4c5f7c008bef8a2ee8e6761355ff2585d69dd84a0d551271b5d3522ae2704cca

Sharing

Copy URL Twitter E-mail

General

Target

4c5f7c008bef8a2ee8e6761355ff2585d69dd84a0d551271b5d3522ae2704cca
Size

569KB
MD5

20dd313af01b82713b89ad6f5debe0d6
SHA1

62a51f309bdcdeec4fa56412c771176a625c47c9
SHA256

4c5f7c008bef8a2ee8e6761355ff2585d69dd84a0d551271b5d3522ae2704cca
SHA512

d2d4a3288c2d98c0ff8693072b946c2a8047c5423ae152e9aa6962d2a40a36d410c9ba4e2c2f6cc9b50847bd1dae30b5d085349233e53d98d058dc8ba4a92d48
SSDEEP

12288:+6+DJj2pI8ftrSBycwmsMeFsmV7CkkkkckkkkbkkkhkkD6GAA:0CI8lrSBycwmSvV7Un

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c5f7c008bef8a2ee8e6761355ff2585d69dd84a0d551271b5d3522ae2704cca

Files

4c5f7c008bef8a2ee8e6761355ff2585d69dd84a0d551271b5d3522ae2704cca
.dll windows:5 windows x86 arch:x86

44862aed3328ea9535cb76bfc6c2bcf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libcrypto-1_1.mir

HMAC_CTX_new
EVP_sha256
EVP_MD_CTX_new
EVP_DecryptInit_ex
SHA1_Final
SHA1_Update
HMAC_Init_ex
EVP_sha512
EVP_MD_CTX_free
EVP_DecryptFinal_ex
EVP_EncryptFinal
EVP_EncryptUpdate
EVP_EncryptInit
HMAC_CTX_free
SHA1_Init
EVP_DigestInit_ex
HMAC_Update
EVP_DigestUpdate
EVP_DigestFinal_ex
HMAC_Final
EVP_aes_128_cbc
EVP_aes_192_cbc
EVP_aes_256_cbc
EVP_aes_128_ctr
EVP_aes_128_gcm
HMAC
EVP_MD_size
EVP_DigestInit
EVP_DigestFinal
EVP_sha1
EVP_sha224
EVP_sha384
EVP_aes_192_ctr
EVP_aes_256_ctr
EVP_CIPHER_block_size
EVP_EncryptInit_ex
EVP_CIPHER_CTX_set_padding
EVP_CIPHER_CTX_free
EVP_DecryptFinal
EVP_DecryptUpdate
EVP_aes_256_gcm
EVP_DecryptInit
EVP_CIPHER_CTX_ctrl
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_new

comctl32

ImageList_SetOverlayImage
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create

ws2_32

gethostbyaddr
inet_addr
WSAGetLastError
htonl

uxtheme

IsThemeActive
DrawThemeParentBackground

kernel32

GetComputerNameW
GetComputerNameA
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
CreateFileW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadFile
WideCharToMultiByte
GetModuleFileNameW
GetTempFileNameW
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetLocalTime
GetModuleHandleW
LoadLibraryW
DeleteFileW
FreeLibrary
GetTempPathW
FindFirstFileW
FindNextFileW
FindClose
SetEvent
CreateEventW
WaitForSingleObject
CloseHandle
Sleep
GetTickCount
GetCurrentThreadId
TerminateThread
CopyFileW
GetLastError
GlobalLock
GlobalUnlock
GetModuleFileNameA
WriteFile

