f4a788ac5b3acf5ef4d5e62343057e348d6fc670db11a87f1789cd3a94816376

Sharing

Copy URL

Twitter E-mail

General

Target

f4a788ac5b3acf5ef4d5e62343057e348d6fc670db11a87f1789cd3a94816376
Size

4.3MB
MD5

30c9b4e5f533dcbc32e8b82c0ed5bd7b
SHA1

17ce3b8c552534216ffe0866f6337428bf84e4de
SHA256

f4a788ac5b3acf5ef4d5e62343057e348d6fc670db11a87f1789cd3a94816376
SHA512

3d91f0ac72c08f2557dfc6312ce855c9740573bc4f2ae49f2905b81cba5a80e71c142725930eb3c5ec85532309abdb13098f63a2b70bcd29edd2f3cbc92fbddb
SSDEEP

98304:Pz3iab/Chp7WEOWvpaUZqgFytJ2LWzswpKrqXWOKKTw7lk2oilB8E3YV:jiabYdOW3PgGLWzswpKrqXWOKKTw7lkr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4a788ac5b3acf5ef4d5e62343057e348d6fc670db11a87f1789cd3a94816376

Files

f4a788ac5b3acf5ef4d5e62343057e348d6fc670db11a87f1789cd3a94816376
.exe windows:6 windows x86 arch:x86

a8bbbbae619921509060187906f49d44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
CompareStringA
InitializeCriticalSection
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalGetAtomNameW
GetAtomNameW
SetErrorMode
GlobalFlags
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceExW
GetDiskFreeSpaceW
GetTempFileNameW
ReplaceFileW
GetUserDefaultLCID
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
InitializeSListHead
IsDebuggerPresent
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleOutputCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
HeapQueryInformation
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
SetStdHandle
SetConsoleCtrlHandler
ExitProcess
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
MoveFileExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
EncodePointer
lstrcmpA
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
GetThreadLocale
GetStringTypeExW
MoveFileW
lstrcmpiW
LoadLibraryExW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFileSize
FlushFileBuffers
MulDiv
GlobalFree
GlobalUnlock
GlobalSize
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiberEx
ConvertFiberToThread
GetSystemTimeAsFileTime
GetCurrentProcessId
WriteFile
GetFileType
GetACP
FormatMessageA
LoadLibraryA
GetSystemDirectoryA
CreateFiberEx
DeleteFiber
SwitchToFiber
GetEnvironmentVariableW
VirtualLock
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
GetModuleHandleExW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
OutputDebugStringW
FormatMessageW
SetThreadExecutionState
LocalFree
GetVersionExW
CreateEventW
SetEvent
GetLogicalDrives
GetSystemPowerStatus
GetPrivateProfileSectionNamesW
WritePrivateProfileSectionW
SetCurrentDirectoryW
SetProcessAffinityMask
GetConsoleScreenBufferInfo
WriteConsoleW
FreeConsole
AllocConsole
GetCurrentDirectoryA
CompareStringW
GetStdHandle
CopyFileW
GetCommandLineW
CreateMutexW
SetFirmwareEnvironmentVariableW
GetCurrentThreadId
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameW
GetSystemDirectoryW
GetTempPathW
GetCurrentDirectoryW
MultiByteToWideChar
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalLock
GlobalAlloc
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
GetDiskFreeSpaceExW
CreateDirectoryW
WideCharToMultiByte
GetFirmwareEnvironmentVariableW
GetModuleHandleW
GetVersion
GetCurrentProcess
DeviceIoControl
CloseHandle
CreateFileW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
FreeLibrary
GetWindowsDirectoryW
Sleep
SetLastError
GetLastError
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
GetStartupInfoW
DeleteFileW

user32

GetScrollInfo
SetScrollInfo
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
CharNextW
wsprintfW
SendMessageW
GetDlgItem
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
WinHelpW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IntersectRect
ScreenToClient
EndPaint
BeginPaint
GetWindowDC
IsDialogMessageW
GetWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
ScrollWindowEx
SetFocus
GetDlgCtrlID
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
ShowOwnedPopups
GetSysColorBrush
LoadCursorW
GetDialogBaseUnits
RealChildWindowFromPoint
DestroyMenu
GetMenuItemInfoW
SystemParametersInfoW
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowThreadProcessId
GetKeyNameTextW
MapVirtualKeyW
GetMessageW
GetCursorPos
RegisterClassW
PostQuitMessage
EnableWindow
MessageBoxW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
RegisterWindowMessageW
SendMessageTimeoutW
ShowWindow
IsIconic
SetForegroundWindow
EnumWindows
UpdateWindow
TranslateMessage
DispatchMessageW
PeekMessageW
SetTimer
KillTimer
GetNextDlgTabItem
GetActiveWindow
DrawStateW
GetDC
ReleaseDC
InvalidateRect
GetClientRect
GetWindowRect
LoadImageW
SetCursor
ClientToScreen
WindowFromPoint
GetSysColor
DrawFocusRect
FillRect
FrameRect
CopyRect
InflateRect
LoadMenuW
SetActiveWindow
IsWindowEnabled
EndDialog
CreateDialogIndirectParamW
DestroyWindow
CharUpperW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
UnregisterClassA
SetRectEmpty
SendDlgItemMessageA
GetUserObjectInformationW
GetProcessWindowStation
LoadBitmapW
DrawIcon
LoadIconW
GetDesktopWindow
UnregisterClassW
SetWindowLongW
PostMessageW
IsWindowVisible
RedrawWindow
SetWindowPos
PtInRect
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetSystemMetrics
GetKeyState
GetFocus
IsWindow
DrawEdge
GetIconInfo
CopyImage
GetAsyncKeyState
MapDialogRect
DeleteMenu
SetCapture
ReleaseCapture
IsRectEmpty
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
UnionRect
GetSystemMenu
SetParent
SetRect
GetDCEx
LockWindowUpdate
SetWindowRgn
OffsetRect
GetWindowLongW
GetParent
DestroyCursor
DestroyIcon
CreateIconIndirect

gdi32

StretchDIBits
GetCharWidthW
CreateFontW
EnumFontFamiliesExW
CreateDIBSection
Ellipse
CreateEllipticRgn
GetTextMetricsW
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolylineTo
PolyBezierTo
MoveToEx
ExtCreatePen
SetArcDirection
SelectClipPath
PolyDraw
ArcTo
StartDocW
SetColorAdjustment
ModifyWorldTransform
SetWorldTransform
EnumMetaFile
PlayMetaFileRecord
SetTextJustification
SetTextAlign
SetTextCharacterExtra
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SaveDC
RestoreDC
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetPixel
GetStockObject
SelectObject
SetBkColor
SetPixel
SetTextColor
GetObjectW
CreateSolidBrush
Escape
GetBkColor
GetCurrentObject
GetMapMode
GetTextExtentPoint32W
PtVisible
RectVisible
TextOutW
ExtTextOutW
DPtoLP
LPtoDP
CreatePen
RoundRect
CreateFontIndirectW
Rectangle
CopyMetaFileW
CreateDCW
GetDeviceCaps
CreateDIBPatternBrushPt
SetLayout
SetMapMode
SetGraphicsMode
SetMapperFlags
SelectClipRgn
SetBkMode
SelectPalette
ExcludeClipRect
CreateHatchBrush
CreatePatternBrush
CreateRectRgn
ExtSelectClipRgn

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

CryptExportKey
AdjustTokenPrivileges
OpenProcessToken
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
RegCloseKey
RegDeleteValueW
RegFlushKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegSetValueW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
RegEnumValueW
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
InitiateSystemShutdownW
RegSetValueExW
RegQueryValueExW
LookupPrivilegeValueW

shell32

DragFinish
DragQueryFileW
ShellExecuteW
ExtractIconW
SHAddToRecentDocs
SHGetFileInfoW
CommandLineToArgvW

comctl32

ImageList_SetBkColor
ImageList_GetBkColor
ImageList_GetImageInfo
_TrackMouseEvent

shlwapi

PathRemoveExtensionW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathIsDirectoryW
PathFileExistsW
PathRemoveFileSpecW

uxtheme

DrawThemeParentBackground
IsAppThemed
GetThemePartSize
CloseThemeData
OpenThemeData
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent

ole32

CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoInitialize
CoCreateInstance
WriteFmtUserTypeStg
CoInitializeSecurity
CoInitializeEx
CoUninitialize
SetConvertStg
CoCreateGuid
StringFromGUID2
CoDisconnectObject
CLSIDFromString
PropVariantCopy
ReadFmtUserTypeStg
OleDuplicateData
CreateBindCtx
CoSetProxyBlanket
OleRegGetUserType
CreateStreamOnHGlobal
ReleaseStgMedium

oleaut32

SysAllocStringLen
VariantInit
VariantChangeType
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysReAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SysAllocStringByteLen
SysAllocString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
SysStringByteLen
VariantClear
SafeArrayGetDim
SysFreeString
GetErrorInfo
SetErrorInfo
SafeArrayGetElemsize
CreateErrorInfo

setupapi

SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetINFClassW
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupDiCreateDeviceInfoList
CM_Get_Device_ID_ExW
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW
SetupCopyOEMInfW

wintrust

WinVerifyTrust

bcrypt

BCryptGenRandom

ws2_32

send
accept
bind
closesocket
connect
listen
getservbyport
recv
shutdown
gethostbyaddr
WSASetLastError
inet_ntoa
getsockopt
getsockname
ioctlsocket
inet_addr
htons
socket
getservbyname
htonl
ntohs
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
select
setsockopt

gdiplus

GdiplusShutdown

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 885KB - Virtual size: 884KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 65.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8bbbbae619921509060187906f49d44

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

setupapi

wintrust

bcrypt

ws2_32

gdiplus

oleacc

crypt32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 885KB - Virtual size: 884KB

.data Size: 22KB - Virtual size: 65.2MB

.rsrc Size: 351KB - Virtual size: 350KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 885KB - Virtual size: 884KB

.data
Size: 22KB - Virtual size: 65.2MB

.rsrc
Size: 351KB - Virtual size: 350KB