738b20194fd9c91fda6d5da51233e0483047f8d6d1ca1c5f90e5973be6b20732

Sharing

Copy URL Twitter E-mail

General

Target

738b20194fd9c91fda6d5da51233e0483047f8d6d1ca1c5f90e5973be6b20732
Size

2.0MB
MD5

89285f516c575e47be3be49427d4bb7a
SHA1

55b60235c788aeb35ca6c695223fa949ec8d0ad3
SHA256

738b20194fd9c91fda6d5da51233e0483047f8d6d1ca1c5f90e5973be6b20732
SHA512

4c37da62eab4f95b179c2dd31ae4ad58b7d0b14c71194de98b835952e1dbddce81565a8e582a9d3a324300baa6a61ab40493c68968ef3e80cfb5d907bd7e2656
SSDEEP

49152:fq3jdt9zOo87qJ/UwUj+WdS8pffaTOToPKTbXl:fqX4oUdhjTo+B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
738b20194fd9c91fda6d5da51233e0483047f8d6d1ca1c5f90e5973be6b20732

Files

738b20194fd9c91fda6d5da51233e0483047f8d6d1ca1c5f90e5973be6b20732
.exe windows:5 windows x86 arch:x86

a0c0e88f817d8b71968c1612e813c393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHGetValueW
StrToIntExW
UrlUnescapeW
StrCmpIW
PathFileExistsW
SHDeleteKeyW
StrCpyW
PathIsUNCW
PathIsNetworkPathW
PathCreateFromUrlW
PathCanonicalizeW
StrStrIW
PathIsURLW
StrFormatByteSizeW
PathAddBackslashW
PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveBackslashW
PathIsRelativeW
PathAppendW

dnsapi

DnsRecordListFree
DnsQuery_W

libmysql

mysql_fetch_row
mysql_free_result
mysql_init
mysql_real_connect
mysql_close
mysql_list_dbs
mysql_error

crypt32

CertOpenStore

odbc32

ord12
ord72
ord30
ord176
ord111
ord117
ord75
ord141
ord13
ord119
ord31
ord24
ord43
ord136
ord9
ord145
ord108
ord127
ord18
ord20
ord154

secur32

InitSecurityInterfaceW

libcrypto-1_1

PEM_write_bio_RSAPrivateKey
BIO_s_mem
EVP_PKEY_free
RSA_new
BIO_new
BN_new
BIO_free
PEM_read_bio_PrivateKey
RSA_generate_key_ex
RSA_free
PEM_write_bio_PUBKEY
BN_free
BIO_read
BN_set_word
BIO_new_mem_buf

