d21e1d31955e330d1ef338e8ef07202a6d61f77cf6290a5488124f52560e37c4

Sharing

Copy URL Twitter E-mail

General

Target

d21e1d31955e330d1ef338e8ef07202a6d61f77cf6290a5488124f52560e37c4
Size

1.9MB
MD5

cea7e95e77f17ecf8d7c25673b768a27
SHA1

7606aedf5fb7b32408baab447421291eb642fe45
SHA256

d21e1d31955e330d1ef338e8ef07202a6d61f77cf6290a5488124f52560e37c4
SHA512

55c2c5dccb3d04b25f0260a8aa33e9192bc1116d7435941b1d768e75c638bc15f8cd230f8fa268b75312b155e40d8ed16df2b698c60f720a5bd8ed5d68532870
SSDEEP

49152:n16CrCvqr0cAqmXtmDnmMogUJvZgn++0du538smZSkz17:n16/vVeDnmMGu0du538Sg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d21e1d31955e330d1ef338e8ef07202a6d61f77cf6290a5488124f52560e37c4

Files

d21e1d31955e330d1ef338e8ef07202a6d61f77cf6290a5488124f52560e37c4
.exe windows:6 windows x86 arch:x86

e340217c3e4e004ab840cac4d5221e6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
LoadLibraryW
GetLocalTime
WaitForSingleObject
SetEvent
SetLastError
CloseHandle
OutputDebugStringW
RemoveDirectoryW
GetFullPathNameW
FindNextFileW
FindFirstFileW
FindClose
MultiByteToWideChar
lstrcmpiW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
Sleep
LeaveCriticalSection
EnterCriticalSection
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
lstrcmpA
DeviceIoControl
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
WriteConsoleW
ReadConsoleW
SetFilePointerEx
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
CreateProcessW
IsValidCodePage
FindFirstFileExW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetFileType
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
lstrlenA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
GetStartupInfoW
GetOEMCP
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
TryEnterCriticalSection
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateDirectoryW
CreateFileW
DeleteFileW
GetTempFileNameW
SetFileAttributesW
SetFileTime
GetWindowsDirectoryW
MoveFileW
GetLogicalDriveStringsW
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
GetStdHandle
GetLongPathNameW
InitializeCriticalSection
CreateMutexW
GetCurrentProcessId
OpenProcess
GetFileSizeEx
GetFileAttributesW
MoveFileExW
QueryDosDeviceW
GetCurrentProcess
GetTickCount
WideCharToMultiByte
CreateEventW
WaitForMultipleObjects
GetVersionExW
lstrcpynW
TerminateProcess
CreateFileA
DeleteFileA
GetTempPathA
GetTempFileNameA
GetACP
MulDiv
FreeResource
lstrcmpW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
GetVersion
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
ResumeThread
ResetEvent
IsDebuggerPresent
EncodePointer
InitializeSListHead

user32

UnregisterClassW
IsWindow
ShowWindow
GetSystemMetrics
CharNextW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadImageW
IsWindowEnabled
InvalidateRgn
CreateAcceleratorTableW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DestroyWindow
PostQuitMessage
SendMessageW
PostMessageW
MonitorFromWindow
FindWindowExW
SendMessageTimeoutW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetWindowLongW
SetWindowLongW
LoadCursorW
FindWindowW
CopyRect
GetMonitorInfoW
wvsprintfW
SetCursor
InflateRect
UnionRect
OffsetRect
GetDC
ReleaseDC
IsChild
UpdateLayeredWindow
SetWindowPos
IsWindowVisible
IsZoomed
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
IntersectRect
IsRectEmpty
PtInRect
GetParent
GetClassNameW
GetWindow
RegisterClassW
EnableWindow
SetPropW
GetPropW
SystemParametersInfoW
IsIconic
SetWindowRgn
RemovePropW
CharPrevW
DrawTextW
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
GetMessagePos
MoveWindow
GetDlgCtrlID
DrawFocusRect
FillRect
HideCaret
ShowCaret
ClientToScreen
GetSysColor
SetForegroundWindow
SetLayeredWindowAttributes
RedrawWindow
GetWindowDC
MapWindowPoints

advapi32

RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW

shell32

SHFileOperationW
SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteW
ord165
SHCreateDirectoryExW

ole32

CoCreateGuid
OleRun
CreateStreamOnHGlobal
CLSIDFromString
OleLockRunning
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CLSIDFromProgID
CoUninitialize

oleaut32

SysFreeString
SafeArrayPutElement
SafeArrayCreate
VariantInit
SysStringLen
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantClear
VarUI4FromStr

shlwapi

PathRenameExtensionA
PathFindFileNameA
PathIsPrefixW
StrStrIW
SHSetValueA
PathFindExtensionW
PathFindFileNameW
SHAutoComplete
wnsprintfW
PathAppendW
PathRemoveFileSpecW
PathCombineW
PathFileExistsW
SHDeleteKeyW
SHGetValueW
SHSetValueW
PathIsRelativeW

comctl32

ord17
_TrackMouseEvent
ImageList_DrawEx
ImageList_GetIconSize
InitCommonControlsEx

msimg32

AlphaBlend
GradientFill

gdiplus

GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipAddPathLineI
GdipFillEllipseI
GdipClosePathFigure
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipAddPathArcI
GdipCreatePath
GdipDeletePath
GdipFree
GdipDrawPath
GdipAlloc
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipCreateTexture
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipGraphicsClear
GdipFillPath
GdipDrawImagePointsI
GdipDrawImageRectRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipAddPathArc
GdipDrawEllipseI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdiplusStartup

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

psapi

GetProcessImageFileNameW
EnumProcesses
GetModuleFileNameExW

setupapi

SetupIterateCabinetW

netapi32

Netbios

gdi32

SetStretchBltMode
SetTextColor
CreateDIBSection
SetDIBColorTable
TextOutW
ExtTextOutW
CreateSolidBrush
GetTextColor
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CombineRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
GetStockObject
CreateDCW
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
StretchBlt
SetDIBitsToDevice
GetDIBits

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e340217c3e4e004ab840cac4d5221e6c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

iphlpapi

wininet

urlmon

psapi

setupapi

netapi32

gdi32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 246KB - Virtual size: 245KB

.data Size: 19KB - Virtual size: 36KB

.rsrc Size: 302KB - Virtual size: 301KB

.reloc Size: 67KB - Virtual size: 66KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 246KB - Virtual size: 245KB

.data
Size: 19KB - Virtual size: 36KB

.rsrc
Size: 302KB - Virtual size: 301KB

.reloc
Size: 67KB - Virtual size: 66KB