356775c2aca7a79d89108b905e43a38b87b932de0e939f01e83a7554caf7c177

Sharing

Copy URL Twitter E-mail

General

Target

356775c2aca7a79d89108b905e43a38b87b932de0e939f01e83a7554caf7c177
Size

1.2MB
MD5

7d0c9bcf462fad69838f8789a0a2b746
SHA1

38328d04252dc1682946351c9d235d74578037cd
SHA256

356775c2aca7a79d89108b905e43a38b87b932de0e939f01e83a7554caf7c177
SHA512

3eced28b7bce7b3e1af737afd11dd8bee76205d831f8740da8bba0ef226333121dd86296df96565c21a138f8cc03e7275b7be5a05e68fd7f6c5a0649a696c82a
SSDEEP

12288:Lq8oF+/DUfjFKBaohp4O2cjZgsJUswNo2JdgultmvUYMq3c2sdHyH4g0LF9KWw11:W8oO8RXcJxB4gfrM2gSPWc6eJT2Q2s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
356775c2aca7a79d89108b905e43a38b87b932de0e939f01e83a7554caf7c177

Files

356775c2aca7a79d89108b905e43a38b87b932de0e939f01e83a7554caf7c177
.exe windows:4 windows x86 arch:x86

996a4b9dc1a040075683480a87c36e0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
CreateDirectoryW
WaitForMultipleObjects
CreateEventW
SetThreadPriority
GetCurrentThread
SleepEx
ExpandEnvironmentStringsA
FormatMessageA
GetExitCodeThread
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
SystemTimeToFileTime
FileTimeToSystemTime
UnmapViewOfFile
SetFilePointer
GetFileInformationByHandle
GetSystemDirectoryW
CreateMutexW
OpenMutexW
WriteFile
GetTempPathW
CopyFileW
GetExitCodeProcess
WaitForSingleObject
SetEvent
OpenEventW
GetTempFileNameW
Sleep
EnterCriticalSection
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
GetModuleFileNameW
DeleteCriticalSection
GlobalAlloc
GlobalLock
GetLocalTime
LoadLibraryW
OutputDebugStringW
FlushInstructionCache
GetCurrentProcess
GlobalUnlock
GetProcAddress
GlobalFree
LeaveCriticalSection
GetModuleHandleW
GetTickCount
FreeLibrary
GetWindowsDirectoryW
FindResourceExW
GetPrivateProfileStringW
GetVersionExW
InterlockedIncrement
LoadResource
InterlockedExchange
LockResource
SetLastError
SizeofResource
InterlockedDecrement
FreeResource
lstrlenA
FindResourceW
MultiByteToWideChar
RaiseException
CreateFileW
GetCurrentThreadId
GetFileSize
ReadFile
CloseHandle
GetPrivateProfileIntW
GetSystemTimeAsFileTime
GetLastError

user32

PostMessageW
GetFocus
DefWindowProcW
DestroyIcon
IsChild
EndPaint
IsRectEmpty
GetClassInfoExW
PeekMessageW
LoadIconW
GetWindowLongW
ClientToScreen
SetFocus
BeginPaint
PostThreadMessageW
DrawFrameControl
MoveWindow
LoadImageW
SetWindowLongW
OffsetRect
CallWindowProcW
IsWindowVisible
UnregisterClassA
IsWindow
UpdateWindow
FindWindowExW
FillRect
CloseClipboard
GetClipboardData
SetClipboardData
GetScrollPos
EmptyClipboard
WindowFromPoint
OpenClipboard
GetKeyState
SetClassLongW
SetForegroundWindow
BringWindowToTop
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
LoadBitmapW
GetActiveWindow
SetActiveWindow
AttachThreadInput
GetForegroundWindow
GetWindowThreadProcessId
EnableWindow
EqualRect
KillTimer
SetWindowPos
RegisterClassExW
ScreenToClient
CreateWindowExW
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
DrawIconEx
GetWindowRect
FindWindowW
InvalidateRect
CopyRect
RegisterWindowMessageW
SetRect
UpdateLayeredWindow
GetCursorPos
GetMonitorInfoW
SetTimer
DestroyWindow
ReleaseCapture
MonitorFromWindow
GetMessageW
TranslateMessage
GetParent
DispatchMessageW
GetDC
ShowWindow
DrawTextW
SendMessageW
IsDialogMessageW
MapWindowPoints
GetClientRect
IsIconic
ReleaseDC
GetWindow
SetCursor
LoadCursorW
SetRectEmpty
GetNextDlgTabItem
InflateRect
SystemParametersInfoW
SetCapture
SetWindowRgn
IntersectRect
PtInRect

gdi32

SetTextColor
CreateBitmap
CreateCompatibleBitmap
RoundRect
SetStretchBltMode
CreateSolidBrush
GetObjectW
GetStockObject
Rectangle
GetClipRgn
CombineRgn
CreatePen
BitBlt
CreateRectRgnIndirect
RectInRegion
ExtTextOutW
CreateFontIndirectW
SetBkColor
MoveToEx
GetDeviceCaps
LineTo
DeleteDC
GetTextExtentPoint32W
TextOutW
SelectClipRgn
GetTextColor
CreateCompatibleDC
SetBkMode
SelectObject
OffsetRgn
GetViewportOrgEx
RestoreDC
CreateRectRgn
ExtSelectClipRgn
DeleteObject
SaveDC
SetViewportOrgEx
StretchBlt
CreateRoundRectRgn
CreateDIBSection
GetCurrentObject

