b725d2bc15637db7e76250ca00624119

Sharing

Copy URL Twitter E-mail

General

Target

b725d2bc15637db7e76250ca00624119
Size

3.4MB
MD5

b725d2bc15637db7e76250ca00624119
SHA1

1001f3a41c925fbbaeef5095cf0d2ef2907e9602
SHA256

499f3349b763001a7b6ea1eb6d240381fa974bc47373c365200ce09d3193e825
SHA512

d85649c4d27e3c122dbe21fd3903c7eaa890f5e3a8e5fb39e29dc6af24fba395f7a87ea75a88a5601c2cdd2924ae60fc23c983dea92c84b4df74a09c67405f7f
SSDEEP

49152:bn7bMxL7fcRyqrCSGSN53KYU5rrxI3ElrAfRKH1L5Z0e6Hgt:bnMGCSGSD63/xIUl8fRxe6Hgt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b725d2bc15637db7e76250ca00624119

Files

b725d2bc15637db7e76250ca00624119
.exe windows:5 windows x86 arch:x86

a3c154d6de28b295997f3ab55e8dd4d8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
exit
__set_app_type
_controlfp
_XcptFilter
_exit
_except_handler3
memset
__p__fmode

mpr

WNetGetConnectionW
WNetGetUniversalNameW
WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
ord17
_TrackMouseEvent
InitializeFlatSB

version

GetFileVersionInfoW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW

kernel32

LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalSize
LockResource
LoadLibraryW
lstrcmpA
lstrcmpiA
lstrcmpiW
lstrcmpW
lstrcpynW
lstrcpyW
lstrlenA
lstrlenW
MapViewOfFile
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
OpenFileMappingA
OpenFileMappingW
OpenProcess
OutputDebugStringW
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
SearchPathW
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetPriorityClass
SetProcessWorkingSetSize
SetThreadExecutionState
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
WriteProcessMemory
IsValidCodePage
EnterCriticalSection
LoadLibraryExW
LoadLibraryExA
LoadLibraryA
LeaveCriticalSection
IsValidLocale
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
InterlockedIncrement
InterlockedExchangeAdd
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalMemoryStatus
GlobalLock
GlobalHandle
GlobalGetAtomNameW
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetWindowsDirectoryA
GetVolumeInformationW
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathW
GetTempPathA
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
GetStdHandle
GetStartupInfoA
GetShortPathNameW
GetProcessTimes
GetProcessHeap
GetProcAddress
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPriorityClass
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLongPathNameW
GetLogicalDriveStringsW
GetLogicalDrives
GetLocalTime
GetLocaleInfoW
GetLocaleInfoA
GetLastError
GetFullPathNameW
GetFileType
GetFileTime
GetFileSize
GetFileAttributesW
GetFileAttributesExW
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDateFormatW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentDirectoryW
GetCurrentDirectoryA
GetCPInfo
GetComputerNameW
GetComputerNameA
GetCommandLineW
GetCommandLineA
GetACP
FreeResource
FormatMessageW
FormatMessageA
FlushInstructionCache
FlushFileBuffers
FindResourceW
FindResourceA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
ExitThread
EnumCalendarInfoA
DuplicateHandle
DosDateTimeToFileTime
DeviceIoControl
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateProcessW
CreateProcessA
CreatePipe
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
CompareStringW
CompareStringA
CloseHandle
Beep
ExitProcess
lstrcatW

user32

WindowFromPoint
ShowOwnedPopups
SetWindowTextW
SetWindowTextA
SetWindowsHookExW
SetWindowRgn
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageW
SendMessageTimeoutA
SendMessageA
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterClipboardFormatW
RegisterClassW
RegisterClassA
RedrawWindow
PtInRect
PostThreadMessageW
PostThreadMessageA
PostQuitMessage
PostMessageW
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjectsEx
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadImageW
LoadImageA
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuW
InsertMenuItemW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextA
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
WindowFromDC
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetMessageW
GetMessagePos
GetMessageA
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetLastActivePopup
GetKeyNameTextW
GetKeyboardType
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetCursorPos
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameW
GetClassNameA
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowW
FindWindowA
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextW
DrawTextExW
DrawTextA
DrawMenuBar
DrawIconEx
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefWindowProcA
DefMDIChildProcW
DefFrameProcW
CreateWindowExW
CreateWindowExA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharToOemW
CharToOemA
CharNextW
CharLowerW
CharLowerBuffW
CallWindowProcW
CallWindowProcA
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
WaitMessage
WaitForInputIdle
UpdateWindow
UnregisterClassW
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
GetSubMenu
ShowScrollBar
AdjustWindowRectEx
ActivateKeyboardLayout
LockWindowUpdate
EmptyClipboard
GetKeyState
GetWindowLongW
FindWindowExW

