3afcb07eb6877be536973a3cfb3060d9

Sharing

Copy URL

Twitter E-mail

General

Target

3afcb07eb6877be536973a3cfb3060d9
Size

2.7MB
MD5

3afcb07eb6877be536973a3cfb3060d9
SHA1

8942a17e07226afa29e278d612b48128052ad5c3
SHA256

b0da08169ac52ec61a4649dc7a891fb14e6a47c6599ab53f18af0ddb2200b13f
SHA512

b395898ed7f8dbeeb7248ba2bdf893ab9af3bc93a7730f5e570cf60d0a46b08c8f64dc4a1f30175ab7874ce29a26109f52a36f8fe36769703518ffdc576b10d9
SSDEEP

49152:X63hgH6VbH0Cw8l5QjDBNU2euB2+Lv/GJwQPTg4TYAzD:qhVxQvBZzGhYAz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3afcb07eb6877be536973a3cfb3060d9

Files

3afcb07eb6877be536973a3cfb3060d9
.exe windows:4 windows x86 arch:x86

bef48a39345607c5c85b72cd31c3e726

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

fmod

_FSOUND_Stream_SetBufferSize@4
_FSOUND_Sample_Free@4
_FSOUND_GetMaxChannels@0
_FSOUND_Stream_GetMode@4
_FSOUND_Stream_SetMode@8
_FSOUND_Stream_PlayEx@16
_FSOUND_Stream_Close@4
_FSOUND_Stream_Stop@4
_FSOUND_SetDriver@4
_FSOUND_SetHWND@4
_FSOUND_StopSound@4
_FSOUND_3D_Listener_SetAttributes@32
_FSOUND_Update@0
_FSOUND_3D_SetMinMaxDistance@12
_FSOUND_SetMute@8
_FSOUND_3D_SetDopplerFactor@4
_FSOUND_3D_SetDistanceFactor@4
_FSOUND_3D_SetRolloffFactor@4
_FSOUND_Sample_Load@20
_FSOUND_GetError@0
_FSOUND_Sample_SetMinMaxDistance@12
_FSOUND_GetDriverName@4
_FSOUND_SetOutput@4
_FSOUND_SetMinHardwareChannels@4
_FSOUND_GetVersion@0
_FSOUND_GetVolume@4
_FSOUND_Close@0
_FSOUND_Stream_SetEndCallback@12
_FSOUND_Stream_Open@16
_FSOUND_Init@12
_FSOUND_GetNumDrivers@0
_FSOUND_SetMaxHardwareChannels@4
_FSOUND_GetDriverCaps@8
_FSOUND_Sample_GetMode@4
_FSOUND_PlaySoundEx@16
_FSOUND_3D_SetAttributes@12
_FSOUND_SetPriority@8
_FSOUND_SetVolume@8
_FSOUND_SetPaused@8

kernel32

GetThreadLocale
GetLocaleInfoA
MultiByteToWideChar
InterlockedExchange
GetCurrentProcess
WideCharToMultiByte
GetVersion
CompareStringA
CompareStringW
GetACP
SetPriorityClass
lstrlenA
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
DeleteCriticalSection
Sleep
lstrcmpiA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
SetCurrentDirectoryA
CreateMutexA
WaitForSingleObject
CloseHandle
GetModuleFileNameA
GetWindowsDirectoryA
FindFirstFileA
CreateDirectoryA
FindClose
GetCurrentDirectoryA
GetVolumeInformationA
GetLastError
WinExec
IsDebuggerPresent
VirtualQuery
OutputDebugStringA
GetTickCount
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
GlobalFindAtomA
GetStringTypeW
GlobalGetAtomNameA
GlobalFlags
GetCPInfo
GetOEMCP
GetFullPathNameA
FlushFileBuffers
FileTimeToLocalFileTime
RtlUnwind
GetSystemTimeAsFileTime
GetStartupInfoA
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
IsProcessorFeaturePresent
SetEnvironmentVariableA
IsBadCodePtr
TlsFree
GetStringTypeA
GetDriveTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LocalReAlloc
TlsSetValue
TlsAlloc
UnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
MulDiv
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
CreateEventA
IsDBCSLeadByte
SetEvent
ResetEvent
ExitThread
WaitForMultipleObjects
SizeofResource
LockResource
LoadResource
FindResourceA
GetLocalTime
SetUnhandledExceptionFilter
TerminateProcess
CreateThread
GetSystemInfo
GlobalUnlock
GlobalLock
lstrcatA
GlobalMemoryStatusEx
InterlockedDecrement
ReadFile
SetFileTime
GetFileAttributesA
FindNextFileA
GetCurrentProcessId
WriteFile
SystemTimeToFileTime
GetCurrentThread
GlobalAlloc
GlobalSize
GlobalAddAtomA
GlobalDeleteAtom
SetEndOfFile
ExitProcess
GetCommandLineA
SetThreadPriority
SetFilePointer
OpenEventA
lstrcmpA
IsBadReadPtr
VirtualProtect
DeleteFileA
VirtualAlloc
VirtualFree
HeapFree
GetProcessHeap
HeapAlloc
SetStdHandle
GetStdHandle
lstrcpyA
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationA
GetExitCodeThread
GetSystemDefaultLangID
SetFileAttributesA
LocalFree
lstrcpynA
FormatMessageA
GlobalFree
SetLastError
GlobalReAlloc
lstrcmpW
RaiseException
InterlockedIncrement
LocalAlloc
GlobalHandle
TlsGetValue
GetTimeZoneInformation

