69d89804fb751b236949ffa4ef11bbc1d8f9967b073efc99047e4e5d061d98ed

Sharing

Copy URL Twitter E-mail

General

Target

69d89804fb751b236949ffa4ef11bbc1d8f9967b073efc99047e4e5d061d98ed
Size

4.8MB
MD5

1da3446898fdfb472b461a28dedadb46
SHA1

7e23eecdafa00cfe534de4dc9d1fabc24cee17aa
SHA256

69d89804fb751b236949ffa4ef11bbc1d8f9967b073efc99047e4e5d061d98ed
SHA512

b19c4ba6e35fc8b7edf32ea0e97b69922c0df7ac7fd14043e8cbe86326a498216e1eced29b2042625460e0295ac6aece5d9d59cf7165b2cd1da78c999d08059f
SSDEEP

98304:NyDQO4giosNR3Mqxpv90UfbFcN2wjeu2ee9MU8ZVtHH1BKBJ+/f:NGQ3g3CMQl0UBcNZ2ee9MPZDHVBKBsf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69d89804fb751b236949ffa4ef11bbc1d8f9967b073efc99047e4e5d061d98ed

Files

69d89804fb751b236949ffa4ef11bbc1d8f9967b073efc99047e4e5d061d98ed
.exe windows:5 windows x86 arch:x86

22e68973e5a5c9c692c417e2ae584b78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
OpenProcess
GetLogicalDriveStringsW
QueryDosDeviceW
WaitForSingleObject
TerminateProcess
GetCurrentProcessId
GetCurrentDirectoryW
SetCurrentDirectoryW
FindClose
GetFullPathNameW
FindFirstFileW
lstrlenW
SetFileAttributesW
DeleteFileW
FindNextFileW
RemoveDirectoryW
ExitProcess
VirtualProtect
MoveFileExW
Sleep
SetEnvironmentVariableW
GetVersion
GetCommandLineW
LocalFree
GetTempFileNameW
CreateEventW
SetEvent
GetLogicalDrives
GetDriveTypeW
lstrcpyA
lstrcpyW
lstrlenA
MulDiv
GetProfileIntA
GlobalAlloc
GlobalLock
GetFileAttributesW
SetFileTime
CreateDirectoryW
SetEndOfFile
SetEnvironmentVariableA
GetFileAttributesExW
WriteConsoleW
SetStdHandle
CreatePipe
GetExitCodeProcess
FlushFileBuffers
GetTimeZoneInformation
GetConsoleCP
ReadConsoleW
GetConsoleMode
Process32FirstW
lstrcmpW
QueryPerformanceCounter
GetFileType
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
CreateProcessA
DuplicateHandle
GetTempPathA
GetSystemTimeAsFileTime
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
AreFileApisANSI
GetModuleHandleExW
ExitThread
CreateThread
IsDebuggerPresent
LoadLibraryExA
GetModuleFileNameA
FormatMessageA
GetStringTypeW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CreateToolhelp32Snapshot
lstrcmpA
FreeEnvironmentStringsW
LoadLibraryW
FreeLibrary
GetDiskFreeSpaceExW
DeleteTimerQueueTimer
SetLastError
FlushInstructionCache
GetCurrentProcess
GetVersionExW
FreeResource
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
CreateFileW
EnterCriticalSection
RaiseException
LeaveCriticalSection
ExpandEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CreateMutexW
OutputDebugStringW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetFilePointerEx
SetFilePointer
CloseHandle
WriteFile
ReadFile
GetEnvironmentStringsW

user32

GetWindowLongW
SetWindowTextW
GetParent
GetClientRect
MapWindowPoints
SetWindowLongW
SetWindowPos
SendMessageW
GetSystemMetrics
LoadImageW
SwitchToThisWindow
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetTimer
PostMessageW
IsIconic
PtInRect
GetDC
ReleaseDC
UpdateLayeredWindow
IsDialogMessageW
PostQuitMessage
GetCursorPos
ScreenToClient
SetCursor
LoadCursorW
DestroyWindow
KillTimer
EndDialog
CharNextW
DefWindowProcW
GetClassInfoW
RegisterClassW
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CreateDialogParamW
MessageBoxW
EnableWindow
BringWindowToTop
GetActiveWindow
ReleaseCapture
SetCapture
FindWindowW
GetWindowRect
EnumWindows
GetWindowThreadProcessId
GetCaretPos
OffsetRect
DestroyCursor
ClientToScreen
ScrollWindowEx
SetCaretPos
HideCaret
ShowCaret
CreateCaret
UpdateWindow
SetScrollPos
SetScrollRange
EnableScrollBar
ShowScrollBar
InvalidateRect
InflateRect
IntersectRect
GetFocus
GetDlgItem
GetKeyState
GetDesktopWindow
GetDoubleClickTime
GetSysColor
IsRectEmpty
ExitWindowsEx
LoadStringW
UnregisterClassW

gdi32

DPtoLP
ExtSelectClipRgn
CreateRectRgn
BitBlt
GetTextMetricsW
GdiSetBatchLimit
GetDeviceCaps
GetObjectW
GetStockObject
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
DeleteDC
CreateFontIndirectW

advapi32

SetSecurityDescriptorDacl
RegQueryInfoKeyW
CloseServiceHandle
ControlService
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
RegEnumValueW
InitializeSecurityDescriptor

shell32

CommandLineToArgvW
ShellExecuteExW
SHFileOperationW
ord165
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CreateStreamOnHGlobal
RegisterDragDrop
RevokeDragDrop
OleUninitialize
OleInitialize
CoTaskMemRealloc
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathGetDriveNumberW
PathCombineW
PathIsURLW
PathIsDirectoryW
PathRemoveFileSpecW
PathFileExistsW
SHDeleteValueW
SHSetValueW
PathRemoveBackslashW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipCreateFromHDC
GdipFillRectangleI
GdipReleaseDC
GdipGetDC
GdipGetClipBoundsI
GdipGetImageHeight
GdipSetInterpolationMode
GdipGetInterpolationMode
GdipLoadImageFromStream
GdipDisposeImage
GdipCloneImage
GdipResetClip
GdipSetClipRect
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawImagePointRectI
GdipDrawString
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipGetImageWidth
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImageRectRect
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics

psapi

GetProcessImageFileNameW

urlmon

URLDownloadToFileW

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

Sections

.text
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15.3MB - Virtual size: 15.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22e68973e5a5c9c692c417e2ae584b78

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

psapi

urlmon

imm32

Sections

.text Size: 428KB - Virtual size: 427KB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 11KB - Virtual size: 28KB

.rsrc Size: 15.3MB - Virtual size: 15.3MB

.reloc Size: 52KB - Virtual size: 51KB

.text
Size: 428KB - Virtual size: 427KB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 11KB - Virtual size: 28KB

.rsrc
Size: 15.3MB - Virtual size: 15.3MB

.reloc
Size: 52KB - Virtual size: 51KB