968561593a3b8c6b1045b79aa3cf39453cf3a9f019521d3b7ce883bc23a019ac

Sharing

Copy URL Twitter E-mail

General

Target

968561593a3b8c6b1045b79aa3cf39453cf3a9f019521d3b7ce883bc23a019ac
Size

11.2MB
MD5

4845e0ad6ba83952b55c41c029398a63
SHA1

a74acb81d832b662af64c624a7be4b82c3f3af4f
SHA256

968561593a3b8c6b1045b79aa3cf39453cf3a9f019521d3b7ce883bc23a019ac
SHA512

14fd3cc423158fe87b886be51982c0693f36ce1aea9efaf6b60af304754bd28bc1d7ba136ca00051d1649b8e048b2278759f2d72523ec66cf82fa8f71cfd03cd
SSDEEP

196608:uye3SGP6YzHZY78DDRx+vm3c0cX643Damhzk5LamaL:wiGP6YzHS7gD353l43Damhzk5Lama

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
968561593a3b8c6b1045b79aa3cf39453cf3a9f019521d3b7ce883bc23a019ac

Files

968561593a3b8c6b1045b79aa3cf39453cf3a9f019521d3b7ce883bc23a019ac
.dll windows:6 windows x86 arch:x86

129275c20fe7705a604580473790c8de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

comctl32

ord17

kernel32

GetTickCount
GetLastError
Sleep
CloseHandle
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
CreateThread
GetExitCodeThread
VirtualProtect
GetCurrentProcess
GetCurrentThread
GetLocalTime
ReadProcessMemory
TerminateThread
GetModuleFileNameA
GetCurrentThreadId
GetPrivateProfileSectionA
DeleteFileA
CreateDirectoryA
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
InitializeCriticalSection
MapViewOfFile
FlushFileBuffers
SuspendThread
K32GetProcessMemoryInfo
GetThreadContext
SetProcessWorkingSetSize
SetUnhandledExceptionFilter
SizeofResource
FindFirstFileA
FindNextFileA
FindResourceA
FindClose
GetSystemDirectoryA
LockResource
LoadResource
ResumeThread
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualQuery
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventA
InitializeCriticalSectionEx
SwitchToThread
lstrlenA
lstrcpyA
CreateFileMappingA
MapViewOfFileEx
ResetEvent
SetEvent
GetNativeSystemInfo
LoadLibraryExA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
Module32Next
LeaveCriticalSection
EnterCriticalSection
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
QueryPerformanceCounter
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
CreateFileMappingW

user32

GetSystemMetrics
GetWindow
GetTopWindow
LoadIconA
wsprintfA
GetWindowTextA
SetFocus
UnregisterHotKey
GetKeyNameTextA
GetAsyncKeyState
RegisterHotKey
MoveWindow
EnableWindow
LoadMenuA
SetClipboardData
GetClipboardData
TrackPopupMenu
GetSubMenu
DestroyMenu
PtInRect
SetTimer
KillTimer
SetDlgItemInt
SetWindowPos
SendDlgItemMessageA
GetWindowRect
IsWindowVisible
SetWindowLongA
CallWindowProcA
IsWindowEnabled
GetWindowThreadProcessId
GetMessageA
DispatchMessageA
EnumChildWindows
GetClassNameA
IsDialogMessageA
TranslateMessage
CreateDialogParamA
EndDialog
SetWindowTextA
GetParent
IsDlgButtonChecked
SendMessageA
GetDlgItemInt
GetDlgItem
CheckDlgButton
ShowWindow
PostQuitMessage
DialogBoxParamA
GetDlgItemTextA
GetWindowLongA
MessageBoxA
SetDlgItemTextA
GetKeyState
LoadCursorA
ScreenToClient
ClientToScreen
GetForegroundWindow
SetCursor
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
GetClientRect

comdlg32

GetOpenFileNameA

advapi32

AdjustTokenPrivileges
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow

msvcp140

?c_str@?$_Yarn@D@std@@QBEPBDXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
_Mtx_unlock
_Thrd_id
_Strcoll
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Strxfrm
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?is@?$ctype@D@std@@QBE_NFD@Z
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z

ws2_32

WSASetLastError
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
WSACloseEvent
ioctlsocket
getnameinfo
setsockopt
WSAGetLastError
inet_addr
send
socket
ntohs
connect
freeaddrinfo
getsockopt
recv
getpeername
WSAStartup
getaddrinfo
getsockname
htons
WSAIoctl
WSAAsyncSelect
WSACleanup
__WSAFDIsSet
closesocket
select
shutdown
WSASocketW

dbghelp

SymFunctionTableAccess64
SymInitialize
StackWalk64
SymGetSymFromAddr64
SymCleanup
SymGetModuleBase64

winmm

mciGetErrorStringA
mciSendCommandA

mfc140

ord2381
ord2383
ord2387

vcruntime140

memcmp
_setjmp3
__CxxFrameHandler3
__std_type_info_destroy_list
_CxxThrowException
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
longjmp
memset
memcpy
strrchr
strchr
__std_exception_copy
__std_exception_destroy
_purecall
strstr
memchr
memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
fread
fopen_s
fputs
__stdio_common_vsprintf
_wfopen
tmpnam
fwrite
__stdio_common_vfprintf
fseek
fclose
fflush
feof
ungetc
getc
fopen
clearerr
_pclose
tmpfile
setvbuf
__stdio_common_vfscanf
_popen
fgets
ferror
freopen
__acrt_iob_func
ftell
__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

strncat
toupper
islower
ispunct
isxdigit
isupper
strpbrk
strcoll
strncpy_s
isdigit
isspace
strcspn
strcpy_s
strncpy
isalpha
isalnum
_stricmp
strncmp
strcat_s
tolower
iscntrl

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-heap-l1-1-0

calloc
realloc
free
malloc
_callnewh
_recalloc
_msize

api-ms-win-crt-convert-l1-1-0

atoi
atol
strtod
strtol
strtoull
strtoul
atoll

api-ms-win-crt-runtime-l1-1-0

terminate
_configure_narrow_argv
_endthreadex
_beginthreadex
system
_invalid_parameter_noinfo
_errno
_initialize_onexit_table
strerror
_register_onexit_function
_execute_onexit_table
_crt_atexit
exit
_cexit
_initterm
_initterm_e
_initialize_narrow_environment
_seh_filter_dll
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-time-l1-1-0

_difftime64
clock
_mktime64
_localtime64_s
_time64
strftime
_gmtime64
_localtime64

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

rename
remove

api-ms-win-crt-math-l1-1-0

floor
ceil
_libm_sse2_tan_precise
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
frexp
_libm_sse2_pow_precise
ldexp
_libm_sse2_log_precise
modf
_libm_sse2_log10_precise
_libm_sse2_exp_precise
_CIatan2
_CIcosh
_CIfmod
_libm_sse2_cos_precise
_libm_sse2_atan_precise
_libm_sse2_asin_precise
_libm_sse2_acos_precise
_CItanh
_except1
_CIsinh

api-ms-win-crt-multibyte-l1-1-0

_mbscmp

Exports

Exports

?aliFont@@YAPAXXZ

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

129275c20fe7705a604580473790c8de

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

comctl32

kernel32

user32

comdlg32

advapi32

shell32

imm32

msvcp140

ws2_32

dbghelp

winmm

mfc140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 37KB - Virtual size: 42KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 92B

.rsrc Size: 7.6MB - Virtual size: 7.6MB

.reloc Size: 53KB - Virtual size: 53KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 37KB - Virtual size: 42KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 92B

.rsrc
Size: 7.6MB - Virtual size: 7.6MB

.reloc
Size: 53KB - Virtual size: 53KB