1b1321284c88325d5b18c2a318885bac

Sharing

Copy URL

Twitter E-mail

General

Target

1b1321284c88325d5b18c2a318885bac
Size

930KB
MD5

1b1321284c88325d5b18c2a318885bac
SHA1

0cdf037fcebb2849a9bd674f8b1e0319dd411d7a
SHA256

27f5cdccdce7187a3a46207d5591cf2cc62a240ef13dc2dd2391dcaebc4ffce5
SHA512

111e77c01347d7765111088b8c184b2507a20382781196513f379498cfedcf9b0783057fcb3c0566f1681b2d99211442bf0e27128be9d8121978c99ea654710b
SSDEEP

24576:uIOOZGwZecTL/GgaZZZoaf76GuSkGRgN3Z2IWn/83:uIOOZf3TL/GP7967Z5WE3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b1321284c88325d5b18c2a318885bac

Files

1b1321284c88325d5b18c2a318885bac
.exe windows:5 windows x86 arch:x86

710e4304048299a2a0981756f21ae592

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

ReadFile
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetPrivateProfileIntA
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
LocalUnlock
LocalLock
GetFileAttributesExA
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileSizeEx
GetModuleHandleW
GetCPInfo
GetOEMCP
GetAtomNameA
SetErrorMode
GetTempFileNameA
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetThreadLocale
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
ExitThread
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
VirtualFree
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetStringTypeExA
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalSize
lstrlenW
GetCurrentProcessId
SuspendThread
SetThreadPriority
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
CompareStringA
InterlockedExchange
PulseEvent
OpenEventA
ReleaseMutex
OpenMutexA
CreateMutexA
GetExitCodeThread
ResumeThread
CreateThread
ExpandEnvironmentStringsA
GetUserDefaultLangID
FormatMessageA
GetSystemInfo
GetStartupInfoA
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
CopyFileA
CreateDirectoryA
lstrcatA
FlushFileBuffers
GetDiskFreeSpaceA
GlobalFree
HeapFree
GetProcessHeap
HeapAlloc
QueryDosDeviceA
lstrcmpiA
lstrcpyA
GetPrivateProfileSectionA
GetFileTime
CompareFileTime
WritePrivateProfileStringA
lstrcmpA
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
WaitForMultipleObjectsEx
DeleteFileA
MoveFileA
GetLogicalDrives
GetDriveTypeA
LocalAlloc
LocalFree
Sleep
GetSystemDefaultLCID
GetUserDefaultLCID
GetVersionExA
GetSystemDirectoryA
GetShortPathNameA
GetEnvironmentVariableA
GetTempPathA
GetLocaleInfoA
GetSystemDefaultLangID
GetLocalTime
InitializeCriticalSection
GetFileSize
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
WriteFile
OutputDebugStringA
CreateFileA
GetCommandLineA
FindResourceExA
SetLastError
WideCharToMultiByte
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
SetEvent
CloseHandle
CreateEventA
ResetEvent
GetPrivateProfileStringA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetProfileStringA
WriteProfileStringA
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalAlloc
FreeResource
GlobalLock
GlobalUnlock
MulDiv
GetProcAddress
GetCurrentProcess
FreeLibrary
LoadLibraryA
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThreadId
GetTickCount
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetModuleFileNameA
GetFullPathNameA
GetFileAttributesA
MultiByteToWideChar
ExitProcess

