9e506ab0d1e477bd840b90a26f513e7c061e81a59982c86a57c1157d28675468

Sharing

Copy URL Twitter E-mail

General

Target

9e506ab0d1e477bd840b90a26f513e7c061e81a59982c86a57c1157d28675468
Size

10.6MB
MD5

6b3f1a1cfbcc319e65f9be83375f1c5b
SHA1

dffaa62b75ba69e4dcf855e436aa64baeeb2db99
SHA256

9e506ab0d1e477bd840b90a26f513e7c061e81a59982c86a57c1157d28675468
SHA512

cf9472d6d6e18c6485d8da685de4b174d20b11e5bcd706049559607d33728be36f7f807dc99a2c816929e13e88d6f5663a921e678a1b21134285756fe5371ed4
SSDEEP

196608:uzXJBGuSyhooWY+Jc1b9rcFuTCGV/i9TnvYu69vdvUPAz3mYPFB/jvc3P:GJAuSaoBNy/cUmCUTS1vUSRy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e506ab0d1e477bd840b90a26f513e7c061e81a59982c86a57c1157d28675468

Files

9e506ab0d1e477bd840b90a26f513e7c061e81a59982c86a57c1157d28675468
.exe windows:6 windows x86 arch:x86

f97e7cf51a21b04ccf7e6d29b6ce8a21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
OutputDebugStringW
TerminateProcess
Process32NextW
GetLogicalDrives
MoveFileExW
DeviceIoControl
GetFileAttributesExW
FormatMessageW
GetProcessId
QueryFullProcessImageNameW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalSize
WriteFile
FlushFileBuffers
GetFileTime
FileTimeToSystemTime
GetCurrentThreadId
HeapCreate
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetFullPathNameW
SetLastError
FreeResource
MulDiv
FreeLibrary
GetVersionExA
GetSystemTime
GetModuleHandleA
IsBadReadPtr
SetFileTime
CompareFileTime
LocalFileTimeToFileTime
VirtualAlloc
VirtualFree
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
FileTimeToLocalFileTime
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
SetEndOfFile
SetFilePointer
RemoveDirectoryW
GetWindowsDirectoryW
MoveFileW
FindCloseChangeNotification
FindFirstChangeNotificationW
CopyFileW
PeekNamedPipe
CreateProcessW
CreatePipe
GetNativeSystemInfo
GetSystemInfo
ReadFile
LoadLibraryW
GetSystemDirectoryW
GetModuleHandleW
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetModuleFileNameW
SetEvent
CreateEventW
lstrlenA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
RtlCaptureStackBackTrace
QueryPerformanceFrequency
ResetEvent
QueryPerformanceCounter
GetTickCount
CreateDirectoryW
GetDiskFreeSpaceW
OutputDebugStringA
WriteConsoleW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
ReadConsoleW
SetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
GetACP
GetStdHandle
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableW
SetEnvironmentVariableA
GetFullPathNameA
SystemTimeToTzSpecificLocalTime
GetFileType
GetCommandLineA
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
SetProcessAffinityMask
VirtualProtect
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
AreFileApisANSI
CreateHardLinkW
SetFilePointerEx
GetFileInformationByHandle
FindFirstFileExW
GetStringTypeW
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
LocalFree
GetCommandLineW
GetTempPathW
VerifyVersionInfoW
VerSetConditionMask
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentProcessId
GetFileAttributesW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
WaitForSingleObject
SetFileAttributesW
WideCharToMultiByte
GetUserDefaultUILanguage
GetLocalTime
Sleep
GetExitCodeProcess
GetCurrentProcess
GetVersionExW
CreateThread
DeleteFileW
FindResourceW
SizeofResource
LockResource
LoadResource
WritePrivateProfileSectionW
GetLastError
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetCurrentDirectoryW
GetCurrentDirectoryW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetFileSizeEx
CloseHandle
GetFileSize
CreateFileW
lstrcpyW
GetSystemTimeAsFileTime
GetFileAttributesA
GetEnvironmentVariableA
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionEx
lstrlenW
GetComputerNameW

