c5bc70009b5ea18553852d12ad62a09ef5080a8bccaca3f64f8b42d0715565b8

Sharing

Copy URL

Twitter E-mail

General

Target

c5bc70009b5ea18553852d12ad62a09ef5080a8bccaca3f64f8b42d0715565b8
Size

3.7MB
MD5

171c936100e661c9d40d5230db01d11e
SHA1

e46ca7fd968304854995f748b61fb635f594aeff
SHA256

c5bc70009b5ea18553852d12ad62a09ef5080a8bccaca3f64f8b42d0715565b8
SHA512

f5e8ae16f40cf4fe7f19a34fc61fa838e9827a3d1faaf2f7e96b762378c32566448ef1f4448f1b76c70e1ec32d6459460fa73a948e6fcd3d24127b32a1d83c0c
SSDEEP

98304:ozpmadvGI/73M5e/OfP7dDojtJaB26h6u:6pmadvGIAe2XdohJR6h6u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5bc70009b5ea18553852d12ad62a09ef5080a8bccaca3f64f8b42d0715565b8

Files

c5bc70009b5ea18553852d12ad62a09ef5080a8bccaca3f64f8b42d0715565b8
.exe windows:4 windows x86 arch:x86

5688cd3d7e3ad63ddb0cab345e598d24

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
_wcsnicmp
wcsncmp
wcsncpy
_wcsdup
free
memmove
wcsstr
_wcsicmp
setlocale
swscanf
_isnan
wcslen
wcscpy
wcscat
wcscmp
tolower
floor
ceil
malloc
fseek
ftell
fread
longjmp
_setjmp3
_wfopen
fclose
__p__iob
atoi
strlen
sprintf
strstr
_strnicmp
strncpy
strcmp
sscanf
strcpy
memcmp
wcschr
_stricmp
toupper
_wtoi
localtime
mktime
_itow
gmtime
fabs
pow
strncmp
_read
_write
_lseek
_close
_fstat
_open
realloc
fprintf
vfprintf
_wopen
_CIpow
bsearch
_lfind
qsort
_CIlog
_CIexp
rand
_CIsqrt
_CIatan2
frexp
modf
atof
fwrite
fflush
calloc
vsprintf
printf
exit
ferror
getenv
_vsnwprintf
_errno
_msize
fmod
sin
cos
abs

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
FormatMessageW
LocalFree
WriteFile
CreateFileW
SystemTimeToFileTime
FileTimeToSystemTime
CloseHandle
MulDiv
CreateToolhelp32Snapshot
Module32FirstW
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
GetVersionExW
LoadLibraryW
GetProcAddress
DeleteCriticalSection
CreateThread
GetCurrentThreadId
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
HeapReAlloc
FreeLibrary
GetCurrentProcessId
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessW
GetCommandLineW
GetModuleFileNameW
GetProfileStringW
GetTickCount
DeleteFileW
LoadLibraryA
SetFilePointer
GetFileSize
ReadFile
GlobalLock
GlobalUnlock
GlobalSize
MultiByteToWideChar
GlobalAlloc
GlobalFree
GetLogicalDrives
SetErrorMode
GetDiskFreeSpaceW
GetLastError
FindFirstFileW
FindNextFileW
FindClose
GetWindowsDirectoryW
FindFirstChangeNotificationW
ResetEvent
SetEvent
TerminateThread
WaitForMultipleObjects
FindCloseChangeNotification
FindNextChangeNotification
CreateEventW
GetComputerNameW
GetSystemInfo
GlobalMemoryStatusEx
GetVersionExA
SetLastError
GetDriveTypeW
GetFileAttributesW
CopyFileW
SetFileAttributesW
GetTempPathW
GetCurrentDirectoryW
CreateDirectoryW
GetLocalTime
GlobalReAlloc
HeapSize
lstrlenA
QueryPerformanceFrequency
QueryPerformanceCounter
AreFileApisANSI
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateMutexW
DeleteFileA
FlushFileBuffers
FormatMessageA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
HeapValidate
LockFile
LockFileEx
MapViewOfFile
SetEndOfFile
UnlockFile
UnlockFileEx
UnmapViewOfFile
OutputDebugStringA
OutputDebugStringW
GetProcessHeap

