d46e5c26dffe1ab6c0dcf984267cb1b56dd84ccda7cbb18d7493093e422b7cb2

Sharing

Copy URL Twitter E-mail

General

Target

d46e5c26dffe1ab6c0dcf984267cb1b56dd84ccda7cbb18d7493093e422b7cb2
Size

4.1MB
MD5

96c51fd432802dd6810c6bbca2239377
SHA1

04b139abd6448c8c7a972cf1497fc8db6b434f3e
SHA256

d46e5c26dffe1ab6c0dcf984267cb1b56dd84ccda7cbb18d7493093e422b7cb2
SHA512

3cae25e0d068728d17872ff5ac6c6596f8241876600c06bb070b14c0173c31dcd18a944012032fd7c7a8b7eec66bb1d43bcac6b595de3535eaad96079fd52350
SSDEEP

49152:lZuhwkO6CZAWjLsK2/WD61cUqYaNXOtc0+Qfx3Kdadzc6JKZcFDXTgufgRJsoNLQ:MCS6i1Dc6JDNXmucLCL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d46e5c26dffe1ab6c0dcf984267cb1b56dd84ccda7cbb18d7493093e422b7cb2

Files

d46e5c26dffe1ab6c0dcf984267cb1b56dd84ccda7cbb18d7493093e422b7cb2
.exe windows:6 windows x64 arch:x64

2d769b7e051b903a583d62a15793924e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetTickCount
OpenProcess
CreateRemoteThread
WaitForMultipleObjects
Sleep
CreateEventW
SetEvent
SetLastError
IsBadReadPtr
lstrcmpiW
LoadLibraryExW
VirtualProtect
GetSystemDirectoryW
GetStartupInfoW
CreateProcessW
GetCurrentThreadId
GetCurrentProcessId
CreateMutexW
WaitForSingleObject
InitializeCriticalSectionEx
SetUnhandledExceptionFilter
RaiseException
DecodePointer
DeleteFileW
OpenFileMappingW
VirtualFreeEx
SetFilePointer
CompareStringW
MoveFileExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpW
GetLocalTime
GetFileSizeEx
GetFileAttributesW
GetFileSize
lstrlenA
LocalFree
ExpandEnvironmentStringsW
FindNextFileW
FindClose
GetCurrentThread
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
ReadConsoleW
CreateProcessA
GetExitCodeProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
VirtualQuery
GetModuleHandleExW
ExitThread
GetOverlappedResult
CreateNamedPipeW
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
WriteProcessMemory
WriteFile
ReadFile
ReleaseMutex
ResetEvent
MulDiv
WinExec
LoadLibraryA
VirtualAllocEx
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CloseHandle
CreateFileW
WideCharToMultiByte
lstrcpynW
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCurrentProcess
GetLastError
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FreeLibrary
FindResourceExW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlPcToFileHeader
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
AreFileApisANSI
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
FlushViewOfFile
GetVersionExA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
FormatMessageA
FlushFileBuffers
InitializeCriticalSection
GetProcessHeap
GetFileType
GetStdHandle
GetVersionExW
GetSystemWindowsDirectoryW
CreateFileA
lstrcmpiA
lstrcmpA
DeviceIoControl
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTempPathW
GetTempFileNameW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetVersion
ResumeThread
SystemTimeToFileTime
CopyFileW
GetSystemTime
SetEndOfFile
FreeResource
ExitProcess
GetACP
lstrlenW
RtlUnwind
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStringTypeW
FormatMessageW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
TryEnterCriticalSection
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
HeapDestroy

