7f17b9b7684cfb2ed6251e7acdc8c3bbe46fa62783adb38f936e5697c313ff27

Sharing

Copy URL Twitter E-mail

General

Target

7f17b9b7684cfb2ed6251e7acdc8c3bbe46fa62783adb38f936e5697c313ff27
Size

3.0MB
MD5

32fbb302e2b94686e1a75b368bb00836
SHA1

ac492777d65220b0627acd0ca2cf0ea5674f01d7
SHA256

7f17b9b7684cfb2ed6251e7acdc8c3bbe46fa62783adb38f936e5697c313ff27
SHA512

e33f57d5566f84d53e8aa59e7298f82423453f1baeed1de71bf3cab3aac7453e2b69fc67b45402dc5d5d3076fec58c7ce1dbaad5388dabc6acedc9198d74f2a5
SSDEEP

24576:Ncb2UKcmIZ6Bnd+RV1TERXfbcLU5GDGPU95BuwFv+diaC8/ZQD:kYeSo1Tk0DGPU9V4Y8mD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f17b9b7684cfb2ed6251e7acdc8c3bbe46fa62783adb38f936e5697c313ff27

Files

7f17b9b7684cfb2ed6251e7acdc8c3bbe46fa62783adb38f936e5697c313ff27
.exe windows:6 windows x64 arch:x64

8629162cd6e2fcc379ae99de6a115f4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetWindowsDirectoryW
GetTickCount
InitializeCriticalSection
ReleaseMutex
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
GetDateFormatW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
EnumResourceLanguagesW
MulDiv
GetEnvironmentVariableW
CompareStringW
lstrcpyW
SetLastError
FindAtomW
AddAtomW
lstrcmpW
DeleteAtom
GlobalFree
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalAlloc
GetVersionExW
InitializeCriticalSectionEx
IsBadReadPtr
lstrcatW
VirtualQuery
FindResourceW
SizeofResource
LoadLibraryExW
GetSystemDefaultLangID
GetComputerNameW
DeleteFileW
TerminateThread
Sleep
WaitForSingleObject
OutputDebugStringA
DebugBreak
WriteFile
GetFileSize
FindNextFileW
FindFirstFileW
FindClose
lstrlenA
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
MultiByteToWideChar
lstrcmpiW
GetModuleHandleW
WideCharToMultiByte
VerifyVersionInfoW
CopyFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcpynW
GetLocalTime
CreateMutexW
ReadFile
VerSetConditionMask
lstrlenW
FormatMessageW
LocalFree
LoadResource
FindResourceExW
GetSystemTime
OpenProcess
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
CloseHandle
OutputDebugStringW
GetFileAttributesW
CreateFileW
CreateDirectoryW
LoadLibraryW
GetProcAddress
GetModuleFileNameW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DecodePointer
SetUnhandledExceptionFilter

user32

TranslateMessage
GetMessageW
GetMonitorInfoW
MonitorFromWindow
IsDialogMessageW
LoadImageW
DestroyIcon
LoadCursorW
GetWindow
DispatchMessageW
PeekMessageW
EnableWindow
SetPropW
GetPropW
CopyIcon
GetIconInfo
GetThreadDesktop
GetSysColor
UnregisterClassW
LoadStringW
wsprintfW
SendMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
DestroyWindow
wsprintfA
PostMessageW
CharNextW
WindowFromDC
GetDC
ReleaseDC
RemovePropW
GetWindowTextW
GetDesktopWindow
BeginPaint
EndPaint
FillRect
FindWindowExW
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowLongW
MapWindowPoints
ScreenToClient
SetCursor
MessageBoxW
GetWindowRect
GetClassNameW
IsWindow
DrawTextW
GetWindowDC
FrameRect
SetRect
SetRectEmpty
FindWindowW
DrawFrameControl
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindowVisible
IsIconic
IsZoomed
GetSystemMenu
UpdateWindow
SetWindowRgn
GetWindowRgn
RedrawWindow
AdjustWindowRectEx
ClientToScreen
OffsetRect
EqualRect
PtInRect
SetWindowLongW
GetClassLongPtrW
DrawIconEx
SystemParametersInfoW
GetNextDlgTabItem
GetCapture
ReleaseCapture
SetTimer
KillTimer
IsWindowEnabled
GetCursorPos
WindowFromPoint
ChildWindowFromPoint
DrawFocusRect
CopyRect
InflateRect
IsRectEmpty
SetCapture
CharLowerW
LoadBitmapW
ShowWindow
EnumDisplayMonitors
MonitorFromRect
MonitorFromPoint
IntersectRect
ChildWindowFromPointEx
LoadIconW
DestroyCursor
MoveWindow
SetWindowPos
CreateDialogIndirectParamW
DialogBoxIndirectParamW
EndDialog
GetDlgItem
GetDlgCtrlID
SetFocus
GetActiveWindow
GetFocus
GetSystemMetrics
InvalidateRect
SetWindowTextW
GetWindowTextLengthW
GetClientRect
CreateIconIndirect

