6b89ff3052bc6ae0d884825d842a3c520943051bac59e0af90a8b5400f375b25

Sharing

Copy URL Twitter E-mail

General

Target

6b89ff3052bc6ae0d884825d842a3c520943051bac59e0af90a8b5400f375b25
Size

2.0MB
MD5

8730f24a1be52c1232b87b3a1baaac7a
SHA1

17c776dfc8c54cb9267d82c964559d8338e19048
SHA256

6b89ff3052bc6ae0d884825d842a3c520943051bac59e0af90a8b5400f375b25
SHA512

19fab8f44c1476e3f29e0b03862786f5851773b4b2439ebdf48a65e086f6e94b5a270b4cda1e3210e3144024e054882c43aabefd0847502788cb492f34a70280
SSDEEP

24576:ZTRIJ/kLOoSUXOgCPDornWsz0xNrb++KpPFVY4LI3gYKnp/7rTIjLj93FXLfXUma:ZTReACPD8W40Nis4bnp/7rTKj93l/U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b89ff3052bc6ae0d884825d842a3c520943051bac59e0af90a8b5400f375b25

Files

6b89ff3052bc6ae0d884825d842a3c520943051bac59e0af90a8b5400f375b25
.exe windows:4 windows x86 arch:x86

0ce89e0af586c70ff9dd954d086515c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
CreateProcessW
WaitForSingleObject
GetSystemDirectoryW
SetFilePointer
LocalAlloc
LocalFree
TerminateThread
CreateThread
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
GetLocalTime
OutputDebugStringW
CopyFileW
LoadLibraryExW
GlobalMemoryStatus
GetStdHandle
GetFileType
GetVersion
GetModuleHandleA
GetSystemTime
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
Sleep
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
CreateDirectoryW
SetFileAttributesW
GetTempPathW
GetFileAttributesW
WaitForMultipleObjects
SetEvent
lstrlenW
DeleteFileW
GetTickCount
WriteFile
InterlockedCompareExchange
FreeResource
GetPrivateProfileIntW
LoadResource
GlobalLock
LockResource
GlobalUnlock
SizeofResource
GetLastError
CreateFileW
GetModuleFileNameW
GetVersionExW
GetFileSize
ReadFile
FindResourceW
InterlockedExchange
GetCurrentThreadId
DeleteCriticalSection
RaiseException
InitializeCriticalSection
CloseHandle
GetPrivateProfileStringW
LeaveCriticalSection
CreateMutexW
OpenMutexW
EnterCriticalSection
SetLastError
FlushInstructionCache
WideCharToMultiByte
GetCurrentProcess
GetWindowsDirectoryW
lstrlenA
MultiByteToWideChar
FreeLibrary
GlobalFree
GlobalAlloc
LoadLibraryW
GetModuleHandleW
FindResourceExW
FlushConsoleInputBuffer
GetProcAddress

user32

SetFocus
BringWindowToTop
GetSystemMetrics
EnumDisplaySettingsW
EnumDisplayDevicesW
PostThreadMessageW
UnionRect
SetCapture
ScreenToClient
DispatchMessageW
TranslateMessage
ClientToScreen
GetMessageW
PeekMessageW
IsRectEmpty
GetNextDlgTabItem
SetWindowRgn
GetMonitorInfoW
UpdateLayeredWindow
MonitorFromWindow
IntersectRect
IsDialogMessageW
IsChild
RegisterWindowMessageW
GetDesktopWindow
PostMessageW
GetDC
LoadCursorW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
UnregisterClassA
DefWindowProcW
SetActiveWindow
LoadImageW
LoadBitmapW
ReleaseDC
MoveWindow
SendMessageW
GetClassInfoExW
CopyRect
GetWindow
GetParent
GetWindowRect
FindWindowW
GetWindowLongW
IsIconic
GetClientRect
ShowWindow
MapWindowPoints
RegisterClassExW
GetForegroundWindow
SetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
DestroyWindow
InflateRect
SetForegroundWindow
InvalidateRect
GetActiveWindow
CreateWindowExW
EnableWindow
IsWindow
SystemParametersInfoW
IsWindowEnabled
SetWindowPos
WindowFromPoint
GetCursorPos
BeginPaint
GetWindowTextLengthW
IsWindowVisible
EqualRect
GetDlgItem
OffsetRect
DrawFrameControl
LoadIconW
SetRectEmpty
DestroyIcon
PtInRect
SetRect
SetCursor
DrawTextW
GetDlgCtrlID
DrawIconEx
CharNextW
SetTimer
KillTimer
wsprintfW
DestroyCursor
GetFocus
CallWindowProcW
SetWindowTextW
GetWindowTextW
EndPaint
ReleaseCapture

gdi32

SetStretchBltMode
SaveDC
GetStockObject
GetClipRgn
TextOutW
CreateRectRgnIndirect
RectInRegion
RoundRect
GetCurrentObject
LineTo
GetTextExtentPoint32W
MoveToEx
SetBkMode
GetDeviceCaps
CreateSolidBrush
ExtSelectClipRgn
CreateFontIndirectW
CombineRgn
CreateRoundRectRgn
OffsetRgn
SetViewportOrgEx
SelectObject
CreateBitmap
CreatePen
GetObjectW
DeleteObject
BitBlt
RestoreDC
CreateCompatibleBitmap
CreateCompatibleDC
SetBkColor
CreateDIBSection
DeleteDC
Rectangle
GetViewportOrgEx
StretchBlt
ExtTextOutW
CreateRectRgn
SetTextColor
GetTextColor
SelectClipRgn

