1c62ac5c2cd8ace60a000d4db9559ae24c4d8541771ebd5376fd2f64d3fbd9ba

Sharing

Copy URL Twitter E-mail

General

Target

1c62ac5c2cd8ace60a000d4db9559ae24c4d8541771ebd5376fd2f64d3fbd9ba
Size

1.9MB
MD5

217aa0edb631392f5536891956221af7
SHA1

b5970daf8e8dd697f7cb3e22fdcbb9f775f11942
SHA256

1c62ac5c2cd8ace60a000d4db9559ae24c4d8541771ebd5376fd2f64d3fbd9ba
SHA512

4f8a83536f1f6a8f2a38fb5708560f406b8c25dbf42b8761c4d112c797ea5ff40f5eda2d4ac5e8e12019e740f5ac5b5894f4c938c1d3d9e0056d64fdddce0ed0
SSDEEP

24576:lNRyIWLxek0KELfZk0V51T2IWjlnC6AzEfWqDiEL0bvp4dwRwbKMWxBIvH:lNRyxsLfmy6AzkWYiEL0bB4wRwbqxBO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c62ac5c2cd8ace60a000d4db9559ae24c4d8541771ebd5376fd2f64d3fbd9ba

Files

1c62ac5c2cd8ace60a000d4db9559ae24c4d8541771ebd5376fd2f64d3fbd9ba
.exe windows:6 windows x86 arch:x86

45fd6e644af26799a70abdd23e68175d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstChangeNotificationW
FindCloseChangeNotification
SetFileTime
GetTempFileNameW
GetShortPathNameW
CreateDirectoryW
SearchPathW
CompareFileTime
GetFileInformationByHandle
OpenFileMappingW
SwitchToThread
ResetEvent
WaitForSingleObjectEx
lstrcmpiW
LoadLibraryExW
GetModuleHandleW
GetSystemDirectoryW
Sleep
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
DecodePointer
GetLocalTime
GetCurrentThreadId
SetLastError
VerifyVersionInfoW
InitializeCriticalSectionEx
RaiseException
VerSetConditionMask
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DeleteFileW
UnlockFile
ReadFile
LockFile
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetModuleFileNameExW
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
GetLastError
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
FormatMessageW
ReleaseMutex
WriteConsoleW
SetEndOfFile
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapDestroy
CloseHandle
SetFilePointer
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
GetFileAttributesExW
CreateFileW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
GetCurrentProcess
lstrcpynW
lstrlenW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFullPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
RemoveDirectoryW
SetFileAttributesW
GetTickCount
GetVersionExW
MoveFileExW
GetFileSizeEx
OutputDebugStringW
SetEvent
WaitForSingleObject
OutputDebugStringA
TerminateProcess
GetExitCodeProcess
GetWindowsDirectoryW
MoveFileW
CreateFileA
DeleteFileA
WriteFile
GetTempPathA
GetTempFileNameA
CreateEventW
WaitForMultipleObjects
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InterlockedCompareExchange
FreeResource
GetSystemWindowsDirectoryW
DeviceIoControl
lstrcmpA
lstrcmpiA
LocalAlloc
CopyFileW
FindFirstFileA
FindNextFileA
RtlUnwind
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue

user32

UnregisterClassA
wsprintfW
SetTimer
KillTimer
SetCursor
DrawFocusRect
PtInRect
ReleaseDC
CharNextW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
GetClassInfoExW
RegisterClassExW
IsDialogMessageW
GetActiveWindow
EndDialog
DialogBoxParamW
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
MapWindowPoints
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
EqualRect
UnionRect
OffsetRect
CopyRect
FindWindowW
DestroyCursor
PostMessageW
FindWindowExW
GetWindowThreadProcessId
SendMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
UnregisterClassW
CreateWindowExW
GetDC
SendNotifyMessageW
SetForegroundWindow
IsWindow
DestroyWindow
ShowWindow
UpdateLayeredWindow
MoveWindow
SendMessageTimeoutW
RegisterWindowMessageW
GetShellWindow
LoadStringW
SetWindowPos
IsWindowVisible
IsIconic
GetAsyncKeyState
SetCapture
ReleaseCapture
BeginPaint

gdi32

SelectClipRgn
CreateDIBSection
GetObjectW
SetViewportOrgEx
CreateCompatibleBitmap
SelectObject
EnumFontFamiliesW
CreateFontW
OffsetViewportOrgEx
RectVisible
BitBlt
SaveDC
RestoreDC
CreateCompatibleDC
DeleteObject
DeleteDC
CreateRectRgnIndirect

advapi32

QueryServiceStatus
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
RegQueryValueExW
OpenProcessToken
CryptContextAddRef
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegGetValueW
UnlockServiceDatabase
StartServiceW
QueryServiceStatusEx
QueryServiceLockStatusW
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
RegEnumValueW
GetTokenInformation
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
ChangeServiceConfigW
ChangeServiceConfig2W

shell32

ShellExecuteW
CommandLineToArgvW
SHFileOperationW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW
ord165

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
CoCreateGuid
OleRun
CoUninitialize

oleaut32

VarUI4FromStr
VariantCopy
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantChangeType
SysFreeString
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysStringLen
VarBstrCmp
VariantClear

shlwapi

wnsprintfW
PathFileExistsW
SHGetValueW
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
PathFindFileNameA
PathRenameExtensionA
StrStrIW
PathIsDirectoryW
PathAppendA
SHGetValueA
StrToIntExW
StrCmpIW
StrStrIA
StrTrimA
StrCmpNIW
SHSetValueW
PathCombineW
PathFindExtensionW
PathIsRelativeW
PathIsRootW
SHSetValueA
AssocQueryStringW
SHDeleteKeyW
PathIsPrefixW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateFromHDC
GdipCreateImageAttributes
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipCloneBrush
GdipFree
GdipAlloc
GdipSetImageAttributesColorMatrix
GdipSetStringFormatFlags
GdipDisposeImageAttributes
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipSetStringFormatAlign
GdipGetImageWidth
GdipDeleteBrush

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

setupapi

SetupIterateCabinetW

crypt32

CertGetNameStringW
CryptBinaryToStringA
CryptBinaryToStringW
CryptStringToBinaryA
CryptStringToBinaryW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 25KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

45fd6e644af26799a70abdd23e68175d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

psapi

iphlpapi

wininet

urlmon

setupapi

crypt32

wintrust

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 236KB - Virtual size: 236KB

.data Size: 25KB - Virtual size: 45KB

.rsrc Size: 399KB - Virtual size: 398KB

.reloc Size: 131KB - Virtual size: 132KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 236KB - Virtual size: 236KB

.data
Size: 25KB - Virtual size: 45KB

.rsrc
Size: 399KB - Virtual size: 398KB

.reloc
Size: 131KB - Virtual size: 132KB