gdi32

LineTo
LPtoDP
MaskBlt
MoveToEx
OffsetViewportOrgEx
PatBlt
PathToRegion
Pie
PlayEnhMetaFile
IntersectClipRect
RealizePalette
Rectangle
RectVisible
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBitmapBits
SetBkColor
SetBkMode
SetBrushOrgEx
GetWinMetaFileBits
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixelV
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
SetWinMetaFileBits
StartDocA
StartDocW
StartPage
StretchBlt
StretchDIBits
TextOutA
TextOutW
UnrealizeObject
GetDIBits
GetDIBColorTable
GetDeviceCaps
GetDCOrgEx
GetCurrentPositionEx
GetWindowOrgEx
GetViewportOrgEx
GetTextMetricsW
GetTextFaceA
GetTextExtentPointW
GetCurrentObject
GetTextExtentPoint32W
GetTextExtentPoint32A
GetTextExtentExPointW
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetROP2
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetObjectType
GetObjectA
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GdiFlush
FrameRgn
ExtTextOutW
ExtSelectClipRgn
ExcludeClipRect
EndPath
EndPage
SetDIBColorTable
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontW
CreateFontIndirectW
CreateFontA
CreateDIBSection
CreateDIBitmap
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
BitBlt
Polyline
BeginPath
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBkColor
GetBitmapBits
GetEnhMetaFileBits

comdlg32

GetOpenFileNameW
PrintDlgW
GetSaveFileNameW
GetSaveFileNameA

advapi32

StartServiceW
SetSecurityDescriptorDacl
RevertToSelf
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegFlushKey
RegEnumKeyExW
RegEnumKeyA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
ReadEventLogW
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfigW
OpenThreadToken
OpenServiceW
OpenSCManagerW
OpenProcessToken
OpenEventLogW
LookupPrivilegeValueW
LookupAccountSidW
LookupAccountNameW
LockServiceDatabase
IsValidSid
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetUserNameW
GetUserNameA
GetTokenInformation
GetSidSubAuthorityCount
GetSidIdentifierAuthority
FreeSid
EqualSid
DuplicateTokenEx
DeleteService
CreateServiceW
CreateProcessAsUserW
CloseServiceHandle
CloseEventLog
ChangeServiceConfigW
ChangeServiceConfig2W
AllocateAndInitializeSid
AdjustTokenPrivileges
UnlockServiceDatabase

shell32

SHFileOperationW
ShellExecuteW
ShellExecuteExW
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconW
SHAppBarMessage
ExtractIconExW
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetFileInfoW

ole32

CoTaskMemFree
OleUninitialize
StringFromCLSID
ProgIDFromCLSID
CoTaskMemAlloc
CoUninitialize
CreateItemMoniker
CLSIDFromString
CoCreateGuid
CoCreateInstance
OleInitialize
GetRunningObjectTable
CreateStreamOnHGlobal

oleaut32

VariantInit
VariantCopyInd
VariantClear
VariantChangeType
SysReAllocStringLen
SysFreeString
SysAllocStringLen
CreateErrorInfo
GetActiveObject
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
GetErrorInfo
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnaccessData
SetErrorInfo

ws2_32

bind
WSAStartup
WSAGetLastError
WSACleanup
socket
setsockopt
sendto
select
recvfrom
ioctlsocket
inet_addr
htons
gethostbyname
connect
closesocket

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3c154d6de28b295997f3ab55e8dd4d8

Headers

File Characteristics

Imports

msvcrt

mpr

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ws2_32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 12.1MB

.tls Size: 4KB - Virtual size: 12B

.data1 Size: 4KB - Virtual size: 648B

.cdata Size: 8KB - Virtual size: 6KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 12.1MB

.tls
Size: 4KB - Virtual size: 12B

.data1
Size: 4KB - Virtual size: 648B

.cdata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB