87c04c81525439459c81790da3cfd09fe8df2acf7b6c577f8fc04516396c4ded

Sharing

Copy URL Twitter E-mail

General

Target

87c04c81525439459c81790da3cfd09fe8df2acf7b6c577f8fc04516396c4ded
Size

10.0MB
MD5

b6db7040200272a3d9240595b5a7da49
SHA1

33ae806e283f0b999e65d01d6d02f629aeed1d73
SHA256

87c04c81525439459c81790da3cfd09fe8df2acf7b6c577f8fc04516396c4ded
SHA512

78641f5306feaa90354b0ee8a3262eb952c7f01e282dc01f11003a492535d05cac9bf7ce8ded11b61a10c6d73184ad10793acb66c77b67f1a9c3721a91badbd6
SSDEEP

196608:JIJOzBoJ5ErTZo7qKf6WCrzJ/gy+Muvr35Eul+tTLZiIuSiV40dpmgLBdDdsMOpr:JIsoJ5S32oxgRMuDJv+3iXVPVDpe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87c04c81525439459c81790da3cfd09fe8df2acf7b6c577f8fc04516396c4ded

Files

87c04c81525439459c81790da3cfd09fe8df2acf7b6c577f8fc04516396c4ded
.exe windows:6 windows x86 arch:x86

90df35bc263ff3063e4bf936a9c4a41c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceExW
GetUserDefaultLCID
FindNextFileW
FindFirstFileW
FindClose
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetConsoleTextAttribute
WriteConsoleW
WideCharToMultiByte
WTSGetActiveConsoleSessionId
GetPrivateProfileIntW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeResource
FreeLibrary
FindResourceExW
VirtualQuery
GetSystemDirectoryW
GetLocalTime
GetProcessId
ProcessIdToSessionId
CreateProcessW
GetCurrentThreadId
GetExitCodeProcess
GetCurrentProcessId
Sleep
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetEndOfFile
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
GetTimeZoneInformation
RaiseException
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
SetThreadPriority
ResumeThread
MultiByteToWideChar
RtlUnwind
LoadLibraryExW
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
IsDebuggerPresent
GetLastError
CloseHandle
OutputDebugStringW
GetTempPathW
WriteFile
SetFilePointer
GetFileSizeEx
GetFileAttributesW
DeleteFileW
GetSystemTimeAsFileTime
DecodePointer
InitializeCriticalSectionEx
SetFilePointerEx
CreateFileW
CreateDirectoryW
GetStdHandle
GetACP
GetCurrentDirectoryW
GetFileSize
ReadFile
GetTickCount
GlobalUnlock
GlobalLock
lstrcmpW
lstrlenW
LocalFree
FormatMessageW
VerSetConditionMask
OpenProcess
MulDiv
VerifyVersionInfoW
ExitProcess
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
InitializeCriticalSectionAndSpinCount
GlobalAlloc
lstrcpynW
lstrcmpiW
lstrcpyW
SetFileAttributesW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GlobalFree
LocalAlloc
SetLastError
SetEvent
GetSystemTime
GetNativeSystemInfo
GetPrivateProfileStringW
GetSystemFirmwareTable
FlushFileBuffers
GetCommandLineW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetStringTypeW
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
CompareStringEx
GetCPInfo
LCMapStringEx

user32

DrawTextA
GetWindowRect
GetClientRect
KillTimer
SetTimer
SetWindowPos
PostQuitMessage
PostMessageW
SendMessageW
GetWindowThreadProcessId
FindWindowW
SetForegroundWindow
MessageBoxW
AttachThreadInput
IsWindow
ShowWindow
IsIconic
SetCursor
InflateRect
UnionRect
OffsetRect
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
DestroyWindow
IsWindowVisible
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
wsprintfW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
UpdateLayeredWindow
MonitorFromPoint
SetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
IsWindowEnabled
UpdateWindow
EqualRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
wsprintfA
GetForegroundWindow
MoveWindow
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
RegCreateKeyExW
RegDeleteValueW
RegGetValueW
RegOpenKeyExW
RegOpenCurrentUser
RegCloseKey
SetSecurityDescriptorDacl
SetFileSecurityW
RevertToSelf
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
DuplicateTokenEx
RegSetValueExW
RegFlushKey

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
DragQueryFileW
SHGetFolderPathW

ole32

CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoInitializeSecurity
CoSetProxyBlanket
CreateStreamOnHGlobal
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoCreateInstance
CoUninitialize
CoInitialize
ReleaseStgMedium

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

ws2_32

gethostname
WSAStartup
gethostbyname

shlwapi

PathFileExistsW
PathFindFileNameW
PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipFree
GdipLoadImageFromStreamICM
GdipAlloc
GdipCreatePath
GdipDeletePath
GdipCloneImage
GdipLoadImageFromStream
GdipSetPenMode
GdiplusStartup
GdiplusShutdown
GdipAddPathLine
GdipAddPathArc
GdipDeletePen
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipGetImageHeight
GdipRotateMatrix
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetWorldTransform
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipDrawImageRectI
GdipCreateFontFromDC
GdipImageGetFrameCount
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCreateTexture
GdipSetTextureTransform
GdipLoadImageFromFile
GdipGetImageThumbnail
GdipFillEllipseI
GdipImageGetFrameDimensionsCount
GdipFillPath
GdipImageGetFrameDimensionsList

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

wintrust

CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext

crypt32

CryptMsgGetParam
CertCloseStore
CryptMsgClose
CertGetCertificateContextProperty
CertFreeCertificateContext
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject

wininet

InternetSetOptionW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetAttemptConnect
InternetQueryOptionW
HttpSendRequestExW
InternetQueryDataAvailable
HttpQueryInfoW
InternetGetConnectedStateExW
InternetWriteFile
InternetReadFile
HttpSendRequestW
InternetConnectW
InternetCloseHandle
HttpEndRequestW
InternetOpenW

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

gdi32

GetBitmapBits
GetTextExtentPointA
GdiFlush
TextOutW
MoveToEx
GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetDIBits
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CreateDCW
CombineRgn
CreateRoundRectRgn
CreateDIBSection
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
EnumFontFamiliesExW
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreatePatternBrush
SetBitmapBits

Sections

.text
Size: 1002KB - Virtual size: 1002KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 203.3MB - Virtual size: 203.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90df35bc263ff3063e4bf936a9c4a41c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

version

comctl32

gdiplus

imm32

wtsapi32

wintrust

crypt32

wininet

iphlpapi

gdi32

Sections

.text Size: 1002KB - Virtual size: 1002KB

.rdata Size: 260KB - Virtual size: 260KB

.data Size: 22KB - Virtual size: 48KB

.rsrc Size: 203.3MB - Virtual size: 203.3MB

.reloc Size: 58KB - Virtual size: 58KB

.text
Size: 1002KB - Virtual size: 1002KB

.rdata
Size: 260KB - Virtual size: 260KB

.data
Size: 22KB - Virtual size: 48KB

.rsrc
Size: 203.3MB - Virtual size: 203.3MB

.reloc
Size: 58KB - Virtual size: 58KB