521da43122cedf1be3454ab0a6e26a6d

Sharing

Copy URL Twitter E-mail

General

Target

521da43122cedf1be3454ab0a6e26a6d
Size

1.3MB
MD5

521da43122cedf1be3454ab0a6e26a6d
SHA1

7c21c79748b82ad473fd8d046aac20f93e2d49e8
SHA256

21180929390cd0fdb8f0e836f4f52a46e7d6bf75b9246717759c5e292f3484e4
SHA512

dd9c51041788caa73c904af5251b4985de94a01217a2c96492246283cd0748da89cb8e9e1e112531edd8215516c946e85fb3e5a81e236b6dace028ede93bdcf0
SSDEEP

24576:iPw/lZ0oj318YlEOz8o0cELjbcp2WDeq0BC78f76+CyMAO0eQiUMB80eQiUMBOG:iPalZ0oD18Yl/E3b4eqVmm+xMbyiUMBS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
521da43122cedf1be3454ab0a6e26a6d

Files

521da43122cedf1be3454ab0a6e26a6d
.exe windows:4 windows x86 arch:x86

0f3ec1152a76965d2ddf21842d829a85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetUserDefaultLangID
GetComputerNameA
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
DeviceIoControl
CreateFileA
LoadLibraryA
GetCurrentProcessId
ExpandEnvironmentStringsW
GetTempPathW
CreateProcessW
SetUnhandledExceptionFilter
CreateEventW
CreateThread
SetEvent
MoveFileW
GetLogicalDriveStringsW
QueryDosDeviceW
lstrcpyW
lstrcatW
SetCurrentDirectoryW
GetDriveTypeW
FlushFileBuffers
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
GetVolumeInformationW
ExpandEnvironmentStringsA
FormatMessageA
GetSystemDirectoryA
SleepEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
FreeResource
GetStringTypeW
GetStringTypeA
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
HeapCreate
GetModuleFileNameA
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
VirtualAlloc
VirtualFree
HeapAlloc
GetProcessHeap
HeapFree
GetSystemInfo
InterlockedCompareExchange
GetLocalTime
LoadLibraryExW
InterlockedExchange
FindResourceW
lstrlenA
LoadResource
SizeofResource
GetPrivateProfileStringW
LocalFree
LocalAlloc
OpenProcess
GetSystemDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetTickCount
SetEndOfFile
WriteFile
CreateDirectoryW
GetFileAttributesW
SetFilePointer
Sleep
GetCurrentProcess
SetLastError
TerminateThread
DeleteFileW
GetVersionExW
MoveFileExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
GlobalUnlock
UnmapViewOfFile
GetCurrentThreadId
GlobalFree
lstrcmpiW
WideCharToMultiByte
lstrlenW
CloseHandle
MapViewOfFileEx
CreateFileMappingW
IsValidLocale
GetLastError
MultiByteToWideChar
GetModuleHandleW
InterlockedDecrement
GetFileSize
FindResourceExW
InterlockedIncrement
LockResource
RaiseException
FreeLibrary
GetPrivateProfileIntW
GlobalAlloc
ReadFile
GetProcAddress
GlobalLock
GetWindowsDirectoryW
InitializeCriticalSection
LoadLibraryW
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
CreateFileW
DeleteCriticalSection
VirtualQuery

user32

GetWindowTextW
ScreenToClient
IsRectEmpty
OffsetRect
GetFocus
EndPaint
DestroyIcon
EnumDisplaySettingsW
EnumDisplayDevicesW
GetSystemMetrics
UnregisterClassA
MoveWindow
LoadCursorW
CopyRect
GetDC
MapWindowPoints
ReleaseDC
FindWindowW
GetClientRect
SetFocus
IsWindowEnabled
GetWindow
IsWindow
IsChild
GetKeyState
WindowFromPoint
SystemParametersInfoW
DrawTextW
GetScrollPos
MonitorFromWindow
GetMonitorInfoW
RegisterWindowMessageW
GetNextDlgTabItem
RegisterClassExW
UpdateLayeredWindow
SetWindowLongW
EqualRect
PtInRect
DrawIconEx
GetParent
GetWindowRect
SetRectEmpty
InflateRect
SendMessageW
SetCapture
CharNextW
IsWindowVisible
GetDlgItem
LoadImageW
GetWindowLongW
ReleaseCapture
LoadBitmapW
SetWindowPos
SetRect
GetDlgCtrlID
PostThreadMessageW
BeginPaint
CreateWindowExW
LoadIconW
PostMessageW
GetDesktopWindow
DestroyWindow
CallWindowProcW
InvalidateRect
SetForegroundWindow
FindWindowExW
EnumDisplayDevicesA
SetWindowTextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetCursorPos
IsDialogMessageW
ClientToScreen
GetWindowTextLengthW
ShowWindow
SetCursor
SetWindowRgn
DefWindowProcW