user32

SendMessageW
SendMessageTimeoutW
PtInRect
CopyRect
PeekMessageW
TranslateMessage
IsWindow
SetWindowPos
PostMessageW
GetCursorPos
DispatchMessageW
GetMonitorInfoW
EnumDisplayMonitors
FindWindowW
GetMessageW
DefWindowProcW
GetClassNameW
EnumWindows
GetWindowTextW
SetWindowTextW
RemovePropW
GetPropW
SetPropW
GetDlgCtrlID
LoadStringW
UpdateWindow
MapVirtualKeyW
GetKeyNameTextW
DestroyIcon
LoadIconW
GetActiveWindow
GetParent
SetWindowLongW
GetWindowLongW
OffsetRect
FrameRect
FillRect
GetCaretPos
SetCaretPos
GetClientRect
InvalidateRect
wsprintfW
wvsprintfW
InflateRect
UnionRect
GetDC
ReleaseDC
MonitorFromPoint
IsChild
UpdateLayeredWindow
IsZoomed
GetKeyState
SetCapture
ReleaseCapture
GetUpdateRect
CreateCaret
GetCaretBlinkTime
MapWindowPoints
IntersectRect
IsRectEmpty
GetWindow
RegisterClassW
EnableWindow
LoadImageW
IsIconic
SetWindowRgn
MessageBoxW
DrawIconEx
CharPrevW
SetRect
GetIconInfo
GetMessagePos
DrawFocusRect
HideCaret
ShowCaret
GetSysColor
SetLayeredWindowAttributes
RedrawWindow
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
IsWindowEnabled
EndPaint
BeginPaint
GetWindowDC
DrawTextW
GetFocus
MonitorFromWindow
SetRectEmpty
LockWorkStation
LoadCursorW
GetWindowThreadProcessId
FindWindowExW
EqualRect
ScreenToClient
ClientToScreen
SetCursor
GetWindowRect
SetForegroundWindow
SetActiveWindow
KillTimer
SetTimer
SetFocus
IsWindowVisible
MoveWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
PostQuitMessage
UnregisterHotKey
RegisterHotKey
TrackMouseEvent
RegisterWindowMessageW
SystemParametersInfoW
SetWindowLongPtrW
GetWindowLongPtrW
ShowWindow
CallWindowProcW
CharNextW
DestroyWindow

gdi32

SetBkColor
GetObjectW
CreateDIBSection
CreateCompatibleDC
GetTextExtentPoint32W
CreateDCW
ExtTextOutW
SetTextColor
SetBkMode
SelectObject
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateFontIndirectW
CreatePen
Rectangle
RestoreDC
SaveDC
GetTextMetricsW
SetWindowOrgEx
CreateRoundRectRgn
CombineRgn
CreateRectRgnIndirect
GetCharABCWidthsW
GetClipBox
SelectClipRgn
ExtSelectClipRgn
StretchBlt
SetStretchBltMode
SetDIBColorTable
TextOutW
GetTextColor
GetDIBits
SetDIBitsToDevice

comdlg32

ChooseColorW

advapi32

RegGetValueW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegNotifyChangeKeyValue
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyW

shell32

SHGetFileInfoW
SHBindToParent
SHGetFolderLocation
ord155
SHFileOperationW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW
Shell_NotifyIconW
ord165

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoCreateGuid
OleLockRunning

oleaut32

VariantInit
VarBstrCmp
SysStringLen
VariantClear
SysAllocStringLen
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayPutElement
SysAllocString
SysFreeString
VarUI4FromStr
SystemTimeToVariantTime

shlwapi

PathAddBackslashW
StrRetToBufW
StrCpyW
PathFindFileNameW
SHGetValueW
PathIsDirectoryW
PathCombineW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
wnsprintfW
StrStrIW
SHAutoComplete
SHGetValueA
SHSetValueA
StrCmpNIW
StrTrimA
StrStrIA
PathFindExtensionW
StrCmpIW

comctl32

ImageList_GetIconSize
InitCommonControlsEx
ImageList_DrawEx
ord17
_TrackMouseEvent

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdiplusStartup
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipLoadImageFromStreamICM
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreatePen1
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillEllipseI
GdipAddPathArc
GdipDrawEllipseI
GdipLoadImageFromFile
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipSetInterpolationMode
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipClosePathFigure
GdipCreateTexture
GdipCreateBitmapFromStream
GdipCloneBitmapAreaI
GdipGraphicsClear
GdipFillPath
GdipDrawImagePointsI

imm32

ImmAssociateContext

sensapi

IsNetworkAlive

wininet

InternetGetConnectedState
InternetCrackUrlW
DeleteUrlCacheEntryW

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

msimg32

AlphaBlend
GradientFill

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 679KB - Virtual size: 679KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 781KB - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d769b7e051b903a583d62a15793924e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

gdiplus

imm32

sensapi

wininet

iphlpapi

crypt32

msimg32

urlmon

wintrust

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 679KB - Virtual size: 679KB

.data Size: 98KB - Virtual size: 129KB

.pdata Size: 117KB - Virtual size: 117KB

.rsrc Size: 781KB - Virtual size: 781KB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 679KB - Virtual size: 679KB

.data
Size: 98KB - Virtual size: 129KB

.pdata
Size: 117KB - Virtual size: 117KB

.rsrc
Size: 781KB - Virtual size: 781KB

.reloc
Size: 31KB - Virtual size: 30KB