17bb9e977fc6232793ae9007fb0bfe84

Sharing

Copy URL Twitter E-mail

General

Target

17bb9e977fc6232793ae9007fb0bfe84
Size

1.5MB
MD5

17bb9e977fc6232793ae9007fb0bfe84
SHA1

5b7c93c53e65ce9f33b4a5cf27342ea2ebdc5113
SHA256

dc82e10d7e197a78702558f6f4ecdc1911366604a93c9a9b730539b6b009085f
SHA512

e37a4cedc7ddd0110311daf14ad4aff01ee898c862ff1598613ed6d440de9db06f2e76f4a68a90b0e8d4b6923aefd9e922e7b4773c5ebbc1f9a018274d6343df
SSDEEP

24576:Ay/HZfm6UeA9TGFgM/pwnP1sjMjYvTxMI+1LchO44nZTtXZY8W:J/wXrTGFgMM9Gb+1LdBZY8W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17bb9e977fc6232793ae9007fb0bfe84

Files

17bb9e977fc6232793ae9007fb0bfe84
.exe windows:4 windows x86 arch:x86

5c2f0eb622c1e1612c33e2113c8b2323

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashA
PathFileExistsA
StrStrA
PathRemoveFileSpecA
PathIsURLA
StrTrimA
SHDeleteKeyA
StrStrIA
StrChrA
PathFindExtensionA
PathFindFileNameA
SHGetValueA
SHDeleteValueA
SHSetValueA
StrRChrA
StrNCatA
PathRemoveBackslashA
StrFormatByteSize64A

msimg32

GradientFill
AlphaBlend

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetCreateUrlA
HttpQueryInfoA
InternetQueryOptionA
InternetReadFile
InternetSetCookieA
InternetGetCookieA
InternetCrackUrlA

mfc42

ord793
ord2362
ord4694
ord2642
ord5148
ord2122
ord556
ord2864
ord6111
ord4284
ord3317
ord3499
ord4224
ord6877
ord3874
ord4476
ord4278
ord1979
ord6385
ord665
ord5186
ord354
ord2452
ord3742
ord818
ord1270
ord1232
ord2299
ord5981
ord3610
ord656
ord2297
ord2363
ord6197
ord6380
ord1768
ord3721
ord795
ord6453
ord6880
ord2086
ord283
ord4496
ord3631
ord683
ord6907
ord6007
ord3998
ord2080
ord1200
ord3226
ord3301
ord3286
ord2614
ord500
ord772
ord5860
ord3986
ord6142
ord2938
ord861
ord2298
ord6646
ord3019
ord2516
ord361
ord2513
ord293
ord1816
ord2645
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord4299
ord3803
ord1834
ord4750
ord5016
ord4375
ord4852
ord355
ord4229
ord5232
ord1180
ord1176
ord1568
ord5268
ord4834
ord4608
ord4716
ord790
ord4635
ord5067
ord2859
ord6569
ord6876
ord5601
ord5651
ord3127
ord3616
ord920
ord3810
ord350
ord1105
ord3093
ord6215
ord2135
ord1949
ord3005
ord4220
ord2584
ord3654
ord1644
ord2438
ord6270
ord668
ord3178
ord4058
ord2781
ord2770
ord356
ord2863
ord809
ord2405
ord1088
ord6178
ord6358
ord1601
ord6170
ord4034
ord4202
ord5788
ord2152
ord1233
ord3797
ord2448
ord5834
ord2044
ord2567
ord2919
ord6378
ord926
ord398
ord913
ord3439
ord700
ord3452
ord4189
ord940
ord4123
ord6379
ord802
ord542
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord4622
ord3738
ord815
ord561
ord804
ord2621
ord1134
ord1223
ord1206
ord2725
ord5715
ord5289
ord3706
ord2089
ord4809
ord2582
ord4402
ord3640
ord693
ord4243
ord6762
ord2587
ord4406
ord3394
ord3729
ord6785
ord2754
ord3089
ord6605
ord2639
ord801
ord541
ord5861
ord5606
ord613
ord289
ord1570
ord1197
ord955
ord4133
ord4297
ord472
ord6883
ord2071
ord3185
ord2515
ord3181
ord3287
ord2566
ord2116
ord1929
ord6779
ord3903
ord2358
ord616
ord3582
ord4398
ord2578
ord4218
ord2023
ord2411
ord3719
ord3716
ord3303
ord4000
ord3914
ord2379
ord3297
ord6008
ord2096
ord1168
ord2860
ord1146
ord2862
ord384
ord810
ord686
ord3733
ord3398
ord4271
ord609
ord3574
ord3402
ord4396
ord2575
ord539
ord5683
ord5710
ord2301
ord3619
ord6394
ord6383
ord5440
ord5450
ord2107
ord2763
ord4129
ord858
ord923
ord6927
ord939
ord2915
ord5572
ord2764
ord6929
ord535
ord823
ord2841
ord537
ord941
ord924
ord922
ord3092
ord6199
ord4376
ord4710
ord6334
ord4234
ord2302
ord2370
ord324
ord860
ord641
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4853
ord5265
ord470
ord540
ord2818
ord5875
ord800
ord755
ord5785
ord3663
ord323
ord1640
ord6194
ord1641
ord2414
ord640
ord3626
ord3573
ord3571
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord4275
ord765
ord825
ord567
ord3698
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord4607
ord1576

msvcrt

_endthreadex
_CxxThrowException
calloc
fseek
ftell
fread
strstr
wcstok
wcslen
iswdigit
_makepath
strncpy
malloc
fgets
_strdate
_strtime
_mbsstr
_except_handler3
exit
_access
rand
time
srand
_mbsicoll
_beginthreadex
_mbstok
_splitpath
toupper
_ltoa
strtok
_strdup
free
fopen
fclose
fwrite
fputc
vsprintf
_mbsnbicmp
_itoa
_mbsnbcpy
wcscmp
atof
atoi
sscanf
_mbsrchr
strrchr
atol
_purecall
_mbsicmp
memmove
_snprintf
_ftol
__CxxFrameHandler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_mbscmp
_wcsicmp
_setmbcp
_controlfp

kernel32

GetCurrentProcess
SetSystemPowerState
GetFileAttributesA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
CreateFileA
WriteFile
CloseHandle
DeleteFileA
WideCharToMultiByte
GetProcAddress
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcatA
GetVersionExA
GetCurrentThreadId
GetLastError
GlobalAddAtomA
GetDriveTypeA
CreateDirectoryA
GlobalAlloc
GlobalFree
GetModuleFileNameA
lstrlenA
lstrcpyA
MulDiv
InterlockedDecrement
LoadLibraryA
FreeLibrary
MultiByteToWideChar
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
lstrcmpiA
Sleep
FlushInstructionCache
SetUnhandledExceptionFilter
SetFilePointer
VirtualQuery
IsBadWritePtr
GetFileSize
LockResource
SizeofResource
LoadResource
FindResourceA
ExitProcess
lstrcmpA
CopyFileA
MoveFileA
GetFullPathNameA
SetFileTime
SystemTimeToFileTime
CreateEventA
SetEvent
GetStartupInfoA
lstrcpynA
FindClose
FindFirstFileA
ReadFile
CreateProcessA
SetEnvironmentVariableA
GetEnvironmentVariableA
FindNextFileA
GetModuleHandleA
FormatMessageA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GlobalUnlock
GlobalLock
GetLocalTime
SetThreadExecutionState
GetShortPathNameA
GetWindowsDirectoryA
GetTickCount
GetVersion
VirtualFree
SetPriorityClass
GetCommandLineA
CreateMutexA
GetCurrentProcessId
SetThreadPriority
GetThreadPriority
GetCurrentThread
WaitForSingleObject
TerminateProcess
OpenProcess
MoveFileExA
HeapDestroy
InterlockedIncrement
SetLastError
VirtualProtect
FlushFileBuffers
GetSystemTime
FileTimeToSystemTime
InterlockedExchange
GetVolumeInformationA
GetLocaleInfoA

