
GetModuleHandleExW
VirtualProtect
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
GetCommandLineA
GetCommandLineW
HeapQueryInformation
VirtualAlloc
GetStdHandle
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetStdHandle
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MulDiv
LocalFree
GlobalUnlock
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GlobalLock
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
WriteConsoleW
DeleteFileA
GetTempPathA
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
FindResourceW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
FreeResource
GetSystemDirectoryW
EncodePointer
GetModuleHandleA
SetLastError
OutputDebugStringA
GetACP
lstrlenW
lstrcpyW
lstrcmpiW
FileTimeToDosDateTime
FreeLibrary
VirtualQuery
GetCurrentThreadId
OutputDebugStringW
IsDebuggerPresent
WriteFile
SetFilePointer
GetFileTime
GetFileSize
FileTimeToLocalFileTime
CreateMutexW
ReleaseMutex
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFree
GlobalAlloc
GetModuleHandleW
GetSystemTime
GetSystemInfo
CreateProcessW
GetCurrentThread
TerminateProcess
QueryPerformanceFrequency
QueryPerformanceCounter
RemoveDirectoryW
GetLongPathNameW
FindNextFileW
FindFirstFileW
FindClose
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetThreadPriority
CreateEventW
SetEvent
GetTempPathW
CopyFileW
FormatMessageW
LoadLibraryW
GetProcAddress
GetVersionExW
OpenProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
WaitForSingleObject
CloseHandle
SetFileAttributesW
GetFileAttributesW
DeleteFileW
CreateFileW
CreateDirectoryW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
SetUnhandledExceptionFilter
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
CreateThread
DecodePointer
GetTempFileNameA

user32

MapDialogRect
SetWindowContextHelpId
SetCursor
GetCursorPos
TranslateMessage
WinHelpW
CallNextHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetScrollPos
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetActiveWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
LoadBitmapW
SetWindowTextW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
UnhookWindowsHookEx
SetRectEmpty
SendDlgItemMessageA
wsprintfW
wvsprintfW
GetMonitorInfoW
MonitorFromWindow
GetSystemMetrics
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
MoveWindow
FindWindowW
GetActiveWindow
GetWindow
IsWindowEnabled
GetMenu
GetWindowThreadProcessId
GetClassNameW
MessageBoxW
GetWindowTextW
SetForegroundWindow
GetForegroundWindow
IsIconic
IsWindowVisible
SetWindowPos
ShowWindow
GetIconInfo
CopyImage
DestroyIcon
GetParent
GetWindowLongW
CopyRect
GetSysColor
WindowFromPoint
ClientToScreen
SetWindowRgn
DrawStateW
GetNextDlgTabItem
SetRect
LoadIconW
GetDesktopWindow
OffsetRect
GetWindowRect
GetClientRect
InvalidateRect
ReleaseDC
GetDC
EnableWindow
ReleaseCapture
GetCapture
PostQuitMessage
PeekMessageW
DispatchMessageW
GetMessageW
LoadImageW
GetClassInfoW
UnregisterClassW
IsDialogMessageW
CreateDialogIndirectParamW
EndDialog
IntersectRect
RealChildWindowFromPoint
GetSysColorBrush
LoadCursorW
DestroyMenu
SetTimer
KillTimer
CharUpperW
SetCapture
CharNextW
CopyAcceleratorTableW
InvalidateRgn
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
RegisterClipboardFormatW
SetMenuItemInfoW
PostMessageW
SendMessageW

gdi32

GetDeviceCaps
SaveDC
ExtSelectClipRgn
SelectObject
SetBkMode
SetMapMode
MoveToEx
TextOutW
RestoreDC
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
RectVisible
PtVisible
LineTo
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetClipBox
Escape
CreatePen
SetTextColor
SetBkColor
CreateBitmap
GetObjectW
DeleteObject
ExtTextOutW
CreateCompatibleDC
DeleteDC
FrameRgn
CreateSolidBrush
CreateRoundRectRgn

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

ImpersonateSelf
AdjustTokenPrivileges
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
OpenProcessToken
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteExW

comctl32

_TrackMouseEvent
ord17

shlwapi

PathFindExtensionW
PathStripPathW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathRemoveFileSpecW

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRevokeClassObject
OleFlushClipboard
CoCreateInstance
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
OleCreateFontIndirect
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

oledlg

OleUIBusyW

ws2_32

WSALookupServiceNextW
WSAAddressToStringW
gethostbyname
socket
shutdown
WSALookupServiceEnd
getaddrinfo
gethostname
WSALookupServiceBeginW
setsockopt
send
recv
inet_ntoa
inet_addr
htons
connect
closesocket
WSAGetLastError
WSAStartup

oleacc

CreateStdAccessibleObject
LresultFromObject

wininet

InternetOpenA
InternetConnectA
InternetReadFileExA
HttpSendRequestW
HttpOpenRequestW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetErrorDlg
InternetOpenW
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA
DetectAutoProxyUrl

urlmon

URLDownloadToFileA

Sections

.text
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

213e0a4928f644955b6c40c3acf835d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

ws2_32

oleacc

wininet

urlmon

Sections

.text Size: 478KB - Virtual size: 478KB

.rdata Size: 157KB - Virtual size: 156KB

.data Size: 32KB - Virtual size: 75KB

_RDATA Size: 2KB - Virtual size: 2KB

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 478KB - Virtual size: 478KB

.rdata
Size: 157KB - Virtual size: 156KB

.data
Size: 32KB - Virtual size: 75KB

_RDATA
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 32KB - Virtual size: 32KB