23208315df8b9a43528e0c3e8ff73e56

Sharing

Copy URL Twitter E-mail

General

Target

23208315df8b9a43528e0c3e8ff73e56
Size

1.6MB
MD5

23208315df8b9a43528e0c3e8ff73e56
SHA1

2d0bb87abd0348beccba7f93c53f25cb7eb857f6
SHA256

0d0607be84df1c990dee3510646ccea0e793e9471f332338221a647aa6583452
SHA512

11ada9165d07ab672a8325c40abf050ebc3bbcd8c618b7237221a5e57ead409ced4186088108dc2e4ef6e3c640d75cdb4803595385b9825dc85981fccd5ee37b
SSDEEP

49152:FeHXA44b26dRZS+z4ChYyX6dwwb8lr/yHDlkO3ir:EwJSUpn+gn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23208315df8b9a43528e0c3e8ff73e56

Files

23208315df8b9a43528e0c3e8ff73e56
.exe windows:5 windows x86 arch:x86

157b186a79c8e2891776f60dcecb73c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

sqlite3

sqlite3_libversion

msimg32

TransparentBlt
AlphaBlend

mpr

WNetOpenEnumW

comctl32

ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
ord17
InitializeFlatSB
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
_TrackMouseEvent
ImageList_GetBkColor

version

GetFileVersionInfoA
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsValidLocale
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalSize
LockResource
lstrcmpA
lstrcmpiW
lstrcmpW
lstrcpynW
lstrcpyW
InterlockedCompareExchange
MapViewOfFile
MoveFileW
MulDiv
MultiByteToWideChar
OpenFileMappingA
OpenFileMappingW
OpenProcess
OutputDebugStringW
PeekNamedPipe
QueryDosDeviceW
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetLastError
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
WriteProcessMemory
HeapFree
HeapDestroy
HeapAlloc
GlobalUnlock
GlobalMemoryStatus
GlobalLock
GlobalHandle
GlobalGetAtomNameW
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetWindowsDirectoryA
GetVersionExW
GetVersionExA
GetTimeZoneInformation
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathW
GetTempPathA
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
GetStdHandle
GetStartupInfoA
GetProcessTimes
GetPrivateProfileStringW
GetPriorityClass
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLogicalDriveStringsW
GetLocalTime
GetLocaleInfoW
GetLocaleInfoA
GetLastError
GetFullPathNameW
GetFileType
RtlUnwind
GetCurrentProcess
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetFileTime
GetFileSize
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDateFormatW
GetCurrentDirectoryW
GetCurrentDirectoryA
GetCPInfo
GetComputerNameW
GetComputerNameA
GetCommandLineA
GetACP
FreeResource
FormatMessageW
FormatMessageA
FlushInstructionCache
FindResourceW
FindResourceA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
ExitThread
EnumCalendarInfoW
DuplicateHandle
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessW
CreateProcessA
CreatePipe
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
CompareStringW
CompareStringA
CloseHandle
Beep
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCurrentProcessId
GetVersion
GetCommandLineW
InitializeCriticalSection
EnterCriticalSection
ExitProcess
LeaveCriticalSection
LoadLibraryA
GetTickCount
GetProcAddress
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetEnvironmentVariableA
HeapCreate
GetOEMCP
HeapReAlloc
GetStringTypeA
GetStringTypeW
LCMapStringA
lstrlenW
LCMapStringW

user32

SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollRange
SetTimer
SetScrollPos
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
SetClassLongW
SetCapture
SetActiveWindow
SendMessageW
SendMessageTimeoutA
SendMessageA
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterClipboardFormatW
RegisterClassW
RegisterClassA
RedrawWindow
PtInRect
PostThreadMessageW
PostThreadMessageA
PostQuitMessage
PostMessageW
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MessageBoxW
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadImageW
LoadImageA
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuW
InsertMenuItemW
InflateRect
GetWindowThreadProcessId
SetMenuItemInfoW
GetWindowTextA
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMenu
GetSysColorBrush
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetMessageW
GetMessagePos
GetMessageA
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetLastActivePopup
GetKeyState
GetKeyNameTextW
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetCursorPos
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameW
GetClassNameA
GetClassLongW
GetCapture
GetActiveWindow
FrameRect
FindWindowW
FindWindowExW
FindWindowA
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextExW
DrawTextA
DrawMenuBar
DrawIconEx
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefWindowProcA
DefMDIChildProcW
DefFrameProcW
CreateWindowExW
CreateWindowExA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
SetForegroundWindow
SetFocus
SetCursor
GetWindowTextW
SetClipboardData
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerW
CharLowerBuffW
CallWindowProcW
CallWindowProcA
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
AdjustWindowRectEx
ActivateKeyboardLayout
GetKeyboardType
GetClassInfoW

gdi32

GetNearestPaletteIndex
GetObjectType
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetROP2
GetStockObject
GetSystemPaletteEntries
GetTextColor
GetTextExtentExPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointW
GetTextFaceA
GetEnhMetaFilePaletteEntries
GetViewportOrgEx
GetWindowOrgEx
GetWinMetaFileBits
IntersectClipRect
LineTo
MaskBlt
MoveToEx
OffsetViewportOrgEx
GetEnhMetaFileHeader
Pie
PlayEnhMetaFile
Polyline
RealizePalette
Rectangle
RectVisible
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixelV
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
SetWinMetaFileBits
Ellipse
StartDocA
StartDocW
StartPage
StretchBlt
StretchDIBits
TextOutA
TextOutW
UnrealizeObject
GetEnhMetaFileBits
GetDIBits
GetDIBColorTable
GetDeviceCaps
GetDCOrgEx
GetCurrentPositionEx
GetClipRgn
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBkMode
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
PatBlt
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
ExtTextOutW
ExtSelectClipRgn
ExcludeClipRect
EndPage
GetTextMetricsW
BitBlt
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontW
CreateFontIndirectW
CreateFontA
CreateDIBSection
CreateDIBitmap
CreateDCW
CreateCompatibleDC
EndDoc

comdlg32

GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryInfoKeyA
RegOpenKeyExW
RegFlushKey
RegEnumKeyA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueW
LookupAccountSidW
LookupAccountNameW
InitializeSecurityDescriptor
GetUserNameW
GetUserNameA
GetTokenInformation
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorDacl

shell32

ShellExecuteW
ShellExecuteExA
ShellExecuteA
SHGetFileInfoW

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromCLSID
ProgIDFromCLSID

oleaut32

SysReAllocStringLen
SysFreeString
SysAllocStringLen
SetErrorInfo
SafeArrayPtrOfIndex
VariantChangeType
SafeArrayGetLBound
CreateErrorInfo
GetActiveObject
GetErrorInfo
SafeArrayCreate
VariantClear
VariantCopyInd
VariantInit
SafeArrayGetUBound
SafeArrayGetElement

ws2_32

WSAStartup
bind
closesocket
connect
gethostbyname
htons
inet_addr
ioctlsocket
recvfrom
select
setsockopt
sendto
socket
WSACleanup
WSAGetLastError

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fixup
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

157b186a79c8e2891776f60dcecb73c0

Headers

File Characteristics

Imports

sqlite3

msimg32

mpr

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ws2_32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 12KB - Virtual size: 14.1MB

.tls Size: 4KB - Virtual size: 12B

.fixup Size: 8KB - Virtual size: 7KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 12KB - Virtual size: 14.1MB

.tls
Size: 4KB - Virtual size: 12B

.fixup
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 12KB - Virtual size: 12KB