63976c96b888fc7fd04f0a08a0bd87bf

Sharing

Copy URL Twitter E-mail

General

Target

63976c96b888fc7fd04f0a08a0bd87bf
Size

2.9MB
MD5

63976c96b888fc7fd04f0a08a0bd87bf
SHA1

e4e4d7643ae08094c869b6978efb8387e1906f9b
SHA256

9c58023f439b52b05d4109c8973505479120458c2e5a85b025f0b529ca03a2f3
SHA512

8a8cf71ee692098bb3e56c877b2ec3292529f377adf994dc2877df3f298931813e5f2756868b2749dcfb551435eea88820cb7bb33225f687cebe108f7eef0c64
SSDEEP

49152:eKkJ2NRLm9DPrSy6I4ZqTWKDNjz2EbbvE3:eKfvw3S3IghKDq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63976c96b888fc7fd04f0a08a0bd87bf

Files

63976c96b888fc7fd04f0a08a0bd87bf
.exe windows:4 windows x86 arch:x86

272e05c86d1a9eab832ed13c8709ef90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHAutoComplete

winmm

waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
sndPlaySoundA
PlaySoundA
waveInReset
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInStop
waveInClose
waveInUnprepareHeader

kernel32

IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringW
SetEnvironmentVariableA
HeapDestroy
GetEnvironmentVariableA
HeapSize
TerminateProcess
GetSystemTime
GetTimeZoneInformation
GetACP
GetProfileStringA
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
GetVolumeInformationA
GetComputerNameA
GlobalFree
WriteFile
DeleteFileA
CreateFileA
GlobalAlloc
lstrcatA
GetModuleFileNameA
GetTickCount
GetFileAttributesA
GetCurrentDirectoryA
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
GetDiskFreeSpaceExA
lstrlenA
GetLogicalDriveStringsA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
SetFilePointer
ReadFile
RemoveDirectoryA
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RaiseException
ExitThread
HeapFree
HeapAlloc
RtlUnwind
SetErrorMode
GetProcessVersion
GlobalFlags
GetProfileIntA
TlsGetValue
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
SystemTimeToFileTime
LocalFileTimeToFileTime
SetLastError
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetCurrentThread
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
CompareStringA
CopyFileA
GetTempPathA
GetTempFileNameA
GetPrivateProfileSectionNamesA
lstrcmpA
FormatMessageA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
SetFileAttributesA
SizeofResource
FindResourceA
LoadResource
LockResource
MulDiv
GetCurrentProcessId
GetExitCodeThread
SetThreadPriority
ResetEvent
FreeLibrary
GetOEMCP
GetCPInfo
GetVersionExA
GetVersion
LocalSize
LocalReAlloc
GetModuleHandleA
GlobalSize
GetLocalTime
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
CancelIo
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
PostQueuedCompletionStatus
InitializeCriticalSection
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcpyA
CreateDirectoryA
GetLastError
MoveFileA
HeapCreate

user32

PostThreadMessageA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
UnpackDDElParam
ReuseDDElParam
TranslateAcceleratorA
EndPaint
BeginPaint
GetWindowDC
LoadStringA
DestroyMenu
SetWindowContextHelpId
ValidateRect
ShowOwnedPopups
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
SetWindowTextA
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
SendDlgItemMessageA
ScrollWindow
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
WinHelpA
GetClassInfoA
RegisterClassA
SetWindowPlacement
CreateWindowExA
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
GetTabbedTextExtentA
DestroyWindow
GetClipboardFormatNameA
GetAsyncKeyState
MapDialogRect
SendMessageTimeoutA
GetScrollInfo
GetDoubleClickTime
CallWindowProcA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetCursorPos
UnionRect
DeferWindowPos
GetMenu
GetClassLongA
GetMenuDefaultItem
SetMenu
BeginDeferWindowPos
EndDeferWindowPos
GetMenuStringW
LookupIconIdFromDirectoryEx
GetCursor
EqualRect
IsDialogMessageA
CharUpperA
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
IsIconic
LoadAcceleratorsA
CopyAcceleratorTableA
IsWindowEnabled
GetActiveWindow
DrawEdge
IsClipboardFormatAvailable
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetDialogBaseUnits
LockWindowUpdate
GetDCEx
InvertRect
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowRgn
HideCaret
ShowCaret
GetNextDlgTabItem
IsMenu
GetMenuItemInfoA
GrayStringA
TabbedTextOutA
CopyIcon
CreateIconIndirect
CreateIconFromResourceEx
RegisterClipboardFormatA
DrawFocusRect
DrawFrameControl
ShowWindow
IsChild
SetFocus
MapWindowPoints
CreatePopupMenu
InsertMenuA
BringWindowToTop
UnregisterClassA
ExcludeUpdateRgn
DefDlgProcA
GetNextDlgGroupItem
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
GetMenuStringA
IsZoomed
SetActiveWindow
DrawAnimatedRects
SetParent
FindWindowA
EnumChildWindows
GetClassNameA
GetDlgItem
AdjustWindowRectEx
WaitMessage
MapVirtualKeyA
GetTopWindow
SystemParametersInfoA
CopyRect
KillTimer
PeekMessageA
IsRectEmpty
DrawStateA
SetRectEmpty
MoveWindow
DefWindowProcA
GetSysColor
FillRect
PtInRect
GetCapture
GetWindowLongA
SetWindowLongA
GetMenuItemID
SetMenuDefaultItem
SetForegroundWindow
TrackPopupMenu
IsWindow
SetWindowRgn
LoadBitmapA
GetSysColorBrush
RegisterClassExA
GetKeyState
ShowScrollBar
CheckMenuRadioItem
GetMenuState
CheckMenuItem
GetClipboardData
DrawTextA
DrawIconEx
IntersectRect
GetIconInfo
GetDC
ReleaseDC
SetClassLongA
DestroyCursor
SetTimer
PostMessageA
OpenClipboard
PostQuitMessage
SendMessageA
EnableWindow
RegisterWindowMessageA
UpdateWindow
InvalidateRect
SetRect
wsprintfA
MessageBoxA
GetCursorPos
GetMenuItemCount
GetSubMenu
LoadMenuA
GetClientRect
RedrawWindow
GetDesktopWindow
wvsprintfA
LoadImageA
LoadCursorA
SetCursor
ReleaseCapture
SetWindowPos
GetDlgCtrlID
CharNextA
DeleteMenu
EnableMenuItem
ClientToScreen
ScreenToClient
IsWindowVisible
SetCapture
GetFocus
GetWindow
GetParent
WindowFromPoint
GetWindowRect
GetSystemMetrics
MessageBeep
InflateRect
OffsetRect
AppendMenuA
GetSystemMenu
DestroyIcon
CloseClipboard
SetClipboardData
EmptyClipboard