advapi32

RegisterEventSourceA
DeregisterEventSource
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ReportEventA

shell32

ShellExecuteW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr

shlwapi

PathIsDirectoryW
PathAddBackslashW
PathRemoveFileSpecW
StrToIntA
StrToIntW
PathAppendW
PathFindFileNameW
PathFileExistsW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPB_WHH@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

gdiplus

GdipGetImageHeight
GdipAlloc
GdipLoadImageFromFile
GdipCreateFromHDC
GdipDisposeImageAttributes
GdipFree
GdipDeleteGraphics
GdipCreateImageAttributes
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipLoadImageFromStream
GdipCreateHBITMAPFromBitmap
GdipGetImageGraphicsContext
GdipDrawImagePointsRectI
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipDeleteFontFamily
GdipDrawImageRectRect
GdiplusStartup
GdipCloneFontFamily
GdipImageRotateFlip
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipDisposeImage
GdiplusShutdown
GdipCloneBitmapArea
GdipPrivateAddFontFile
GdipCloneImage
GdipDeletePrivateFontCollection
GdipGetImagePixelFormat
GdipNewPrivateFontCollection
GdipDrawImageRectI
GdipGraphicsClear
GdipGetImageWidth
GdipSetImageAttributesColorMatrix
GdipDrawString
GdipClosePathFigure
GdipSetTextRenderingHint
GdipAddPathPieI
GdipSetStringFormatTrimming
GdipMeasureString
GdipSetStringFormatLineAlign
GdipDeletePath
GdipSetStringFormatAlign
GdipFillRectangleI
GdipCreatePath
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipResetWorldTransform
GdipCreateStringFormat
GdipCreateSolidFill
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipCreateFontFromLogfontW
GdipDeleteBrush
GdipDeleteFont
GdipCloneBrush
GdipSetClipPath
GdipCreateFont
GdipSetSmoothingMode
GdipAddPathRectangleI
GdipSetPenStartCap
GdipGetFamily
GdipSetPenEndCap
GdipSetPenDashStyle
GdipSetPixelOffsetMode
GdipSetCompositingQuality
GdipDeletePen
GdipFillPath
GdipAddPathArcI
GdipCreatePen1
GdipDrawLinesI
GdipDrawRectangleI
GdipDrawImageI
GdipGetFontSize
GdipDrawLine
GdipAddPathStringI
GdipFillRectangle
GdipDrawPath
GdipSetPenMode
GdipCreateLineBrushFromRectWithAngleI
GdipScaleWorldTransform

msvcr80

_mbscmp
__CxxFrameHandler3
floor
_strdup
_getch
signal
isupper
feof
_fileno
_setmode
strcmp
raise
_vsnprintf
_stat64i32
abort
_stat64
_gmtime64
__sys_nerr
strerror
getenv
memchr
_errno
sprintf
isdigit
fflush
fputs
qsort
fopen
fgets
_strtoi64
strrchr
strncpy
isxdigit
strtol
sscanf
memmove
strstr
strtoul
__iob_func
memcpy
realloc
_stricmp
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
ceil
wcscat_s
wcsncmp
isalnum
isalpha
isspace
strchr
strncmp
_vsnprintf_s
ferror
fputc
fprintf
tolower
_strnicmp
_time64
iswspace
_beginthreadex
wcsncpy_s
fclose
fwrite
fread
ftell
fseek
_wfopen
__RTDynamicCast
wcschr
atoi
_wcsicmp
_mbschr
_wtoi
_wcslwr_s
wcsrchr
_CxxThrowException
??_V@YAXPAX@Z
_invalid_parameter_noinfo
wcsstr
vsprintf_s
setlocale
_vscprintf
wcscpy_s
wcsspn
swprintf_s
wcscspn
_wtof
free
??2@YAPAXI@Z
_waccess
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_recalloc
vswprintf_s
_purecall
??0exception@std@@QAE@ABV01@@Z
calloc
malloc
memcpy_s
??0exception@std@@QAE@ABQBD@Z
_mbsicmp
memmove_s
_vscwprintf
??0exception@std@@QAE@XZ
??3@YAXPAX@Z

ws2_32

shutdown
WSACleanup
WSAStartup
closesocket
WSAGetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
socket
WSASetLastError
freeaddrinfo
getaddrinfo
__WSAFDIsSet
select
ioctlsocket
gethostname

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 352KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 48KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0ce89e0af586c70ff9dd954d086515c3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

msvcp80

gdiplus

msvcr80

ws2_32

version

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 352KB - Virtual size: 348KB

.data Size: 48KB - Virtual size: 55KB

.rsrc Size: 360KB - Virtual size: 360KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 352KB - Virtual size: 348KB

.data
Size: 48KB - Virtual size: 55KB

.rsrc
Size: 360KB - Virtual size: 360KB