17816ecb0138b6203163561cc8aefad2

Sharing

Copy URL

Twitter E-mail

General

Target

17816ecb0138b6203163561cc8aefad2
Size

6.1MB
MD5

17816ecb0138b6203163561cc8aefad2
SHA1

bcb0e14576dfae7f6a4c8b53c8bdd662c3cf61f2
SHA256

55ca473bc86c9c906045ae89ffe710657c1fdb209623d8047b1816ad7574b960
SHA512

c5496cb2fb57856223568558c72a9c9da2eed0074ecd07acd06906c07800b1265bca2a478cffb2917283b86ea6f476d38aef5180475ea929ee51a4ad23d42c1f
SSDEEP

98304:CIp27i2u7InCEE+wysPM4mlaw0LI60GBGrGrGWAuU7jPLQ:Rc7i6nTE+wBMHlaw0/U7jPL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17816ecb0138b6203163561cc8aefad2

Files

17816ecb0138b6203163561cc8aefad2
.exe windows:6 windows x86 arch:x86

9ca04d8484cb00766499935c692e8811

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DecryptFileW
EncryptFileW
EventWrite
EventRegister
EventUnregister
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW
RegGetValueW
RegEnumValueW
RegDeleteKeyW
RegEnumKeyExW

kernel32

GetModuleFileNameW
CreateThread
GetCurrentProcess
IsWow64Process
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
FreeLibraryAndExitThread
InterlockedExchange
GetVersionExW
HeapFree
GetProcessHeap
HeapAlloc
GetExitCodeThread
GlobalReAlloc
GetTempPathW
MoveFileExW
CopyFileW
DeleteFileW
GetACP
GetModuleHandleA
HeapSetInformation
LoadLibraryW
FreeLibrary
GetTickCount
lstrcmpiW
GetProcAddress
InterlockedDecrement
GetThreadLocale
InterlockedIncrement
DeleteCriticalSection
SetEndOfFile
FindFirstFileW
GlobalAddAtomW
GlobalDeleteAtom
LocalAlloc
LocalFree
SetErrorMode
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
lstrlenW
MulDiv
CloseHandle
GetFileSizeEx
CreateFileW
FormatMessageW
GetModuleHandleW
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
GetFileTime
GetFileAttributesW
DeviceIoControl
SetFileTime
GetLastError
SetFileAttributesW
FindClose
WriteFile
ReadFile
WideCharToMultiByte
MultiByteToWideChar
Sleep
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
GetStartupInfoW
OutputDebugStringA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObject
ReleaseMutex
CreateMutexW
lstrcmpW
ApplicationRecoveryInProgress
ApplicationRecoveryFinished
RegisterApplicationRecoveryCallback
RegisterApplicationRestart
CompareFileTime
FindFirstStreamW
FindNextStreamW
RaiseException
LoadLibraryA
GetTempFileNameW
GetSystemTime
SystemTimeToFileTime

gdi32

Polygon
GetTextFaceW
GdiGradientFill
GetTextExtentPoint32W
CreateFontW
Polyline
CreatePolygonRgn
SetROP2
GetTextMetricsW
TranslateCharsetInfo
StretchDIBits
CreateDCW
CreateFontIndirectW
SetStretchBltMode
ExtSelectClipRgn
GetBrushOrgEx
GetRgnBox
CombineRgn
CreateRectRgn
ExtFloodFill
SetBrushOrgEx
UnrealizeObject
GetPixel
MoveToEx
LineTo
SetPixel
CreateDIBSection
CreatePen
SetDIBitsToDevice
CreateDIBitmap
GetDIBits
CreateHalftonePalette
StretchBlt
EnumFontFamiliesExW
OffsetRgn
GetNearestColor
CreatePalette
SetViewportExtEx
PlayMetaFile
SaveDC
SetMapMode
LPtoDP
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
RealizePalette
BitBlt
DeleteDC
SelectPalette
SelectObject
DeleteObject
SetDIBits
CreateBitmap
GetPaletteEntries
SetPaletteEntries
GetNearestPaletteIndex
ResizePalette
CreateSolidBrush
CreatePatternBrush
GetObjectW
GetCurrentObject
GetDIBColorTable
SetTextColor
SetBkColor
CreateRectRgnIndirect
FillRgn
PatBlt
GetStockObject
SetDIBColorTable
GdiAlphaBlend
Rectangle
RestoreDC

