21f811f9863e63d2e1a7e9942eea40b8

Sharing

Copy URL

Twitter E-mail

General

Target

21f811f9863e63d2e1a7e9942eea40b8
Size

2.3MB
MD5

21f811f9863e63d2e1a7e9942eea40b8
SHA1

983ba2140521e049615e72c3e7d9d8702f214d83
SHA256

0c1ddda0f5819ac85497de5400bcfb34474e3d7cd028d043525171cefef256b3
SHA512

1ee9789aad428998d2e8c49b69ddf4e94eb6705a555947077fab1cfd56653af47cc726ff920a84b3dfebf6c1641191438b79e1829b156f95e7993acdd48f335c
SSDEEP

49152:UM7DPU7Ku2ocLnbdq6alDLcWLDg3/UnCcxQO8NUQWWxwct1yTnlQT:UVN2DLilMheL5QWWxwct1I2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21f811f9863e63d2e1a7e9942eea40b8

Files

21f811f9863e63d2e1a7e9942eea40b8
.exe windows:5 windows x86 arch:x86

fa9581203a3ab929c476cb6591819086

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winmm

timeKillEvent
timeSetEvent

comctl32

ImageList_DragShowNolock
ImageList_GetDragImage
ImageList_Read
ImageList_Write
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_GetImageInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
InitializeFlatSB
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_SetOverlayImage
ImageList_Replace
ImageList_DrawEx
ImageList_Remove
ImageList_GetIcon
ImageList_LoadImageW
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_Create
ImageList_DragMove

kernel32

HeapAlloc
HeapFree
HeapSize
GetCurrentProcessId
ExitProcess
TerminateProcess
RaiseException
UnhandledExceptionFilter
CreateThread
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
ExitThread
GetExitCodeThread
GetLastError
SetLastError
SetErrorMode
SuspendThread
ResumeThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
Sleep
LoadResource
SizeofResource
GlobalDeleteAtom
GetLogicalDrives
GetFileType
GetFileSize
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
DeviceIoControl
SetEndOfFile
SetFilePointer
FindClose
GetFileTime
SetFileTime
MulDiv
GetSystemTimeAsFileTime
GetLocalTime
GetSystemInfo
GetTimeZoneInformation
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetTickCount
FormatMessageW
MapViewOfFile
UnmapViewOfFile
lstrlenW
HeapDestroy
TlsSetValue
SleepEx
WaitForMultipleObjectsEx
CreateMutexW
OpenMutexW
CreateEventW
CreateFileMappingW
OpenFileMappingW
GetLogicalDriveStringsW
HeapCreate
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetStartupInfoW
GetCommandLineA
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
OutputDebugStringW
FindResourceW
EnumResourceNamesW
GlobalAddAtomW
GlobalFindAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetDriveTypeW
GetTempPathW
GetTempFileNameW
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDiskFreeSpaceW
RemoveDirectoryW
GetFullPathNameW
QueryDosDeviceW
CreateFileW
SetFileAttributesW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileW
MoveFileExW
SetVolumeLabelW
GetVolumeInformationW
GetComputerNameW
QueryPerformanceCounter
QueryPerformanceFrequency
GetVersionExW
GetACP
GetCPInfoExW
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
GetDateFormatW
EnumCalendarInfoW
IsValidLocale
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleOutputCP
GetStartupInfoA
GetModuleHandleA
GetCurrentProcess
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
TlsAlloc
TlsFree
GetEnvironmentVariableA
GetVersionExA
InterlockedDecrement
InterlockedIncrement
FatalAppExitA
GetCPInfo
GetOEMCP
HeapReAlloc
IsBadWritePtr
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalSize
GlobalAlloc
GetVersion
RtlUnwind
GetProcAddress
FreeLibrary
LockResource
FreeResource
LoadLibraryA
CompareStringA
CompareStringW
TlsGetValue
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA

user32

IsWindowEnabled
CreateAcceleratorTableW
GetSystemMetrics
GetMenuStringW
GetMenuState
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
CheckMenuItem
EnableMenuItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
DeleteMenu
TrackPopupMenu
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawTextExW
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
GetDC
GetDCEx
GetWindowDC
ReleaseDC
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
EnableScrollBar
SetPropW
GetPropW
RemovePropW
SetWindowTextW
GetWindowTextW
GetClientRect
GetWindowRect
MessageBoxW
MessageBeep
SetCursorPos
GetCursorPos
HideCaret
ShowCaret
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColorBrush
DrawFocusRect
FillRect
FrameRect
SetRect
EnableWindow
SubtractRect
GetWindowLongW
SetWindowLongW
GetClassLongW
SetClassLongW
GetDesktopWindow
MsgWaitForMultipleObjectsEx
SetParent
CharLowerW
FindWindowW
FindWindowExW
EnumWindows
EnumThreadWindows
GetClassNameW
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadBitmapW
LoadCursorW
DestroyCursor
LoadIconW
CreateIcon
DestroyIcon
CopyImage
DrawIconEx
CopyIcon
GetIconInfo
LoadStringW
IsDialogMessageA
IsDialogMessageW
SetScrollInfo
GetScrollInfo
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SystemParametersInfoW
CharUpperW
OemToCharA
CharToOemA
IsClipboardFormatAvailable
EmptyClipboard
EnumClipboardFormats
CountClipboardFormats
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetDlgCtrlID
GetDlgItem
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
ShowOwnedPopups
ShowWindow
DestroyWindow
IsChild
CreateWindowExW
GetClassInfoW
UnregisterClassW
RegisterClassW
IsWindowUnicode
KillTimer
InflateRect
SetTimer
CallWindowProcW
PostQuitMessage
DefWindowProcW
WaitMessage
PostMessageW
SendMessageW
SendMessageA
GetMessageExtraInfo
GetMessageTime
GetMessagePos
ExitWindowsEx
PeekMessageW
PeekMessageA
DispatchMessageW
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
GetKeyboardType
GetKeyNameTextW
GetKeyboardState
GetAsyncKeyState
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextW
GetParent
CharLowerBuffW
DispatchMessageA
TranslateMessage
DrawFrameControl
DrawEdge
EnumChildWindows
CharUpperBuffW
RegisterWindowMessageW
EnumDesktopWindows
GetKeyboardLayoutList
GetKeyboardLayoutNameW
LoadKeyboardLayoutW
IsZoomed

winspool.drv

EnumPrintersW
DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

OpenProcessToken
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyW
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW
LookupPrivilegeValueW

shell32

ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

ole32

OleRegEnumVerbs
IsAccelerator
CoTaskMemAlloc
OleSetMenuDescriptor
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
StringFromCLSID
OleDraw
ProgIDFromCLSID
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

VariantChangeType
VariantCopy
VariantClear
VariantInit
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msacm32

acmStreamClose

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eshco
Size: 573KB - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa9581203a3ab929c476cb6591819086

Headers

DLL Characteristics

File Characteristics

Imports

winmm

comctl32

kernel32

user32

winspool.drv

advapi32

shell32

ole32

oleaut32

version

msacm32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 13KB - Virtual size: 14.1MB

.tls Size: 512B - Virtual size: 12B

.eshco Size: 573KB - Virtual size: 573KB

.rsrc Size: 156KB - Virtual size: 156KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 13KB - Virtual size: 14.1MB

.tls
Size: 512B - Virtual size: 12B

.eshco
Size: 573KB - Virtual size: 573KB

.rsrc
Size: 156KB - Virtual size: 156KB