b3d997cef18dbff118129a4716a729344b84897d57523e6784b234514f4f4b92

Sharing

Copy URL Twitter E-mail

General

Target

b3d997cef18dbff118129a4716a729344b84897d57523e6784b234514f4f4b92
Size

836KB
MD5

687fedd5cee6be959490001f50d31d06
SHA1

32477780d9bf25c4b904e076dc5835ce2b761ec0
SHA256

b3d997cef18dbff118129a4716a729344b84897d57523e6784b234514f4f4b92
SHA512

b15a557236c3dae0adaf82c86ebb9be7f31caaf0cdecfc9105110ebf624adc1ae82a35210bf2c0d1fb60f66d45bbcddaaa68f858fbf164771eb9cd15b11352c2
SSDEEP

12288:To4ak0IwrCEq0AJEhH4iRwoGidJv4nepfbq7OdEedBFWKirayNPlgmVqVHd:TxwIKlTnvfbKKBFWKiFP3VqV9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3d997cef18dbff118129a4716a729344b84897d57523e6784b234514f4f4b92

Files

b3d997cef18dbff118129a4716a729344b84897d57523e6784b234514f4f4b92
.exe windows:5 windows x86 arch:x86

1acafb78cb3f32d6039b575b49ee957a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

settingu3

ord4
ord17
ord24
ord16
ord13
ord10
ord9
ord8
ord5
ord12
ord1
ord2

waiting

ord2
ord1

kernel32

ConvertDefaultLocale
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
lstrlenA
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
GetStartupInfoW
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
EnumResourceLanguagesW
HeapReAlloc
CreateProcessA
DeleteFileA
MoveFileA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
ExitProcess
RtlUnwind
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
GetFileAttributesA
CreatePipe
GetExitCodeProcess
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsA
GetEnvironmentStrings
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
lstrlenW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
CompareStringW
LoadLibraryA
SetLastError
lstrcmpW
GetVersionExA
OutputDebugStringA
GetOverlappedResult
CreateEventA
CreateFileA
DeviceIoControl
GetLocalTime
ClearCommError
SetCommConfig
GetDefaultCommConfigW
TerminateThread
FreeLibrary
GetModuleFileNameA
FormatMessageA
LoadLibraryExA
ResetEvent
InterlockedDecrement
ResumeThread
InterlockedIncrement
WaitForMultipleObjects
GetCurrentProcessId
CreateDirectoryW
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
GlobalAlloc
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLogicalDrives
SetEvent
CreateEventW
GetFileAttributesW
WriteFile
SetFilePointer
CreateProcessW
GlobalFree
GlobalUnlock
GlobalLock
WaitForSingleObject
SetErrorMode
GetDriveTypeW
Sleep
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetLastError
CreateMutexW
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultLangID
GetUserDefaultUILanguage
SetThreadLocale
GetProcAddress
GetModuleHandleW
GetVersionExW
GetTickCount
ReadFile
CloseHandle
GetFileSize
CreateFileW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateThread

user32

RegisterClipboardFormatW
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
IsRectEmpty
CharNextW
ReleaseCapture
SetCapture
SetRect
MessageBeep
CharUpperW
UnregisterClassW
LoadCursorW
GetSysColorBrush
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
DestroyMenu
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetMenuItemBitmaps
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetDlgItem
GetTopWindow
EnableWindow
CopyRect
SendMessageW
SetWindowLongW
TrackMouseEvent
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
InvalidateRect
GetSysColor
IsWindow
GetParent
LoadMenuW
GetWindowRect
GetSubMenu
PostMessageW
GetClientRect
DeleteMenu
SetTimer
KillTimer
MessageBoxW
FindWindowW
wsprintfW
LoadIconW
IsIconic
GetSystemMetrics
DrawIcon
RegisterDeviceNotificationW
PostQuitMessage
SetForegroundWindow
OffsetRect
GetWindow
LoadStringW
GetFocus
SetActiveWindow
UnregisterDeviceNotification
PostThreadMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
GetWindowPlacement
SystemParametersInfoA
IntersectRect
SetWindowPos
GetWindowLongW
GetMenu
PtInRect
CallWindowProcW
GetDlgCtrlID
DefWindowProcW
GetMenuCheckMarkDimensions

gdi32

GetMapMode
DPtoLP
GetTextColor
GetRgnBox
CreateRectRgnIndirect
GetBkColor
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateFontIndirectW
GetObjectW
DeleteObject
BitBlt
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetMapMode

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
SysAllocStringLen
VariantClear
VariantChangeType
OleCreateFontIndirect
VariantInit
SysStringLen
SysFreeString
VariantCopy
SafeArrayDestroy

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdiplusStartup
GdiplusShutdown

dbghelp

SymFunctionTableAccess
SymGetLineFromAddr
MiniDumpWriteDump
StackWalk
SymCleanup
SymInitialize
SymGetModuleBase

ws2_32

send
shutdown
connect
gethostbyaddr
WSACleanup
inet_addr
gethostbyname
recv
WSAGetLastError
setsockopt
closesocket
htons
socket
WSAStartup
ioctlsocket

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

Exports

Exports

??0IEntry@@QAE@ABV0@@Z
??0IEntry@@QAE@PAXPAUHWND__@@@Z
??1IEntry@@QAE@XZ
??4IEntry@@QAEAAV0@ABV0@@Z
??_7IEntry@@6B@

Sections

.text
Size: 574KB - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shareent
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1acafb78cb3f32d6039b575b49ee957a

Headers

DLL Characteristics

File Characteristics

Imports

settingu3

waiting

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

gdiplus

dbghelp

ws2_32

setupapi

Exports

Exports

Sections

.text Size: 574KB - Virtual size: 574KB

.rdata Size: 140KB - Virtual size: 140KB

.data Size: 24KB - Virtual size: 41KB

shareent Size: 1024B - Virtual size: 1024B

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 51KB - Virtual size: 51KB

.text
Size: 574KB - Virtual size: 574KB

.rdata
Size: 140KB - Virtual size: 140KB

.data
Size: 24KB - Virtual size: 41KB

shareent
Size: 1024B - Virtual size: 1024B

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 51KB - Virtual size: 51KB