553d98a8753199362e873fee0b6e28b13e962dd5f72395af4da17f5f02f80a50

Sharing

Copy URL Twitter E-mail

General

Target

553d98a8753199362e873fee0b6e28b13e962dd5f72395af4da17f5f02f80a50
Size

2.4MB
MD5

ca7b0ae8a85ae35c1795e622a7225229
SHA1

3643d286b30adc88c967dba5720914a5769be4bb
SHA256

553d98a8753199362e873fee0b6e28b13e962dd5f72395af4da17f5f02f80a50
SHA512

69a421160bd7fd39debe369f155fd65a7ab1e5d60cfc50eb6dc29df7e9e5c1b20f51089914cf0c38d72019a0a6b4b3d1143e5b840acb87c9aee6c0fa9bac95d0
SSDEEP

49152:OwvoOGbgzpSxFSxsZLsnIV2kt8iGCAuYLtFnZa8jyghGQVFXFU:OwcbUTqZLsnIdnGCAuwzZhDhGY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
553d98a8753199362e873fee0b6e28b13e962dd5f72395af4da17f5f02f80a50

Files

553d98a8753199362e873fee0b6e28b13e962dd5f72395af4da17f5f02f80a50
.dll windows:6 windows x86 arch:x86

1609f83fafdb717e5732a636ce66c89f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
LoadLibraryExA
lstrcpynA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FindResourceA
SizeofResource
LockResource
LoadResource
FreeResource
IsDBCSLeadByte
lstrcpyA
MulDiv
ExitProcess
lstrlenA
LocalFileTimeToFileTime
GetFileAttributesA
CreateFileA
GetCurrentDirectoryA
GetACP
IsBadStringPtrA
IsBadWritePtr
IsBadReadPtr
VirtualProtect
VirtualAlloc
GetTempPathA
CreateFileMappingA
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
GetCurrentThreadId
GetCurrentProcess
OutputDebugStringA
FormatMessageA
LocalFree
GetLastError
CreateThread
K32GetProcessMemoryInfo
SetProcessWorkingSetSize
CreateEventA
WaitForSingleObject
SetEvent
GetCommandLineA
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetLocaleInfoA
GetTickCount64
CreateDirectoryA
GlobalAlloc
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
lstrcmpiA
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
Sleep
TerminateProcess
GetSystemTime
WinExec
GetTickCount
CloseHandle
CreateProcessA
GetCurrentProcessId
TerminateThread
CopyFileA
WriteFile
SetFileTime
SetFilePointer
GetExitCodeThread
ReadFile
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadImageA
GetWindow
GetParent
SetWindowLongA
GetWindowLongA
PtInRect
IsRectEmpty
IntersectRect
GetSysColor
MapWindowPoints
GetWindowRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
GetMonitorInfoA
GetFocus
GetActiveWindow
SetFocus
IsZoomed
DestroyWindow
IsWindow
CreateWindowExA
GetMessageA
CharNextA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetKeyboardLayout
KillTimer
TrackMouseEvent
GetMessageExtraInfo
GetKeyState
GetGUIThreadInfo
GetCapture
SetCapture
ReleaseCapture
IsWindowUnicode
GetForegroundWindow
GetDC
ReleaseDC
GetClientRect
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
LoadCursorA
MonitorFromWindow
PostMessageA
FindWindowA
SendMessageA
ShowWindow
SetTimer
MessageBoxA
SetWindowPos
IsWindowVisible
SetWindowTextA
PostQuitMessage
CallWindowProcA
RegisterClassA
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
CreateWindowExW
EnableWindow
GetMenu
SetPropA
GetPropA
AdjustWindowRectEx
UpdateWindow
SetWindowRgn
MoveWindow
SetForegroundWindow
EqualRect
GetWindowTextA
GetWindowTextLengthA
IsWindowEnabled
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuA
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
wsprintfA
OffsetRect
GetCaretPos
UpdateLayeredWindow
UnionRect
InflateRect
IsIconic
ExitWindowsEx
GetWindowRgn
DispatchMessageA
TranslateMessage
GetAsyncKeyState
SendNotifyMessageA
CharPrevA
DrawTextA
MapVirtualKeyExA
GetKeyNameTextA
DefWindowProcA
InvalidateRgn
CreateAcceleratorTableA
SetRect
FillRect
DrawTextW

gdi32

GetClipBox
GetCharABCWidthsA
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
GetTextExtentPoint32A
SetBkMode
CreateSolidBrush
CreatePatternBrush
CreateRoundRectRgn
SetWindowOrgEx
GetObjectA
GetTextMetricsA
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileA
CloseEnhMetaFile
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
StretchBlt
SetStretchBltMode
MoveToEx
TextOutA
GdiFlush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
SetTextColor
GetDeviceCaps
DeleteObject
CreateRectRgn
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
DeleteDC
CreatePen
CreateFontIndirectA
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

