ed4d2dc273c514534c33264d2f0144c6796f36652412c49dc82df18ec3ff2ff9

Sharing

Copy URL

Twitter E-mail

General

Target

ed4d2dc273c514534c33264d2f0144c6796f36652412c49dc82df18ec3ff2ff9
Size

3.8MB
MD5

324bd7763f46a90d4f55932c1d9252c3
SHA1

0c21b6ecd476e408374959e1448c6617ddf380e0
SHA256

ed4d2dc273c514534c33264d2f0144c6796f36652412c49dc82df18ec3ff2ff9
SHA512

132d6d6cbe2342008fef84696ea1e1ebc9bc19e5a589027c992ce7c1cc9b56461b2cdb6daee734a609ae76dee7d69af9b8a56ca10a2a7d9b8d56ec54ed2cb79f
SSDEEP

98304:S98oB054pnlAlOeOONTw43gi67Q5iryIRl0xlvJOtBaqr:S98356CXT870oHzKAaqr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed4d2dc273c514534c33264d2f0144c6796f36652412c49dc82df18ec3ff2ff9

Files

ed4d2dc273c514534c33264d2f0144c6796f36652412c49dc82df18ec3ff2ff9
.exe windows:5 windows x86 arch:x86

ce987fd65379c21773bff4f14c492796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
StrToIntW
StrCmpIW
StrStrIA
StrTrimA
StrCmpNIW
PathFindExtensionW
PathFileExistsW
PathCombineW
PathAppendW
wnsprintfW
wnsprintfA
wvnsprintfW
PathIsDirectoryW
PathStripToRootW
StrStrIW
PathIsPrefixW
SHGetValueA
SHSetValueA
StrCmpW
PathIsRelativeW
PathRelativePathToW
SHDeleteKeyW
PathRemoveFileSpecW
SHDeleteValueW
SHGetValueW
SHSetValueW
StrToInt64ExW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipDrawImagePointRectI
GdiplusStartup
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipSetTextRenderingHint
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdiplusShutdown
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipCreateImageAttributes
GdipCreateSolidFill
GdipDeleteBrush
GdipGetImageHeight
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipCreateFromHDC
GdipDeleteGraphics

kernel32

CreateMutexW
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
CreateProcessW
GetStartupInfoW
FindResourceW
FindResourceExW
GetSystemDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetCommandLineW
GetWindowsDirectoryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
GetFileSize
WriteFile
ReadFile
FlushFileBuffers
CreateFileW
DeviceIoControl
lstrcmpA
lstrcmpiA
CreateFileA
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
ExitProcess
GetACP
GetStringTypeW
GetFileType
LCMapStringW
lstrcmpiW
WaitForSingleObjectEx
FindFirstFileExW
IsValidCodePage
lstrlenA
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
WriteConsoleW
GetFileAttributesW
lstrcmpW
GetSystemTime
MulDiv
CloseHandle
FindClose
SizeofResource
LoadResource
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SetEndOfFile
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
GetExitCodeProcess
GlobalAddAtomW
Sleep
TerminateThread
GetPrivateProfileStringW
LocalAlloc
GetSystemInfo
ResetEvent
CreateDirectoryW
GetTempFileNameW
WritePrivateProfileStringW
FormatMessageW
CopyFileW
ReleaseMutex
GlobalMemoryStatusEx
GetFileAttributesExW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
SetFilePointer
WaitForMultipleObjects
GetExitCodeThread
MoveFileExW
MoveFileW
SetFileAttributesW
GetLocalTime
GetFileSizeEx
GlobalFree
GetTickCount
GetFullPathNameW
RemoveDirectoryW
GetDiskFreeSpaceExW
GetTempPathW
GetDriveTypeW
GetLogicalDriveStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFindAtomW
GlobalDeleteAtom
OpenProcess
GetLongPathNameW
CreateEventW
SetEvent
lstrlenW
GetOEMCP
InterlockedExchange
SetFileTime
DecodePointer
InterlockedIncrement
EnterCriticalSection
InitializeCriticalSection
SetErrorMode
SetLastError
GetLastError
GetCurrentThreadId
RaiseException
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
lstrcpynW
FreeLibrary
LockResource

user32

GetCursorPos
TrackPopupMenu
LoadImageW
MonitorFromPoint
CopyRect
PtInRect
UpdateWindow
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
UnhookWinEvent
SetWinEventHook
MessageBoxW
SystemParametersInfoW
wsprintfW
SetCursor
SetWindowRgn
OffsetRect
AppendMenuW
UpdateLayeredWindow
SetRect
IsRectEmpty
WaitForInputIdle
SendMessageTimeoutW
GetWindowThreadProcessId
FindWindowExW
PostThreadMessageW
EndDialog
DialogBoxParamW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
DestroyWindow
ShowWindow
MoveWindow
SetWindowPos
DestroyMenu
CreatePopupMenu
GetSystemMetrics
KillTimer
SetTimer
IsIconic
ShowWindowAsync
PostQuitMessage
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetClassNameW
FindWindowW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
MapWindowPoints
ScreenToClient
ClientToScreen
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
BringWindowToTop
IsWindowVisible

gdi32

RestoreDC
GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
SetViewportOrgEx
CreateCompatibleBitmap
BitBlt
GetCurrentObject
CreateFontW
EnumFontFamiliesW
ExtTextOutW
CombineRgn
CreateRectRgn
SetTextColor
SaveDC
SetBkColor
CreateCompatibleDC
SetBkMode
CreateFontIndirectW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
GetTokenInformation
LookupAccountSidW
DeleteAce
EqualSid
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTrusteeNameW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetUserNameW
LookupAccountNameW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHFileOperationW
SHLoadInProc
Shell_NotifyIconW
ord165
ord75
SHCreateDirectoryExW
ShellExecuteW
SHGetSpecialFolderPathW
CommandLineToArgvW
ord680
SHChangeNotify

ole32

CoInitialize
CoCreateGuid
OleRun
CoUninitialize
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance

oleaut32

SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysFreeString

urlmon

URLDownloadToCacheFileW

psapi

EnumProcesses
GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSetCredentials
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable

iphlpapi

GetAdaptersInfo

setupapi

SetupIterateCabinetW

Sections

.text
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce987fd65379c21773bff4f14c492796

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

comctl32

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

psapi

version

winhttp

iphlpapi

setupapi

Sections

.text Size: 471KB - Virtual size: 470KB

.rdata Size: 227KB - Virtual size: 227KB

.data Size: 16KB - Virtual size: 24KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 471KB - Virtual size: 470KB

.rdata
Size: 227KB - Virtual size: 227KB

.data
Size: 16KB - Virtual size: 24KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 28KB - Virtual size: 28KB