user32

GetSysColorBrush
GetSysColor
GetSystemMetrics
LoadCursorA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetFocus
SetMenuItemBitmaps
PtInRect
CopyRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
CallWindowProcA
GetDlgCtrlID
GetClassInfoA
AdjustWindowRectEx
GetMenu
SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetDlgItem
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
GetCapture
WinHelpA
RegisterWindowMessageA
SetWindowTextA
UnregisterClassA
DestroyMenu
SetWindowsHookExA
CallNextHookEx
ValidateRect
UnhookWindowsHookEx
MoveWindow
GetClientRect
SetWindowLongA
GetWindowLongA
UpdateWindow
GetActiveWindow
SetWindowPos
CreateWindowExA
RegisterClassA
LoadIconA
TranslateMessage
PeekMessageA
DispatchMessageA
ReleaseDC
GetDC
GetMenuState
GetMenuItemID
SetCursorPos
ClientToScreen
GetKeyState
GetWindowTextA
EnumWindows
PostMessageA
GetWindowRect
PostQuitMessage
wsprintfA
GetAsyncKeyState
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
MessageBoxA
DefWindowProcA
SetFocus
ShowCursor
GetWindow
ShowWindow
FindWindowExA
GetClassNameA
GetTopWindow
GetMenuItemCount
GetSubMenu
GetCursorPos
SetClipboardData
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MapVirtualKeyA
GetKeyNameTextA
ScreenToClient
SendMessageA
GetKeyboardLayout
EmptyClipboard
UnregisterHotKey

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateBitmap
GetStockObject
GetClipBox
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetTextMetricsA
GetDeviceCaps
CreateFontA
AddFontResourceA
RemoveFontResourceA
CreateCompatibleDC
CreateDIBSection
SetMapMode
GetObjectA
GetTextExtentPoint32A
SelectObject
DeleteObject
DeleteDC

shell32

SHGetSpecialFolderPathA
SHChangeNotify
ShellExecuteA

ole32

CoCreateInstance
CoInitialize
OleRun
CoUninitialize

comctl32

ord17

shlwapi

StrStrIA
PathRemoveFileSpecA
PathStripPathA
PathIsDirectoryA
PathSearchAndQualifyA

urlmon

URLDownloadToFileA

imm32

ImmGetCompositionStringA
ImmGetDefaultIMEWnd
ImmSetConversionStatus
ImmAssociateContext
ImmNotifyIME
ImmGetCandidateListA
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
ImmGetConversionStatus

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod
timeGetDevCaps

ws2_32

bind
socket
htons
gethostbyname
inet_addr
ntohs
inet_ntoa
ioctlsocket
setsockopt
WSACleanup
WSAStartup
closesocket
htonl
recv
WSAGetLastError
connect
WSACloseEvent
send
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
shutdown
sendto
recvfrom
getsockname
gethostname

gdiplus

GdipGetImageEncoders
GdipCloneBrush
GdipGetFamily
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipFillPath
GdipGraphicsClear
GdipDrawPath
GdipSetSmoothingMode
GdipCreateFromHDC
GdipAddPathString
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipStringFormatGetGenericTypographic
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown

dbghelp

MiniDumpWriteDump

wininet

InternetCloseHandle
InternetSetStatusCallback
InternetReadFileExA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
DeleteUrlCacheEntry
InternetCrackUrlA

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA

oleaut32

VariantChangeType
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
GetErrorInfo

Exports

Exports

fcEXP

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 392KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 26.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bef48a39345607c5c85b72cd31c3e726

Headers

File Characteristics

Imports

fmod

kernel32

user32

gdi32

shell32

ole32

comctl32

shlwapi

urlmon

imm32

winmm

ws2_32

gdiplus

dbghelp

wininet

oleacc

winspool.drv

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 392KB - Virtual size: 390KB

.data Size: 152KB - Virtual size: 26.0MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 392KB - Virtual size: 390KB

.data
Size: 152KB - Virtual size: 26.0MB

.rsrc
Size: 8KB - Virtual size: 5KB