0f9570677a9769f209a1d4d59a8ee2ed

Sharing

Copy URL Twitter E-mail

General

Target

0f9570677a9769f209a1d4d59a8ee2ed
Size

275KB
MD5

0f9570677a9769f209a1d4d59a8ee2ed
SHA1

150af31d0b726d40c0952b609e7b3937b420110c
SHA256

144dd7009b7b3e95349075c54db487bc70e412ff9089a1c23ac66808e96b0c35
SHA512

829e1b30c21db58849cc9c4d16a5e81971ea6031f5c69990ea9507a8dcae881fc962facd2286d9c43c704b7d0b2c8e719ea2774cc0057ae8d8d400f4f9c36263
SSDEEP

6144:U9hRj8io5VT35T+NXNH5Pxa+kwsDnl5xDZeNeOq0xGGujNPUP9:OhJ2GV5dk1l5xDZueOq0xGGMPg9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f9570677a9769f209a1d4d59a8ee2ed

Files

0f9570677a9769f209a1d4d59a8ee2ed
.exe windows:4 windows x86 arch:x86

35c9dfdae8190f1d09e40281ff706b28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
LoadLibraryW
CreateFileA
GetWindowsDirectoryA
lstrlenA
lstrcpyA

gdi32

OffsetWindowOrgEx
RemoveFontResourceExW
PolyBezierTo
CreatePalette
GetTextColor
QueryFontAssocStatus
SetDCPenColor
GdiSetLastError
ExtFloodFill
CreateICW
SelectClipPath
GdiSetServerAttr
GdiGetLocalFont
GetPixelFormat
GdiProcessSetup
DPtoLP
GetDeviceGammaRamp
SetDCBrushColor
SetTextColor
ExtTextOutW
GdiAddFontResourceW
bInitSystemAndFontsDirectoriesW
Pie
GetROP2
GdiSetPixelFormat
PolyDraw
EnumMetaFile
STROBJ_bEnum
PolylineTo
EngStretchBltROP
GetWorldTransform
GetViewportExtEx
GdiComment
GetTextAlign
GdiConvertBitmapV5
NamedEscape
GetCurrentPositionEx
TextOutA
GdiGetSpoolMessage
GetObjectA
EnumObjects
StretchDIBits
GetCharWidthFloatW
CreateHatchBrush
GetViewportOrgEx
GetLayout
SetVirtualResolution
CreateFontIndirectW
SetPolyFillMode
GetTextExtentExPointWPri
SetDeviceGammaRamp
CancelDC
CloseEnhMetaFile
SetStretchBltMode
GetMapMode
CreateSolidBrush
EngMultiByteToWideChar
CreateScalableFontResourceA
RoundRect
EngStrokeAndFillPath
SetViewportOrgEx
FONTOBJ_pifi
GdiPlayJournal
AddFontResourceTracking
GetMetaFileW
GetTextExtentPointW
SetBitmapBits
GdiFlush
GetGlyphOutline
EngDeleteSemaphore
GdiEntry14
PATHOBJ_bEnum
GdiReleaseLocalDC
RemoveFontResourceA
CreateBitmap
gdiPlaySpoolStream
ExtTextOutA
UpdateICMRegKeyW
SetPaletteEntries
GetColorSpace
SetMagicColors
BeginPath
GetPixel
FillPath
GdiIsPlayMetafileDC
GetPaletteEntries
SetWorldTransform
TranslateCharsetInfo
GetTextExtentPointA
PtInRegion
EnumEnhMetaFile
EudcLoadLinkW
EngGradientFill
CreateBitmapIndirect
UnloadNetworkFonts
DeviceCapabilitiesExW
GetTextMetricsW
SelectObject
EngGetCurrentCodePage
RemoveFontResourceTracking
ScaleWindowExtEx
GetArcDirection
GdiGetPageHandle
GdiGetCodePage
DescribePixelFormat
AddFontResourceW
EngAcquireSemaphore
CreateFontA
OffsetViewportOrgEx
CombineTransform
GdiPlayPrivatePageEMF
ExcludeClipRect
GdiSwapBuffers
GetAspectRatioFilterEx
AddFontMemResourceEx
StretchBlt
CreateDIBSection
GetBitmapDimensionEx
CLIPOBJ_ppoGetPath
CreateBrushIndirect
GetLogColorSpaceW
GetTextCharacterExtra
GdiGetBatchLimit
GetWindowExtEx
GdiGetDC
GetGraphicsMode
GdiSetAttrs
GetCharWidthI
CreateRectRgnIndirect
GetNearestColor
AnyLinkedFonts
LineTo
EngPaint
GdiFixUpHandle
GetColorAdjustment
GetGlyphOutlineWow
GdiEntry4
GetGlyphOutlineW
GdiEntry15
GdiValidateHandle
GetCharWidth32W
GetCharABCWidthsFloatA
GdiQueryTable
StrokePath
BRUSHOBJ_hGetColorTransform
GetTransform
GdiCleanCacheDC
HT_Get8BPPMaskPalette
GetWindowOrgEx
GetKerningPairsA
GetClipBox
GetStretchBltMode
GetClipRgn
GetStringBitmapW
SetPixelV
CreateDCA
SelectFontLocal
EngFindResource
EngLockSurface
ColorCorrectPalette
EudcUnloadLinkW
GetMiterLimit
Rectangle
GdiConsoleTextOut
StartDocW
GetNearestPaletteIndex
DeleteColorSpace
EngUnicodeToMultiByteN
GdiPlayScript
EnumFontFamiliesW
GetCharWidthW
StartPage