user32

MapVirtualKeyA
GetKeyNameTextA
WindowFromPoint
KillTimer
SetTimer
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetMenuBarInfo
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorA
SetRectEmpty
GetDialogBaseUnits
UnregisterClassA
DestroyMenu
GetMenuItemInfoA
DestroyIcon
LoadCursorA
GetSysColorBrush
InflateRect
GetTabbedTextExtentA
SetRect
MessageBeep
IsClipboardFormatAvailable
DeleteMenu
CharUpperA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
IsRectEmpty
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
SetWindowPos
ScrollWindowEx
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
GetWindow
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
LoadStringA
MessageBoxExA
MessageBoxA
IsWindow
WaitForInputIdle
MsgWaitForMultipleObjects
PostQuitMessage
EnumWindows
SetWindowTextA
GetSystemMetrics
LoadIconA
EnableWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetCapture
LockWindowUpdate
GetDCEx
UnionRect
SetParent
OffsetRect
GetSystemMenu
SetForegroundWindow
GetDesktopWindow
InvalidateRect
UpdateWindow
GetWindowRect
IsIconic
LoadBitmapA
GetWindowLongA
GetDC
SetWindowLongA
ReleaseDC
PeekMessageA
TranslateMessage
DispatchMessageA
PostMessageA
SendMessageA
RegisterWindowMessageA
CheckDlgButton
SetMenu

gdi32

CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CopyMetaFileA
CreateDCA
GetDCOrgEx
DPtoLP
GetTextMetricsA
GetCharWidthA
CreateFontIndirectA
CreateRectRgnIndirect
PlayMetaFile
CombineRgn
GetMapMode
PatBlt
GetTextExtentPoint32A
StartPage
EndPage
SetAbortProc
AbortDoc
GetObjectType
StretchDIBits
GetBkColor
StartDocA
SetRectRgn
EnumMetaFile
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
PtVisible
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
CreateFontA
GetLayout
SetLayout
GetDeviceCaps
CreateCompatibleDC
EndDoc
CreateCompatibleBitmap
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
StretchBlt
BitBlt
GetObjectA
RectVisible

comdlg32

GetFileTitleA

winspool.drv

StartPagePrinter
EnumPortsA
OpenPrinterA
ClosePrinter
GetPrinterDriverDirectoryA
GetPrinterA
SetPrinterA
EndPagePrinter
EndDocPrinter
StartDocPrinterA
GetPrinterDriverA
EnumPrintersA
AddMonitorA
EnumMonitorsA
EnumPrinterDriversA
DocumentPropertiesA
GetJobA

advapi32

SetFileSecurityA
RegSetValueA
RegQueryValueA
RegEnumKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegOpenKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
LookupAccountSidA
FreeSid
QueryServiceConfigA
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CloseServiceHandle
CreateProcessAsUserA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
GetFileSecurityA

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathRemoveExtensionA
UrlUnescapeA
PathFindExtensionA
PathRemoveFileSpecW

ole32

CoInitialize
CreateStreamOnHGlobal
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
StringFromGUID2
CoDisconnectObject
CLSIDFromString
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
OleLoadPicturePath
OleLoadPicture
VarBstrFromDate
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr

wininet

InternetGetCookieA
InternetQueryDataAvailable
FtpDeleteFileA
FtpRenameFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpPutFileA
FtpGetFileA
InternetErrorDlg
HttpAddRequestHeadersA
HttpQueryInfoA
InternetFindNextFileA
InternetCloseHandle
GopherFindFirstFileA
InternetSetCookieA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestA
HttpEndRequestA
HttpSendRequestExA
GopherGetAttributeA
FtpOpenFileA
FtpCommandA
GopherCreateLocatorA
FtpFindFirstFileA
InternetConnectA
GopherOpenFileA
InternetOpenUrlA
InternetSetOptionExA
InternetQueryOptionA
InternetCrackUrlA
InternetGetLastResponseInfoA
HttpOpenRequestA
InternetCanonicalizeUrlA

Sections

.text
Size: 681KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

710e4304048299a2a0981756f21ae592

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

wininet

Sections

.text Size: 681KB - Virtual size: 680KB

.rdata Size: 174KB - Virtual size: 173KB

.data Size: 12KB - Virtual size: 93KB

.rsrc Size: 62KB - Virtual size: 61KB

.text
Size: 681KB - Virtual size: 680KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 12KB - Virtual size: 93KB

.rsrc
Size: 62KB - Virtual size: 61KB