mfc90u

ord6493
ord277
ord6574
ord2141
ord3500
ord784
ord582
ord3235
ord2676
ord4901
ord5445
ord1188
ord1204
ord1256
ord3947
ord4898
ord3799
ord1115
ord1226
ord1356
ord2151
ord1487
ord3187
ord457
ord707
ord3862
ord3030
ord3330
ord5546
ord1825
ord1826
ord4206
ord4683
ord4450
ord998
ord5903
ord6034
ord1571
ord6262
ord4993
ord6686
ord2601
ord1252
ord1253
ord6397
ord3343
ord3246
ord2551
ord517
ord6697
ord820
ord601
ord316
ord1251
ord1228
ord1865
ord1363
ord2149
ord4490
ord2485
ord453
ord2539
ord946
ord818
ord484
ord1458
ord6164
ord2048
ord1314
ord1943
ord1918
ord6554
ord4010
ord1935
ord2953
ord3749
ord579
ord781
ord5943
ord2955
ord3534
ord400
ord5543
ord5793
ord1565
ord5938
ord809
ord551
ord6205
ord2726
ord3445
ord2046
ord1932
ord2971
ord5925
ord481
ord724
ord2075
ord2077
ord3128
ord5265
ord5260
ord491
ord729
ord5825
ord6469
ord6539
ord6350
ord2197
ord6218
ord791
ord6349
ord3160
ord3282
ord3665
ord3728
ord3081
ord4306
ord480
ord5845
ord1360
ord578
ord6835
ord1783
ord1716
ord3651
ord775
ord406
ord665
ord2490
ord2501
ord4322
ord3018
ord3375
ord3374
ord2654
ord5852
ord2696
ord5854
ord306
ord3015
ord2907
ord6273
ord3513
ord6174
ord6418
ord5850
ord5863
ord6040
ord5974
ord2867
ord4579
ord6060
ord6063
ord6196
ord2262
ord6692
ord4275
ord3110
ord3934
ord4890
ord4897
ord6482
ord1186
ord1174
ord2548
ord1098
ord4441
ord996
ord5831
ord341
ord617
ord5567
ord6763
ord5675
ord384
ord646
ord1114
ord995
ord3032
ord3332
ord5833
ord5545
ord6033
ord1570
ord3365
ord2236
ord4746
ord4892
ord1313
ord3853
ord4971
ord4965
ord4710
ord4013
ord451
ord576
ord779
ord4720
ord1486
ord6338
ord6424
ord2341
ord2340
ord6181
ord2189
ord4424
ord5619
ord6595
ord2652
ord4766
ord6036
ord6575
ord4127
ord3662
ord4687
ord4698
ord5658
ord2071
ord4431
ord980
ord6382
ord6380
ord3232
ord4731
ord5452
ord5449
ord2080
ord1733
ord4126
ord343
ord619
ord3995
ord1426
ord3499
ord4614
ord6545
ord3022
ord4445
ord6635
ord5770
ord1049
ord1069
ord2547
ord2366
ord6494
ord3639
ord766
ord5603
ord1581
ord1246
ord5560
ord402
ord5194
ord5586
ord2572
ord3663
ord789
ord4038
ord1145
ord463
ord711
ord2757
ord2532
ord1220
ord1255
ord6515
ord5387
ord569
ord770
ord2152
ord1420
ord3054
ord3807
ord1365
ord3687
ord2351
ord6512
ord5891
ord5897
ord4582
ord3588
ord6130
ord5982
ord3131
ord4822
ord1678
ord3188
ord3176
ord1064
ord2703
ord310
ord821
ord6702
ord6704
ord4252
ord6657
ord3813
ord3855
ord3838
ord3883
ord3835
ord3915
ord3866
ord3810
ord2954
ord553
ord757
ord6169
ord5893
ord445
ord697
ord4195
ord3321
ord4475
ord5917
ord903
ord3568
ord6127
ord281
ord3854
ord5980
ord307
ord2697
ord6762
ord5606
ord6044
ord1462
ord5861
ord3009
ord5945
ord4677
ord2090
ord6553
ord4906
ord4684
ord3340
ord3035
ord4004
ord5137
ord4167
ord4773
ord4270
ord3158
ord4171
ord3146
ord4772
ord4041
ord349
ord621
ord5623
ord4808
ord3945
ord2337
ord4140
ord2558
ord4514
ord5795
ord1279
ord2700
ord1557
ord2527
ord953
ord6734
ord4467
ord5773
ord6081
ord2317
ord5535
ord3017
ord3020
ord3013
ord3407
ord3575
ord3486
ord6817
ord1724
ord2596
ord1096
ord3165
ord3155
ord3061
ord1689
ord6807
ord5939
ord1585
ord290
ord3396
ord2224
ord1018
ord756
ord547
ord5932
ord3115
ord4905
ord1855
ord4309
ord3993
ord5322
ord338
ord3868
ord4451
ord1043
ord3231
ord6666
ord1533
ord1357
ord2130
ord3577
ord2282
ord4512
ord783
ord581
ord788
ord585
ord3563
ord3252
ord4658
ord2280
ord1046
ord790
ord586
ord5168
ord5510
ord5509
ord5511
ord5508
ord5231
ord5047
ord5301
ord5277
ord4608
ord4632
ord5661
ord5152
ord3628
ord6385
ord2365
ord3145
ord6353
ord6355
ord6347
ord4266
ord1063
ord1088
ord4262
ord2595
ord1688
ord4026
ord686
ord436
ord753
ord539
ord2469
ord1353
ord636
ord367
ord1552
ord6359
ord2145
ord3191
ord6361
ord702
ord452
ord6813
ord6514
ord4251
ord6170
ord287
ord4518
ord4405
ord3183
ord6167
ord6511
ord693
ord2470
ord4727
ord608
ord324
ord403
ord3589
ord1707
ord6811
ord5767
ord1243
ord2571
ord5778
ord6822
ord2372
ord1383
ord4774
ord1603
ord744
ord524
ord4527
ord1268
ord266
ord3741
ord6687
ord5895

