5de0ecd20dec779af9eef1e86f4ddcecf05b132bee1f202e3492e5a6d0022973

Sharing

Copy URL Twitter E-mail

General

Target

5de0ecd20dec779af9eef1e86f4ddcecf05b132bee1f202e3492e5a6d0022973
Size

6.3MB
MD5

1fc2578fcef106f63cd237f3182ea06c
SHA1

e5f13c5e123eed6d65203d872e1220f7859b37a5
SHA256

5de0ecd20dec779af9eef1e86f4ddcecf05b132bee1f202e3492e5a6d0022973
SHA512

24e4aabc0f5dcc358d607ff4968eb2a6ec2e0ccd4f1838d974d8034e7e407465a26a905dd8dc66d70a83275a193cb9a1c0f513afe704ecd9ecc1d59cb27d7193
SSDEEP

98304:jFTGmil7C2a2jBPP52PVPBnehodjBXUx4w6kLLF/9aNtFDSbf/0Hz7m:j9GmilW2a2jNOMqgKtEzc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5de0ecd20dec779af9eef1e86f4ddcecf05b132bee1f202e3492e5a6d0022973

Files

5de0ecd20dec779af9eef1e86f4ddcecf05b132bee1f202e3492e5a6d0022973
.exe windows:5 windows x86 arch:x86

63c57f2864baa1ca3719e62d1b263068

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringW
SetEvent
CreateEventW
GetDriveTypeW
GetDiskFreeSpaceExW
RtlCaptureStackBackTrace
GetFileInformationByHandle
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
SearchPathW
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
GetSystemDirectoryW
GetEnvironmentVariableW
DebugBreak
GetTempFileNameW
lstrlenA
FormatMessageW
LocalAlloc
GetSystemInfo
GetCommandLineW
LoadLibraryExW
lstrcmpiW
Sleep
ExitThread
InterlockedDecrement
InterlockedIncrement
DecodePointer
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
WaitForSingleObject
CreateThread
lstrcpynW
GetLocalTime
DeleteCriticalSection
LoadLibraryW
lstrcatW
lstrcpyW
TerminateProcess
GetCurrentProcess
LocalFree
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetModuleHandleW
GetTickCount
GetProcAddress
CreateFileW
SetEndOfFile
SetFilePointerEx
ReadFile
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
HeapQueryInformation
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
GetFileSize
UnlockFile
LockFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WriteFile
GetModuleFileNameW
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentProcessId
OpenProcess
GetLongPathNameW
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
GetWindowsDirectoryW
GetTempPathW
FindResourceExW
FindResourceW
lstrlenW
FindClose
SizeofResource
LoadResource
SetLastError
GetLastError
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
DeleteFileA
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
SetConsoleCtrlHandler
GetACP
ExitProcess
HeapValidate
WriteConsoleW
GetFileType
GetStdHandle
ResumeThread
GetModuleHandleExW
GetModuleFileNameA
RtlUnwind
ResetEvent
OutputDebugStringW
OutputDebugStringA
GetFileSizeEx
CopyFileW
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateFileA
GetTempFileNameA
GetTempPathA
CreateTimerQueue
lstrcmpiA
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
VirtualQuery
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsBadWritePtr
IsBadReadPtr
FlushFileBuffers
TryEnterCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
CloseHandle
ReadConsoleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetShortPathNameW
GetPrivateProfileStringW
OpenEventW
InterlockedCompareExchange
WaitForMultipleObjects
SetFilePointer
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetFileAttributesExW
GetExitCodeProcess
GetLogicalDriveStringsW
InterlockedExchange

user32

EndPaint
BeginPaint
ReleaseDC
GetDC
DrawTextW
IsWindowEnabled
ReleaseCapture
SetCapture
GetAsyncKeyState
GetFocus
SetWindowPos
UpdateLayeredWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
InvalidateRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowRect
ClientToScreen
ScreenToClient
FillRect
DefWindowProcW
SendMessageW
LoadStringW
GetShellWindow
GetWindowThreadProcessId
FindWindowExW
PostMessageW
KillTimer
SetTimer
FindWindowW
GetWindowLongW
IsDialogMessageW
GetActiveWindow
EndDialog
DialogBoxParamW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
MapWindowPoints
RedrawWindow
SetForegroundWindow
GetSystemMetrics
EnableWindow
SetFocus
IsIconic
IsWindowVisible
MoveWindow
PostQuitMessage
SetWindowLongW
CharNextW
wsprintfW
SendMessageTimeoutW
MessageBoxW
CopyRect
UnionRect
OffsetRect
EqualRect
PtInRect
SetCursor
DrawFocusRect
UnregisterClassA
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
GetParent

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePatternBrush
CreateRectRgnIndirect
DeleteDC
GetObjectType
CreateFontW
RestoreDC
SelectClipRgn
SelectObject
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
SetViewportOrgEx
OffsetViewportOrgEx
RectVisible
GetStockObject
EnumFontFamiliesW
SaveDC
DeleteObject

advapi32

RegQueryValueExA
RegOpenKeyExA
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
SetNamedSecurityInfoW
SetEntriesInAclW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueW
CopySid
GetLengthSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
IsValidSid
AdjustTokenPrivileges
OpenProcessToken
RegEnumKeyExA
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
GetTrusteeNameW
BuildExplicitAccessWithNameW
GetExplicitEntriesFromAclW
CryptContextAddRef
LookupAccountNameW
LookupAccountSidW
DeleteAce
EqualSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
GetNamedSecurityInfoW
GetUserNameW
GetTokenInformation
CreateWellKnownSid

shell32

SHFileOperationW
ord165
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetFolderPathW
CommandLineToArgvW
SHGetPathFromIDListW
SHBrowseForFolderW
SHChangeNotify
ShellExecuteExW

ole32

CoInitialize
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleRun
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize

oleaut32

VarBstrCmp
VariantClear
SysFreeString
SysAllocString
SysStringByteLen
VarUI4FromStr
SysStringLen
VariantInit
VariantChangeType
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
VariantCopy

shlwapi

StrCmpIW
SHGetValueA
StrTrimA
StrCmpNIW
PathFindFileNameA
PathRenameExtensionA
PathAppendW
PathCombineW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
SHGetValueW
StrToIntExW
StrStrIA
PathRemoveFileSpecW
StrStrIW
PathIsRelativeW
PathIsRootW
SHSetValueA
AssocQueryStringW
wnsprintfW
PathIsDirectoryW
SHSetValueW
StrToInt64ExW
wvnsprintfW
PathIsPrefixW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipCreateLineBrushI
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdiplusStartup
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipDeleteBrush
GdipSetStringFormatFlags
GdipFillPath
GdipDrawImagePointRectI
GdipDeleteStringFormat
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipCloneBrush
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipFree
GdipAlloc
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipAddPathArcI

psapi

GetProcessImageFileNameW
EnumProcesses
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpReadData
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpSendRequest
WinHttpSetCredentials
WinHttpReceiveResponse

setupapi

SetupIterateCabinetW

Exports

Exports

BasicEntry
InstallEntryW
Start
_BasicEntryEx@12

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63c57f2864baa1ca3719e62d1b263068

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

iphlpapi

wininet

urlmon

version

winhttp

setupapi

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 519KB - Virtual size: 518KB

.data Size: 27KB - Virtual size: 73KB

.msvcjmc Size: 512B - Virtual size: 177B

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 98KB - Virtual size: 97KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 519KB - Virtual size: 518KB

.data
Size: 27KB - Virtual size: 73KB

.msvcjmc
Size: 512B - Virtual size: 177B

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 98KB - Virtual size: 97KB