user32

IsWindowEnabled
CopyIcon
CharUpperBuffW
CharLowerA
GetDlgItemTextA
DestroyWindow
EnableWindow
GetDlgItem
ShowWindow
GetClientRect
GetWindowRect
SetScrollRange
SendMessageW
IsDlgButtonChecked
SetDlgItemTextW
EnumChildWindows
SetScrollPos
GetDC
DrawTextW
ReleaseDC
CreateWindowExW
GetParent
GetWindowLongW
SetWindowLongW
SetWindowPos
SystemParametersInfoW
ScrollWindow
RedrawWindow
CreatePopupMenu
AppendMenuW
SetForegroundWindow
GetCursorPos
TrackPopupMenu
DestroyMenu
CreateDialogParamW
SetWindowTextW
SendDlgItemMessageW
GetDlgItemTextW
SetActiveWindow
GetDlgCtrlID
CheckDlgButton
GetFocus
EndDialog
DialogBoxParamW
BeginPaint
EndPaint
GetAsyncKeyState
GetWindowTextLengthW
GetWindowTextW
MessageBoxW
PostThreadMessageW
GetScrollInfo
InvalidateRect
GetMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
PostMessageW
SetDlgItemTextA
GetMenuItemCount
SetFocus
ClientToScreen
GetNextDlgTabItem
GetKeyState
SetRect
DrawTextExW
MapWindowPoints
FillRect
GetSysColorBrush
GetSysColor
DrawIconEx
OpenClipboard
GetClipboardData
CloseClipboard
CharLowerW
DestroyIcon
GetMessagePos
ScreenToClient
CheckMenuItem
MessageBeep
IsWindow
DrawFocusRect
GetSystemMetrics
IsWindowVisible
LockWorkStation
mouse_event
DefWindowProcW
SendDlgItemMessageA
SetPropA
GetPropA
UpdateWindow
MoveWindow

gdi32

SetTextColor
BitBlt
DeleteObject
SetBkMode
GetObjectW
DeleteDC
GetTextExtentPoint32W
GetCurrentObject
CreateCompatibleDC
GetTextMetricsW
SelectObject
GetStockObject
CreateFontIndirectW
SetMapMode
TextOutW
StretchBlt
SetStretchBltMode
GdiAlphaBlend
DPtoLP
GetMapMode

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetUserNameA

shell32

ExtractIconExA

freeimage.mir

_FreeImage_Premultiply@4

libsignal.mir

signal_protocol_identity_get_local_registration_id
session_pre_key_bundle_create
session_builder_process_pre_key_bundle
signal_protocol_identity_save_identity
session_builder_free
pre_key_signal_message_get_pre_key_id
signal_protocol_identity_get_key_pair
signal_protocol_key_helper_generate_identity_key_pair
ratchet_identity_key_pair_get_public
ratchet_identity_key_pair_get_private
session_cipher_create
pre_key_signal_message_deserialize
session_cipher_decrypt_pre_key_signal_message
signal_message_deserialize
session_cipher_decrypt_signal_message
session_cipher_free
signal_buffer_data
session_builder_create
signal_protocol_signed_pre_key_load_key
ec_key_pair_get_public
session_signed_pre_key_get_key_pair
session_signed_pre_key_get_signature_len
session_signed_pre_key_get_signature
signal_protocol_pre_key_load_key
session_pre_key_get_key_pair
signal_protocol_session_contains_session
session_cipher_encrypt
ciphertext_message_get_type
ciphertext_message_get_serialized
session_pre_key_serialize
signal_buffer_free
signal_buffer_create
session_signed_pre_key_serialize
ec_public_key_serialize
ec_private_key_serialize
curve_decode_point
signal_protocol_store_context_set_identity_key_store
signal_protocol_store_context_set_signed_pre_key_store
signal_protocol_store_context_set_pre_key_store
signal_protocol_store_context_set_session_store
signal_protocol_store_context_create
signal_int_list_alloc
signal_int_list_push_back
signal_protocol_key_helper_key_list_free
session_pre_key_get_id
signal_protocol_key_helper_key_list_element
signal_protocol_key_helper_key_list_next
signal_protocol_key_helper_generate_pre_keys
signal_type_unref
signal_protocol_key_helper_generate_signed_pre_key
signal_context_destroy
signal_protocol_store_context_destroy
signal_context_set_locking_functions
signal_buffer_len
signal_context_create
signal_context_set_crypto_provider