msvcr90

_vscwprintf
vsprintf
_vscprintf
towlower
_vsnwprintf
strcat_s
sprintf_s
strncpy_s
strcpy_s
calloc
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
wcsftime
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
wcstombs
tolower
_ultow
qsort
_strupr
_wcsdup
_i64tow
_wcstoui64
wcstol
_msize
sscanf
_wcstoi64
strpbrk
realloc
atoi
modf
toupper
ceil
_time64
_ui64tow
_wsetlocale
iswascii
_resetstkoflw
strrchr
iswspace
strncmp
_i64tow_s
_snprintf
_mktime64
isalpha
memchr
strtok
_amsg_exit
__wgetmainargs
_cexit
_strlwr
strncpy
sprintf
strchr
_wgetcwd
_wchdir
_wsplitpath
rand
srand
_CxxThrowException
memset
_stricmp
_localtime64_s
wcsrchr
_wtoi64
wcsncpy
wcscspn
_wcslwr
iswupper
iswlower
iswgraph
clock
_wcsupr
iswdigit
iswalpha
wcsspn
memmove_s
malloc
strtoul
_wtol
wcstoul
iswxdigit
wcsncmp
wcsstr
memcpy
_except_handler3
_CIsqrt
_CIlog
_CIcos
_CIsin
_CIatan
swscanf
_sprintf_l
_create_locale
wcstod
wcstok
_itow
_wtoi
strstr
_itoa
isalnum
_snwprintf
free
_strnicmp
iswalnum
wcschr
memcpy_s
memmove
_purecall
wcspbrk
_wcsnicmp
floor
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
__CxxFrameHandler3
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_wcsicmp

kernel32

GlobalMemoryStatus
LocalAlloc
GetSystemInfo
GetCurrentProcess
PostQueuedCompletionStatus
SwitchToFiber
GetThreadPriority
GetCurrentThread
GetUserDefaultUILanguage
FindFirstFileExW
CreateIoCompletionPort
ResumeThread
OutputDebugStringA
GetModuleHandleA
ExpandEnvironmentStringsA
TlsSetValue
TlsFree
TlsAlloc
LoadLibraryA
GetSystemDirectoryA
InterlockedExchange
GlobalReAlloc
MoveFileExW
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingW
FormatMessageW
LoadLibraryExW
TzSpecificLocalTimeToSystemTime
GetVersion
GetTempPathW
GetCurrentThreadId
WriteFile
GetFileTime
ReadFile
ReleaseMutex
CreateMutexW
GetVersionExW
DosDateTimeToFileTime
GlobalFree
GetLocaleInfoW
SetFileTime
GetCurrentProcessId
SystemTimeToFileTime
RemoveDirectoryW
WritePrivateProfileStringW
FindClose
FindNextFileW
FindFirstFileW
GetEnvironmentVariableW
CreateFileW
CreateProcessW
FreeLibrary
SizeofResource
GetSystemTime
IsValidLocale
IsValidCodePage
GetDateFormatA
GetLocalTime
FileTimeToDosDateTime
OpenProcess
LockResource
lstrcpyW
CreateDirectoryW
ExpandEnvironmentStringsW
GlobalSize
lstrcmpiW
lstrcmpW
lstrlenA
MulDiv
LoadResource
FindResourceW
SetThreadLocale
GetProcessHeap
HeapAlloc
GetThreadLocale
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
GlobalLock
WideCharToMultiByte
lstrlenW
GetUserDefaultLCID
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
InterlockedDecrement
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExW
LocalFree
GetDriveTypeW
SetVolumeLabelW
GetDiskFreeSpaceW
RaiseException
CopyFileW
lstrcpynW
GetProcAddress
GetModuleHandleW
LoadLibraryW
SetLastError
SetFileAttributesW
GetACP
WaitForMultipleObjects
CloseHandle
WaitForSingleObject
SetEvent
CreateThread
CreateSemaphoreW
CreateEventW
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
DeleteFileW
GetSystemTimeAsFileTime
GetTickCount
Sleep
GetLastError
GetFileAttributesW
GetComputerNameW
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
SetFilePointer
CreateFileA
TerminateProcess
HeapFree
CancelIo
InterlockedCompareExchange
ResetEvent
InitializeCriticalSectionAndSpinCount
GetExitCodeProcess
GetQueuedCompletionStatus
InterlockedIncrement

