d0ce250b7309a9ba30c26fbe137547cc002d71220080d1e6c6e6cbaf76be020e

Sharing

Copy URL Twitter E-mail

General

Target

d0ce250b7309a9ba30c26fbe137547cc002d71220080d1e6c6e6cbaf76be020e
Size

990KB
MD5

b9a3942e4de499380b2a1eefb98aec2b
SHA1

5f8c7b8831d93ddfb2b0ccaac7b0e2431fbd5101
SHA256

d0ce250b7309a9ba30c26fbe137547cc002d71220080d1e6c6e6cbaf76be020e
SHA512

2707a27ebaf5af3604d527fbac20e3a47fe926f065d1aced5db9fb85d581e113c911550332b7579afe2853d6935b58cc2cd2d1e72a943e1b795e2d21c8548a5d
SSDEEP

24576:GbirbSKb0zR97a4N/dy3eqj5jcIsgA/H7ZQdf1qIWebPsr/LGE3K9+Q:FrbSKb0FdasEuqV+H7a7zTsrjXrQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0ce250b7309a9ba30c26fbe137547cc002d71220080d1e6c6e6cbaf76be020e

Files

d0ce250b7309a9ba30c26fbe137547cc002d71220080d1e6c6e6cbaf76be020e
.exe windows:5 windows x86 arch:x86

29ebc4f8537b65ac47d67430e568d98f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdiplusShutdown
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipAlloc
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDrawImageRectRect
GdipFillRectangleI
GdipSetTextRenderingHint
GdipCreateSolidFill
GdipDeleteBrush
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFree
GdiplusStartup

kernel32

LoadLibraryExW
OutputDebugStringW
TerminateProcess
WriteFile
ReadFile
FlushFileBuffers
DeviceIoControl
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
RemoveDirectoryW
FlushInstructionCache
InitializeCriticalSection
GetCurrentThreadId
CreateFileW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DecodePointer
SetEndOfFile
WriteConsoleW
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetStdHandle
ExitProcess
DeleteFileW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
CreateFileA
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetCPInfo
GetStringTypeW
GetLocaleInfoW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCommandLineW
CreateMutexW
WaitForSingleObjectEx
ReleaseMutex
GetShortPathNameW
SetLastError
RaiseException
LocalFree
GlobalFindAtomW
GlobalAddAtomW
GetStartupInfoW
CreateProcessW
GetModuleFileNameW
Sleep
GetCurrentProcess
GetVersionExW
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
QueryDosDeviceW
FindResourceExW
FindResourceW
GetLogicalDriveStringsW
lstrlenW
SizeofResource
LoadResource
GetCurrentProcessId
OpenProcess
GetLongPathNameW
FreeLibrary
LockResource
LoadLibraryW
GetTickCount
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetProcessHeap
HeapSize
IsProcessorFeaturePresent
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
InterlockedPushEntrySList
WritePrivateProfileStringW
GetPrivateProfileStringW
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
GetPrivateProfileIntW
VirtualAlloc
VirtualFree
LoadLibraryExA
GetModuleHandleExW
GetLocalTime
GetOEMCP
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
IsDebuggerPresent

user32

GetWindowTextW
FindWindowW
SetWinEventHook
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
DrawFocusRect
SetCursor
PtInRect
EqualRect
UnionRect
OffsetRect
GetClassInfoExW
CreateWindowExW
IsWindow
DestroyWindow
SetTimer
KillTimer
GetWindowLongW
SetWindowLongW
LoadCursorW
SendMessageTimeoutW
FindWindowExW
GetWindowThreadProcessId
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
GetForegroundWindow
GetWindowRect
WindowFromPoint
GetDesktopWindow
GetShellWindow
GetWindow
MonitorFromPoint
BeginPaint
GetMonitorInfoW
GetWindowInfo
GetAncestor
ShowWindow
UpdateLayeredWindow
SetWindowPos
IsWindowVisible
SendMessageW
GetAsyncKeyState
FillRect
GetWindowTextLengthW
DrawTextW
EnableWindow
GetFocus
PostQuitMessage
RegisterWindowMessageW
SystemParametersInfoW
GetParent
CopyRect
ScreenToClient
GetClientRect
InvalidateRect
SetWindowRgn
EndPaint
SetCapture
ReleaseDC
GetDC
ReleaseCapture
WaitForInputIdle

gdi32

RectVisible
SetViewportOrgEx
ExtTextOutW
SetTextColor
SetBkMode
SetBkColor
GetStockObject
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
SaveDC
RestoreDC
DeleteObject
DeleteDC
CreateRectRgnIndirect
CreateRectRgn
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
BitBlt
EnumFontFamiliesW
CreateFontW
OffsetViewportOrgEx

advapi32

RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExA
GetTokenInformation

shell32

SHLoadInProc
ord165
SHGetSpecialFolderPathW
CommandLineToArgvW
SHCreateDirectoryExW

ole32

CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

SHGetValueW
PathIsRootW
PathIsRelativeW
StrCmpIW
SHSetValueW
PathFindFileNameW
StrStrIA
PathFileExistsW
PathRemoveFileSpecW
PathCombineW
StrStrIW
SHGetValueA
SHSetValueA
StrCmpNIW
StrTrimA
PathAppendW

comctl32

_TrackMouseEvent
InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

ws2_32

WSAStartup
WSACleanup

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 486KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

29ebc4f8537b65ac47d67430e568d98f

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

psapi

ws2_32

crypt32

wintrust

iphlpapi

Sections

.text Size: 486KB - Virtual size: 485KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 17KB - Virtual size: 33KB

.rsrc Size: 238KB - Virtual size: 238KB

.reloc Size: 86KB - Virtual size: 88KB

.text
Size: 486KB - Virtual size: 485KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 17KB - Virtual size: 33KB

.rsrc
Size: 238KB - Virtual size: 238KB

.reloc
Size: 86KB - Virtual size: 88KB