91a19fcd3b1f4e2358dd513a81981d862db7d623a6893830913463c8163151ec

Sharing

Copy URL Twitter E-mail

General

Target

91a19fcd3b1f4e2358dd513a81981d862db7d623a6893830913463c8163151ec
Size

2.9MB
MD5

a9934d18bf7d1dbbae23f21e101d039f
SHA1

12f9a7a082e7ddee0754c10c6954370c937a11ed
SHA256

91a19fcd3b1f4e2358dd513a81981d862db7d623a6893830913463c8163151ec
SHA512

c828f40846680d3bd625573c6db18e5e78159bff9eddee60b070cd8715c17938ddc23d501cf0f37bc2d405e8b8cc85b30ddb7f6c982825c5cb66c84bdc0ec6ad
SSDEEP

49152:YyFZ7sgHMloUDiU83EHvmc9uhgTiQU280/XV9pD51x9ei8Or63saOhLdv:l37sLqUDiU8Gvmc9uh+iQpDfei8O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91a19fcd3b1f4e2358dd513a81981d862db7d623a6893830913463c8163151ec

Files

91a19fcd3b1f4e2358dd513a81981d862db7d623a6893830913463c8163151ec
.exe windows:5 windows x86 arch:x86

d3931b1154cf2c65971cb820622f270e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_ntoa
inet_addr
htons
select
connect
closesocket
WSACleanup
WSAStartup
gethostname
gethostbyname
setsockopt
recv
bind
WSASetLastError
getaddrinfo
freeaddrinfo
getsockopt
listen
shutdown
send
socket
WSAStringToAddressA
ntohs
WSAGetLastError
__WSAFDIsSet
ioctlsocket
accept
getsockname

kernel32

GetStringTypeW
ReleaseMutex
LCMapStringW
GetCPInfo
GetVolumeNameForVolumeMountPointW
GetSystemInfo
CreateSemaphoreW
ReleaseSemaphore
lstrcmpiA
GetCommandLineW
OpenFileMappingW
GetDiskFreeSpaceExW
InterlockedIncrement
GetDriveTypeW
GetLogicalDrives
OpenEventA
FindNextFileW
CreateDirectoryW
CreateFileMappingW
VirtualAlloc
DeviceIoControl
CreateProcessW
GetExitCodeProcess
CreateEventA
UnmapViewOfFile
MapViewOfFile
IsBadReadPtr
GetSystemWindowsDirectoryW
TryEnterCriticalSection
SetFilePointerEx
IsValidLocale
GetLocaleInfoA
IsValidCodePage
ExpandEnvironmentStringsW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetUserDefaultLCID
GetTempFileNameW
SearchPathW
GetProfileIntW
GetTempPathW
SetErrorMode
FindResourceExW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
GetThreadLocale
MoveFileW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
DeleteFileW
GetCurrentDirectoryW
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalGetAtomNameW
GlobalFlags
lstrcpyW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalSize
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
MultiByteToWideChar
lstrcmpA
GlobalAlloc
GetVersionExW
GetCurrentThread
ResumeThread
SetThreadPriority
CreateEventW
WaitForSingleObject
SetEvent
CloseHandle
GlobalFree
GlobalUnlock
GlobalLock
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryA
FindResourceW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeResource
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
SetLastError
EncodePointer
OutputDebugStringA
GetTickCount
GetCurrentProcessId
Sleep
InterlockedDecrement
SetCurrentDirectoryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
CreateMutexA
OutputDebugStringW
RtlUnwind
CreateThread
WriteConsoleW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
VirtualQuery
HeapQueryInformation
QueryPerformanceFrequency
SetStdHandle
GetFileType
GetStdHandle
ExitProcess
GetACP
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
ReadConsoleW
FindFirstFileExW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SwitchToThread

user32

GetMenuStringW
KillTimer
SetTimer
WaitMessage
MapDialogRect
SetWindowContextHelpId
GetWindowThreadProcessId
ShowOwnedPopups
GetCursorPos
TranslateMessage
GetMessageW
LoadMenuW
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
SetParent
OpenClipboard
OffsetRect
SetRectEmpty
SendDlgItemMessageA
GetClassNameW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
GetMenuState
GetAsyncKeyState
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
CloseClipboard
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
NotifyWinEvent
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
InsertMenuW
AppendMenuW
RemoveMenu
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetDC
GetWindowDC
ReleaseDC
ClientToScreen
FillRect
GetKeyNameTextW
MapVirtualKeyW
TrackMouseEvent
InvalidateRect
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetParent
InflateRect
DestroyIcon
LoadImageW
RealChildWindowFromPoint
GetSysColorBrush
DestroyMenu
GetMenuItemInfoW
SystemParametersInfoW
AdjustWindowRectEx
CopyImage
UnhookWindowsHookEx
DeleteMenu
CharUpperW
SetCapture
ReleaseCapture
WindowFromPoint
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
IntersectRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
GetWindowRect
InvertRect
CreatePopupMenu
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
UnionRect
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageW
GetKeyboardLayout
IsCharLowerW
RedrawWindow
GetMenuDefaultItem
MapVirtualKeyExW
SendMessageW
UnregisterClassW
SetDlgItemTextW
GetDlgItemTextW
EnableWindow
MessageBoxW
SetCursor
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
EnumChildWindows
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
LoadCursorW
LoadIconW
PostQuitMessage
RegisterClassExW
IsChild
IsWindowVisible
IsIconic
GetDlgItemTextA
GetFocus
GetSystemMetrics
DrawIcon
GetClientRect
LoadBitmapW
UnregisterDeviceNotification
RegisterDeviceNotificationW
wsprintfW
GetUserObjectInformationW
CloseDesktop
OpenInputDesktop
DestroyCursor
GetWindowRgn
ShowScrollBar
CreateMenu

gdi32

CombineRgn
GetMapMode
SetRectRgn
DPtoLP
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
EnumFontFamiliesExW
Rectangle
OffsetRgn
GetRgnBox
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
GetDIBColorTable
GetTextColor
GetBkColor
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
PatBlt
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
DeleteDC

msimg32

GradientFill
TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
OpenProcessToken
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
SetSecurityInfo
AddAccessAllowedAce
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
RegCloseKey
InitializeSecurityDescriptor
InitializeAcl
ConvertStringSidToSidW
DuplicateTokenEx
CreateProcessWithLogonW
CreateProcessAsUserW
LogonUserW
GetLengthSid
IsValidSid
SetTokenInformation

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHAppBarMessage
SHBrowseForFolderW

comctl32

ImageList_AddMasked
_TrackMouseEvent
ord17

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
GetThemeSysColor
DrawThemeParentBackground
DrawThemeText
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
IsAppThemed

ole32

CoCreateGuid
CoCreateInstance
CoUninitialize
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoInitializeEx
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoInitialize

oleaut32

LoadTypeLi
SysFreeString
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
SysAllocString
OleCreateFontIndirect
VariantCopy
VarBstrFromDate
SafeArrayDestroy
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectRect
GdipCreateFont
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipDrawString
GdiplusShutdown
GdipCreateImageAttributes
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillRectangle
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipSetImageAttributesWrapMode
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImageAttributes

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

setupapi

CM_Get_Device_IDW
SetupDiRemoveDevice
CM_Get_Device_ID_List_SizeW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Device_ID_ListW
CM_Get_Device_Interface_ListW
CM_Get_DevNode_Status
CM_Get_Device_Interface_List_SizeW

dnsapi

DnsQuery_W
DnsFree

iphlpapi

GetIfEntry

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3931b1154cf2c65971cb820622f270e

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

rpcrt4

userenv

setupapi

dnsapi

iphlpapi

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 492KB - Virtual size: 492KB

.data Size: 30KB - Virtual size: 53KB

Shared Size: 512B - Virtual size: 1B

.rsrc Size: 25KB - Virtual size: 24KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 492KB - Virtual size: 492KB

.data
Size: 30KB - Virtual size: 53KB

Shared
Size: 512B - Virtual size: 1B

.rsrc
Size: 25KB - Virtual size: 24KB