gdi32

SetViewportOrgEx
CreateRectRgnIndirect
RoundRect
GetDeviceCaps
GetCurrentObject
GetClipRgn
ExtTextOutW
CreateDIBSection
SetBkColor
CreateCompatibleDC
RestoreDC
DeleteDC
SelectClipRgn
TextOutW
SetBkMode
GetStockObject
GetObjectW
CreateRoundRectRgn
Rectangle
BitBlt
CreateRectRgn
GetTextExtentPoint32W
RectInRegion
CreateCompatibleBitmap
CreateBitmap
StretchBlt
GetTextColor
CreateFontIndirectW
SetTextColor
CreatePen
SaveDC
MoveToEx
DeleteObject
LineTo
SelectObject
SetStretchBltMode
GetViewportOrgEx
OffsetRgn
ExtSelectClipRgn
CombineRgn
CreateFontW

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegQueryValueExA

shell32

SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid

oleaut32

VarUI4FromStr
SafeArrayUnlock
SafeArrayLock
SysStringLen
SysAllocString
VariantClear
VariantInit
SysFreeString

shlwapi

PathRemoveFileSpecW
PathFileExistsW
StrToIntA
PathAddBackslashW
StrToIntW
PathFindFileNameW
PathAppendW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipAddPathStringI
GdipDrawImageI
GdipFillRectangle
GdipGetFontSize
GdipFillPath
GdipLoadImageFromStream
GdipCreateBitmapFromStream
GdipGetFontCollectionFamilyList
GdipDrawPath
GdipAddPathArcI
GdipDrawRectangleI
GdipSetPenDashStyle
GdipDrawLine
GdipSetPenMode
GdipSetPenStartCap
GdipSetPenEndCap
GdipSetPixelOffsetMode
GdipGetFamily
GdipCloneFontFamily
GdipDeletePath
GdipSetStringFormatAlign
GdipDrawImageRectRect
GdipCreateFont
GdipCreatePath
GdipCreateHBITMAPFromBitmap
GdipFree
GdipMeasureString
GdipDeleteFontFamily
GdipGetImageWidth
GdipCreateFontFromLogfontW
GdipDrawImagePointsRectI
GdipGetImageHeight
GdipSetStringFormatLineAlign
GdipCreateSolidFill
GdipTranslateWorldTransform
GdipSetStringFormatFlags
GdipDeleteGraphics
GdipCloneBrush
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipRotateWorldTransform
GdipSetStringFormatTrimming
GdipCreateFromHDC
GdipAddPathRectangleI
GdipCreateBitmapFromScan0
GdipResetWorldTransform
GdipDeleteBrush
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipDeletePen
GdipGraphicsClear
GdipAddPathPieI
GdipDeleteFont
GdipCreatePen1
GdipCloneImage
GdipDrawImageRectI
GdipNewPrivateFontCollection
GdipLoadImageFromFile
GdipSetClipPath
GdipCloneBitmapArea
GdipDeletePrivateFontCollection
GdipDisposeImage
GdipDrawString
GdipCreateLineBrushI
GdiplusStartup
GdipPrivateAddFontFile
GdipDrawImageRectRectI
GdipGetFontCollectionFamilyCount
GdipCreateImageAttributes
GdipSetTextRenderingHint
GdipDrawLinesI
GdipAlloc
GdipDisposeImageAttributes
GdiplusShutdown
GdipFillRectangleI
GdipImageRotateFlip
GdipCreateStringFormat
GdipClosePathFigure
GdipSetImageAttributesColorMatrix
GdipDeleteStringFormat
GdipSetCompositingQuality

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

Sections

.text
Size: 632KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f3ec1152a76965d2ddf21842d829a85

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

iphlpapi

psapi

Sections

.text Size: 632KB - Virtual size: 629KB

.rdata Size: 132KB - Virtual size: 128KB

.data Size: 20KB - Virtual size: 32KB

.rsrc Size: 536KB - Virtual size: 532KB

.text
Size: 632KB - Virtual size: 629KB

.rdata
Size: 132KB - Virtual size: 128KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 536KB - Virtual size: 532KB