48d96343589cf0bfd35f4d86478c96e7246eff4793621cb2757c06378e2f773e

Sharing

Copy URL

Twitter E-mail

General

Target

48d96343589cf0bfd35f4d86478c96e7246eff4793621cb2757c06378e2f773e
Size

26.4MB
MD5

dbb47df11fd0d44c1ae8484af7376b72
SHA1

f07c3a8d701e555d5de573a6d98ef02d857aa5f9
SHA256

48d96343589cf0bfd35f4d86478c96e7246eff4793621cb2757c06378e2f773e
SHA512

2e7ebf4044b2aea3dea577acebe32dace3e5445448af9884d55b6c8b39b2293983dabf84b9240333d6bdd06388f669afc4fb5d5b0327af56490fa7445ce0d503
SSDEEP

393216:51NAbhCJpnWrn21MLoOB89mIvO96NQc8aK/62fy54RUNCHhVlWJsv6tWKFdu9C6U:5sli2l1Bcr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48d96343589cf0bfd35f4d86478c96e7246eff4793621cb2757c06378e2f773e

Files

48d96343589cf0bfd35f4d86478c96e7246eff4793621cb2757c06378e2f773e
.exe windows:6 windows x64 arch:x64

2dfabdc85f044f35095df46041c33925

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
OpenThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName
DrawThemeBackground
CloseThemeData
DrawThemeTextEx
SetWindowThemeAttribute
GetThemeSysFont

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmDefWindowProc
DwmExtendFrameIntoClientArea
DwmSetWindowAttribute

gdi32

GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
CreateCompatibleDC
CombineRgn
GetPixelFormat
GetTextMetricsW
SetPixelFormat
ChoosePixelFormat
CreateRectRgn
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
GetTextFaceW
AddFontResourceExW
GetStockObject
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
GetObjectW
GetBitmapBits
DescribePixelFormat
SwapBuffers

oleaut32

SafeArrayPutElement
SafeArrayCreateVector
SysAllocString
SysFreeString

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmGetVirtualKey
ImmSetCandidateWindow
ImmGetDefaultIMEWnd

iphlpapi

GetAdaptersAddresses
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex
ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToGuid

crypt32

CertGetCertificateChain
CertFreeCertificateContext
CertCreateCertificateContext
CertOpenStore
CertOpenSystemStoreW
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateChain
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore

user32

GetQueueStatus
DispatchMessageW
TranslateMessage
PostThreadMessageW
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
IsWindow
GetDoubleClickTime
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
DrawIconEx
ChangeWindowMessageFilterEx
RealGetWindowClassW
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
EnumDisplayDevicesW
RegisterClassW
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
GetDesktopWindow
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
SetParent
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
ShowWindow
IsChild
CreateWindowExW
AttachThreadInput
SendMessageW
GetSysColor
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSystemMetrics
SendMessageTimeoutW
GetWindowThreadProcessId
EnumWindows
PostMessageW
SetClipboardViewer

ws2_32

getpeername
closesocket
freeaddrinfo
getaddrinfo
htonl
WSANtohs
bind
__WSAFDIsSet
getsockopt
getnameinfo
WSACleanup
ntohl
WSAStartup
getsockname
htons
listen
select
setsockopt
WSAGetLastError
WSAAccept
WSAConnect
WSAHtonl
WSAIoctl
WSANtohl
WSARecv
WSARecvFrom
WSASend
WSASendTo
gethostname
WSAAsyncSelect
WSASocketW
recv
send
WSASetLastError

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
RegNotifyChangeKeyValue
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
LookupPrivilegeValueW
PrivilegeCheck
AdjustTokenPrivileges
OpenProcessToken
RegFlushKey
SystemFunction036
GetSidSubAuthority
GetSidSubAuthorityCount
AccessCheck
CopySid
DuplicateToken
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW

mpr

WNetGetUniversalNameA

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetShareEnum

kernel32

ReleaseMutex
GetUserGeoID
GetGeoInfoW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
LCMapStringW
CompareStringW
FindFirstFileExW
SetFilePointerEx
GetFileInformationByHandleEx
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
MoveFileExW
MoveFileW
CopyFileW
RemoveDirectoryW
GetLogicalDrives
DeleteFileW
SetCurrentDirectoryW
GetModuleFileNameW
WriteFileEx
SleepEx
CancelIoEx
ReadFileEx
RegisterWaitForSingleObject
UnregisterWaitEx
GetUserPreferredUILanguages
GetUserDefaultLCID
CreateMutexW
GetTimeFormatW
GetDateFormatW
GetSystemDirectoryW
GetTickCount64
QueryPerformanceFrequency
GetProcessId
WaitForSingleObjectEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
SwitchToThread
Sleep
DuplicateHandle
GetLocalTime
GetStartupInfoW
CompareStringEx
IsProcessorFeaturePresent
OutputDebugStringW
GetNativeSystemInfo
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FreeLibrary
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStdHandle
CreateFiber
DeleteFiber
SwitchToFiber
TlsFree
TlsSetValue
Process32NextW
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
SystemTimeToFileTime
GetSystemTime
SetLastError
SetHandleInformation
SetEvent
CreateNamedPipeW
ConnectNamedPipe
GlobalFree
WaitForMultipleObjects
WaitNamedPipeW
DisconnectNamedPipe
RtlDeleteFunctionTable
RtlAddFunctionTable
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitProcess
GetConsoleWindow
LocalAlloc
GetVolumeInformationW
GetUserDefaultLangID
GetCurrentProcessId
GlobalSize
LoadLibraryA
GetLocaleInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
CheckRemoteDebuggerPresent
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
GetCurrentThreadId
GetModuleHandleW
lstrcmpW
GetExitCodeProcess
PeekNamedPipe
GetFullPathNameW
GetProcessHeap
HeapFree
HeapAlloc
GetOEMCP
GetACP
IsValidCodePage
WideCharToMultiByte
MultiByteToWideChar
GetTempPathW
VirtualFree
VirtualAlloc
CreateEventW
ResetEvent
CancelIo
GetOverlappedResult
ReadFile
GetVolumePathNameW
GetDiskFreeSpaceW
FindNextFileW
LoadLibraryW
GetProcAddress
SetFileTime
SetFilePointer
SetFileAttributesW
SetEndOfFile
GetFileType
GetFileInformationByHandle
GetFileAttributesW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
DeviceIoControl
WriteFile
UnlockFile
LockFile
FlushFileBuffers
CreateFileW
TlsGetValue
ResumeThread
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
RtlUnwindEx
RtlUnwind
LoadLibraryExW
SetStdHandle
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
GetCommandLineA
ExitThread
FreeLibraryAndExitThread
GetConsoleOutputCP
IsValidLocale
EnumSystemLocalesW
HeapReAlloc
GetFileSizeEx
SetEnvironmentVariableW
HeapSize
GetCurrencyFormatW
WriteConsoleW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
WaitForSingleObject
SetErrorMode
GetVolumePathNamesForVolumeNameW
GetDriveTypeW
GetDriveTypeA
GetDiskFreeSpaceExA
FindVolumeClose
FindNextVolumeW
FreeConsole
GetConsoleProcessList
GetCommandLineW
CloseHandle
GetLastError
GetCurrentProcess
CreateProcessW
LocalFree
FormatMessageW
GetFileAttributesExW
GetLongPathNameW
GetShortPathNameW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetEnvironmentVariableW
OpenProcess
GetLogicalDriveStringsA
FindFirstVolumeW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoLockObjectExternal
CoUninitialize
RevokeDragDrop
OleInitialize
OleUninitialize
CoInitializeEx
OleSetClipboard
OleGetClipboard
OleIsCurrentClipboard
StringFromGUID2
CoCreateGuid
CoGetMalloc
ReleaseStgMedium
DoDragDrop
RegisterDragDrop
OleFlushClipboard

shell32

ShellExecuteExW
SHGetFolderLocation
SHChangeNotify
SHGetFileInfoW
SHGetStockIconInfo
ord727
ShellExecuteW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHGetMalloc
SHGetPathFromIDListW
SHGetFolderPathW
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconW
Shell_NotifyIconGetRect
ord155
SHParseDisplayName
CommandLineToArgvW
SHGetKnownFolderPath

winmm

timeKillEvent
PlaySoundW
timeSetEvent

bcrypt

BCryptGenRandom
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDeriveKeyPBKDF2
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptCloseAlgorithmProvider

Sections

.text
Size: 15.8MB - Virtual size: 15.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 450KB - Virtual size: 605KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 741KB - Virtual size: 741KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 239B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2dfabdc85f044f35095df46041c33925

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

uxtheme

dwmapi

gdi32

oleaut32

imm32

iphlpapi

crypt32

user32

ws2_32

advapi32

mpr

userenv

version

netapi32

kernel32

ole32

shell32

winmm

bcrypt

Sections

.text Size: 15.8MB - Virtual size: 15.8MB

.rdata Size: 6.7MB - Virtual size: 6.7MB

.data Size: 450KB - Virtual size: 605KB

.pdata Size: 741KB - Virtual size: 741KB

.qtmetad Size: 512B - Virtual size: 239B

.qtmimed Size: 315KB - Virtual size: 315KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 101KB - Virtual size: 101KB

.reloc Size: 124KB - Virtual size: 124KB

.text
Size: 15.8MB - Virtual size: 15.8MB

.rdata
Size: 6.7MB - Virtual size: 6.7MB

.data
Size: 450KB - Virtual size: 605KB

.pdata
Size: 741KB - Virtual size: 741KB

.qtmetad
Size: 512B - Virtual size: 239B

.qtmimed
Size: 315KB - Virtual size: 315KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 101KB - Virtual size: 101KB

.reloc
Size: 124KB - Virtual size: 124KB