user32

DestroyWindow
MessageBoxW
wsprintfW
DefWindowProcW
CopyRect
IsZoomed
SystemParametersInfoW
AllowSetForegroundWindow
SendMessageW
GetSystemMetrics
EnumDisplayDevicesW
CreateWindowExW
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
EnableWindow
SetWindowPos
PostQuitMessage
GetWindowRect
MonitorFromRect
GetMonitorInfoW
GetActiveWindow
GetForegroundWindow
FindWindowW
GetWindowThreadProcessId
CharNextW
GetMenuInfo
TrackPopupMenu
AttachThreadInput
SetForegroundWindow
WaitForInputIdle
DrawIconEx
EnumWindows
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
SetActiveWindow
CharUpperW
CharPrevExA
RegisterClassExW
PostMessageW
UnregisterClassW
EnumDisplaySettingsW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDesktopWindow
GetClipboardData
GetDC
ReleaseDC
MonitorFromWindow
GetDisplayConfigBufferSizes
QueryDisplayConfig
DisplayConfigGetDeviceInfo
DisplayConfigSetDeviceInfo
GetLastInputInfo
IsWindow
CallWindowProcW
ShowWindow
GetDlgItem
GetClientRect
MapWindowPoints
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadCursorW
TrackMouseEvent
AnimateWindow
SetLayeredWindowAttributes
IsWindowVisible
IsIconic
SetFocus
GetCapture
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
CheckMenuItem
DestroyMenu
CreatePopupMenu
IsWindowEnabled
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
GetWindowPlacement
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetSysColor
EnableMenuItem
SetRect
ClientToScreen
PostThreadMessageW
GetMessageW
LoadImageW
CreateIconFromResource
LoadBitmapW
GetKeyState
GetFocus
GetIconInfo
OffsetRect
DestroyCursor
PtInRect
EqualRect
SetCursor
DestroyIcon
GetClassNameW
IsRectEmpty
UnionRect
IntersectRect
InflateRect
ScreenToClient
GetCursorPos
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture

gdi32

GetClipBox
CreateFontIndirectW
SetGraphicsMode
GetDeviceCaps
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
GetStockObject
BitBlt
DeleteObject
CreateDIBitmap
GetObjectW
SetBkMode
StretchBlt
CreateCompatibleBitmap
SetViewportOrgEx
EnumFontsW
Rectangle
GetDCOrgEx
ExtCreateRegion
IntersectClipRect
SelectClipRgn
SetWorldTransform
CreateDIBSection
GetCurrentObject
GetViewportOrgEx
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextColor
SetTextAlign
GetTextMetricsW
ExtTextOutW
GetTextFaceW
GdiFlush
CreateSolidBrush

comdlg32

GetOpenFileNameW

advapi32

CreateProcessAsUserW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
DuplicateTokenEx
GetUserNameW
RegGetValueW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegDeleteKeyW
RegDeleteKeyValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
ord165
SHGetSpecialFolderPathW
SHFileOperationW
SHCreateDirectoryExW

ole32

GetHGlobalFromStream
CLSIDFromString
CreateStreamOnHGlobal
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
CLSIDFromProgID
CreateBindCtx
IIDFromString
CoCreateInstance
CoTaskMemFree
OleLockRunning

oleaut32

SysAllocStringByteLen
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
VariantCopy
SysAllocString
SysStringLen
SysAllocStringLen
VariantClear
VariantInit
VarBstrCmp
SysFreeString

winhttp

WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpSetStatusCallback
WinHttpQueryOption
WinHttpConnect
WinHttpOpen

shlwapi

SHDeleteKeyW
SHCreateStreamOnFileEx
PathIsDirectoryW
StrToIntExW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersAddresses

ws2_32

WSAStartup
WSACleanup
getaddrinfo
inet_ntop
gethostbyname
WSAGetLastError
inet_ntoa
gethostname

netapi32

NetApiBufferFree
NetGetJoinInformation

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

dbghelp

MakeSureDirectoryPathExists

gdiplus

GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipGraphicsClear

imm32

ImmCreateContext
ImmDestroyContext
ImmGetContext
ImmAssociateContext
ImmReleaseContext

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

opengl32

wglGetCurrentContext
wglGetProcAddress

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 862KB - Virtual size: 861KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93.1MB - Virtual size: 93.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f97e7cf51a21b04ccf7e6d29b6ce8a21

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winhttp

shlwapi

version

iphlpapi

ws2_32

netapi32

setupapi

dbghelp

gdiplus

imm32

usp10

opengl32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 862KB - Virtual size: 861KB

.data Size: 85KB - Virtual size: 209KB

.gfids Size: 5KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 21B

.rsrc Size: 93.1MB - Virtual size: 93.1MB

.reloc Size: 222KB - Virtual size: 221KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 862KB - Virtual size: 861KB

.data
Size: 85KB - Virtual size: 209KB

.gfids
Size: 5KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 21B

.rsrc
Size: 93.1MB - Virtual size: 93.1MB

.reloc
Size: 222KB - Virtual size: 221KB