user32

LoadCursorW
SetCursor
GetWindowLongW
SetWindowLongW
SendMessageW
SetClassLongW
GetPropW
RemovePropW
CallWindowProcW
SetPropW
FindWindowExW
GetAsyncKeyState
IsWindow
EnumPropsExW
GetCursorPos
MapWindowPoints
MessageBeep
GetWindow
SetFocus
SetWindowPos
GetSysColor
SetRect
RedrawWindow
GetDC
ReleaseDC
GetWindowTextLengthW
ScreenToClient
CreateWindowExW
GetDesktopWindow
GetWindowDC
DestroyWindow
GetParent
GetCapture
ReleaseCapture
LoadIconW
CharLowerW
CharUpperW
FillRect
GetIconInfo
DrawStateW
GetClientRect
InvalidateRect
ShowWindow
IsZoomed
MoveWindow
MessageBoxW
PostMessageW
EnableWindow
DefWindowProcW
GetWindowTextW
UnregisterClassW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
GetWindowThreadProcessId
IsWindowVisible
GetForegroundWindow
EnumWindows
SetMenu
DestroyMenu
GetMenuItemInfoW
SetMenuItemInfoW
EnableMenuItem
DrawIconEx
SystemParametersInfoW
DrawTextW
GetMenuItemCount
GetSubMenu
GetMenu
ModifyMenuW
GetSysColorBrush
FrameRect
AppendMenuW
CreateMenu
CreatePopupMenu
DrawFocusRect
GetClassNameW
GetWindowRect
IntersectRect
EnumChildWindows
PeekMessageW
SetCapture
SetWindowTextW
GetScrollPos
SetScrollInfo
SetScrollPos
GetScrollRange
UpdateWindow
GetFocus
ValidateRect
SendDlgItemMessageW
GetDlgItemTextW
SetDlgItemTextW
DestroyIcon
EndDialog
CreateDialogParamW
InflateRect
BeginPaint
EndPaint
ClientToScreen
DrawFrameControl
SetActiveWindow
RegisterClassW
AdjustWindowRectEx
MsgWaitForMultipleObjects
GetActiveWindow
IsIconic
DefFrameProcW
IsChild
GetKeyState
RegisterWindowMessageW
EnumDisplaySettingsW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CreateIconFromResourceEx
CreateIconFromResource

gdi32

StartDocW
GetMapMode
SetMapMode
GetDeviceCaps
DPtoLP
StartPage
EndPage
EndDoc
GetObjectW
CreateMetaFileW
SetWindowOrgEx
SetWindowExtEx
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CloseMetaFile
GetMetaFileBitsEx
DeleteMetaFile
CloseEnhMetaFile
DeleteEnhMetaFile
GetObjectType
DeleteObject
IntersectClipRect
CreateDCW
GetStockObject
GetPixel
SetPixel
SetBkMode
CreateFontIndirectW
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateSolidBrush
SetBkColor
SetTextColor
MoveToEx
LineTo
CreateFontW
CreateRectRgn
SelectClipRgn
ExcludeClipRect
SetStretchBltMode
StretchBlt
CreatePen
CreateDIBSection
GetObjectA
SelectPalette
RealizePalette
GetDIBits
SetDIBits
GdiSetBatchLimit
GdiGetBatchLimit
SetBrushOrgEx
CreateBitmap
SetTextAlign
TextOutW
GetTextMetricsW

comdlg32

PrintDlgW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
ChooseColorW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom

comctl32

CreateToolbarEx
ImageList_ReplaceIcon
ImageList_Add
CreateStatusWindowW
InitCommonControlsEx
ImageList_Destroy
ImageList_GetImageCount
ImageList_Duplicate
ImageList_SetBkColor
ImageList_Replace
ImageList_Remove
ImageList_AddMasked
ImageList_Create
ImageList_GetIconSize

oleaut32

VariantClear
SysFreeString
DispGetParam
GetActiveObject
VariantInit
VariantChangeType
DispGetIDsOfNames
VariantCopy
SysAllocString
SysStringLen

ole32

CoInitialize
CoGetObject
CLSIDFromProgID
CoGetClassObject
CLSIDFromString
ProgIDFromCLSID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoTaskMemFree
OleInitialize
OleUninitialize
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
CreateStreamOnHGlobal
GetHGlobalFromStream
OleCreate
OleSetContainedObject

shell32

ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

wsock32

closesocket
WSACleanup
WSAStartup
connect
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
select
__WSAFDIsSet
send
sendto
recvfrom
recv

winmm

timeBeginPeriod

shlwapi

SHAutoComplete

uxtheme

SetWindowTheme

atl

AtlAxGetHost
AtlAxWinInit
AtlAxCreateControl
AtlAxGetControl

Sections

.code
Size: 657KB - Virtual size: 657KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5688cd3d7e3ad63ddb0cab345e598d24

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

comctl32

oleaut32

ole32

shell32

wsock32

winmm

shlwapi

uxtheme

atl

Sections

.code Size: 657KB - Virtual size: 657KB

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 209KB - Virtual size: 209KB

.data Size: 189KB - Virtual size: 200KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.code
Size: 657KB - Virtual size: 657KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 209KB - Virtual size: 209KB

.data
Size: 189KB - Virtual size: 200KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB