587685c76afcecd221f057b552258a2d94c4ea26ef401ad77163f24afe8875ca

Sharing

Copy URL Twitter E-mail

General

Target

587685c76afcecd221f057b552258a2d94c4ea26ef401ad77163f24afe8875ca
Size

2.3MB
MD5

b5d964a1d9b24fad625e752079a8ef34
SHA1

8f2f30ecabd49638b4e19139511170cedb973d70
SHA256

587685c76afcecd221f057b552258a2d94c4ea26ef401ad77163f24afe8875ca
SHA512

af3a5fd10586f7cfc142c6f295458cdef23bca65e3a31a4a6e6472e0ef2f0cba5664215e0e3b0a9f87ad05e281a290fbfc6d51b28b79b64d9e2fa91aefce3345
SSDEEP

49152:JZGxEOWAKah4nKje1sZ9vxWTfZgsn5zX82SgE6pZ+xI5t:CKKBvDsn5zX8hQpZ+m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
587685c76afcecd221f057b552258a2d94c4ea26ef401ad77163f24afe8875ca

Files

587685c76afcecd221f057b552258a2d94c4ea26ef401ad77163f24afe8875ca
.exe windows:6 windows x86 arch:x86

452221ad8d53d649478de3274fc8e3b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

accept
listen
recvfrom
sendto
getaddrinfo
freeaddrinfo
ioctlsocket
__WSAFDIsSet
select
gethostname
WSAIoctl
closesocket
WSASetLastError
getpeername
getsockname
socket
gethostbyname
WSACleanup
WSAGetLastError
recv
bind
WSAStartup
ntohs
connect
getsockopt
setsockopt
send
htons

wldap32

ord41
ord142
ord216
ord118
ord14
ord27
ord301
ord26
ord127
ord79
ord147
ord167
ord133
ord208
ord145
ord46

comctl32

_TrackMouseEvent
ord17

kernel32

GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
DeleteFileW
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateThread
GetACP
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTickCount
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
CreateFileW
GetFileSize
ReadFile
ExitProcess
FreeResource
MulDiv
CreateDirectoryW
GetFileType
SetFilePointer
SetFileTime
WriteFile
DuplicateHandle
GetCurrentProcess
DosDateTimeToFileTime
SystemTimeToFileTime
GetLocalTime
VerSetConditionMask
GetVersionExW
VerifyVersionInfoW
GlobalAlloc
GlobalUnlock
GlobalLock
GetSystemTime
FileTimeToSystemTime
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WritePrivateProfileSectionW
GetPrivateProfileStringA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetVersion
CreateEventW
SetEvent
TerminateThread
lstrcpyW
GetEnvironmentVariableW
GetShortPathNameW
CreateProcessW
SetPriorityClass
SetFileAttributesW
LockResource
CreateMutexW
GetModuleFileNameA
DecodePointer
GetTempFileNameA
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
GetCommandLineW
GetLongPathNameW
GetVolumeInformationW
GetFileInformationByHandle
lstrlenW
FindFirstFileW
FindClose
FindFirstFileA
FileTimeToLocalFileTime
FreeLibrary
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
lstrcpynW
lstrcatW
GetFileAttributesW
FindNextFileW
RemoveDirectoryW
CopyFileW
GetTimeZoneInformation
WriteConsoleA
ReleaseMutex
WriteConsoleW
DeleteFileA
MoveFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
SetLastError
FormatMessageA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SleepEx
ExpandEnvironmentStringsA
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
LoadResource
FormatMessageW
GetStringTypeW
TryEnterCriticalSection
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
SwitchToThread
OutputDebugStringW
FindResourceExW
GetProcessHeap
RaiseException
Sleep
FindResourceW
GetTempPathA
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
CreateHardLinkW
QueryPerformanceFrequency
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
SizeofResource
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
SetProcessAffinityMask
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
ResumeThread
RtlCaptureStackBackTrace

user32

IsWindowVisible
wvsprintfW
MessageBoxW
PeekMessageW
TrackPopupMenu
RegisterWindowMessageW
SetForegroundWindow
GetSysColorBrush
MapVirtualKeyW
GetKeyNameTextW
InvalidateRgn
CreateAcceleratorTableW
GetWindowTextLengthW
SetWindowTextW
SetRect
FillRect
DrawTextW
CharPrevW
GetSysColor
ClientToScreen
GetCaretPos
ShowCaret
HideCaret
CharNextW
GetWindowTextW
SetWindowRgn
GetWindowRgn
MoveWindow
GetMonitorInfoW
MonitorFromWindow
LoadImageW
AdjustWindowRectEx
GetPropW
SetPropW
GetMenu
GetSystemMetrics
EnableWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
wsprintfW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
IntersectRect
MapWindowPoints
ScreenToClient
SetCaretPos
GetCaretBlinkTime
CreateCaret
GetCursorPos
GetWindowRect
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
ReleaseCapture
SetCapture
SetCursor
KillTimer
SetTimer
PostMessageW
SendMessageW
UnregisterClassW
IsZoomed
PostQuitMessage
ShowWindow
InflateRect
UnionRect
GetKeyState
GetFocus
SetFocus
IsIconic
SetWindowPos
UpdateLayeredWindow
DestroyWindow
IsWindow
CreateWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
FindWindowW
LoadCursorW
OffsetRect

gdi32

TextOutW
ExtTextOutW
MoveToEx
CreateBitmapIndirect
CreateDCW
GetDIBits
GetObjectA
SetTextColor
GdiFlush
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
GetTextExtentPoint32W
GetDeviceCaps
CreateRoundRectRgn
PtInRegion
CreateRectRgn
SetWindowOrgEx
GetObjectW
CreateDIBSection
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
GetClipBox
GetCharABCWidthsW
BitBlt
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush

comdlg32

GetOpenFileNameW
ChooseColorW
GetSaveFileNameW

advapi32

CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptGetHashParam

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc
Shell_NotifyIconW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleInitialize
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid
CreateStreamOnHGlobal

oleaut32

VarDateFromStr
VariantTimeToSystemTime
SystemTimeToVariantTime

shlwapi

PathUnquoteSpacesW
PathCanonicalizeW
PathRelativePathToW
PathFindFileNameW
PathFindExtensionW
PathRemoveArgsW
PathGetArgsW
PathFileExistsW