gdi32

GetMapMode
GetRgnBox
GetTextExtentPoint32W
GetViewportExtEx
GetWindowExtEx
OffsetRgn
PatBlt
SetGraphicsMode
SetMapMode
SetPolyFillMode
StretchBlt
SetStretchBltMode
SetTextColor
GetTextMetricsW
SetWorldTransform
CreateDIBSection
GetBitmapBits
Polygon
SetViewportExtEx
SetWindowExtEx
EqualRgn
GetClipBox
GetObjectType
GetPixel
LPtoDP
SetWindowOrgEx
RoundRect
Rectangle
CreatePatternBrush
GetCurrentObject
GetDeviceCaps
GetTextExtentPointW
CreateDCW
ExtCreateRegion
CreatePen
CreateRectRgn
CreateBitmap
CombineRgn
SetBkMode
SetBkColor
CreateSolidBrush
SetViewportOrgEx
MoveToEx
SelectObject
SaveDC
RestoreDC
LineTo
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
GetObjectW
GetStockObject
DPtoLP
SetBrushOrgEx
CreateFontIndirectW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHAppBarMessage
SHGetPathFromIDListW

ole32

CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
OleRun
CoTaskMemAlloc
CoTaskMemRealloc
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantInit
SetErrorInfo
GetErrorInfo
CreateErrorInfo
OleLoadPicture
VarUI4FromStr
VariantChangeType
VariantClear
SysAllocString
SysFreeString

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW

comctl32

ImageList_DrawEx
ImageList_GetIconSize
_TrackMouseEvent
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_AddMasked
InitCommonControlsEx
ImageList_Draw

msimg32

AlphaBlend
TransparentBlt

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?rdstate@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?uncaught_exception@std@@YA_NXZ
?width@ios_base@std@@QEAA_J_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?width@ios_base@std@@QEBA_JXZ

wininet

InternetErrorDlg
HttpQueryInfoA
InternetCrackUrlA
InternetOpenA
HttpEndRequestW
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpSendRequestExA
InternetWriteFile
InternetQueryOptionA
HttpSendRequestA
InternetSetOptionA
HttpAddRequestHeadersA
HttpOpenRequestA

vcruntime140

memmove
memset
memcpy
__std_terminate
__std_exception_destroy
_CxxThrowException
__std_exception_copy
_purecall
wcsrchr
__C_specific_handler
wcsstr
memchr
memcmp
wcschr
strchr
__current_exception
__current_exception_context
__std_type_info_destroy_list

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_errno
_beginthreadex
abort
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
terminate
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_initterm
_crt_atexit
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
_get_wide_winmain_command_line
_configure_wide_argv
_initialize_wide_environment
_execute_onexit_table

api-ms-win-crt-heap-l1-1-0

_recalloc
malloc
free
_callnewh
_set_new_mode
calloc

api-ms-win-crt-convert-l1-1-0

_wtoi
atoi
atol
_wtol

api-ms-win-crt-string-l1-1-0

wcslen
wcsnlen
wcscpy_s
wcsncpy_s
wmemcpy_s
tolower
_strnicmp
strlen
iswdigit

api-ms-win-crt-filesystem-l1-1-0

_waccess

api-ms-win-crt-stdio-l1-1-0

fread
__stdio_common_vsprintf
_fseeki64
_set_fmode
fopen
fwrite
fclose
__stdio_common_vswprintf_s
__p__commode
_ftelli64
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s
__stdio_common_vsscanf
ferror

api-ms-win-crt-utility-l1-1-0

labs
qsort_s
srand
rand
abs

api-ms-win-crt-time-l1-1-0

_ftime64_s
_time64

api-ms-win-crt-math-l1-1-0

_finite
__setusermatherr
_isnan
modf
cos
sin

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8629162cd6e2fcc379ae99de6a115f4c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

msvcp140

wininet

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 578KB - Virtual size: 578KB

.rdata Size: 238KB - Virtual size: 238KB

.data Size: 10KB - Virtual size: 15KB

.pdata Size: 38KB - Virtual size: 38KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 578KB - Virtual size: 578KB

.rdata
Size: 238KB - Virtual size: 238KB

.data
Size: 10KB - Virtual size: 15KB

.pdata
Size: 38KB - Virtual size: 38KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 576KB - Virtual size: 580KB