5d4dd86b62f82499c8c8f74667d933d9

Sharing

Copy URL Twitter E-mail

General

Target

5d4dd86b62f82499c8c8f74667d933d9
Size

725KB
MD5

5d4dd86b62f82499c8c8f74667d933d9
SHA1

f4fe6fb9ed4a7d084a497267fab26d24a4f3defc
SHA256

e896d928a95aa2640c7149c73b25345a30bd47074cd543f9fb88fb89ee4ab89f
SHA512

2f321bcd4de36d61363f9401cd34962e77b7255eb44537666a0c4030b03da46ef985d0bb3a5ef668c58178971ba3b0b4f6c07ceb07d280dbd953b6af7677e37c
SSDEEP

12288:Pd9Y37JI9CApp8l0IkMe54QkzvKb6DMPHPeXZ:Pd9YlI9C6K0HiQkzvwiGveXZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d4dd86b62f82499c8c8f74667d933d9

Files

5d4dd86b62f82499c8c8f74667d933d9
.exe windows:5 windows x86 arch:x86

848811b8e2ad9d7f49540256246eda4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcsrchr
wcsncat
swprintf
swscanf
_wtoi
_wcsdup
iswspace
memmove
_ftol
_beginthreadex
_vsnwprintf
_CxxThrowException
_wcsicmp
_purecall
wcslen
realloc
free
malloc
_strdup
wcsncpy
_wcsnicmp
wcscpy
_except_handler3
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcscmp
wcscat
__CxxFrameHandler

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
ConvertSidToStringSidW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA
CryptGenRandom
QueryServiceStatus
QueryServiceConfigW
ChangeServiceConfigW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegConnectRegistryW
RegQueryValueExW
RegEnumKeyW
OpenProcessToken
IsValidAcl
AddAce
GetAce
GetAclInformation
EqualSid
SetSecurityDescriptorDacl
SetThreadToken
CopySid
GetLengthSid
GetTokenInformation
OpenThreadToken
InitializeAcl
AddAccessAllowedAceEx
AddAccessDeniedAceEx
AddAuditAccessAceEx
AddAccessAllowedObjectAce
AddAccessDeniedObjectAce
AddAuditAccessObjectAce
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup

kernel32

InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
lstrcpynW
HeapDestroy
lstrcatW
GetModuleFileNameW
FreeLibrary
InterlockedIncrement
InterlockedDecrement
lstrlenA
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
GetShortPathNameW
GetCurrentThreadId
HeapAlloc
FlushInstructionCache
GetCurrentProcess
InterlockedExchange
Sleep
WaitForMultipleObjects
GetTickCount
SetEvent
CloseHandle
CreateEventW
WaitForSingleObject
GetCurrentThread
SetEnvironmentVariableW
GetTempPathW
GetEnvironmentVariableW
GetSystemTime
GetLocalTime
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalMemoryStatusEx
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GetCommandLineW
GetFileAttributesExW
GetExitCodeProcess
CreateProcessW
GetUserDefaultLCID
GetTimeZoneInformation
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempFileNameW
WideCharToMultiByte
LocalFree
DuplicateHandle
ReadFile
WriteFile
SetFilePointer
GetFileInformationByHandle
CreateFileW
CopyFileW
SetFileAttributesW
DeleteFileW
MoveFileExW
RemoveDirectoryW
GlobalFree
GetModuleHandleA
GetStartupInfoW
EnterCriticalSection
GetProcessHeap
HeapFree
lstrcpyW
lstrlenW
MultiByteToWideChar
LoadLibraryW
GetProcAddress
lstrcmpiA
SetLastError
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetUserDefaultUILanguage
GetSystemDefaultLCID
GetLocaleInfoW
GetModuleHandleW
FlushFileBuffers
TlsGetValue
TlsSetValue
TlsFree
LocalAlloc
LoadLibraryA
ReleaseMutex
FlushViewOfFile
UnmapViewOfFile
OpenMutexW
CreateMutexW
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ResetEvent
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
HeapReAlloc
RaiseException
TlsAlloc
ExitProcess
GlobalReAlloc
SetThreadPriority
GetVersionExW
GetSystemTimeAsFileTime
lstrcmpW
LeaveCriticalSection