user32

IsWindowVisible
LoadIconW
GetClassInfoW
GetMonitorInfoW
MonitorFromRect
DestroyMenu
PostQuitMessage
LoadImageW
SystemParametersInfoW
RegisterTouchWindow
UnregisterTouchWindow
GetMenu
IsMenu
SetWindowLongW
LoadBitmapW
CheckMenuItem
GetSubMenu
RemoveMenu
GetUpdateRect
ValidateRect
RedrawWindow
GetCaretPos
GetTouchInputInfo
ShowCursor
CloseTouchInputHandle
GetMessageExtraInfo
GetWindowLongW
GetKeyboardLayout
SetPropW
GetParent
GetFocus
SetGestureConfig
FindWindowW
GetSystemMenu
PostMessageW
GetWindowDC
SetClassLongW
LoadStringW
EnableScrollBar
MsgWaitForMultipleObjectsEx
DestroyIcon
GetSysColor
GetWindowRect
GetClientRect
ScreenToClient
UpdateWindow
InvalidateRect
EnableWindow
SendMessageW
SetCapture
SetActiveWindow
ClientToScreen
BringWindowToTop
TrackMouseEvent
ReleaseCapture
LoadCursorW
SetCursor
InflateRect
CopyRect
KillTimer
SetTimer
EqualRect
SetRectEmpty
IsRectEmpty
GetKeyState
GetCursorPos
GetCapture
WindowFromPoint
UnionRect
GetDC
IntersectRect
PtInRect
RegisterClipboardFormatW
OffsetRect
FillRect
IsClipboardFormatAvailable
LoadMenuW
GetSystemMetrics
IsWindow
SetRect
MessageBeep
PeekMessageW
MessageBoxW
SetWindowTextW
ReleaseDC
SetForegroundWindow
GetAncestor
SetWindowPos
DestroyCursor
SendDlgItemMessageW
CheckDlgButton
SetDlgItemInt
GetDlgItemInt
GetDlgItem

