812743558859613c5e6b2f172b8276767156016521d691cd45f5c51a2da5a3ae

Sharing

Copy URL Twitter E-mail

General

Target

812743558859613c5e6b2f172b8276767156016521d691cd45f5c51a2da5a3ae
Size

1.1MB
MD5

edb73e81c6b1df99cd1ae57cfd7082bb
SHA1

c38074b2474c6476295157eeee208464be3a925f
SHA256

812743558859613c5e6b2f172b8276767156016521d691cd45f5c51a2da5a3ae
SHA512

68700ceadc94afef4c22a46e4fbd237eba6be46a701869a552ad531ba0f4b806e2dd2e1fc499f18f2dcda973f574de4bbddd2e82b7485c8753ee755b50034dd1
SSDEEP

12288:EiSXAMYuNkduXCWCh9lJCcmFzRiNSL4jrchRIV:CXHkdT59lscYRi5HWRY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
812743558859613c5e6b2f172b8276767156016521d691cd45f5c51a2da5a3ae

Files

812743558859613c5e6b2f172b8276767156016521d691cd45f5c51a2da5a3ae
.exe windows:4 windows x86 arch:x86

62bac0b42fcce37d56539f31df4aa724

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2914
ord1637
ord1143
ord2505
ord293
ord3753
ord3403
ord3222
ord6219
ord6868
ord942
ord920
ord6193
ord6374
ord6376
ord2808
ord2858
ord2508
ord6504
ord6867
ord4273
ord2072
ord4390
ord3569
ord609
ord283
ord613
ord6871
ord5785
ord2855
ord289
ord3792
ord1831
ord4369
ord4846
ord361
ord4224
ord2070
ord3133
ord4508
ord6266
ord2430
ord2455
ord1921
ord3716
ord3614
ord5871
ord1634
ord3084
ord6597
ord1941
ord1173
ord3638
ord394
ord696
ord909
ord5624
ord4180
ord4265
ord3727
ord556
ord809
ord2114
ord6316
ord4474
ord6238
ord2854
ord3605
ord656
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord3798
ord4119
ord6733
ord6631
ord6911
ord2806
ord933
ord3649
ord2576
ord4215
ord926
ord2631
ord355
ord5679
ord4124
ord356
ord2762
ord2773
ord3176
ord5706
ord6640
ord668
ord3865
ord3805
ord5210
ord937
ord5930
ord929
ord3875
ord3420
ord3049
ord5929
ord2805
ord2717
ord1131
ord2613
ord6113
ord561
ord815
ord3733
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord4282
ord3312
ord4279
ord927
ord940
ord536
ord3991
ord6896
ord1662
ord5949
ord3281
ord4197
ord3296
ord2644
ord3993
ord6898
ord6003
ord2293
ord6865
ord941
ord2755
ord3871
ord616
ord693
ord3635
ord3365
ord4396
ord2574
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord3221
ord683
ord3626
ord2637
ord3397
ord2371
ord2078
ord535
ord2810
ord2859
ord4294
ord2606
ord1230
ord2144
ord4270
ord567
ord2910
ord5568
ord818
ord3737
ord4847
ord6278
ord6279
ord6451
ord4704
ord924
ord922
ord858
ord925
ord4155
ord3087
ord6195
ord6211
ord2634
ord6330
ord5977
ord2809
ord1197
ord823
ord1165
ord538
ord1196
ord4229
ord2362
ord2294
ord825
ord2406
ord795
ord3658
ord5261
ord3621
ord4418
ord5286
ord1768
ord6051
ord324
ord540
ord861
ord641
ord800
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4370
ord1644
ord1569

msvcrt

sprintf
iswalpha
_wcsupr
wcschr
_snwprintf
iswdigit
wcsncmp
wcscat
fread
memmove
strtol
wcstol
wcstoul
sscanf
strtod
wcsstr
wcstod
swscanf
wcscmp
_wsetlocale
_wcsnicmp
realloc
wcsrchr
swprintf
_wtoi
time
wcslen
_itow
malloc
wcsncpy
free
_wfopen
fwrite
fclose
fwprintf
iswcntrl
isspace
strtoul
_ftol
wcscpy
_wcsicmp
__CxxFrameHandler
_strupr
memset
memcpy
fopen
fgets
strstr
memcmp
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp

kernel32

LocalFree
TerminateThread
CloseHandle
CreateThread
WaitForSingleObject
GetProcAddress
LoadLibraryW
GetVersionExW
MultiByteToWideChar
GetCurrentThread
GetCurrentThreadId
LocalAlloc
LockResource
SizeofResource
LoadResource
FindResourceW
GetFullPathNameW
FindClose
FindNextFileW
GetDiskFreeSpaceExW
lstrlenW
FormatMessageW
GetModuleHandleW
CopyFileW
GetTempPathW
DeleteFileW
GetPrivateProfileStringW
LoadLibraryExW
FreeLibrary
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
WideCharToMultiByte
GetTempFileNameW
GetUserDefaultLangID
GetCurrentProcessId
GetLastError
CreateMutexW
GetShortPathNameW
GetModuleFileNameW
SetEvent
GetCurrentProcess
Beep
SetCurrentDirectoryW
GetCurrentDirectoryW
ResumeThread
ReadFile
CreateProcessW
SetHandleInformation
CreatePipe
TerminateProcess
WriteFile
Sleep
InterlockedExchange
CreateFileMappingW
GetLocaleInfoW
GetFileAttributesExW
CreateDirectoryW
VerLanguageNameW
GetModuleHandleExW
GetStartupInfoW
CreateEventW
FindFirstFileW

user32

PtInRect
ScreenToClient
ShowWindow
GetSubMenu
SystemParametersInfoW
PeekMessageW
PostQuitMessage
GetMenuItemID
LoadMenuW
GetMenuStringW
ModifyMenuW
CheckMenuItem
EnableMenuItem
DeleteMenu
SetMenuDefaultItem
GetSysColor
GetDlgItem
GetClipCursor
DrawTextW
DrawFrameControl
IsWindow
IsIconic
DefWindowProcW
IsChild
GetGUIThreadInfo
GetKeyNameTextW
MapVirtualKeyW
RegisterHotKey
UnregisterHotKey
AdjustWindowRectEx
GetCapture
GetMenuItemCount
SetForegroundWindow
IsWindowEnabled
BringWindowToTop
AttachThreadInput
MessageBeep
DrawFocusRect
CallWindowProcW
SetWindowLongW
LoadIconW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
IsZoomed
ClientToScreen
LockWorkStation
MonitorFromWindow
GetMonitorInfoW
SetRect
FillRect
ExitWindowsEx
GetForegroundWindow
GetWindowThreadProcessId
SetWindowPos
GetAsyncKeyState
SetCursor
GetDC
UpdateLayeredWindow
ReleaseDC
OffsetRect
ReleaseCapture
SetCapture
GetCursorPos
EqualRect
EnableWindow
PostMessageW
wsprintfW
GetDesktopWindow
SendMessageW
GetSystemMetrics
LoadCursorW
SetTimer
SetRectEmpty
KillTimer
CopyRect
GetParent
IsRectEmpty
IntersectRect
GetWindowRect
InflateRect
SendNotifyMessageW
InvalidateRect
IsWindowVisible
RedrawWindow
GetClientRect
GetWindow
ClipCursor
DestroyCursor

gdi32

SetStretchBltMode
GetTextExtentPoint32W
SetBkMode
CreateCompatibleDC
CreateDIBSection
StretchBlt
SetTextColor
CreateFontIndirectW
GetObjectW
RemoveFontResourceExW
AddFontResourceExW
CreateSolidBrush
CreatePen
SelectObject
Ellipse
DeleteObject
GetDeviceCaps
CreateDCW
BitBlt
DeleteDC
GetStockObject

advapi32

FreeSid
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenThreadToken
ImpersonateSelf
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
InitializeAcl
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ord190
ShellExecuteW
ShellExecuteExW
ord155
SHFileOperationW
SHGetSpecialFolderLocation
SHGetFolderPathW
SHGetPathFromIDListW
DragQueryFileW
SHGetDesktopFolder
ord16
Shell_NotifyIconW

ole32

ReleaseStgMedium
OleInitialize
CoTaskMemFree
CoCreateInstance
OleUninitialize
CoUninitialize
CoInitializeEx
CoInitialize

oleaut32

SysFreeString
VariantClear
SysAllocString

urlmon

URLDownloadToCacheFileW

winmm

timeGetTime

gdiplus

GdipDrawCurveI
GdipGetPenWidth
GdipSetPenMiterLimit
GdipSetPenLineJoin
GdipSetPenEndCap
GdipDrawEllipseI
GdipDrawRectangleI
GdipCreateAdjustableArrowCap
GdipDeleteCustomLineCap
GdipSetPenStartCap
GdipSetPenCustomEndCap
GdipDrawLineI
GdipCreatePen1
GdipCreatePath
GdipGetFamily
GdipGetFontSize
GdipSetCompositingMode
GdipCreateFont
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDrawPath
GdipFillPath
GdipDeletePath
GdipDeleteFontFamily
GdipDeleteBrush
GdipDeletePen
GdipCreateFromHDC
GdipCreateFontFromLogfontW
GdipCreateFontFromDC
GdipCreateStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipMeasureString
GdipGetFontStyle
GdipAddPathEllipse
GdipDeleteStringFormat
GdipDeleteFont
GdipDeleteGraphics
GdipFree
GdipAlloc
GdipCloneBrush
GdipFillEllipse
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipAddPathStringI
GdipCreateSolidFill