gdi32

CreateDIBSection
SetLayout
CreateCompatibleBitmap
SelectObject
BitBlt
GetStockObject
GetObjectW
CreateCompatibleDC
DeleteObject
CreateRectRgnIndirect
CreateDCW
GetDeviceCaps
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
CreateSolidBrush

user32

GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
GetParent
ShowWindow
GetFocus
SetKeyboardState
GetKeyboardState
EndPaint
GetClientRect
BeginPaint
GetClassNameW
SendMessageTimeoutW
CreateWindowExW
EnumChildWindows
GetWindowRect
SendMessageW
MoveWindow
CharUpperW
IsWindowVisible
DestroyMenu
TrackPopupMenu
MapWindowPoints
AppendMenuW
CreatePopupMenu
InsertMenuItemW
GetMenuItemCount
GetSystemMenu
SystemParametersInfoW
EnumDisplaySettingsW
GetSystemMetrics
LoadStringW
MessageBoxW
MsgWaitForMultipleObjects
RegisterWindowMessageW
TranslateMessage
PeekMessageW
CopyImage
IsChild
SetFocus
InvalidateRect
DestroyAcceleratorTable
GetKeyState
IsWindow
CallWindowProcW
GetWindowLongW
DefWindowProcW
SetWindowLongW
DestroyWindow
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
PtInRect
GetDC
ReleaseDC
CharNextW
SystemParametersInfoA
CharUpperBuffW
CharLowerW
SetWindowTextW
LoadIconW
LoadImageW
SetForegroundWindow
IsIconic
PostMessageW
GetProcessDefaultLayout
GetCursorPos
GetSysColor
GetWindow
GetWindowTextW
GetWindowTextLengthW
ReleaseCapture
SetCapture
InvalidateRgn
GetDesktopWindow
GetDlgItem
FillRect
RedrawWindow
CreateAcceleratorTableW
DispatchMessageW

comctl32

ImageList_Destroy
ImageList_LoadImageW
ImageList_GetImageCount
ImageList_Create
ImageList_DrawIndirect
ImageList_AddMasked
InitCommonControlsEx

uxtheme

GetThemeDocumentationProperty
GetCurrentThemeName
IsThemeActive

urlmon

URLOpenBlockingStreamW
RegisterBindStatusCallback
CreateURLMoniker
ReleaseBindInfo
CopyBindInfo
CoInternetQueryInfo
CoInternetGetSession

wininet

InternetCloseHandle
InternetSetOptionW
InternetQueryOptionW
InternetSetOptionA
InternetCombineUrlW
InternetCanonicalizeUrlW
CommitUrlCacheEntryW
DeleteUrlCacheEntryW
CreateUrlCacheEntryW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetGetConnectedState
InternetCrackUrlW
InternetAutodial
InternetAutodialHangup
InternetSetStatusCallbackW

ole32

CoRegisterClassObject
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
StgOpenStorageEx
StgCreateStorageEx
GetRunningObjectTable
CreateClassMoniker
CoRevokeClassObject
WriteClassStm
OleSaveToStream
CoUninitialize
CoInitializeSecurity
CoInitialize
CoCreateInstance
CoInitializeEx
CreateStreamOnHGlobal
CoGetCallContext
GetHGlobalFromStream
CoGetClassObject
CreateBindCtx
CLSIDFromString
StringFromCLSID
OleInitialize
OleUninitialize
OleLockRunning
CLSIDFromProgID
OleLoadFromStream

oleaut32

DispCallFunc
VariantInit
VariantTimeToSystemTime
VariantChangeTypeEx
SafeArrayCreateVector
SysAllocStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SystemTimeToVariantTime
VariantCopy
OleCreatePropertyFrame
SysStringLen
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
SysAllocString
SysFreeString

shlwapi

PathIsRelativeW
UrlGetPartW
UrlCanonicalizeW

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW

ntdll

wcsncmp
strncpy
sprintf
wcsstr
wcschr
_wtol
_snwprintf

msimg32

GradientFill

Sections

.text
Size: 539KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

848811b8e2ad9d7f49540256246eda4a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

comctl32

uxtheme

urlmon

wininet

ole32

oleaut32

shlwapi

shell32

ntdll

msimg32

Sections

.text Size: 539KB - Virtual size: 538KB

.data Size: 34KB - Virtual size: 33KB

.rsrc Size: 151KB - Virtual size: 150KB

.text
Size: 539KB - Virtual size: 538KB

.data
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 151KB - Virtual size: 150KB