user32

RemoveMenu
CheckMenuRadioItem
AppendMenuA
PostThreadMessageA
SetDlgItemTextA
PostMessageA
WaitForInputIdle
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
ShowCursor
ExitWindowsEx
CallNextHookEx
GetFocus
IsWindowEnabled
SetWindowsHookExA
UnhookWindowsHookEx
PostQuitMessage
SetFocus
LoadMenuA
UnregisterHotKey
RegisterHotKey
GetSystemMetrics
SetWindowPos
IsIconic
InflateRect
FrameRect
IsWindow
GetWindowRect
GetMessagePos
ShowWindow
SetTimer
GetUpdateRect
IsRectEmpty
GetClassInfoA
DefWindowProcA
LoadCursorA
GetDC
ReleaseDC
InvalidateRect
GetActiveWindow
GetDlgItem
LoadBitmapA
LoadIconA
GetMenuStringA
DestroyCursor
CopyIcon
GetAsyncKeyState
GetMessageA
SetMenuItemInfoA
TranslateAcceleratorA
CreateAcceleratorTableA
DestroyAcceleratorTable
TranslateMessage
DispatchMessageA
PeekMessageA
EnableWindow
GrayStringA
DrawTextA
TabbedTextOutA
GetClientRect
SetRect
FillRect
SendMessageA
GetSysColor
SetRectEmpty
GetParent
wvsprintfA
DestroyWindow
ModifyMenuA
GetMenuItemInfoA
EnableMenuItem
CheckMenuItem
SendMessageTimeoutA
CharNextA
BeginPaint
EndPaint
ReplyMessage
GetDesktopWindow
BringWindowToTop
InvalidateRgn
IsWindowVisible
MessageBoxA
SetParent
GetMenuItemID
CreatePopupMenu
GetMenuItemCount
ShowOwnedPopups
GetWindowRgn
KillTimer
SetCapture
GetCapture
ReleaseCapture
SetCursor
ClientToScreen
IsZoomed
SystemParametersInfoA
SetWindowRgn
ScreenToClient
UpdateWindow
SetClassLongA
DrawEdge
wsprintfA
CallWindowProcA
SetWindowLongA
CopyRect
OffsetRect
PtInRect
IntersectRect
DrawFocusRect
CopyImage
TrackPopupMenuEx
GetCursorPos
WindowFromPoint
MoveWindow
GetSubMenu

gdi32

DeleteDC
CreateFontIndirectA
DeleteObject
SetBkColor
GetDeviceCaps
GetStockObject
GetObjectA
CombineRgn
GetPixel
CreateRectRgn
SetBitmapBits
GetBitmapBits
SetPixel
PtInRegion
CreateRectRgnIndirect
GetTextExtentPoint32A
EqualRgn
SetBkMode
CreateDIBitmap
OffsetRgn
SetRectRgn
GetRgnBox
GetBkColor
LPtoDP
Rectangle
GetDIBits
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
StretchBlt
SetTextColor
SelectObject
DPtoLP
CreateBitmap
GetMapMode
BitBlt

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHChangeNotify
SHBrowseForFolderA
DragQueryFileA
ShellExecuteA
CommandLineToArgvW
SHGetSpecialFolderPathA
SHGetFolderPathA
SHGetMalloc
SHGetPathFromIDListA

comctl32

ImageList_GetImageCount
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_AddMasked
_TrackMouseEvent

ole32

CoRevokeClassObject
CoRegisterClassObject
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoCreateInstance
CoGetMalloc
StringFromIID
CLSIDFromProgID
OleRun
CLSIDFromString

oleaut32

SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantChangeType
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantCopy
DispGetParam
VariantInit
VariantClear
SysAllocString
SysAllocStringLen
LoadRegTypeLi
SysStringLen
SysFreeString
GetErrorInfo

wsock32

recv
htons
connect
WSAGetLastError
select
__WSAFDIsSet
send
inet_ntoa
socket
closesocket
WSACleanup
WSAStartup
gethostbyname
ioctlsocket

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 864KB - Virtual size: 860KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 60KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 480KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c2f0eb622c1e1612c33e2113c8b2323

Headers

File Characteristics

Imports

shlwapi

msimg32

wininet

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

oleaut32

wsock32

msvcp60

version

Sections

.text Size: 864KB - Virtual size: 860KB

.rdata Size: 172KB - Virtual size: 171KB

.data Size: 60KB - Virtual size: 85KB

.rsrc Size: 480KB - Virtual size: 477KB

.text
Size: 864KB - Virtual size: 860KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 60KB - Virtual size: 85KB

.rsrc
Size: 480KB - Virtual size: 477KB