4f02c4bad2215445cb74cc97c3cd2d1b

Sharing

Copy URL Twitter E-mail

General

Target

4f02c4bad2215445cb74cc97c3cd2d1b
Size

336KB
MD5

4f02c4bad2215445cb74cc97c3cd2d1b
SHA1

a9df999308d00230ed9aec74c8fc42b1a8052fb9
SHA256

77ee5108f38cf97412a00a525ad0cb8131a11b9a777a44a9f5c7ba524bad0415
SHA512

64a1f64d3ed523621a9cd79c900c38dc2f78526070fd3f4918fa06f949ce3687d9368cc26f18357aeb7688e5a2714a0dd52433296a337e7854bbb788d954d981
SSDEEP

6144:jwOWcI0FnhfDSk6oBN6LD+sgIU1kdlB8zHXHlG2qjYWJt:jjw0FnFTBsfjlBE3FG2qEWJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f02c4bad2215445cb74cc97c3cd2d1b

Files

4f02c4bad2215445cb74cc97c3cd2d1b
.exe windows:5 windows x86 arch:x86

3f7070e8b7705167480de5911e8619e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetGetJoinInformation
NetApiBufferFree

gdi32

SetTextAlign
GetDeviceCaps
Ellipse
GetClipBox
Polygon
CreateDCW
CreateSolidBrush
Rectangle
StretchDIBits
SetRectRgn
SetMapMode
RestoreDC
CreatePen
GetStockObject
GetTextExtentPointW
SetTextColor
CreateCompatibleBitmap
CreateBitmap
SetDIBColorTable
SetDCBrushColor
SetMetaFileBitsEx
GetPaletteEntries
CreateDIBSection
ExtSelectClipRgn
GetDIBColorTable
SetPolyFillMode
CreatePolygonRgn
MoveToEx
GetBrushOrgEx
OffsetClipRgn
SetBrushOrgEx
CreateDIBitmap
CreateRectRgnIndirect
GetRgnBox
UpdateColors
CreateRectRgn
CreateCompatibleDC
CreatePalette
CreateDIBPatternBrushPt
SetBitmapBits
GetTextAlign
SelectClipRgn
PatBlt
SetWindowOrgEx
SetBkMode
LPtoDP
SetROP2
SetWindowExtEx
DeleteMetaFile
CreateBrushIndirect
LineTo
CloseMetaFile
GetMetaFileBitsEx
BitBlt
SaveDC
GetObjectW
GetBkMode
RealizePalette
CombineRgn
OffsetRgn
GetNearestColor
StretchBlt
GdiDrawStream
CreateMetaFileW
GdiFlush
GetMapMode
SelectObject
FillRgn
GetCurrentObject
SetStretchBltMode
SelectPalette
CreatePatternBrush
DeleteDC
PlayMetaFile
SetBkColor
GetNearestPaletteIndex
DPtoLP
CreateFontIndirectW
FrameRgn
DeleteObject
SetViewportOrgEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

cryptui

CryptUIDlgViewCertificateW

iphlpapi

GetBestInterfaceEx

urlmon

CopyStgMedium

shlwapi

PathRemoveFileSpecW

winmm

waveOutWrite
waveOutGetPitch
waveOutSetVolume
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutGetVolume
waveOutReset
waveOutClose
waveOutOpen