comdlg32

ChooseColorA

advapi32

CryptCreateHash
RegGetValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptDestroyHash

msvcp140

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??7ios_base@std@@QBE_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

imm32

ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext

winmm

timeGetTime

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

ntdll

NtQueryVirtualMemory

ws2_32

closesocket
connect
ioctlsocket
getpeername
getsockname
gethostbyname
socket
WSACleanup
htons
inet_addr
WSAStartup
gethostname
inet_ntoa
ntohs
send
select
recv

d3dx9_43

D3DXCreateFontA

vcruntime140

memmove
strstr
__CxxFrameHandler3
memcmp
memcpy
__std_type_info_destroy_list
memset
strchr
_CxxThrowException
__vcrt_InitializeCriticalSectionEx
_purecall
longjmp
strrchr
memchr
__RTDynamicCast
__std_terminate
__std_exception_destroy
_setjmp3
__std_exception_copy
_except_handler4_common

api-ms-win-crt-string-l1-1-0

strcpy
strcat
isspace
strlen
ispunct
isdigit
iscntrl
strcmp
isxdigit
isalpha
isupper
isgraph
_stricmp
tolower
strcoll
toupper
strcpy_s
strpbrk
strspn
isalnum
strncmp
islower

api-ms-win-crt-heap-l1-1-0

realloc
free
calloc
_callnewh
malloc

api-ms-win-crt-utility-l1-1-0

srand
_lrotl
qsort
abs
rand
labs

api-ms-win-crt-stdio-l1-1-0

_wfopen
fclose
fflush
fread
__stdio_common_vsprintf_s
__acrt_iob_func
__stdio_common_vsscanf
tmpnam
fgets
getc
fopen
ferror
_get_stream_buffer_pointers
fgetc
fgetpos
feof
fseek
fputc
ftell
fwrite
__stdio_common_vfprintf
fsetpos
_fseeki64
setvbuf
ungetc
__stdio_common_vsprintf
_ftelli64
freopen
clearerr
_pclose
tmpfile
_popen

api-ms-win-crt-math-l1-1-0

_libm_sse2_asin_precise
_libm_sse2_exp_precise
_CIatan2
_libm_sse2_log_precise
_libm_sse2_pow_precise
_libm_sse2_log10_precise
_CIfmod
_libm_sse2_acos_precise
floor
_libm_sse2_sin_precise
_except1
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
sqrt
pow
_libm_sse2_cos_precise
ldexp
cos
sin
ceil
frexp

api-ms-win-crt-convert-l1-1-0

strtod
strtol
_itoa
strtoul
_strtoui64
atoi
atol
_atoi64

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo
_crt_atexit
_cexit
exit
_initterm
_initterm_e
_errno
terminate
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
strerror
abort
system

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
_mktime64
_gmtime64
strftime
_difftime64
clock

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcmp
_mbsnbcat
_ismbcspace
_mbscmp
_mbsicmp
_mbsstr
_mbsrchr
_mbsnbcpy
_mbslwr
_mbschr
_ismbcalnum

api-ms-win-crt-filesystem-l1-1-0

remove
rename
_lock_file
_unlock_file
_access
_findnext64i32
_findfirst64i32
_findclose

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

shell32

DragQueryFileA

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantInit
SysAllocString

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipDrawImageI
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipAddPathArc
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetWorldTransform
GdipResetWorldTransform
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawImageRectRect
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipCreatePen2
GdipSetPenStartCap
GdipSetPenEndCap
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDrawLine

Exports

Exports

?aliFont@@YAPAXXZ
V

Sections

.text
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cq0
Size: - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cq1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1609f83fafdb717e5732a636ce66c89f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

msvcp140

imm32

winmm

wininet

ntdll

ws2_32

d3dx9_43

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

shell32

ole32

oleaut32

comctl32

gdiplus

Exports

Exports

Sections

.text Size: - Virtual size: 2.2MB

.rdata Size: - Virtual size: 1.8MB

.data Size: - Virtual size: 144KB

.gfids Size: - Virtual size: 104B

.tls Size: 512B - Virtual size: 21B

.cq0 Size: - Virtual size: 423KB

.cq1 Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 512B - Virtual size: 200B

.text
Size: - Virtual size: 2.2MB

.rdata
Size: - Virtual size: 1.8MB

.data
Size: - Virtual size: 144KB

.gfids
Size: - Virtual size: 104B

.tls
Size: 512B - Virtual size: 21B

.cq0
Size: - Virtual size: 423KB

.cq1
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 512B - Virtual size: 200B