3d4f3e250821ed38c939b26a7a54bf3ff5efb81272303c0f20b3370bea8ac407

Sharing

Copy URL

Twitter E-mail

General

Target

3d4f3e250821ed38c939b26a7a54bf3ff5efb81272303c0f20b3370bea8ac407
Size

4.8MB
MD5

4e1c44141b18be30805a82a058023ae0
SHA1

45aeae5bd8f1364eab70687b5fee348cd47a7083
SHA256

3d4f3e250821ed38c939b26a7a54bf3ff5efb81272303c0f20b3370bea8ac407
SHA512

e742167a115ce527a20f8db74f83760a5123db8860bfc6b8579f2cb52f3f99fa9668209b2cc2af210549dae408bb80d8f627b7445b360fd761f2681aee407f05
SSDEEP

98304:LpLE90Ta7PG5o2/JUqf7W1DSWCLT5S6SNZOreOa8:2932puiSeSO3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d4f3e250821ed38c939b26a7a54bf3ff5efb81272303c0f20b3370bea8ac407

Files

3d4f3e250821ed38c939b26a7a54bf3ff5efb81272303c0f20b3370bea8ac407
.exe windows:5 windows x86 arch:x86

2e00ccd702419e73c0f056058fe14c5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameW
GetPrivateProfileIntW
OpenEventW
GlobalAddAtomW
DecodePointer
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
GetCommandLineW
CopyFileW
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
GetDriveTypeW
OutputDebugStringA
GlobalDeleteAtom
GetCurrentProcessId
OpenProcess
GetLongPathNameW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreateEventW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FreeLibrary
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
GetWindowsDirectoryW
WriteConsoleW
SetFilePointerEx
ReadConsoleW
SetStdHandle
WaitForSingleObjectEx
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetTempPathW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetCurrentThread
GetACP
GetModuleFileNameA
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
UnmapViewOfFile
MapViewOfFile
CreateMutexW
GetCurrentProcess
GetVersion
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
MultiByteToWideChar
GetStartupInfoW
UnlockFile
LockFile
MulDiv
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFindAtomW
CreateProcessW
lstrlenW
FindClose
SetLastError
GetTickCount
Sleep
GetLastError
LocalFree
LocalAlloc
GetVersionExW
CreateFileW
WritePrivateProfileStringW
FindResourceExW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
DeviceIoControl
SizeofResource
LoadResource
LockResource
OutputDebugStringW
LoadLibraryW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFilePointer
ReadFile
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
GetStdHandle
SetEndOfFile
GetFileInformationByHandle
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
SearchPathW
SetFileTime
FlushFileBuffers
lstrcmpiA
lstrcmpA
GetSystemWindowsDirectoryW
FreeResource
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
SwitchToThread
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
InterlockedCompareExchange
InterlockedExchange
GetEnvironmentVariableW
CreateDirectoryW
FormatMessageW
GetShortPathNameW
GetSystemInfo
ResetEvent
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetLogicalDriveStringsW
GetLocalTime
GetProcAddress
DeleteFileA
CreateFileA
GetFileSizeEx
GetFileAttributesExW
GetExitCodeProcess
TerminateProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTempFileNameA
GetTempPathA
GetPrivateProfileStringW
GetFileSize
CreateFileMappingW
CloseHandle
GetEnvironmentStringsW
WriteFile

user32

UnregisterClassW
CallWindowProcW
DefWindowProcW
IsRectEmpty
SendNotifyMessageW
BeginPaint
DrawFocusRect
LoadCursorW
SetCursor
UnregisterClassA
EndPaint
CopyRect
PtInRect
OffsetRect
SetRect
IsWindow
PostMessageW
GetWindowThreadProcessId
SendMessageTimeoutW
RegisterWindowMessageW
MessageBoxW
wsprintfW
IsDialogMessageW
LoadStringW
GetActiveWindow
EndDialog
DialogBoxParamW
RegisterClassExW
FindWindowExW
SetForegroundWindow
IsIconic
IsWindowVisible
ShowWindow
SendMessageW
ReleaseDC
GetDC
KillTimer
SetTimer
CreateWindowExW
SetFocus
FindWindowW
RedrawWindow
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
MapWindowPoints
ScreenToClient
SetWindowTextW
GetSystemMetrics
MoveWindow
PostQuitMessage
ExitWindowsEx
CharNextW
BringWindowToTop
DestroyWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
UnhookWinEvent
SetWinEventHook
GetWindowTextW
GetShellWindow
WaitForInputIdle
SystemParametersInfoW
SetWindowRgn
SetWindowPos
UpdateLayeredWindow
GetParent
SetWindowLongW
GetWindowLongW
GetWindowRect
GetClientRect
InvalidateRect
GetClassInfoExW

gdi32

SaveDC
RestoreDC
CreateRectRgn
CombineRgn
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ExtTextOutW
SetBkColor
DeleteDC
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
DeleteObject
CreateFontW
EnumFontFamiliesW

advapi32

CreateServiceW
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
UnlockServiceDatabase
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CryptContextAddRef
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
CryptAcquireContextW
GetUserNameW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
EqualSid
DeleteAce
LookupAccountSidW
LookupAccountNameW
SetEntriesInAclW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetTrusteeNameW
GetTokenInformation
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHFileOperationW
ord165
ShellExecuteW
SHCreateDirectoryExW
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListW
SHLoadInProc
CommandLineToArgvW

ole32

CoInitializeSecurity
OleRun
CoInitializeEx
CoSetProxyBlanket
CreateStreamOnHGlobal
CoCreateInstance
StringFromGUID2
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoCreateGuid

oleaut32

SysAllocString
SysStringByteLen
VarUI4FromStr
SysAllocStringByteLen
VariantClear
SysStringLen
VariantCopy
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
VariantInit
SysFreeString

shlwapi

StrCmpNIW
StrTrimA
StrCmpIW
StrToIntExW
PathFindFileNameA
PathRenameExtensionA
PathAppendW
PathCombineW
PathFileExistsW
SHGetValueA
StrStrIA
PathRemoveFileSpecW
PathFindExtensionW
StrCmpW
PathFindFileNameW
SHGetValueW
PathIsRelativeW
PathIsRootW
SHSetValueA
AssocQueryStringW
StrStrIW
SHSetValueW
PathIsPrefixW
PathIsDirectoryW
wnsprintfW
SHDeleteValueW
SHDeleteKeyW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipCreateFontFamilyFromName
GdiplusStartup
GdiplusShutdown
GdipSetImageAttributesColorMatrix
GdipFree
GdipCreateImageAttributes
GdipDisposeImage
GdipSetTextRenderingHint
GdipDisposeImageAttributes
GdipAlloc
GdipGetImageWidth
GdipGetImageHeight
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectRectI
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipCloneImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDrawImageRectRect
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawString
GdipDrawImagePointRectI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags

cabinet

ord22
ord23
ord20

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupIterateCabinetW

secur32

GetUserNameExW

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Exports

Exports

_Start@12

Sections

.text
Size: 960KB - Virtual size: 959KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e00ccd702419e73c0f056058fe14c5c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

cabinet

psapi

iphlpapi

wininet

urlmon

version

setupapi

secur32

crypt32

wintrust

Exports

Exports

Sections

.text Size: 960KB - Virtual size: 959KB

.rdata Size: 212KB - Virtual size: 212KB

.data Size: 26KB - Virtual size: 38KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 49KB - Virtual size: 48KB

.text
Size: 960KB - Virtual size: 959KB

.rdata
Size: 212KB - Virtual size: 212KB

.data
Size: 26KB - Virtual size: 38KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 49KB - Virtual size: 48KB