616de46a9235c37be28245fda8c26dd2059a099042e233af08af28ba11e41c32

Sharing

Copy URL Twitter E-mail

General

Target

616de46a9235c37be28245fda8c26dd2059a099042e233af08af28ba11e41c32
Size

1.8MB
MD5

dd54cf1547e5769504e689d2db8328c2
SHA1

19fcbcdb59493f33a774100db4a99a1678f0e3e0
SHA256

616de46a9235c37be28245fda8c26dd2059a099042e233af08af28ba11e41c32
SHA512

d5c89481b34f9775515e408b66c2c57b7e0c31ce5abb3d5c7f96b50eda9bbdf860560644b9127bae2554ddec396f52290b92e917710115b231037999a6441c17
SSDEEP

24576:WRx05y9tf2bdhd7pLIWEMuh+5QM+B08bJejatG+domXcJsjtCDLK+vuyGQ8O0:Wr0+WAe5QMZ8byvmsGjM3ngQ8O0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
616de46a9235c37be28245fda8c26dd2059a099042e233af08af28ba11e41c32

Files

616de46a9235c37be28245fda8c26dd2059a099042e233af08af28ba11e41c32
.exe windows:5 windows x86 arch:x86

933202c393a31fb52dddda1de060eab3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
GetTickCount
CloseHandle
WaitForSingleObject
SetEvent
Sleep
GetLongPathNameW
LocalFree
InitializeCriticalSection
FindResourceExW
FindResourceW
DeleteFileW
MoveFileExW
DecodePointer
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
GetShortPathNameW
DebugBreak
lstrcmpiW
LoadLibraryExW
GetModuleHandleW
CopyFileW
InterlockedExchange
GetModuleFileNameW
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetFileInformationByHandle
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
SearchPathW
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileA
SetEndOfFile
WriteConsoleW
WaitForSingleObjectEx
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetWindowsDirectoryW
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
CreateProcessA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
EnterCriticalSection
SetLastError
GetLastError
CreateThread
GetFileType
SetStdHandle
InterlockedFlushSList
RtlUnwind
FreeResource
InterlockedCompareExchange
lstrcmpiA
lstrcmpA
DeviceIoControl
OpenFileMappingW
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
FormatMessageW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
GetFileAttributesW
CreateFileA
GetFullPathNameW
RemoveDirectoryW
GetTempPathA
DeleteFileA
GetSystemWindowsDirectoryW
GetCurrentThread
GetLocalTime
GetFileSizeEx
GetExitCodeThread
TerminateThread
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
lstrlenW
lstrcpynW
FindNextFileA
SetFileTime
lstrcmpW
ReleaseMutex
GetSystemDefaultLangID
GetSystemInfo
GetCurrentThreadId
RaiseException
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
OpenProcess
GetCurrentProcessId
CreateMutexW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetVersionExW
MulDiv
VirtualAllocEx
VirtualFreeEx
GetCurrentProcess
GetExitCodeProcess
ReadProcessMemory
WriteProcessMemory
GetFileSize
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
FindClose
GetFileTime
LoadLibraryW
GetPrivateProfileStringW
GetTempPathW
GetTempFileNameW
CreateFileW
SetFileAttributesW
GetFileAttributesExW
FindFirstFileW
FindNextFileW
MoveFileW
AllocConsole
GetConsoleWindow
LocalAlloc
TerminateProcess
WaitForMultipleObjects
CreateProcessW
GetStartupInfoW
Module32FirstW
Module32NextW
OutputDebugStringA
OutputDebugStringW
SetFilePointer
ResetEvent