user32

GetWindowRect
SendMessageW
LoadIconW
MessageBeep
GetKeyState
ClientToScreen
GetClientRect
TrackPopupMenu
DestroyMenu
EnableMenuItem
IsClipboardFormatAvailable
RegisterClipboardFormatW
IsWindowVisible
GetDlgItem
IsZoomed
GetFocus
GetNextDlgTabItem
GetParent
SetTimer
LoadAcceleratorsW
TranslateAcceleratorW
DestroyIcon
PostMessageW
KillTimer
ScreenToClient
GetDesktopWindow
GetDC
ReleaseDC
PeekMessageW
SetRectEmpty
GetSysColor
GetSystemMetrics
InvalidateRect
DrawFrameControl
AdjustWindowRect
UpdateWindow
LoadImageW
DrawIconEx
CreatePopupMenu
InsertMenuW
EnableWindow
CharLowerBuffW
GetMenuDefaultItem
SetMenuDefaultItem
DeleteMenu
AppendMenuW
TrackPopupMenuEx
IsChild
GetWindowLongW
GetMessagePos
PtInRect
LoadMenuW
GetSubMenu
SetRect
CharUpperBuffW
IntersectRect
IsRectEmpty
OpenClipboard
GetClipboardData
CloseClipboard
CheckMenuRadioItem
LoadCursorW
GetTabbedTextExtentW
GetLastActivePopup
IsWindow
LoadBitmapW
OffsetRect
CopyRect
DrawFocusRect
RedrawWindow
ReleaseCapture
SetCapture
InflateRect
DrawEdge
UnionRect
SystemParametersInfoW
FillRect
GetCursorPos
GetMenuItemCount
MessageBoxW
SetWindowPos
GetMenuItemID
OemToCharBuffA
CharToOemBuffA
BeginPaint
EndPaint
RegisterWindowMessageW
EmptyClipboard
SetClipboardData
GetSysColorBrush
SetClassLongW
EqualRect
CharLowerW
RegisterClassW
WindowFromPoint
ClipCursor
DefWindowProcW
GetClassInfoW
GetClassLongW
SetCursor
SetPropW
CreateWindowExW
CallWindowProcW
GetPropW
WaitForInputIdle
DestroyWindow
SetMenuItemInfoW
GetMenuItemInfoW
SetMenuInfo
SetForegroundWindow
IsIconic
GetWindow
AdjustWindowRectEx
SetFocus
GetMessageW
SetWindowLongW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FrameRect
SetDlgItemTextA
IsCharAlphaNumericW
MapDialogRect
LoadStringW
MsgWaitForMultipleObjects
GetMenuStringW
GetClassNameW
ShowWindow
RemoveMenu
wsprintfW
GetDlgCtrlID
InvertRect
DispatchMessageW
TranslateMessage
SetCaretPos
CreateCaret
DestroyCaret
GetCapture
GetDoubleClickTime
ShowCaret
HideCaret

gdi32

CreatePen
CreatePatternBrush
EnumFontFamiliesW
Escape
RectVisible
PtVisible
CreateICW
TextOutW
CreateFontW
SetTextColor
SetTextAlign
GetTextColor
SetBkMode
GetTextExtentPointW
GetCurrentObject
GetKerningPairsW
GetCharWidthW
CreateSolidBrush
GetBkColor
GetPaletteEntries
SetPixel
LineDDA
ExtTextOutW
ScaleWindowExtEx
DPtoLP
DeleteObject
DeleteDC
CreateCompatibleBitmap
GetDeviceCaps
GetTextMetricsW
BitBlt
PatBlt
GetTextExtentPoint32W
Rectangle
CreateFontIndirectW
GetObjectA
SelectObject
CreateCompatibleDC
GetStockObject
GetObjectW
CreateDIBSection

advapi32

RegOpenKeyW
SetFileSecurityW
GetUserNameW
ChangeServiceConfigW
EnumDependentServicesW
ControlService
StartServiceW
QueryServiceStatus
UnlockServiceDatabase
LockServiceDatabase
MakeSelfRelativeSD
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
AddAce
GetAce
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountSidW
LookupAccountNameW
OpenProcessToken
OpenThreadToken
GetTokenInformation
FreeSid
AllocateAndInitializeSid
CopySid
IsValidSid
GetLengthSid
RegDeleteValueW
RegEnumValueW
RegEnumKeyW
RegCreateKeyExW
RegConnectRegistryW
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RevertToSelf
AllocateLocallyUniqueId
LogonUserW
ImpersonateLoggedOnUser
SetThreadToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegQueryValueW
IsTextUnicode
EqualSid

shell32

ExtractIconExW
ShellExecuteW
ShellExecuteExW
SHCreateDirectoryExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DragQueryFileW

comctl32

ImageList_DrawEx
_TrackMouseEvent
InitCommonControlsEx

ole32

ReleaseStgMedium
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
StringFromGUID2
OleGetClipboard
StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoFileTimeNow
CoGetMalloc
RegisterDragDrop
CoRegisterMessageFilter
RevokeDragDrop
CoInitializeSecurity
GetHGlobalFromStream
CreateBindCtx
CreateStreamOnHGlobal
CoTaskMemAlloc
CoGetClassObject

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
VarCmp
SafeArrayGetDim
SysAllocStringLen
SafeArrayDestroy
VarDecFromStr
SafeArrayRedim
VarNeg
VarAdd
VarUdateFromDate
VariantTimeToDosDateTime
SafeArrayAllocDescriptorEx
SafeArrayAllocData
CreateErrorInfo
VarR8FromDec
SafeArrayCreateVector
SysStringLen
SetErrorInfo
GetErrorInfo
VariantChangeTypeEx
VariantCopy
VariantInit
SysFreeString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VariantClear
SysAllocString
SafeArrayGetElemsize

urlmon

FindMimeFromData
CoInternetGetSession

wsock32

gethostname
WSASetLastError
ioctlsocket
WSAGetLastError
htons
getservbyname
htonl
gethostbyname
ntohs
getservbyport
gethostbyaddr
WSAStartup
WSACleanup
closesocket
socket
bind
listen
connect
getsockname
send
ord1141
ord1142
inet_ntoa
setsockopt
shutdown
accept
select
sendto
recvfrom
inet_addr
recv

zlib

_crc32@12
_deflateEnd@4
_inflateInit2_@16
_inflate@8
_inflateEnd@4
_deflate@8
_deflateInit2_@32
_get_crc_table@0

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

mpr

WNetGetUniversalNameW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetReadFile
HttpQueryInfoW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetGetJoinInformation
NetApiBufferFree

rpcrt4

UuidCreate

ws2_32

WSARecv
WSASend
WSAEventSelect

iphlpapi

GetNetworkParams
GetIpAddrTable

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 552KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0c0e88f817d8b71968c1612e813c393

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

dnsapi

libmysql

crypt32

odbc32

secur32

libcrypto-1_1

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

wsock32

zlib

msvcp90

mpr

wininet

version

netapi32

rpcrt4

ws2_32

iphlpapi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 552KB - Virtual size: 551KB

.data Size: 6KB - Virtual size: 10KB

.rsrc Size: 21KB - Virtual size: 21KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 552KB - Virtual size: 551KB

.data
Size: 6KB - Virtual size: 10KB

.rsrc
Size: 21KB - Virtual size: 21KB