mfc42u

ord4016
ord4015
ord4225
ord298
ord3578
ord5244
ord4358
ord620
ord1704
ord614
ord3574
ord291
ord290
ord1936
ord1853
ord5706
ord1922
ord4260
ord2109
ord3478
ord1710
ord796
ord529
ord5996
ord6451
ord3716
ord795
ord3711
ord790
ord4279
ord1088
ord2114
ord2105
ord2108
ord5274
ord809
ord556
ord3569
ord4390
ord2567
ord609
ord384
ord686
ord2088
ord825
ord800
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2436
ord5254
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5275
ord4347
ord6365
ord5157
ord2377
ord5230
ord4398
ord1768
ord4073
ord6051
ord1707
ord1702
ord5079
ord2381
ord4116
ord5467
ord4051
ord4359
ord2522
ord6150
ord2577
ord2606
ord6065
ord6211
ord4155
ord538
ord1560
ord4294
ord3133
ord823
ord540
ord268
ord5047
ord535
ord6063
ord3477
ord755
ord470
ord1863
ord1081
ord2753
ord5601
ord6928
ord1184
ord3658
ord861
ord350
ord3611
ord3122
ord5647
ord1165
ord3621
ord2385
ord2406
ord3566
ord1634
ord1633
ord5781
ord1662
ord2644
ord415
ord640
ord2397
ord5787
ord2442
ord323
ord715
ord665
ord5180
ord354
ord6325
ord1172
ord4219
ord1262
ord2810
ord858
ord4273
ord5679
ord1127
ord641
ord2879
ord1130
ord1834
ord2505
ord293
ord1257
ord3568
ord5616
ord324
ord3592
ord4419
ord2438
ord5257
ord5276
ord6370
ord5237
ord4401
ord1767
ord6048
ord2506
ord4992
ord4370
ord5261
ord4229
ord6330
ord3090
ord4050
ord1771
ord4704
ord1775
ord4847
ord2933
ord2910
ord2755
ord2354
ord2286
ord2357
ord2070
ord2914
ord6195
ord3087
ord2281
ord2362
ord2287
ord2283
ord2359
ord2855
ord3701
ord2444
ord5869
ord6153
ord2854
ord3867
ord4078
ord1569
ord2066
ord2859
ord4315
ord816
ord562
ord613
ord289
ord5783
ord5777
ord283
ord5784
ord4018
ord5790
ord6115
ord6190
ord1941
ord4270
ord2371
ord5977
ord1143
ord1230
ord3747
ord6124
ord3792
ord3490
ord3915
ord6168
ord3016
ord818
ord5286
ord567
ord4237
ord4787
ord2858
ord674
ord366
ord4421
ord5248
ord1658
ord2641
ord5278
ord5233
ord4072
ord4146
ord2873
ord2874
ord3398
ord5468
ord975
ord5006
ord3345
ord4298
ord4461
ord5097
ord5094
ord3054
ord2382
ord2715
ord2084
ord4451
ord4430
ord5048
ord5092
ord4614
ord4612
ord1886
ord4249
ord4010
ord748
ord4424
ord4617
ord3256
ord6171
ord6077
ord3193
ord3449
ord4381
ord2394
ord4417
ord5240
ord2502
ord6332
ord3061
ord3055
ord4691
ord3245
ord3782
ord3444
ord1003
ord5623
ord6340
ord3509
ord5019
ord3412
ord2986
ord4622
ord5497
ord4410
ord4994
ord4599
ord3101
ord5015
ord4485
ord4996
ord4910
ord4634
ord4511
ord2163
ord2429
ord4944
ord3182
ord4820
ord4855
ord4951
ord5650
ord4651
ord6193
ord4488
ord1196
ord5734
ord4610
ord4615
ord5573
ord1144
ord5579
ord940
ord2776
ord1255
ord2721
ord6466
ord2719
ord2722
ord957
ord2007
ord962
ord750
ord603
ord6386
ord1985
ord1961
ord273
ord2247
ord458
ord5200
ord5014
ord4819
ord4854
ord4950
ord1740
ord456
ord4442
ord4679
ord4675
ord4665
ord3865
ord4493
ord4869
ord4904
ord4504
ord4407
ord4356
ord1229
ord5024
ord4989
ord5153
ord4718
ord4901
ord4584
ord5788
ord2518
ord3512
ord469
ord4695
ord6191
ord4609
ord4269
ord743
ord6371
ord4074
ord1197
ord2821
ord3614
ord2885
ord942
ord1149
ord4604
ord4197
ord927
ord941
ord1089
ord4692
ord3442
ord3191
ord2717
ord5496
ord2550
ord5712
ord5713
ord2028
ord986
ord6133
ord520
ord1202
ord6113
ord815
ord3733
ord4616
ord5710
ord5285
ord5303
ord5298
ord5296
ord3341
ord2388
ord3917
ord5727
ord2504
ord2546
ord4480
ord459
ord561
ord3998
ord5228
ord1173
ord1561
ord5264
ord6238
ord1897
ord1937
ord4268
ord4364
ord4893
ord4343
ord4426
ord4607
ord560
ord1719
ord3743
ord5236
ord4103
ord4955
ord4958
ord4518
ord4523
ord4520
ord4537
ord4539
ord4525
ord4335
ord5070
ord5256
ord1891
ord4884
ord4458
ord2619
ord2530
ord484
ord4583
ord2634
ord813
ord4502
ord922
ord482
ord3379
ord4846
ord4369
ord1651
ord2238
ord2529
ord2527
ord5732
ord5674
ord3517
ord3516
ord4154
ord6399
ord6398
ord1887
ord749
ord4620
ord3348
ord3276
ord4033
ord5069
ord4531
ord4516
ord4974
ord4640
ord4906
ord5102