user32

GetSystemMetrics
SetWindowPos
DestroyWindow
PostQuitMessage
SendMessageW
GetWindowTextLengthW
RedrawWindow
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW
GetWindowRect
GetClientRect
MoveWindow
BeginPaint
EndPaint
SetWindowTextW
ScreenToClient
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
CopyRect
SetRect
OffsetRect
IsRectEmpty
GetDC
UpdateLayeredWindow
IsWindowVisible
SetTimer
KillTimer
SetWindowRgn
FindWindowExW
GetWindowThreadProcessId
BringWindowToTop
DialogBoxParamW
EndDialog
GetActiveWindow
IsDialogMessageW
PtInRect
SystemParametersInfoW
WaitForInputIdle
GetShellWindow
PostThreadMessageW
LoadStringW
SendMessageTimeoutW
UnregisterClassA
wsprintfW
DefWindowProcW
MapWindowPoints
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
GetWindowTextW
EnableWindow
InvalidateRect
ReleaseDC
SetCursor
PostMessageW
ShowWindow
FindWindowW
MessageBoxW
CharNextW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW

gdi32

SaveDC
CreateCompatibleBitmap
CombineRgn
CreateRectRgn
EnumFontFamiliesW
CreateFontIndirectW
GetDeviceCaps
GetTextExtentPoint32W
GetStockObject
CreateCompatibleDC
CreateFontW
BitBlt
RestoreDC
ExtTextOutW
SetBkMode
SetBkColor
SetViewportOrgEx
SelectObject
DeleteObject
DeleteDC

advapi32

SetTokenInformation
RegGetValueW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyW
RegQueryValueExW
CryptContextAddRef
CryptDecrypt
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CreateWellKnownSid
GetLengthSid
DuplicateTokenEx
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RevertToSelf
GetTokenInformation
ImpersonateLoggedOnUser
CreateProcessAsUserW
RegOpenCurrentUser
OpenThreadToken
EqualSid
RegEnumValueW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatus
GetUserNameW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetDesktopFolder
ord165
SHGetFolderPathA
SHGetSpecialFolderPathW
SHCreateDirectoryExA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHFileOperationW
SHCreateDirectoryExW
ShellExecuteW
ShellExecuteExW
SHChangeNotify

ole32

CoSetProxyBlanket
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
OleRun
CLSIDFromProgID
StringFromGUID2
CoInitializeSecurity
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysStringLen
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysStringByteLen
SysFreeString
VarUI4FromStr
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocString
SysAllocStringByteLen

wininet

InternetCrackUrlW
InternetGetConnectedState

shlwapi

StrToIntExW
SHGetValueA
StrCmpNIW
StrTrimA
StrStrIW
StrCmpIW
PathIsRootW
StrStrIA
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW
PathIsRelativeW
StrCmpW
PathCanonicalizeW
PathIsDirectoryW
SHGetValueW
SHSetValueW
AssocQueryStringW
PathCompactPathW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
wnsprintfW
PathRelativePathToW
PathCombineW
PathAppendA
PathUnquoteSpacesW
PathRemoveArgsW
PathIsPrefixW
SHSetValueA
PathCombineA
SHDeleteKeyW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipDrawImagePointRectI
GdipDrawImageRectRectI
GdipCreateBitmapFromStream
GdipGetImageWidth
GdipDrawImageRectRect
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateImageAttributes
GdipCreateBitmapFromStreamICM
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipAlloc
GdipCloneImage
GdipFree
GdipSetStringFormatTrimming
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

urlmon

URLDownloadToCacheFileA
URLDownloadToFileW
URLDownloadToCacheFileW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

winmm

timeGetTime

iphlpapi

GetAdaptersInfo

setupapi

SetupIterateCabinetW

secur32

GetUserNameExW

crypt32

CryptBinaryToStringW
CertGetNameStringW
CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringA

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

933202c393a31fb52dddda1de060eab3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

shlwapi

comctl32

gdiplus

psapi

urlmon

version

wtsapi32

userenv

winmm

iphlpapi

setupapi

secur32

crypt32

wintrust

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 280KB - Virtual size: 280KB

.data Size: 26KB - Virtual size: 38KB

.rsrc Size: 186KB - Virtual size: 185KB

.reloc Size: 67KB - Virtual size: 66KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 280KB - Virtual size: 280KB

.data
Size: 26KB - Virtual size: 38KB

.rsrc
Size: 186KB - Virtual size: 185KB

.reloc
Size: 67KB - Virtual size: 66KB