kernel32

GetCurrentProcessId
QueueUserWorkItem
ClearCommError
LocalAlloc
CancelIo
GetFullPathNameW
VirtualQuery
GlobalUnlock
LocalFree
VirtualProtect
DeviceIoControl
HeapDestroy
GlobalDeleteAtom
GetTimeZoneInformation
VirtualFree
GetDriveTypeW
CreateSemaphoreW
Sleep
CreateDirectoryW
SizeofResource
InterlockedIncrement
GetCurrentProcess
SetCommState
lstrcpyW
FindResourceExW
RemoveDirectoryW
InterlockedCompareExchange
lstrcmpA
CloseHandle
LeaveCriticalSection
DeleteCriticalSection
GetFileInformationByHandle
OutputDebugStringW
GetUserDefaultUILanguage
GetOverlappedResult
LoadLibraryA
GetTempPathW
GetCurrentThreadId
FindResourceW
lstrlenW
GetComputerNameA
GlobalHandle
SetFileTime
GetModuleFileNameW
ReleaseSemaphore
BindIoCompletionCallback
FindFirstChangeNotificationW
UnmapViewOfFile
CreateFileMappingW
FindClose
GlobalLock
GetDefaultCommConfigW
GetSystemTimeAsFileTime
SetCommTimeouts
GetCommMask
TlsFree
GetProfileStringW
GetSystemTime
LockFile
SetFilePointer
LockResource
InitializeCriticalSection
InterlockedDecrement
DebugBreak
lstrlenA
ResumeThread
DeleteFileW
GetDiskFreeSpaceW
LoadLibraryExW
GetCommModemStatus
GetVolumeInformationW
Beep
GetSystemDefaultLangID
UnlockFile
FreeResource
FreeLibraryAndExitThread
ExpandEnvironmentStringsW
MultiByteToWideChar
HeapFree
CreateEventW
SetEvent
VirtualAlloc
MoveFileW
GlobalSize
GlobalAddAtomW
OpenThread
DuplicateHandle
ResetEvent
GetCommTimeouts
QueryPerformanceCounter
LockFileEx
SetFileAttributesW
GetTickCount
GetLocaleInfoW
CreateFileW
GetFileSize
TlsSetValue
GetACP
GetSystemDirectoryA
GetFileAttributesW
GetSystemDefaultUILanguage
QueryDosDeviceW
GetVersionExA
WaitCommEvent
SetLastError
GetComputerNameW
LoadLibraryW
GetCommConfig
GlobalAlloc
CreateThread
GetSystemInfo
EscapeCommFunction
SetupComm
CreateMutexW
EnterCriticalSection
GetModuleHandleExW
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
lstrcmpiA
GetCommProperties
MulDiv
VerifyVersionInfoW
FindNextFileW
SystemTimeToFileTime
FormatMessageW
GetVersion
WaitForMultipleObjectsEx
FreeLibrary
lstrcmpiW
TransmitCommChar
WideCharToMultiByte
SearchPathW
GetVersionExW
GlobalFree
GetProcessHeap
ReadFile
CreateProcessW
OutputDebugStringA
SetErrorMode
FindNextChangeNotification
SetCommMask
FindCloseChangeNotification
FindFirstFileW
WaitForMultipleObjects
lstrcpynW
GetModuleHandleA
MapViewOfFile
GetSystemDirectoryW
GetProcAddress
lstrcatW
TlsGetValue
GetLastError
WaitForSingleObject
SetEndOfFile
PurgeComm
TerminateProcess
TlsAlloc
LoadResource
GetCommState
GetTempFileNameW
HeapAlloc
WriteFile
UnhandledExceptionFilter
RaiseException
lstrcmpW
InterlockedExchange
GetModuleHandleW
FlushFileBuffers
GetFileAttributesExW
FlushInstructionCache

ntdll

RtlAcquireResourceExclusive
NtReadFile
RtlDeleteElementGenericTable
RtlUnwind
RtlReleaseResource
NtOpenFile
NtDeviceIoControlFile
RtlEnumerateGenericTableWithoutSplaying
RtlDeleteResource
RtlAreBitsSet
RtlInitializeResource
RtlInsertElementGenericTable
RtlInitializeBitMap
VerSetConditionMask
RtlEnumerateGenericTable
RtlInitializeGenericTable
RtlClearBits
RtlGetLastNtStatus
RtlLookupElementGenericTable
RtlInitUnicodeString
NtWriteFile
RtlAcquireResourceShared
NtAllocateVirtualMemory
RtlFindClearBitsAndSet

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiOpenClassRegKeyExW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInterfaceDetailW
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
IUnknown_QueryInterface_Proxy
MesHandleFree
CStdStubBuffer_QueryInterface
NdrMesTypeEncode2
CStdStubBuffer_IsIIDSupported
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
IUnknown_AddRef_Proxy
NdrOleAllocate
CStdStubBuffer_Invoke
NdrOleFree
NdrCStdStubBuffer_Release
IUnknown_Release_Proxy
NdrDllRegisterProxy
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
MesDecodeBufferHandleCreate
NdrMesTypeDecode2
NdrMesTypeFree2
CStdStubBuffer_Connect
MesEncodeDynBufferHandleCreate

ws2_32

WSALookupServiceEnd
WSALookupServiceNextW
freeaddrinfo
WSANSPIoctl
WSALookupServiceBeginW
WSAIoctl
getaddrinfo

msimg32

GradientFill

crypt32

CertFreeCertificateContext
CertFindExtension
CertGetCertificateChain
CertCreateCertificateContext
CryptStringToBinaryW
CryptSignMessage
CryptMsgUpdate
CertCompareCertificate
CertVerifySubjectCertificateContext
CertGetEnhancedKeyUsage
CryptMsgClose
CertDuplicateCertificateChain
CertFindCertificateInStore
CryptBinaryToStringW
CertFreeCertificateChain
CryptVerifyDetachedMessageSignature
CryptDecodeObject
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CryptProtectData
CertGetNameStringW
CertVerifyCertificateChainPolicy
CertCloseStore
CertGetCertificateContextProperty
CryptMsgOpenToDecode
CertOpenStore

msvcrt

iswalnum
memcpy
_initterm
_isatty
wcschr
__badioinfo
calloc
floor
_resetstkoflw
_wcsicmp
_lock
wcsstr
_vsnwprintf
memmove
ferror
_wtol
_amsg_exit
_unlock
printf
srand
wcstombs
wcspbrk
iswctype
localeconv
_wcsnicmp
__dllonexit
isdigit
iswdigit
_strlwr
toupper
_itoa
strtok
_iob
_errno
_wcslwr
memset
_adjust_fdiv
_write
ungetc
_lseeki64
ceil
_XcptFilter
malloc
_stricmp
_read
strchr
mbtowc
_vsnprintf
free
_snprintf
towlower
__pioinfo
strtoul
_fileno
fclose
wcsncmp
__mb_cur_max
time
realloc
_strnicmp
wctomb
bsearch
strncmp
_onexit
isleadbyte
wcsrchr
wcstok
_wtoi
_CxxThrowException
_purecall
isxdigit

shell32

DragQueryFileW
Shell_NotifyIconW
ExtractIconW
SHAppBarMessage
SHFileOperationW

samlib

SamAddMemberToAlias

wininet

InternetGetCookieW

ole32

OleRegEnumVerbs
OleIsCurrentClipboard
OleInitialize
CoTaskMemFree
CoInitialize
CoInitializeEx
OleUninitialize
CreateDataAdviseHolder
OleSaveToStream
CLSIDFromString
ReleaseStgMedium
OleSetClipboard
CoUninitialize
OleRegGetUserType
OleLoadFromStream
WriteClassStm
OleGetClipboard
CoTaskMemAlloc
StringFromCLSID
CreateOleAdviseHolder
CoGetMalloc
CoTaskMemRealloc
OleRegGetMiscStatus
CoCreateInstance

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExA
GetTraceEnableFlags
RegQueryInfoKeyW
RegFlushKey
GetUserNameW
CredReadDomainCredentialsW
GetTraceEnableLevel
RegisterTraceGuidsW
CredFree
CryptGenRandom
RegEnumKeyExA
GetTraceLoggerHandle
RegDeleteKeyW
UnregisterTraceGuids
RegQueryInfoKeyA
RegEnumValueW
GetUserNameA
SetFileSecurityW
CredReadW
GetFileSecurityW
RegQueryValueExW
RegOpenKeyA
CredWriteW
CredGetSessionTypes
CryptAcquireContextW
RegOpenKeyExA
CredWriteDomainCredentialsW
CryptReleaseContext
RegOpenKeyExW
RegCreateKeyW
RegDeleteValueW
RegConnectRegistryW
RegDeleteValueA
RegCreateKeyExW
RegEnumKeyExW
TraceMessage
CredDeleteW
RegCreateKeyExA
CredUnmarshalCredentialW
RegSetValueExA
GetSecurityDescriptorLength
RegOpenKeyW

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3f7070e8b7705167480de5911e8619e8

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

gdi32

version

cryptui

iphlpapi

urlmon

shlwapi

winmm

kernel32

ntdll

setupapi

rpcrt4

ws2_32

msimg32

crypt32

msvcrt

shell32

samlib

wininet

ole32

advapi32

Sections

.text Size: 110KB - Virtual size: 109KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 138KB - Virtual size: 137KB

.rdata Size: 83KB - Virtual size: 82KB

.text
Size: 110KB - Virtual size: 109KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 138KB - Virtual size: 137KB

.rdata
Size: 83KB - Virtual size: 82KB