f297ba62f4966b7fac3c3c678a4064b456402b318f8c21ed45a841433b18c1ef

Sharing

Copy URL

Twitter E-mail

General

Target

f297ba62f4966b7fac3c3c678a4064b456402b318f8c21ed45a841433b18c1ef
Size

4.8MB
MD5

d31e6563dd3a47c75e72cf755b3d3844
SHA1

3c94626bd1cfba5a8964b797220cb42ddebf8740
SHA256

f297ba62f4966b7fac3c3c678a4064b456402b318f8c21ed45a841433b18c1ef
SHA512

c0523bd420ce0c485553ee06aea617236aac22d59221a9c648ae9d9b857d199281d3e6a4a2d1a2000f9a49e141f3c4c5e6450d77bb88d89e9490cd194911d391
SSDEEP

98304:mEKv2kfICb82g522LghWqJN2IUuvrkaz+88Nvpk:mEKukgC+22gEqmIUuvzr8FW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f297ba62f4966b7fac3c3c678a4064b456402b318f8c21ed45a841433b18c1ef

Files

f297ba62f4966b7fac3c3c678a4064b456402b318f8c21ed45a841433b18c1ef
.exe windows:5 windows x86 arch:x86

4966b3b33cd349c54a87214f6e14d3a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
InitializeCriticalSection
SleepEx
LoadLibraryW
GetSystemDirectoryW
MoveFileExW
WaitForSingleObject
CompareFileTime
GetEnvironmentVariableA
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoW
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
MulDiv
GlobalLock
GlobalUnlock
lstrlenW
GetCurrentDirectoryW
WideCharToMultiByte
ExitProcess
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesW
GlobalAlloc
GetModuleHandleA
GetLocalTime
lstrcpynW
lstrcpyW
VirtualQuery
MoveFileW
FindClose
GetEnvironmentVariableW
GetTempPathW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFileAttributesW
FormatMessageW
FindNextFileW
DeviceIoControl
GetSystemDirectoryA
ReleaseMutex
CreateMutexW
SetErrorMode
GetVersionExW
SetCurrentDirectoryA
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlUnwind
GetTimeZoneInformation
GetFileAttributesExW
ExitThread
GetModuleHandleExW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
SetEndOfFile
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
FindFirstFileW
TryEnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
CreateFileA
CreateDirectoryW
DeleteFileW
CreateFileW
ReadFile
WriteFile
GetFileSize
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
FreeResource
InterlockedDecrement
GetDriveTypeW
FindResourceExW
CreateThread
GetCommandLineW
GetCurrentThreadId
FindResourceW
LoadResource
LockResource
Sleep
ReadConsoleA
SetConsoleMode
SwitchToFiber
DeleteFiber
CreateFiber
GlobalMemoryStatus
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
GetModuleFileNameW
SizeofResource
GetModuleFileNameA
DeleteCriticalSection
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
LocalFree
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
Process32FirstW
Process32NextW
GetLastError
CreateToolhelp32Snapshot
GetLogicalDriveStringsW
HeapSize
OpenProcess
LocalAlloc
InitializeCriticalSectionAndSpinCount
VirtualAlloc
VirtualFree
HeapFree
GetACP
QueryDosDeviceW

user32

GetPropW
SetPropW
GetSystemMetrics
EnableWindow
ShowWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
wsprintfW
SetWindowRgn
LoadCursorW
InflateRect
SetCursor
GetMonitorInfoW
GetProcessWindowStation
MonitorFromWindow
LoadImageW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
OffsetRect
UpdateLayeredWindow
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
UpdateWindow
IsWindowEnabled
CreatePopupMenu
DestroyMenu
EnableMenuItem
PrivateExtractIconsW
GetCursor
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
UnionRect
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
GetCursorPos
GetWindowRect
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
SetFocus
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
PostMessageW
MonitorFromPoint
ReleaseDC
GetDC
GetUserObjectInformationW
SetForegroundWindow
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetCaretPos
SetCaretPos
EqualRect
DrawIconEx
DestroyIcon
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
GetMessageW
DispatchMessageW
PeekMessageW
CharNextW
TranslateMessage
ClientToScreen
MessageBoxW
SendMessageW
GetActiveWindow
ActivateKeyboardLayout
PostQuitMessage
TrackPopupMenu
AppendMenuW

advapi32

GetUserNameW
OpenProcessToken
SetEntriesInAclW
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
LookupAccountSidW
AllocateAndInitializeSid
FreeSid
ReportEventW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
CryptAcquireContextW
RegisterEventSourceW
DeregisterEventSource

ole32

OleDuplicateData
ReleaseStgMedium
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
DoDragDrop
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize

shell32

SHGetFileInfoW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
DragQueryFileW

oleaut32

SysFreeString
VarUI4FromStr
VariantClear
VariantInit
SysAllocString

shlwapi

PathRemoveExtensionW
PathIsDirectoryW
PathRemoveFileSpecW
PathCombineW
PathFileExistsW
PathFindFileNameW
SHDeleteKeyW

crypt32

CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertFindCertificateInStore
CertGetNameStringW
CertCloseStore
CryptQueryObject
CertFreeCertificateContext
CryptMsgClose
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertOpenStore
CertDuplicateCertificateContext
CryptMsgGetParam

psapi

GetModuleFileNameExW
EnumProcessModules
GetProcessImageFileNameW
EnumProcesses

urlmon

ObtainUserAgentString

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdi32

Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
SaveDC
SelectObject
CloseEnhMetaFile
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
DeleteObject
GetObjectA
SetTextColor
GetTextExtentPointA
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
GetBitmapBits
SetBitmapBits
CreateDIBSection
CreateRectRgn
CreateEnhMetaFileW
CreateRoundRectRgn
GetEnhMetaFileHeader
RestoreDC
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
PlayEnhMetaFile
SetWindowOrgEx
GetObjectW
PtInRegion
SetStretchBltMode
GetTextMetricsW

gdiplus

ord1
GdipCloneBrush
GdipDeleteBrush
GdipCreatePen1
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreatePath
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipAddPathLine
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipFree
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdiplusShutdown
GdiplusStartup
GdipDeletePen
GdipSetStringFormatLineAlign
GdipDeletePath
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipCloneStringFormat
GdipAlloc
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipCreateSolidFill

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

ws2_32

ioctlsocket
getnameinfo
gethostbyname
gethostname
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
shutdown
listen
htonl
accept
WSACleanup
WSAStartup
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl

wldap32

ord147
ord219
ord46
ord301
ord145
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87.1MB - Virtual size: 87.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4966b3b33cd349c54a87214f6e14d3a4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

crypt32

psapi

urlmon

dbghelp

version

comctl32

gdi32

gdiplus

imm32

ws2_32

wldap32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 569KB - Virtual size: 568KB

.data Size: 48KB - Virtual size: 74KB

.rsrc Size: 87.1MB - Virtual size: 87.1MB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 569KB - Virtual size: 568KB

.data
Size: 48KB - Virtual size: 74KB

.rsrc
Size: 87.1MB - Virtual size: 87.1MB