72d3eea8dae999596f79b0aef2d8ba8f1c1a47633809db34158e53ed7eb1b48f

Sharing

Copy URL

Twitter E-mail

General

Target

72d3eea8dae999596f79b0aef2d8ba8f1c1a47633809db34158e53ed7eb1b48f
Size

8.0MB
MD5

1df2e3f5b6b4ab7b9624d24786c13418
SHA1

946f6d664b691a8924b3a842303d1eca16448380
SHA256

72d3eea8dae999596f79b0aef2d8ba8f1c1a47633809db34158e53ed7eb1b48f
SHA512

042babb37047fd743f44c85210cb4a11965a82bd264372c94b96e460e8ffa87418c06f73be2b4d6156a3c23382b6613885eb3d0441b1d17907b3cc5a9d4d10ac
SSDEEP

196608:G16TAZIPhQ2QKVWsHLI1bK2Q+7u/A/tinN0vV4Y:G17IPKTKcV1nQ+7u/A/tiWV4Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72d3eea8dae999596f79b0aef2d8ba8f1c1a47633809db34158e53ed7eb1b48f

Files

72d3eea8dae999596f79b0aef2d8ba8f1c1a47633809db34158e53ed7eb1b48f
.exe windows:6 windows x86 arch:x86

fcdd3fdc1e2114987800aa8b22795cb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

uxtheme

SetWindowTheme

kernel32

GetTickCount64
GetSystemDefaultLangID
FindResourceExW
LockResource
CreateMutexA
CompareFileTime
WritePrivateProfileSectionW
CreateThread
TerminateThread
SetThreadUILanguage
GetThreadUILanguage
GetCommandLineA
CreateDirectoryA
CreateFileA
DeleteFileA
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileAttributesW
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointerEx
GetTempPathA
GetTempFileNameA
OpenEventA
OpenEventW
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
GetPrivateProfileIntA
WritePrivateProfileStringA
CopyFileA
MoveFileExA
EnumSystemGeoID
QueryDosDeviceW
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
GetLocalTime
VirtualQuery
FlushViewOfFile
OpenFile
GetOEMCP
SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalSize
SetFileTime
WaitForSingleObjectEx
lstrcpynW
GetLocaleInfoEx
FreeResource
ExpandEnvironmentStringsW
K32GetModuleFileNameExW
K32GetMappedFileNameW
SetUnhandledExceptionFilter
SetErrorMode
GetSystemInfo
OpenMutexW
IsBadStringPtrA
GetExitCodeThread
OpenFileMappingW
WaitForSingleObject
ReleaseMutex
FormatMessageA
QueueUserWorkItem
WritePrivateProfileStringW
GetFileInformationByHandle
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
MapViewOfFile
CreateFileMappingW
WriteFile
FormatMessageW
Sleep
MoveFileExW
TryEnterCriticalSection
EncodePointer
ResetEvent
LockFileEx
UnlockFile
HeapCompact
GetDiskFreeSpaceA
HeapValidate
UnlockFileEx
GetFullPathNameA
LockFile
OutputDebugStringA
SwitchToThread
GetFullPathNameW
HeapCreate
AreFileApisANSI
GetWindowsDirectoryW
GetExitCodeProcess
OpenMutexA
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetSystemTimeAsFileTime
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
LCIDToLocaleName
LocaleNameToLCID
lstrcmpW
GlobalFree
GlobalAlloc
OpenFileMappingA
CreateFileMappingA
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemDirectoryW
GlobalMemoryStatusEx
GetLogicalDriveStringsW
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
CreateEventA
SystemTimeToFileTime
UnmapViewOfFile
FileTimeToSystemTime
CopyFileW
SetLastError
GetTempPathW
SetFilePointer
RemoveDirectoryW
ReadFile
GetTempFileNameW
GetShortPathNameW
GetFileSize
GetFileAttributesExW
GetDriveTypeW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
WideCharToMultiByte
lstrlenW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetUserGeoID
GetGeoInfoW
LocalFree
LoadLibraryW
IsWow64Process
IsProcessInJob
ReadProcessMemory
GetVersionExW
GetProcessId
CreateProcessW
GetCurrentThread
GetCurrentProcess
IsDebuggerPresent
GetLongPathNameW
SetEnvironmentVariableW
GetEnvironmentVariableW
OpenProcess
TerminateProcess
GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntW
lstrlenA
GetTickCount
WaitForMultipleObjects
CreateEventW
CreateMutexW
SetEvent
CloseHandle
MultiByteToWideChar
IsBadReadPtr
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
TlsFree
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
GetSystemTime
GetLastError
GetStartupInfoW
GetUserDefaultLCID
FileTimeToLocalFileTime
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
RaiseException
DecodePointer
GetCommandLineW
GetDiskFreeSpaceW