comdlg32

GetOpenFileNameW

advapi32

RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal

oleaut32

SysFreeString

shlwapi

PathAppendW
StrToIntW
StrToIntA
PathAddBackslashW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z

gdiplus

GdipSetPenDashStyle
GdipFillPath
GdipCreateFont
GdipAddPathStringI
GdipCloneImage
GdipAlloc
GdipAddPathArcI
GdipDisposeImage
GdipDrawString
GdipSetPenEndCap
GdipGetFamily
GdipSetTextRenderingHint
GdipPrivateAddFontFile
GdipSetPixelOffsetMode
GdipGetImageWidth
GdipSetInterpolationMode
GdipDrawPath
GdipGetImageHeight
GdipSetStringFormatTrimming
GdipDeletePen
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipDeletePrivateFontCollection
GdipLoadImageFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageRectRect
GdipSetStringFormatLineAlign
GdipDeleteGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromFile
GdipCreateLineBrushI
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImagePointsRectI
GdipGetFontSize
GdipCloneFontFamily
GdipLoadImageFromFile
GdipSetPenStartCap
GdipCreatePath
GdipGraphicsClear
GdipScaleWorldTransform
GdipSetPenMode
GdipDeletePath
GdipDrawImageRectI
GdipDeleteFont
GdipDrawImageI
GdipCreateFontFromLogfontW
GdipDrawLine
GdipFillRectangle
GdiplusShutdown
GdipCloneBrush
GdipAddPathPieI
GdipDrawRectangleI
GdipDeleteBrush
GdipClosePathFigure
GdipMeasureString
GdipSetCompositingQuality
GdiplusStartup
GdipGetImagePixelFormat
GdipCloneBitmapArea
GdipDrawLinesI
GdipCreateFromHDC
GdipAddPathRectangleI
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCreateImageAttributes
GdipTranslateWorldTransform
GdipCreateStringFormat
GdipDisposeImageAttributes
GdipRotateWorldTransform
GdipDeleteStringFormat
GdipSetSmoothingMode
GdipResetWorldTransform
GdipCreateSolidFill
GdipCreatePen1
GdipSetClipPath
GdipSetStringFormatFlags
GdipFree
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipSetImageAttributesColorMatrix
GdipDeleteFontFamily
GdipFillRectangleI
GdipDrawImageRectRectI
GdipCreateLineBrushFromRectWithAngleI
GdipNewPrivateFontCollection
GdipGetImageGraphicsContext

msvcr80

??2@YAPAXI@Z
__CxxFrameHandler3
_strdup
_stricmp
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_stat64
_gmtime64
__sys_nerr
strerror
getenv
fflush
memchr
_errno
isdigit
fputs
qsort
fopen
fgets
_strtoi64
strrchr
isxdigit
strtol
strstr
strtoul
__iob_func
fwrite
realloc
_wtoi64
_time32
wcsncmp
sprintf
sscanf
isalnum
strchr
strncmp
isalpha
fputc
fprintf
fseek
_vsnprintf_s
memmove
isspace
iswspace
_mktime64
wcsncpy_s
wcsncpy
strncpy
tolower
wcstol
fclose
fread
rand
srand
_wcsupr_s
strcpy
_time64
_localtime64_s
_mbsicmp
_beginthreadex
vsprintf_s
_vscprintf
_waccess
wcspbrk
_wcslwr_s
calloc
_wtof
_purecall
wcschr
__RTDynamicCast
strcmp
vswprintf_s
wcslen
wcsstr
wcscpy_s
abs
free
labs
memset
atoi
_vscwprintf
_mbscmp
??_V@YAXPAX@Z
ceil
wcscmp
??0exception@std@@QAE@ABQBD@Z
floor
??1exception@std@@UAE@XZ
_recalloc
strlen
??0exception@std@@QAE@XZ
_wtoi
swprintf_s
memcpy_s
memmove_s
malloc
_mbschr
?what@exception@std@@UBEPBDXZ
memcpy
_CxxThrowException
wcsspn
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
wcsrchr
wcscspn
??3@YAXPAX@Z

ws2_32

WSAStartup
connect
ioctlsocket
select
__WSAFDIsSet
getaddrinfo
freeaddrinfo
WSASetLastError
socket
WSACleanup
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 404KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

996a4b9dc1a040075683480a87c36e0a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

msvcp80

gdiplus

msvcr80

ws2_32

version

Sections

.text Size: 404KB - Virtual size: 402KB

.rdata Size: 104KB - Virtual size: 100KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 692KB - Virtual size: 692KB

.text
Size: 404KB - Virtual size: 402KB

.rdata
Size: 104KB - Virtual size: 100KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 692KB - Virtual size: 692KB