msvcrt

swprintf_s
wcscpy_s
_purecall
__CxxFrameHandler3
_CIsin
_except_handler4_common
__uncaught_exception
_onexit
_lock
__dllonexit
_unlock
_CIatan2
_CIcos
_CItan
_CIsqrt
_controlfp
wcstoul
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
isalnum
isdigit
abort
isspace
tolower
__mb_cur_max
__crtLCMapStringW
__crtGetStringTypeW
setlocale
___mb_cur_max_func
_errno
___lc_handle_func
___lc_codepage_func
__pctype_func
malloc
_callnewh
wcsrchr
wcsncmp
_beginthreadex
_wcsdup
_strtoui64
_strtoi64
sprintf_s
strcspn
memchr
localeconv
free
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
__argc
__wargv
_wsetlocale
_wcsicmp
__RTDynamicCast
rand
_wtoi
_ftol2
_wsplitpath_s
memcpy
_ftol2_sse
??0exception@@QAE@XZ
memset
_CxxThrowException
_vsnwprintf
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memcpy_s
memmove_s

comdlg32

GetOpenFileNameW
GetFileTitleW
GetSaveFileNameW

ole32

PropVariantCopy
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoMarshalInterThreadInterfaceInStream
PropVariantClear
CoTaskMemFree
CLSIDFromString
CoCreateInstance
WriteClassStg
WriteFmtUserTypeStg
OleGetClipboard
ReleaseStgMedium
FreePropVariantArray
CoGetInterfaceAndReleaseStream

oleaut32

SafeArrayPutElement
SafeArrayDestroy
SafeArrayCreateVector
VariantInit
VarDecFromR8
VarR8FromDec
VariantClear
VarDecFromI4
SysFreeString
SysAllocString
SafeArrayCopy

shell32

SHChangeNotify
SHAddToRecentDocs
DragFinish
DragQueryFileW
ShellAboutW
SHGetFolderPathEx
SHParseDisplayName
SHCreateShellItem
ord155
ord75
ShellExecuteExW
SHGetFolderPathW
ord165
SHGetSpecialFolderPathW
SHBindToParent

ntdll

RtlInitUnicodeString
NtQueryLicenseValue
WinSqmIncrementDWORD
WinSqmStartSession
WinSqmEndSession
WinSqmAddToStream
WinSqmSetIfMaxDWORD

comctl32

ImageList_Draw
ImageList_ReplaceIcon
ImageList_Remove
ord381
ord345
PropertySheetW
CreatePropertySheetPageW
ImageList_GetImageCount

shlwapi

SHStrDupW
ord628
PathStripPathW

propsys

PropVariantToUInt32
PropVariantToString
PropVariantToUInt32WithDefault

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

winmm

timeGetTime

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Sections

.text
Size: 546KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ufxsybn
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ca04d8484cb00766499935c692e8811

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcrt

comdlg32

ole32

oleaut32

shell32

ntdll

comctl32

shlwapi

propsys

rpcrt4

winmm

version

Sections

.text Size: 546KB - Virtual size: 545KB

.data Size: 20KB - Virtual size: 19KB

.rsrc Size: 5.5MB - Virtual size: 5.5MB

.reloc Size: 63KB - Virtual size: 64KB

ufxsybn Size: - Virtual size: 4KB

.text
Size: 546KB - Virtual size: 545KB

.data
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 5.5MB - Virtual size: 5.5MB

.reloc
Size: 63KB - Virtual size: 64KB

ufxsybn
Size: - Virtual size: 4KB