msvcrt

strncmp
setbuf
wcstod
_execl
towlower
_fcvt
_dstbias
_strnicoll
__p___initenv
frexp
_findnexti64
_wsplitpath
_filelengthi64
_execle
towupper
_controlfp
_wenviron
_errno
__iscsymf
_filbuf
perror
ungetc
_wsystem
localtime
_ismbcprint
__p__wpgmptr
_wcsrev
_sys_errlist
_CIpow
atoi
_mbsbtype
_osplatform
_rotr
fwrite
__getmainargs
getenv
strtoul
__p__tzname
_inpd
_mbsdup
_swab
fputwc
_putws
islower
_pwctype
iswcntrl
_ismbcsymbol
iswalnum
__p__mbcasemap
_ismbstrail
_wspawnle
_y0
_mbsnset
_setjmp
strxfrm
_dup
_isnan
_findnext
_get_sbh_threshold
_fcloseall
_setmaxstdio
fwprintf
_wsopen
__CxxFrameHandler
_futime64
_tempnam
_wexecl
_wexecvp
_amsg_exit
_mbsicmp
_wutime
_time64
_adj_fdiv_m32
tmpnam
_mbsnbcpy
__setusermatherr
_findfirst64
_adj_fdivr_m32i
iswprint
_inpw
_mbctombb
_fputwchar
_wspawnvp
fflush
_wstat64
__RTtypeid
_mbsncat
wcsncat
mktime
wcscmp
__p___argc
strcpy
_pgmptr
_expand
_tzset
_makepath
_CIacos
_outpw
_wmktemp
longjmp
_longjmpex
_fstat64
isdigit
_ismbbkalnum
_wexecvpe
__p__winminor
getwc
__doserrno
_control87
realloc
scanf
_wrename
_getdrives
strpbrk
vfprintf
fgetpos
sprintf
_mbcjistojms
signal
pow
wcsncpy
_jn
_setsystime
_mbsnbcmp
_Getmonths
fprintf
_sleep
_wcsncoll
_purecall
_fstati64
iswspace
swprintf
_ismbbkprint
_adj_fptan
__set_app_type
_ismbblead
fmod
_execvp
_wspawnl
vwprintf
_execlp
_lseeki64
_ismbbgraph
setlocale
tmpfile
wcstoul
acos
_heapmin
_vsnprintf
__p__dstbias
_wtmpnam
_searchenv
strerror
strstr
wcscat
__lc_handle
_fgetwchar
_utime
_ftime64
__crtGetLocaleInfoW
_spawnle
_ultow
_safe_fprem1
_chsize
clearerr
_i64toa
iswpunct
_mbstok
wcspbrk
strftime
fopen
_ismbcpunct
_adj_fdiv_r
ispunct
_putch
_set_sbh_threshold
mbstowcs
raise
_wfindnext
fwscanf
_cabs