zlib.mir

inflateEnd
deflate
inflate
deflateEnd
inflateInit_
deflateInit_

mir_core.mir

ord768
ord1282
ord1294
ord1446
ord1402
ord1566
ord1343
ord106
ord89
ord86
ord87
ord105
ord1206
ord1209
ord450
ord1210
ord70
ord63
ord1382
ord1408
ord1326
ord1354
ord151
ord50
ord359
ord851
ord1014
ord841
ord731
ord770
ord847
ord807
ord1003
ord1100
ord375
ord862
ord1104
ord1773
ord316
ord370
ord1628
ord414
ord270
ord1099
ord1409
ord1614
ord1619
ord1618
ord1611
ord1608
ord1610
ord1609
ord1571
ord1570
ord1672
ord1586
ord1554
ord1553
ord1562
ord1561
ord1560
ord1559
ord1593
ord1592
ord1537
ord1543
ord1317
ord728
ord20
ord16
ord1671
ord773
ord1025
ord979
ord152
ord153
ord147
ord273
ord377
ord280
ord165
ord888
ord970
ord989
ord991
ord986
ord756
ord793
ord990
ord985
ord363
ord969
ord97
ord1078
ord647
ord951
ord915
ord930
ord939
ord923
ord692
ord1701
ord1699
ord1698
ord1011
ord813
ord867
ord1632
ord746
ord1034
ord1251
ord759
ord614
ord934
ord281
ord1322
ord314
ord286
ord1207
ord108
ord109
ord283
ord117
ord1157
ord653
ord657
ord1724
ord948
ord912
ord926
ord925
ord733
ord635
ord957
ord727
ord817
ord860
ord967
ord895
ord781
ord820
ord776
ord1060
ord931
ord707
ord626
ord102
ord491
ord307
ord317
ord415
ord455
ord466
ord451
ord368
ord1153
ord366
ord382
ord379
ord42
ord381
ord1108
ord1102
ord1105
ord1106
ord18
ord1696
ord1697
ord1694
ord1688
ord1693
ord47
ord83
ord1139
ord1118
ord1121
ord833
ord730
ord521
ord1059
ord983
ord798
ord1002
ord894
ord1731
ord818
ord397
ord1386
ord1312
ord331
ord92
ord91
ord94
ord1103
ord1154
ord132
ord119
ord135
ord51
ord271
ord158
ord652
ord724
ord1723
ord950
ord914
ord927
ord933
ord940
ord922
ord364
ord339
ord1644
ord775
ord541
ord1228
ord624
ord819
ord1530
ord411
ord11
ord101
ord465
ord416
ord1516
ord434
ord535
ord76
ord5
ord413
ord319
ord137
ord138
ord162
ord142
ord1775
ord1149
ord73
ord814
ord531
ord304
ord1328
ord1643
ord824
ord1188
ord1189
ord1242
ord891
ord1243
ord1174
ord1511
ord1381
ord780
ord865
ord708
ord956
ord1225
ord1498
ord1426
ord1226
ord907
ord384
ord536
ord1405
ord90
ord1602
ord651
ord648
ord649
ord104
ord268
ord1132
ord487
ord341
ord436
ord1683
ord1767
ord424
ord321
ord1730
ord984
ord706
ord906
ord618
ord767
ord866
ord978
ord703
ord269
ord1037
ord1633
ord971
ord313
ord616
ord631
ord622
ord997
ord996
ord729
ord754
ord134
ord133
ord272
ord486
ord423
ord120
ord107
ord122
ord115
ord279
ord161
ord757
ord1674
ord333
ord93
ord1134
ord383
ord1682
ord1512
ord113
ord80
ord124
ord82
ord654
ord1133
ord1013
ord704
ord278
ord726
ord1022
ord1673
ord1631
ord1276
ord64
ord95
ord72
ord1645
ord1337
ord1321
ord1642
ord1635
ord303
ord1375
ord1640
ord277
ord1641
ord1420
ord1365
ord1291
ord1636
ord39
ord100
ord46
ord41
ord44
ord19
ord116
ord1161
ord110
ord12
ord66
ord15
ord23
ord57
ord228
ord1131
ord8
ord160
ord84
ord306
ord325
ord1213
ord821
ord40
ord839
ord1112
ord121
ord771
ord1111
ord1432
ord702
ord745
ord114
ord698
ord721
ord987
ord744
ord628
ord655
ord630
ord126
ord125
ord118
ord143
ord111
ord734
ord267
ord96
ord311
ord646
ord714
ord1170
ord1051
ord739
ord75
ord1637
ord1638
ord1406
ord326
ord1036
ord612
ord938
ord916
ord918
ord929
ord1183
ord958
ord1763
ord952
ord917
ord99
ord1587
ord376
ord1107

