317eebc15dd9f1f523abb5969f16826d2741aad77cefdf70390d82d971113e6b

Sharing

Copy URL Twitter E-mail

General

Target

317eebc15dd9f1f523abb5969f16826d2741aad77cefdf70390d82d971113e6b
Size

9.9MB
MD5

b729872a04e3c0adc07ad3fcb8c8ba53
SHA1

6745c46ecf1d490c1ab122de20e316da8f1efc4c
SHA256

317eebc15dd9f1f523abb5969f16826d2741aad77cefdf70390d82d971113e6b
SHA512

78d20f70b2f72b86c1978a2b64dd3001ef751722f0fb51a8c205e2c945251287981021e4ccf8567f0c00b9f34f3fded0b01cf19e00a491af2c7c910de8c4b0fd
SSDEEP

98304:AnUOK4P2zOunJzA9XhTyz6CkCBmfCECVCdCkCRCDCdCRCZChC4CYCpC7CTQiq7UX:AUOK4QOuxAHtuQm3bx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
317eebc15dd9f1f523abb5969f16826d2741aad77cefdf70390d82d971113e6b

Files

317eebc15dd9f1f523abb5969f16826d2741aad77cefdf70390d82d971113e6b
.exe windows:5 windows x64 arch:x64

18c0a624f9d9329ad39d1460d183a452

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FormatMessageA
GetCurrentThread
ResetEvent
WaitForMultipleObjects
SetEndOfFile
SetFileTime
SystemTimeToFileTime
TlsAlloc
TlsSetValue
TlsFree
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
GetDiskFreeSpaceExW
IsBadReadPtr
IsBadWritePtr
WriteProcessMemory
SetUnhandledExceptionFilter
VirtualQuery
VirtualFree
VirtualAlloc
GetModuleFileNameW
CreateEventW
WaitForSingleObject
SetEvent
ResumeThread
GetSystemInfo
DuplicateHandle
ExitProcess
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
WriteConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
SetConsoleCtrlHandler
ExitThread
RtlUnwindEx
QueryDepthSList
InterlockedFlushSList
VirtualProtect
FreeLibraryAndExitThread
SetThreadPriority
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
SuspendThread
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetCPInfo
WaitForSingleObjectEx
EncodePointer
RtlPcToFileHeader
LocalFileTimeToFileTime
GetFileType
RtlVirtualUnwind
lstrcmpW
lstrcatW
TlsGetValue
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemDirectoryW
SetFilePointerEx
FlushFileBuffers
UnregisterWaitEx
RegisterWaitForSingleObject
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetNativeSystemInfo
IsDebuggerPresent
lstrcmpiA
GetUserDefaultLangID
TryEnterCriticalSection
ReplaceFileW
MoveFileExW
GetFileAttributesExW
GetCurrentDirectoryW
UnmapViewOfFile
GetLongPathNameW
QueryPerformanceFrequency
QueryPerformanceCounter
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
AssignProcessToJobObject
GetModuleHandleExA
TerminateThread
FindNextFileW
FindFirstFileW
SetFileAttributesW
RemoveDirectoryW
FindClose
SetFilePointer
GetSystemTimeAsFileTime
OutputDebugStringA
CompareStringW
WritePrivateProfileStringW
GetPrivateProfileStringW
LocalFree
LocalAlloc
lstrcpyW
GetModuleHandleA
GlobalFree
CreateSemaphoreW
ReleaseSemaphore
GetProfileIntA
lstrlenA
MulDiv
lstrcpyA
lstrcpynA
GetFileSize
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
GetStdHandle
lstrcpynW
GetTickCount64
CopyFileW
OpenMutexW
CreateMutexW
CreateMutexA
ReleaseMutex
OpenProcess
CreateProcessW
PeekNamedPipe
CreatePipe
SetHandleInformation
GetExitCodeProcess
lstrcmpiW
SetLastError
CreateThread
TerminateProcess
GetComputerNameW
GetFileAttributesW
CreateDirectoryW
GetTempFileNameW
GetTempPathW
OutputDebugStringW
GetCommandLineW
LoadLibraryW
LoadLibraryA
GetTickCount
DeleteTimerQueueTimer
ReadFile
GetCurrentThreadId
MoveFileW
DeleteFileW
WriteFile
InitializeCriticalSection
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
DecodePointer
CreateFileW
GetSystemWindowsDirectoryW
FindResourceExW
FindResourceW
GetModuleHandleW
LoadLibraryExW
CloseHandle
DeviceIoControl
SizeofResource
LoadResource
Sleep
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetCurrentProcess
GetProcAddress
FreeLibrary
LockResource
FreeResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadTimes

user32

DialogBoxParamW
EndDialog
ReplyMessage
AllowSetForegroundWindow
SetPropA
GetPropA
RemovePropA
PostMessageW
MessageBeep
OffsetRect
EqualRect
PtInRect
IsZoomed
CreateDialogParamW
SetWindowRgn
TrackMouseEvent
SetWindowTextW
GetMessageExtraInfo
FindWindowExW
PeekMessageW
SetCursorPos
GetCapture
GetMessagePos
FrameRect
PostQuitMessage
IsWindowEnabled
GetWindowRgn
SubtractRect
FillRect
SetRectEmpty
GetSysColor
SetCaretPos
ShowCaret
HideCaret
CreateCaret
SendMessageW
DefWindowProcW
CharNextW
GetKeyState
GetSystemMetrics
GetWindowTextW
GetWindowTextLengthW
ScreenToClient
InflateRect
SetWindowLongW
GetWindowLongPtrW
SystemParametersInfoW
RegisterWindowMessageW
LoadMenuW
GetMenuStringW
DestroyMenu
GetSubMenu
GetMenuItemCount
SetMenuItemBitmaps
GetMenuItemInfoW
DestroyIcon
LoadImageW
IsChild
WindowFromPoint
GetClassNameW
GetAncestor
LoadStringW
MonitorFromPoint
RegisterClipboardFormatW
SetCapture
ReleaseCapture
SetCursor
ClientToScreen
InvalidateRect
EnableScrollBar
ShowScrollBar
SetActiveWindow
IsIconic
IsRectEmpty
GetDesktopWindow
SetScrollRange
SetScrollPos
ScrollWindowEx
GetFocus
GetDlgItem
GetDoubleClickTime
GetWindowDC
UpdateLayeredWindow
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetParent
SetWindowLongPtrW
GetWindowLongW
IntersectRect
CopyRect
MapWindowPoints
GetCursorPos
GetWindowRect
GetClientRect
UpdateWindow
KillTimer
SetTimer
GetActiveWindow
SetFocus
CreateWindowExW
GetClassInfoExW
RegisterClassExW
MessageBoxW
WaitMessage
CallMsgFilterW
GetQueueStatus
MsgWaitForMultipleObjectsEx
wsprintfW
GetProcessWindowStation
GetUserObjectInformationW
WindowFromDC
GetIconInfo
DrawIconEx
InvalidateRgn
CallWindowProcW
AdjustWindowRectEx
GetMessageW
GetWindowThreadProcessId
SetForegroundWindow
GetForegroundWindow
EnableWindow
BringWindowToTop
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
AttachThreadInput
FindWindowW
SendMessageTimeoutW
UnregisterClassW
GetLastActivePopup
TranslateMessage
DispatchMessageW
GetAsyncKeyState
DrawTextW
GetDC
ReleaseDC
BeginPaint
EndPaint
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
MonitorFromRect
GetGUIThreadInfo
MoveWindow

gdi32

LineTo
SetWindowOrgEx
LPtoDP
GetCurrentObject
TextOutW
GetPath
EndPath
BeginPath
GetObjectType
EnumFontFamiliesW
CreateFontW
SetStretchBltMode
RemoveFontResourceExW
AddFontResourceExW
EnumFontFamiliesExW
CreatePolygonRgn
SelectClipRgn
PtInRegion
GetRgnBox
CreateRectRgn
CreateEllipticRgn
RectVisible
PtVisible
CreateSolidBrush
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SaveDC
RestoreDC
IntersectClipRect
GetDIBits
CreateDCW
MoveToEx
OffsetRgn
CreatePen
GdiSetBatchLimit
GetTextMetricsW
PatBlt
GetStockObject
GetDeviceCaps
SetViewportOrgEx
ExtTextOutW
SetTextColor
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
GdiAlphaBlend
StretchBlt
SetBkMode
SelectObject
CreateFontIndirectW
CreateRoundRectRgn
CreateRectRgnIndirect
CombineRgn
CreateDIBSection
DeleteDC
CreateCompatibleDC
GetObjectW
DeleteObject
SetLayout
GetRandomRgn
GetLayout

shell32

Shell_NotifyIconW
DragQueryFileW
ShellExecuteExW
SHGetDesktopFolder
CommandLineToArgvW
SHBrowseForFolderW
SHAppBarMessage
SHFileOperationW
SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW

ole32

CoCreateGuid
CreateStreamOnHGlobal
OleDuplicateData
DoDragDrop
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium
CoInitializeEx
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
CoCreateInstance

oleaut32

VarBstrCmp
VariantChangeType
VarUI4FromStr
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString
SysStringByteLen
VarCmp
VariantCopy
CreateDispTypeInfo
SysAllocStringByteLen
VariantInit
CreateStdDispatch

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseColorW

advapi32

ReportEventW
DeregisterEventSource
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
CreateProcessAsUserW
RegisterEventSourceW

utilsrv

mlt_audioplayer_play
mlt_audioplayer_stop
mlt_audioplayer_getinfo
mltMateralConversion
mltIsGifAnimation
mlt_audioplayer_init
mlt_audioplayer_exit
util_srv_uninit
black_video_detect
mlt_audioplayer_getstatus

libmltwrapper

MLT_ClearAll
MLT_ClipGetFrame
MLT_ClipGetFrameImage
MLT_ClipGetInfo
MLT_ClipPause
MLT_ClipPlay
MLT_ClipRelease
MLT_ClipRemoveFilter
MLT_ClipRemoveTransition
MLT_ClipSeek
MLT_ClipSetFilter
MLT_ClipSetInAndOut
MLT_ClipSetTransition
MLT_DeleteClip
MLT_EnableBlur
MLT_Environment_Set
MLT_FinalTimeLineUpdate
MLT_Init
MLT_IsExifFile
MLT_KeylightExport
MLT_LutPreviewFrame
MLT_NewClip
MLT_ReBuildClipTransition
MLT_SetEncoder
MLT_SetMode
MLT_SetProfile
MLT_Stop
MLT_TimeLineAddAudio
MLT_TimeLineChange
MLT_TimeLineExport
MLT_TimeLineGetFrame
MLT_TimeLineGetInfo
MLT_TimeLineInsertClip
MLT_TimeLinePause
MLT_TimeLinePlay
MLT_TimeLinePlaySpeed
MLT_TimeLineRemoveAudio
MLT_TimeLineRemoveClip
MLT_TimeLineSeek
MLT_TimeLineUpdateAudio
MLT_TrackAddAudio
MLT_TrackClipChangeTrack
MLT_TrackClipCopy
MLT_TrackClipGetVolume
MLT_TrackClipGetWave
MLT_TrackClipHasAudio
MLT_TrackClipMove
MLT_TrackClipSetInAndOut
MLT_TrackClipSpeed
MLT_TrackClipSplit
MLT_TrackClipVolume
MLT_TrackGetClipInfo
MLT_TrackRemoveAudio
MLT_TrackRemoveFilter
MLT_TrackSetFilter
MLT_TrackVideoSeparateAudio
MLT_TrackVolume
MLT_UnInit

wininet

InternetCloseHandle
InternetOpenUrlW
InternetReadFile
HttpEndRequestW
HttpSendRequestExW
FtpGetFileSize
FtpCommandW
FtpOpenFileW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionA
InternetWriteFile
InternetReadFileExA
InternetErrorDlg
HttpQueryInfoA
HttpSendRequestW
HttpQueryInfoW
HttpAddRequestHeadersA
HttpOpenRequestW
HttpAddRequestHeadersW
InternetQueryOptionW
InternetConnectW
InternetCrackUrlW
InternetSetOptionW
InternetOpenW

d3d9

Direct3DCreate9

libcurl

curl_global_init
curl_easy_init
curl_easy_setopt
curl_easy_perform
curl_easy_cleanup
curl_slist_append
curl_slist_free_all
curl_formadd
curl_formfree
curl_global_cleanup
curl_easy_getinfo
curl_mime_init
curl_mime_free
curl_mime_addpart
curl_mime_name
curl_mime_data
curl_mime_filedata
curl_easy_reset

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

shlwapi

PathIsDirectoryW
PathIsUNCW
PathIsNetworkPathW
PathGetDriveNumberW
PathFileExistsA
PathRenameExtensionW
PathIsRootW
PathIsURLW
SHSetValueA
SHGetValueA
PathAddBackslashW
PathFindFileNameA
SHGetValueW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathAppendW
StrCmpIW
StrStrIW
PathCombineW
StrTrimA
StrCmpNIW

comctl32

InitCommonControlsEx
ImageList_Remove
ImageList_Draw
ImageList_Add
ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ImageList_GetIconSize

msimg32

AlphaBlend

iphlpapi

GetAdaptersInfo

imm32

ImmReleaseContext
ImmGetContext

gdiplus

GdipCreateBitmapFromStream
GdipImageRotateFlip
GdipGetImagePixelFormat
GdipSaveImageToFile
GdipResetClip
GdipSetClipRegion
GdipSetClipRectI
GdipGraphicsClear
GdipCreateBitmapFromHBITMAP
GdipDeleteRegion
GdipCreateRegion
GdipSetPenDashArray
GdipCombineRegionRectI
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipGetFontSize
GdipGetFontStyle
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipGetPathWorldBounds
GdipAddPathString
GdipDeletePath
GdipCloneBitmapAreaI
GdipDrawImageRectRectI
GdipDrawRectangleI
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDrawImageRectRect
GdipFillRectangleI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateTexture
GdipDeleteBrush
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetPageScale
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFile
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCreateAdjustableArrowCap
GdipDeleteCustomLineCap
GdipDrawString
GdipSetPenDashStyle
GdipDrawImagePointRectI
GdipSetPenMode
GdipSetPenCustomEndCap
GdipTranslateWorldTransform
GdipCreateBitmapFromHICON
GdipPrivateAddFontFile
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipFillPolygon
GdipSetImageAttributesColorMatrix
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetDpiY
GdipGetDpiX
GdipGetPageUnit
GdipAddPathBezierI
GdipAddPathLineI
GdipClosePathFigure
GdipGetPathData
GdipGetPointCount
GdipCreateLineBrushFromRectI
GdipFillPath
GdipDrawPath
GdipLoadImageFromStream
GdipSetPageScale
GdipCloneBrush
GdipSetPageUnit
GdipSetInterpolationMode
GdipSetImageAttributesWrapMode
GdipSetPenLineJoin
GdipAddPathStringI
GdipGetInterpolationMode
GdipGetTextRenderingHint
GdipSetStringFormatFlags
GdipSetTextRenderingHint
GdipGetCompositingQuality
GdipSetCompositingQuality
GdipDrawEllipseI
GdipGetCompositingMode
GdipCreateBitmapFromScan0
GdipDrawLineI
GdipSetCompositingMode
GdipReleaseDC
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateBitmapFromFile
GdipGetDC
GdipCreatePath
GdipCreateHBITMAPFromBitmap

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

netapi32

Netbios

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 295KB - Virtual size: 754KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18c0a624f9d9329ad39d1460d183a452

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

comdlg32

advapi32

utilsrv

libmltwrapper

wininet

d3d9

libcurl

version

winmm

shlwapi

comctl32

msimg32

iphlpapi

imm32

gdiplus

userenv

netapi32

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 295KB - Virtual size: 754KB

.pdata Size: 244KB - Virtual size: 243KB

.gfids Size: 4KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 5.5MB - Virtual size: 5.5MB

.reloc Size: 63KB - Virtual size: 62KB

.text
Size: 5.4MB - Virtual size: 5.4MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 295KB - Virtual size: 754KB

.pdata
Size: 244KB - Virtual size: 243KB

.gfids
Size: 4KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 5.5MB - Virtual size: 5.5MB

.reloc
Size: 63KB - Virtual size: 62KB