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

gdiplus

GdipCreateImageAttributes
GdipBitmapLockBits
GdipDisposeImageAttributes
GdipLoadImageFromStreamICM
GdipSetImageAttributesColorMatrix
GdipLoadImageFromStream
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipBitmapUnlockBits
GdipGraphicsClear
GdipDrawImageRectRect
GdipDeletePath
GdipCreatePath
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateStringFormat
GdipCreateLineBrushI
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageI
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipCreateHBITMAPFromBitmap
GdipGetImageHeight
GdipGetImageWidth
GdipAddPathEllipse
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSetClipPath
GdipDrawImageRectRectI

msimg32

AlphaBlend

wininet

InternetGetConnectedState

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

vcruntime140

memset
memmove
memcpy
_CxxThrowException
_purecall
__AdjustPointer
__std_terminate
memcmp
wcschr
wcsrchr
wcsstr
__std_exception_copy
__std_exception_destroy
__RTDynamicCast
_except_handler4_common
strrchr
__std_type_info_destroy_list
strstr
strchr
__uncaught_exception
memchr
__processing_throw
__current_exception
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_endthreadex
_invalid_parameter_noinfo_noreturn
_errno
_seh_filter_exe
_exit
_seh_filter_dll
_configure_narrow_argv
_set_app_type
_initialize_narrow_environment
_c_exit
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initialize_onexit_table
_register_onexit_function
abort
_execute_onexit_table
_controlfp_s
strerror
_crt_atexit
__sys_nerr
_initterm
_crt_at_quick_exit
_cexit
exit
_register_thread_local_exe_atexit_callback
_beginthreadex
terminate
_invalid_parameter_noinfo
_initterm_e

api-ms-win-crt-string-l1-1-0

isalnum
wcsncpy_s
iswdigit
wcspbrk
strcspn
_strnicmp
_stricmp
_wcsdup
_strdup
wcsspn
wcscspn
tolower
iswspace
isalpha
isxdigit
wcslen
__strncnt
wmemcpy_s
isspace
wcsncmp
iswalnum
wcsnlen
strlen
strncmp
isprint
isgraph
isupper
islower
wcstok_s
strncpy
strcpy
wcscat
wcscpy_s
toupper
isdigit
strcmp
_wcsupr
_wcslwr
_wcsicmp
wcsncpy
wcscpy
wcscmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
_recalloc
_callnewh
malloc
realloc
free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
_wfopen
fgets
__p__commode
fopen
ftell
fseek
fread
fputc
__stdio_common_vsprintf
feof
_get_stream_buffer_pointers
__stdio_common_vsscanf
__stdio_common_vswscanf
fopen_s
_lseeki64
_set_fmode
ungetc
__acrt_iob_func
fwrite
_fseeki64
fsetpos
fgetc
fflush
fclose
ungetwc
fputwc
fgetpos
__stdio_common_vsprintf_s
fgetwc
_wfsopen
_fsopen
__stdio_common_vswprintf_s
__stdio_common_vswprintf
_read
_write
_open
_close
setvbuf
__stdio_common_vfwprintf
fputs

api-ms-win-crt-convert-l1-1-0

_atoi64
_wtoi64
_itoa
strtol
strtof
strtoul
_strtoi64
_i64toa
_itow
_wtoi
atoi
_i64tow
wcstombs
wcstol
_itoa_s
_i64toa_s
wcstoul
strtod

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime
wcsftime
_mktime64
_localtime64
_Getdays
_Getmonths
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_Gettnames
_Strftime
_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_wrmdir
_lock_file
_wrename
_stat64i32
_unlock_file
_wchdir
_fstat64
_wremove
_wsplitpath
_stat64

api-ms-win-crt-math-l1-1-0

_CIexp
__setusermatherr
ldexp
pow
ceil
_CIsqrt
sqrt
_except1
frexp
_CIpow

api-ms-win-crt-utility-l1-1-0

qsort_s
srand
abs
_lrotl
qsort

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_configthreadlocale
___mb_cur_max_func
___lc_collate_cp_func
localeconv
__pctype_func
___lc_locale_name_func
setlocale
_lock_locales
___lc_codepage_func

api-ms-win-crt-environment-l1-1-0

getenv
_wgetcwd

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

452221ad8d53d649478de3274fc8e3b6

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

imm32

gdiplus

msimg32

wininet

version

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 256KB - Virtual size: 256KB

.data Size: 21KB - Virtual size: 54KB

.rsrc Size: 732KB - Virtual size: 731KB

.reloc Size: 74KB - Virtual size: 73KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 256KB - Virtual size: 256KB

.data
Size: 21KB - Virtual size: 54KB

.rsrc
Size: 732KB - Virtual size: 731KB

.reloc
Size: 74KB - Virtual size: 73KB