mir_app.mir

ord605
ord237
ord110
ord251
ord775
ord890
ord895
ord627
ord130
ord78
ord16
ord77
ord888
ord1040
ord892
ord371
ord365
ord782
ord377
ord992
ord1038
ord831
ord381
ord383
ord382
ord894
ord989
ord286
ord2
ord464
ord606
ord612
ord828
ord940
ord871
ord57
ord60
ord59
ord58
ord501
ord113
ord123
ord814
ord503
ord385
ord281
ord288
ord278
ord758
ord502
ord885
ord925
ord352
ord404
ord253
ord257
ord73
ord628
ord41
ord42
ord911
ord353
ord912
ord763
ord757
ord914
ord784
ord137
ord397
ord386
ord384
ord114
ord115
ord208
ord206
ord767
ord219
ord643
ord634
ord18
ord224
ord204
ord220
ord766
ord202
ord830
ord210
ord222
ord209
ord211
ord201
ord777
ord122
ord400
ord274
ord10
ord11
ord635
ord20
ord930
ord917
ord119
ord121
ord401
ord120
ord117
ord80
ord138
ord330
ord111
ord996
ord997
ord368
ord359
ord957
ord955
ord953
ord951
ord655
ord217
ord218
ord783
ord5
ord118
ord399
ord577
ord644
ord499
ord268
ord14
ord4
ord769
ord135
ord226
ord442
ord443
ord932
ord928
ord920
ord565
ord919
ord915
ord924
ord505
ord8
ord355
ord363
ord351
ord379
ord369
ord364
ord350
ord349
ord378
ord273
ord774
ord772
ord882
ord26
ord29
ord43
ord55
ord53
ord54
ord15
ord770
ord265
ord648
ord647
ord513
ord547
ord200
ord241
ord347
ord555
ord514
ord79

msvcp140

?_Xlength_error@std@@YAXPBD@Z

libjson.mir

ord19
ord67
ord92
ord100
ord87
ord64
ord84
ord18
ord143
ord195
ord197
ord196
ord137
ord192
ord149
ord198
ord148
ord132

dnsapi

DnsFree
DnsQuery_A

secur32

GetUserNameExW

vcruntime140

strstr
strchr
wcschr
strrchr
wcsrchr
memcpy
wcsstr
_purecall
memset
_except_handler4_common
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memmove
memcmp

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free
realloc
_callnewh

api-ms-win-crt-time-l1-1-0

_ctime64
_tzset
__timezone
_gmtime64
_time64
_mkgmtime64
_mktime64

api-ms-win-crt-convert-l1-1-0

wcstol
_i64toa
_wtoi
_itow
atol
atoi
_itoa_s
_atoi64
_itoa
strtol

api-ms-win-crt-string-l1-1-0

strtok
strncmp
iswspace
isspace
wcsncpy_s
_wcsdup
isdigit
strncpy_s
isxdigit
_strlwr
_wcsnicmp
_wcsupr
_strnicmp
strcmp
wcsncat_s
toupper

api-ms-win-crt-stdio-l1-1-0

_chsize
fclose
fwrite
_wfopen
__stdio_common_vswscanf
_write
_close
__stdio_common_vsscanf
_read
_wsopen_dispatch
_filelength
_eof

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_execute_onexit_table
_seh_filter_dll
_crt_atexit
_cexit
_configure_narrow_argv
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wstat64
_wstat64i32

api-ms-win-crt-utility-l1-1-0

qsort
rand

Exports

Exports

MirandaInterfaces

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44862aed3328ea9535cb76bfc6c2bcf4

Headers

DLL Characteristics

File Characteristics

Imports

libcrypto-1_1.mir

comctl32

ws2_32

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

freeimage.mir

libsignal.mir

zlib.mir

mir_core.mir

mir_app.mir

msvcp140

libjson.mir

dnsapi

secur32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 318KB - Virtual size: 318KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 10KB - Virtual size: 15KB

.rsrc Size: 110KB - Virtual size: 110KB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 318KB - Virtual size: 318KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 10KB - Virtual size: 15KB

.rsrc
Size: 110KB - Virtual size: 110KB

.reloc
Size: 37KB - Virtual size: 36KB