advapi32

RegOpenKeyExW

oleaut32

VarUI2FromUI4
VarI1FromDate
VarMul
VarDateFromBool
VarI1FromR8
VarI4FromI2
VarDateFromStr
VarBstrFromUI1
VarI2FromUI1
VarBoolFromStr
VarUI4FromStr
LHashValOfNameSys
VarR8FromDisp
VarDecFromDisp
VarI1FromI2
VarR4FromStr
VarUI4FromCy
SysReAllocString
VarBstrCmp
VarCyFix
VarCyFromR4
VarUI2FromR8
VarI4FromDec
SafeArrayGetIID
VarR8FromR4
VectorFromBstr
VarBoolFromR4
VarCyFromStr
VarDecFromCy
VarI2FromI1
VarBoolFromUI2
VarI1FromUI4
VarI1FromI4
VarR4FromDate
OleSavePictureFile
VarUI2FromDisp
VarDecFromI2
VarFormatDateTime
VarUI4FromR8
VarI2FromUI4
VarUI1FromR8
SafeArrayAllocData
VarBstrFromUI4
GetRecordInfoFromTypeInfo
VarInt
VarDecMul
VarCyFromUI4
OaBuildVersion
VarDecFromI4
VarBstrFromR4
VarR8FromUI1
VarUI1FromStr
VarUI2FromI4
RegisterTypeLi
SafeArrayPutElement
VarUI1FromI1
SafeArrayAccessData
VarI2FromDec
VarFormatPercent
VarCyInt
VarBstrFromR8
SafeArrayDestroy
VarDecFromUI1
VarI2FromCy
VarBstrFromDate
LoadRegTypeLi
CreateTypeLib2
VarDateFromDec
VarI4FromCy
VarCyFromBool
VarFormat
LPSAFEARRAY_UserMarshal
VarI2FromDate
VarI4FromR8
VarAdd
VarUI1FromDate
VarCyAdd
VarWeekdayName
VarDecFromDate
VarXor
LPSAFEARRAY_UserSize
SetErrorInfo
VarBstrFromBool
OleIconToCursor
VarOr
VarUI2FromStr
VarRound
VarDateFromR8
VarBoolFromUI4
VarR8FromCy
VarSu
VarBstrFromDisp
VarCyRound
OleLoadPictureFileEx
VarUI4FromUI1
VarDateFromUI1
VarCyAbs
VarI2FromBool
SafeArrayGetElement
VarR4FromR8
SafeArraySetIID
VarCyMulI4
VarUI4FromBool
OleTranslateColor
VarDecInt
VarUI1FromUI2
SafeArrayDestroyDescriptor
VarUI4FromDate
LPSAFEARRAY_Marshal
VarUI4FromR4
VarR4FromDec
VarCyFromR8
SafeArrayGetDim
OleCreateFontIndirect
BSTR_UserMarshal
VarR8FromDec
VarMonthName
VarAbs
VarBstrFromI4
DispGetIDsOfNames
OleCreatePropertyFrame
VarCyFromI4
OleLoadPictureFile
VariantCopy
VarEqv
VarR8FromI1
VarI1FromBool
VarDecCmp
VarDecRound
VariantCopyInd
VarCyNeg
VarUI1FromBool
VarUI1FromCy
VarR4FromCy
SysFreeString
VarNot
VarUI1FromI4
SafeArrayUnlock
VarR4FromDisp
LoadTypeLi
VarDateFromI4
VarCyFromDisp
VarCyFromI2
VarI1FromCy
SysAllocString
VarDecAdd
SafeArrayCreate
VarR8FromDate

imm32

ImmSetCompositionFontA
ImmSetCompositionFontW
ImmRegisterWordA
ImmUnregisterWordA
ImmGetDefaultIMEWnd
ImmEnumInputContext
ImmGetCandidateListW
ImmGetRegisterWordStyleW
ImmSetConversionStatus
ImmGetVirtualKey
ImmGetRegisterWordStyleA
ImmInstallIMEA
ImmReleaseContext
ImmSetOpenStatus
ImmSetHotKey
ImmDestroyIMCC
ImmDisableIME
ImmDestroySoftKeyboard
ImmGenerateMessage
ImmGetCandidateWindow
ImmGetHotKey
ImmGetConversionListA
ImmGetIMCLockCount
ImmSetCompositionStringA
ImmGetProperty
ImmGetContext
ImmGetCompositionFontA
ImmSetStatusWindowPos
ImmAssociateContext
ImmGetDescriptionA
ImmEscapeA
ImmRequestMessageW
ImmNotifyIME
ImmGetIMCCLockCount
ImmGetCompositionStringW
ImmReSizeIMCC
ImmGetImeMenuItemsA
ImmGetCompositionStringA
ImmIsUIMessageW
ImmGetCandidateListCountA
ImmGetIMCCSize
ImmSimulateHotKey
ImmGetDescriptionW
ImmGetIMEFileNameA
ImmGetCandidateListCountW
ImmGetConversionStatus
ImmRegisterWordW
ImmGetGuideLineA
ImmLockIMC
ImmUnlockIMC
ImmConfigureIMEA
ImmGetCompositionFontW
ImmGetCompositionWindow
ImmRequestMessageA
ImmGetStatusWindowPos
ImmSetCompositionWindow
ImmGetIMEFileNameW
ImmEnumRegisterWordA
ImmIsIME
ImmLockIMCC
ImmSetCandidateWindow
ImmUnregisterWordW
ImmCreateContext
ImmEnumRegisterWordW
ImmInstallIMEW
ImmDestroyContext
ImmAssociateContextEx
ImmUnlockIMCC
ImmGetConversionListW
ImmCreateSoftKeyboard
ImmGetImeMenuItemsW
ImmGetGuideLineW
ImmEscapeW
ImmShowSoftKeyboard
ImmGetCandidateListA
ImmGetOpenStatus
ImmCreateIMCC

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

t3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

t2
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35c9dfdae8190f1d09e40281ff706b28

Headers

File Characteristics

Imports

kernel32

gdi32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 13KB - Virtual size: 12KB

t3 Size: 1024B - Virtual size: 1000B

t2 Size: 248KB - Virtual size: 248KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 13KB - Virtual size: 12KB

t3
Size: 1024B - Virtual size: 1000B

t2
Size: 248KB - Virtual size: 248KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB