1e0d6bc59e65c183babd04a0ed7acb84bbdbefe7c72b0580eeafeb2e0a00d88b

Sharing

Copy URL

Twitter E-mail

General

Target

1e0d6bc59e65c183babd04a0ed7acb84bbdbefe7c72b0580eeafeb2e0a00d88b
Size

3.7MB
MD5

e28fae7a0deda0d404072e9a44347213
SHA1

a5eddaa943a7b3169c4d4b865abef9d6bff95326
SHA256

1e0d6bc59e65c183babd04a0ed7acb84bbdbefe7c72b0580eeafeb2e0a00d88b
SHA512

89cd3bac66e1f96fa732cb0aabd6b700e95379a7a3d38efd942ace2136f5219d5fe60d0fb961a74fe665c1bdb4a131510241fcce09e3c253f0246f162c62060b
SSDEEP

49152:+P6feTGEKaTXl5VqaxPN0qeuCxDTZpcuSCy37Ksbh/klboku2DY7q6OzoJicm1eG:+P6WNVbNFSZP8Mot2DuqQE1t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e0d6bc59e65c183babd04a0ed7acb84bbdbefe7c72b0580eeafeb2e0a00d88b

Files

1e0d6bc59e65c183babd04a0ed7acb84bbdbefe7c72b0580eeafeb2e0a00d88b
.exe windows:6 windows x64 arch:x64

5d0f6f9e19d801b20118fdaa8a1a84ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertFreeCertificateContext
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptDecodeObjectEx
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CryptQueryObject
CryptStringToBinaryW
CryptStringToBinaryA

winhttp

WinHttpReadData
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpWriteData

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

gethostbyname
inet_ntop
WSAIoctl
getsockname
getsockopt
listen
ntohs
shutdown
WSARecv
inet_pton
freeaddrinfo
getaddrinfo
WSAGetLastError
socket
setsockopt
send
recv
htons
ioctlsocket
connect
closesocket
bind
WSACleanup
gethostname
WSAStartup

wininet

InternetReadFile
InternetWriteFile
InternetSetOptionA
HttpOpenRequestA
InternetCloseHandle
HttpSendRequestExA
HttpEndRequestA
HttpQueryInfoA
InternetConnectA
HttpAddRequestHeadersA
InternetOpenA

bcrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptDecrypt
BCryptExportKey
BCryptImportKey
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptGenRandom

secur32

DecryptMessage
EncryptMessage
FreeContextBuffer
QueryContextAttributesA
ApplyControlToken
DeleteSecurityContext
AcceptSecurityContext
InitializeSecurityContextA
AcquireCredentialsHandleA

shlwapi

PathFileExistsW
PathCombineW

kernel32

LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetDiskFreeSpaceExW
GetCurrentProcess
ExitProcess
TerminateProcess
GetCurrentThread
SetThreadPriority
SetPriorityClass
OpenProcess
GetModuleFileNameW
GlobalAlloc
GlobalUnlock
GlobalLock
K32EnumProcesses
K32EnumProcessModulesEx
K32GetModuleBaseNameW
K32GetModuleFileNameExW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetACP
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFileSize
ReadFile
GetTickCount
GetModuleHandleW
GetProcAddress
LoadLibraryW
lstrlenW
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
MulDiv
CreateDirectoryW
GetFileAttributesW
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
SystemTimeToFileTime
VerSetConditionMask
GetCurrentProcessId
GetLocalTime
lstrcpynW
lstrcmpiW
lstrcpyW
FindClose
FindFirstFileW
GetFileInformationByHandle
GetFileType
SetEndOfFile
SetFileAttributesW
DeviceIoControl
LoadLibraryA
GetTempPathW
IsValidCodePage
GetOEMCP
CreateProcessW
GetPrivateProfileStringW
GetFullPathNameW
PeekNamedPipe
GetExitCodeProcess
Sleep
GetStdHandle
SearchPathA
DuplicateHandle
SetHandleInformation
CloseHandle
CreateProcessA
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionEx
GetModuleHandleA
GetLocaleInfoEx
DeleteFileW
FindNextFileW
RemoveDirectoryW
GetSystemInfo
FormatMessageA
VerifyVersionInfoA
GetFileSizeEx
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
ConnectNamedPipe
CancelIo
CreateNamedPipeA
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceExecuteOnce
GetSystemTimeAsFileTime
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureStackBackTrace
IsDebuggerPresent
FreeLibrary
WaitForSingleObject
CreateThread
GetCurrentThreadId
OpenThread
SetThreadIdealProcessorEx
SetThreadGroupAffinity
GetActiveProcessorGroupCount
GetActiveProcessorCount
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
GetLastError
CreateFileA
ResetEvent
SetEvent
SleepConditionVariableCS
LeaveCriticalSection
EnterCriticalSection
FindFirstFileExW
GetFileAttributesExW
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
GetStringTypeW
GetCommandLineW
WriteFile
CreateFileW
CreatePipe
GetExitCodeThread
TryEnterCriticalSection
RtlPcToFileHeader
EncodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
WritePrivateProfileStringW
CompareStringEx
GetCPInfo
OutputDebugStringW
RtlUnwindEx
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
SetEnvironmentVariableW
GetCommandLineA
SetStdHandle
GetDateFormatW
RtlUnwind
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
HeapReAlloc
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetTimeZoneInformation
FlushFileBuffers
HeapQueryInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetFileAttributesA

ncrypt

BCryptVerifySignature
BCryptSignHash
BCryptImportKeyPair
NCryptImportKey
NCryptOpenStorageProvider
NCryptFreeObject

iphlpapi

GetAdaptersAddresses

user32

GetCaretBlinkTime
CreateAcceleratorTableW
MoveWindow
SetWindowRgn
SetWindowLongPtrW
GetWindowLongPtrW
GetPropW
SetPropW
GetSystemMetrics
EnableWindow
ShowWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
wsprintfW
GetMonitorInfoW
ClientToScreen
LoadImageW
GetWindow
DestroyMenu
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
GetCursorPos
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
MapVirtualKeyExW
FillRect
GetGUIThreadInfo
UpdateLayeredWindow
GetWindowRgn
CharPrevW
DrawTextW
SetRect
MonitorFromWindow
CreatePopupMenu
GetKeyNameTextW
GetKeyboardLayout
SetForegroundWindow
DrawTextA
wsprintfA
GetWindowRect
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowEnabled
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetParent
EqualRect
SendMessageW
PostQuitMessage
PostMessageW
MessageBoxW
SetCursor
InflateRect
UnionRect
OffsetRect
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
IsWindow
DestroyWindow
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
CharNextW
InvalidateRgn

gdi32

GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
CreateRectRgnIndirect
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
ExtSelectClipRgn
BitBlt

shell32

SHChangeNotify
CommandLineToArgvW
ShellExecuteW
DragQueryFileW
SHGetKnownFolderPath

ole32

ReleaseStgMedium
CoTaskMemFree
OleLockRunning
CLSIDFromProgID
CLSIDFromString
OleDuplicateData
DoDragDrop
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoUninitialize
RegisterDragDrop

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExA
RegDeleteTreeW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextA
CryptGenRandom
OpenProcessToken
CryptDestroyKey
CryptImportKey

gdiplus

GdipCloneImage
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipAlloc
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipSetStringFormatAlign
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipFree
GdipSetStringFormatLineAlign

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 706KB - Virtual size: 705KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 375KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d0f6f9e19d801b20118fdaa8a1a84ea

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

winhttp

comctl32

userenv

version

ws2_32

wininet

bcrypt

secur32

shlwapi

kernel32

ncrypt

iphlpapi

user32

gdi32

shell32

ole32

oleaut32

advapi32

gdiplus

imm32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 706KB - Virtual size: 705KB

.data Size: 69KB - Virtual size: 87KB

.pdata Size: 106KB - Virtual size: 106KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 375KB - Virtual size: 374KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 706KB - Virtual size: 705KB

.data
Size: 69KB - Virtual size: 87KB

.pdata
Size: 106KB - Virtual size: 106KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 375KB - Virtual size: 374KB

.reloc
Size: 25KB - Virtual size: 25KB