gdi32

MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCharWidthA
GetCurrentPositionEx
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
LPtoDP
DPtoLP
SaveDC
RestoreDC
SetPolyFillMode
SetMapMode
SetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
SetTextAlign
CreateRectRgnIndirect
CloseFigure
GetMapMode
SetRectRgn
CopyMetaFileA
PtInRegion
PatBlt
GetDIBits
Escape
RectVisible
PtVisible
SetStretchBltMode
CreateCompatibleBitmap
CreateBitmap
DeleteDC
StretchBlt
GetDeviceCaps
GetTextColor
GetCurrentObject
SetPixel
GetTextMetricsA
GetTextExtentPointA
TextOutA
GetPixel
CreateFontIndirectA
CreateRectRgn
CombineRgn
GetStockObject
GetObjectA
SetBkColor
SetTextColor
ExtTextOutA
BitBlt
StretchDIBits
CreateCompatibleDC
EndPath
StrokeAndFillPath
FillPath
StrokePath
GetWindowExtEx
GetViewportExtEx
RoundRect
CreatePolygonRgn
GetRgnBox
SetBrushOrgEx
Ellipse
ExtFloodFill
GetViewportOrgEx
Polyline
CreateFontA
GetBkColor
CreatePatternBrush
ExtCreateRegion
GetBitmapBits
GetWindowOrgEx
EnumFontFamiliesExA
CreatePen
CreateDIBSection
SelectObject
CreateDIBitmap
GetTextAlign
GetTextExtentPoint32A
CreateSolidBrush
Polygon
DeleteObject
SetBkMode

comdlg32

ChooseColorA
GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumKeyA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegSetValueA
RegQueryValueExA
GetFileSecurityA
SetFileSecurityA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA

shell32

ShellExecuteA
ExtractIconA
Shell_NotifyIconA
SHAppBarMessage
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
DragFinish
DragQueryFileA
SHGetPathFromIDListA
ord71

comctl32

ImageList_LoadImageA
ord17
ImageList_Remove
ImageList_GetImageInfo
ImageList_Add
ImageList_DrawEx
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Draw
ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ImageList_AddMasked
ImageList_ReplaceIcon

oledlg

ord8
ord1

ole32

ReleaseStgMedium
CoTaskMemFree
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
OleGetClipboard
OleRun
OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoTaskMemAlloc
OleDuplicateData
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoFreeUnusedLibraries
CoCreateInstance

olepro32

ord253

oleaut32

VariantCopy
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarDateFromStr
VarBstrFromDate
SafeArrayGetDim
SysAllocStringLen
VariantTimeToSystemTime
SysStringLen
LoadTypeLi
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeTypeEx
VariantClear
SysFreeString
OleLoadPicturePath
SysAllocString

ws2_32

getpeername
inet_ntoa
getsockname
ntohs
inet_addr
connect
select
setsockopt
recv
ioctlsocket
send
WSACloseEvent
WSASend
WSARecv
socket
accept
__WSAFDIsSet
WSAIoctl
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSASocketA
WSAGetLastError
WSACreateEvent
WSAEventSelect
htons
bind
listen
WSACleanup
WSAStartup
gethostname
gethostbyname
closesocket

pdh

PdhGetFormattedCounterValue
PdhOpenQueryA
PdhAddCounterA
PdhCloseQuery
PdhCollectQueryData

avifil32

AVIFileInit
AVIFileExit
AVIStreamRelease
AVIStreamSetFormat
AVIFileOpenA
AVIStreamWrite
AVIFileCreateStreamA
AVIFileRelease

msvfw32

DrawDibDraw
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICDecompress
DrawDibOpen
DrawDibClose

skinh

SkinH_AttachEx
SkinH_AdjustAero
SkinH_SetMenuAlpha
SkinH_AdjustHSV

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 688KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

272e05c86d1a9eab832ed13c8709ef90

Headers

File Characteristics

Imports

shlwapi

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

ws2_32

pdh

avifil32

msvfw32

skinh

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 280KB - Virtual size: 279KB

.data Size: 152KB - Virtual size: 198KB

.rsrc Size: 688KB - Virtual size: 686KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 280KB - Virtual size: 279KB

.data
Size: 152KB - Virtual size: 198KB

.rsrc
Size: 688KB - Virtual size: 686KB