11f4ca70d9724546527f29b686880147

Sharing

Copy URL Twitter E-mail

General

Target

11f4ca70d9724546527f29b686880147
Size

908KB
MD5

11f4ca70d9724546527f29b686880147
SHA1

0160ae33b784ee916acacd2f4bef23da8d5e4789
SHA256

8ffa89aa5bdf612b52dad92483d3d98833bcdf45f843d8adb950ad82d0629e26
SHA512

6b87bca54a87b11140769de1232dc28b77e25f5e9e22dad8e6eacdba45ee8007367d9849b4b98727c6b33945d2b6d434d504af0f5d6379c4a92860315db979f6
SSDEEP

12288:z8Uk56+X/P6+X/Etfl0VYkYCoPsk7vFIlvV:z8kg/yg/3YCUsk7vFG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11f4ca70d9724546527f29b686880147

Files

11f4ca70d9724546527f29b686880147
.exe windows:6 windows x86 arch:x86

6ccd3fcd00193acae787c0003e3a1184

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceEvent
CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW

kernel32

SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
LockResource
LoadLibraryExW
FindResourceW
LoadResource
GetModuleFileNameW
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
GetModuleHandleW
GetProcAddress
LoadLibraryW
HeapSetInformation
RegisterApplicationRestart
MulDiv
FindResourceExW
GetUserDefaultUILanguage
GetLocaleInfoW
OutputDebugStringA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetVersionExA
Sleep
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GetLocaleInfoEx
GetLastError
ExpandEnvironmentStringsW
RaiseException

gdi32

SetBkColor
SetBkMode
CreatePen
CreateSolidBrush
GetTextExtentPoint32W
GetTextMetricsW
CreateFontIndirectW
DeleteDC
DeleteObject
StretchBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
GetDeviceCaps
Rectangle
SetTextColor
SetDCPenColor
GetStockObject
CreateDIBSection
GdiAlphaBlend
GetDIBits
SetDIBits

user32

DrawTextExW
CopyImage
SetRect
UnionRect
GetWindowLongW
GetCaretBlinkTime
SetCursor
FindWindowExW
RegisterWindowMessageW
EnableWindow
MoveWindow
SetDlgItemTextW
SystemParametersInfoW
DrawTextW
OffsetRect
CopyRect
GetDlgItemTextW
InvalidateRect
GetSystemMetrics
FlashWindowEx
SetForegroundWindow
FindWindowW
LoadStringW
CharNextW
SendMessageTimeoutW
LoadCursorW
LoadImageW
LoadIconW
FillRect
SetTimer
KillTimer
GetWindowRect
SetClassLongW
GetClientRect
ScreenToClient
PtInRect
SetRectEmpty
InflateRect
UnregisterClassA
PostQuitMessage
MessageBoxW
SendDlgItemMessageW
SendMessageW
ReleaseDC
GetDC
GetDlgItem
ShowWindow
GetParent
GetSysColor
SetWindowLongW
PostMessageW
EndPaint
IsWindowVisible
BeginPaint
DestroyWindow
CreateWindowExW

msvcrt

wcsncpy_s
memcpy
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
memcpy_s
__p__fmode
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
??1type_info@@UAE@XZ
realloc
_errno
_unlock
__dllonexit
_lock
_onexit
_controlfp
_wcsnicmp
_vsnwprintf
_CIatan2
_ftol2
??2@YAPAXI@Z
??_U@YAPAXI@Z
_CxxThrowException
free
_CIsqrt
malloc
memset
_purecall
_ftol2_sse
__CxxFrameHandler3
??_V@YAXPAX@Z
__p__commode
??3@YAXPAX@Z

ntdll

WinSqmIncrementDWORD
EtwTraceMessage
WinSqmIsOptedIn

gdiplus

GdiplusStartup
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusShutdown
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage
GdipImageRotateFlip

comctl32

CreatePropertySheetPageW
PropertySheetW

shlwapi

PathFileExistsW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromString
StringFromCLSID

oleaut32

VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
SysAllocString
VarUI4FromStr

uxtheme

GetThemeSysColorBrush
GetThemeTextExtent
DrawThemeText
GetThemeFont
IsThemeActive
GetThemeSysColor
OpenThemeData
GetThemeColor
CloseThemeData

slc

SLGetWindowsInformationDWORD

windowscodecs

WICCreateImagingFactory_Proxy

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 760KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dowphgl
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ccd3fcd00193acae787c0003e3a1184

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

gdiplus

comctl32

shlwapi

shell32

ole32

oleaut32

uxtheme

slc

windowscodecs

Sections

.text Size: 109KB - Virtual size: 108KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 760KB - Virtual size: 760KB

.reloc Size: 36KB - Virtual size: 38KB

dowphgl Size: - Virtual size: 4KB

.text
Size: 109KB - Virtual size: 108KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 760KB - Virtual size: 760KB

.reloc
Size: 36KB - Virtual size: 38KB

dowphgl
Size: - Virtual size: 4KB