user32

GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW
CharNextW
PostQuitMessage
GetShellWindow
GetWindowThreadProcessId
SendMessageW
PostMessageW
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
SetTimer
GetWindowLongW
SetWindowLongW
LoadCursorW
PostThreadMessageW
LoadStringW
SendMessageTimeoutA
GetPropA
MessageBoxW
IsWindow
InflateRect
FillRect
InvalidateRect
EndPaint
BeginPaint
IsIconic
GetWindow
EnumWindows
GetWindowTextW
ShowWindow
MoveWindow
IsWindowVisible
CreateDialogIndirectParamW
GetDlgItem
GetSystemMetrics
SetWindowTextW
GetWindowRect
DefDlgProcW
MonitorFromWindow
GetMonitorInfoW
WaitForInputIdle
RegisterWindowMessageW
RegisterClassW
GetPropW
GetDesktopWindow
FindWindowExW
SendMessageA
SetWindowPos
FindWindowExA
PeekMessageW
wvsprintfW
FindWindowW
CallWindowProcW
SendMessageTimeoutW
LoadImageW
GetClientRect
DrawTextW
DialogBoxParamW
ChangeWindowMessageFilterEx
SetCursor
MessageBoxExW
SetWindowTextA
SetPropW
SetPropA
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
SetFocus
GetClassInfoExW
CreateDialogParamW
BringWindowToTop
AttachThreadInput
MonitorFromPoint
GetCursorPos
ReleaseDC
GetDC
LoadIconW
EnumThreadWindows
GetParent
KillTimer
EndDialog
wsprintfW

gdi32

SetTextColor
SelectObject
GetTextExtentPoint32W
DeleteObject
GetDeviceCaps
CreateFontIndirectW
GetStockObject
CreateSolidBrush

shell32

ShellExecuteExA
SHGetPathFromIDListA
SHGetPathFromIDListW
ShellExecuteExW
CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderLocation
ShellExecuteW

ole32

CreateBindCtx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoCreateGuid
CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr

advapi32

StartServiceW
QueryServiceStatus
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertSidToStringSidW
RegDeleteTreeW
RegDeleteTreeA
RegSetValueExA
RegSetValueW
RegSetValueA
RegQueryValueExA
RegQueryValueW
RegQueryValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyW
RegOpenKeyA
RegFlushKey
RegEnumValueW
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptExportKey
CryptGetUserKey
CryptDestroyKey
CryptDeriveKey
CryptGenKey
LookupAccountSidW
GetUserNameW
GetNamedSecurityInfoW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RevertToSelf
MapGenericMask
ImpersonateSelf
GetFileSecurityW
AccessCheck
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
CreateProcessWithTokenW
SetTokenInformation
SetFileSecurityW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorSacl
GetLengthSid
FreeSid
EqualSid
DuplicateTokenEx
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
CreateProcessAsUserW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW

shlwapi

StrStrIW
PathBuildRootW
PathFileExistsW
PathGetDriveNumberW
PathFileExistsA
SHDeleteKeyA
SHDeleteKeyW
StrChrIW
StrStrW
PathAppendW
PathFindFileNameW

comctl32

InitCommonControlsEx

urlmon

UrlMkSetSessionOption
ObtainUserAgentString
CoInternetParseUrl
RegisterBindStatusCallback
CreateURLMoniker

authz

AuthzAccessCheck
AuthzInitializeResourceManager
AuthzFreeResourceManager
AuthzFreeContext
AuthzInitializeContextFromToken

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

crypt32

CertFreeCertificateContext
CertGetNameStringW
CryptVerifyMessageSignature
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptProtectData
CryptUnprotectData
CertComparePublicKeyInfo

wininet

HttpQueryInfoW
InternetErrorDlg
InternetConnectA
HttpQueryInfoA
InternetQueryOptionW
InternetQueryOptionA
InternetReadFileExW
InternetReadFileExA
InternetSetOptionA
HttpSendRequestW
HttpSendRequestA
HttpOpenRequestW
HttpOpenRequestA
InternetSetOptionW
HttpAddRequestHeadersW
InternetReadFile
InternetConnectW
InternetCrackUrlA
InternetCrackUrlW
InternetOpenA
InternetOpenW
InternetCloseHandle

imagehlp

ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader

msdelta

ApplyDeltaW

winspool.drv

GetPrinterDriverDirectoryW

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 332KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 908KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fcdd3fdc1e2114987800aa8b22795cb3

Headers

DLL Characteristics

File Characteristics

Imports

uxtheme

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

comctl32

urlmon

authz

version

wintrust

crypt32

wininet

imagehlp

msdelta

winspool.drv

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 332KB - Virtual size: 380KB

.rsrc Size: 203KB - Virtual size: 202KB

.reloc Size: 908KB - Virtual size: 912KB

.text
Size: 5.4MB - Virtual size: 5.4MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 332KB - Virtual size: 380KB

.rsrc
Size: 203KB - Virtual size: 202KB

.reloc
Size: 908KB - Virtual size: 912KB