shlwapi

PathIsRootW
PathIsUNCW
PathFileExistsW
SHDeleteKeyW
StrRetToBufW
PathRemoveBackslashW
PathRenameExtensionW
PathAddExtensionW
PathIsFileSpecW
PathRemoveExtensionW
PathRemoveFileSpecW
PathAddBackslashW
PathCanonicalizeW
PathRemoveBlanksW
PathAppendW
PathFindExtensionW
PathFindFileNameW

scnlib

ScnLib_IsPaused
ScnLib_GetCaptureRegion
ScnLib_SetInGameOverlayPosition
ScnLib_ShowInGameOverlay
ScnLib_EnableGameCaptureMode
ScnLib_IsGameCaptureModeEnabled
ScnLib_SetLicenseW
ScnLib_GetLogPathW
ScnLib_ConfigureSettings
ScnLib_GetSelectedWebcamDevice
ScnLib_SelectWebcamDevice
ScnLib_ZoomInScreen
ScnLib_RecordAudioSource
ScnLib_RecordCursor
ScnLib_IsRecordAudioSource
ScnLib_AddCursorEffects
ScnLib_SetCaptureRegion
ScnLib_GetCaptureRegionFrameWnd
ScnLib_ShowCaptureRegionFrame
ScnLib_InitializeW
ScnLib_Uninitialize
ScnLib_GetAudioBitrate
ScnLib_PreviewVideo
ScnLib_PreviewWebcam
ScnLib_SetLogPathW
ScnLib_DeleteSettingsW
ScnLib_LoadSettingsW
ScnLib_SaveSettingsW
ScnLib_RecoverVideoFileW
ScnLib_GetAudioPathW
ScnLib_GetVideoPathW
ScnLib_IsCursorUnscaled
ScnLib_IsRecordCursor
ScnLib_IsRecordWebcamOnly
ScnLib_GetWebcamPreviewWnd
ScnLib_GetVideoPreviewWnd
ScnLib_GetZoomRatio
ScnLib_GetCursorEffects
ScnLib_GetVideoFrameRate
ScnLib_GetVideoRecoveryProgress
ScnLib_GetRecTime
ScnLib_GetRecTimeW
ScnLib_ConfigureAudioSourceDevices
ScnLib_StartRecording
ScnLib_EnableVideoRecovery
ScnLib_ShowCountdownBox
ScnLib_StopRecording
ScnLib_SetCaptureWnd
ScnLib_SelectCaptureRegion
ScnLib_PauseRecording
ScnLib_ResumeRecording
ScnLib_TakeScreenshotW
ScnLib_IsRecording
ScnLib_RecordWebcamOnly
ScnLib_SetCursorUnscaled

htmlayout

ValueBinaryData
HTMLayoutSendEvent
HTMLayoutDataReady
HTMLayoutProcND
HTMLayoutVisitElements
HTMLayoutGetFocusElement
HTMLayoutGetRootElement
HTMLayoutSetCallback
HTMLayoutWindowAttachEventHandler
HTMLayoutSetCSS
HTMLayoutLoadHtml
HTMLayoutGetStyleAttribute
HTMLayoutSetCapture
ValueStringDataSet
HTMLayoutCallBehaviorMethod
HTMLayoutUpdateElement
HTMLayoutIsElementVisible
HTMLayoutGetElementHwnd
HTMLayoutGetElementState
HTMLayoutGetElementLocation
ValueStringData
ValueToString
HTMLayoutSetStyleAttribute
HTMLayoutSetElementInnerText16
HTMLayoutSetElementState
HTMLayoutGetElementInnerTextCB
HTMLayoutControlGetValue
ValueCopy
HTMLayoutGetAttributeByName
ValueIntData
ValueInit
ValueIntDataSet
HTMLayoutControlSetValue
ValueClear
HTMLayout_UseElement
HTMLayoutSetAttributeByName
HTMLayoutUpdateElementEx
HTMLayout_UnuseElement

d3d9

Direct3DCreate9

dinput

DirectInputCreateW

crypt32

CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject

wintrust

WinVerifyTrust

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 624KB - Virtual size: 623KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 368KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62bac0b42fcce37d56539f31df4aa724

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

winmm

gdiplus

shlwapi

scnlib

htmlayout

d3d9

dinput

crypt32

wintrust

version

Sections

.text Size: 624KB - Virtual size: 623KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 16KB - Virtual size: 31KB

.eh_fram Size: 48KB - Virtual size: 45KB

.rsrc Size: 368KB - Virtual size: 364KB

.text
Size: 624KB - Virtual size: 623KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 16KB - Virtual size: 31KB

.eh_fram
Size: 48KB - Virtual size: 45KB

.rsrc
Size: 368KB - Virtual size: 364KB