0207abbda5f4187b7c7432deb85e1db8abd5d4cbd19068b67852d7c91fd51442

Sharing

Copy URL Twitter E-mail

General

Target

0207abbda5f4187b7c7432deb85e1db8abd5d4cbd19068b67852d7c91fd51442
Size

4.3MB
MD5

e3f95414f17d9683575e7a1fb7ecd006
SHA1

83ed03f243a53e9e0f32897e6f99aad7ce92917f
SHA256

0207abbda5f4187b7c7432deb85e1db8abd5d4cbd19068b67852d7c91fd51442
SHA512

a2515408b9e8e85168d345366bdc70b1643c728bebd06ec4489955ae33bcb0106d0c5d33e302c26ffc51fb90bc2eda7718191dee4e36c4f2218eb4f8ecf6e83a
SSDEEP

49152:cu/ICSVPJtI2m+TyMSXdrbDHE8qBSlGVaRjxfa9GPRxzPfEd2CH4u2JLZs8jSInk:iJtIVMStrbDk8qBG5xCeRxjfkv+LyGd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0207abbda5f4187b7c7432deb85e1db8abd5d4cbd19068b67852d7c91fd51442

Files

0207abbda5f4187b7c7432deb85e1db8abd5d4cbd19068b67852d7c91fd51442
.exe windows:6 windows x64 arch:x64

44c0f026c24ea43148b4c18b91414977

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

PlaySoundW

kernel32

GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
MoveFileExA
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
GetFileAttributesExW
GlobalUnlock
AreFileApisANSI
GetCurrentProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
SleepEx
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
AllocConsole
GetConsoleWindow
Process32FirstW
Process32NextW
Sleep
OpenProcess
SetConsoleTitleA
Module32NextW
WideCharToMultiByte
Module32FirstW
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
SetLastError
QueryFullProcessImageNameW
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
VirtualQueryEx
GetModuleHandleW
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
WaitForSingleObjectEx
CreateFileMappingW
VirtualProtect
RtlCaptureContext
CreateThread
CreateToolhelp32Snapshot
WriteProcessMemory
ReadProcessMemory
CreateFileW
GetFileInformationByHandleEx
GetModuleHandleA

user32

MessageBoxA
GetAsyncKeyState
SetLayeredWindowAttributes
ShowWindow
SetClipboardData
mouse_event
GetWindowLongW
DefWindowProcW
SetWindowPos
CreateWindowExW
UnregisterClassW
RegisterClassExW
DispatchMessageW
PeekMessageW
SetWindowDisplayAffinity
TranslateMessage
SetWindowLongW
PostQuitMessage
FindWindowA
UpdateWindow
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
DestroyWindow
GetClientRect
SetCursor
SetCapture
LoadCursorW
IsWindowUnicode
GetForegroundWindow
TrackMouseEvent
ClientToScreen
GetCapture
ScreenToClient
GetMessageExtraInfo
GetKeyState
UnregisterClassA

shell32

SHGetFolderPathW
ShellExecuteA

msvcp140

?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??Bios_base@std@@QEBA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
?uncaught_exception@std@@YA_NXZ
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Syserror_map@std@@YAPEBDH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??1_Lockit@std@@QEAA@XZ
?setf@ios_base@std@@QEAAHHH@Z
?good@ios_base@std@@QEBA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

normaliz

IdnToAscii

wldap32

ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord33
ord35
ord79
ord30
ord200
ord301
ord143
ord32

crypt32

CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertGetCertificateChain
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertFreeCertificateChain

ws2_32

send
WSAGetLastError
bind
connect
closesocket
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
recv
getpeername

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__current_exception_context
__current_exception
_purecall
strrchr
__std_exception_copy
memmove
memcpy
memcmp
memchr
_CxxThrowException
strchr
strstr
__std_exception_destroy
memset
__std_terminate

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
_callnewh
free
malloc
realloc

api-ms-win-crt-runtime-l1-1-0

_getpid
_configure_narrow_argv
terminate
_initialize_onexit_table
_register_onexit_function
_crt_atexit
exit
_cexit
_seh_filter_exe
_resetstkoflw
_set_app_type
_invalid_parameter_noinfo
_get_initial_narrow_environment
__sys_nerr
strerror
_initterm
_initterm_e
_exit
_errno
system
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_beginthreadex
abort
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment

api-ms-win-crt-time-l1-1-0

_localtime64_s
_gmtime64
_time64

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vfprintf
fseek
__acrt_iob_func
ftell
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fgets
_pclose
fwrite
_popen
fopen
fputs
_lseeki64
_set_fmode
fgetc
__p__commode
_wfopen
fclose
_open
fflush
_close
fputc
_write
feof
_read

api-ms-win-crt-math-l1-1-0

sin
__setusermatherr
powf
pow
acosf
atan2f
atanf
tanf
_dclass
fmodf
tan
logf
log

api-ms-win-crt-convert-l1-1-0

strtoll
strtol
atoi
atof
strtod
strtoul
strtoull

api-ms-win-crt-filesystem-l1-1-0

_access
_unlock_file
remove
_lock_file
_unlink
_stat64
_fstat64

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

_strdup
strncpy
strncmp
isupper
strspn
strcspn
strcmp
strpbrk
tolower

advapi32

CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
OpenProcessToken

Sections

.text
Size: 875KB - Virtual size: 874KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44c0f026c24ea43148b4c18b91414977

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

shell32

msvcp140

d3d11

d3dcompiler_47

dwmapi

imm32

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

advapi32

Sections

.text Size: 875KB - Virtual size: 874KB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 37KB - Virtual size: 44KB

.pdata Size: 37KB - Virtual size: 37KB

_RDATA Size: 78KB - Virtual size: 77KB

.rsrc Size: 82KB - Virtual size: 81KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 875KB - Virtual size: 874KB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 37KB - Virtual size: 44KB

.pdata
Size: 37KB - Virtual size: 37KB

_RDATA
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 82KB - Virtual size: 81KB

.reloc
Size: 3KB - Virtual size: 2KB