53fda50cbec4f1bd5a6918490043a4bf63e79475349b63ee6b549114c17f33f7

Sharing

Copy URL

Twitter E-mail

General

Target

53fda50cbec4f1bd5a6918490043a4bf63e79475349b63ee6b549114c17f33f7
Size

3.3MB
MD5

2e49e880833f3731198f3e0c7a3fcb4c
SHA1

f51cbaabe70d59db193bae4f23392bd1400f1866
SHA256

53fda50cbec4f1bd5a6918490043a4bf63e79475349b63ee6b549114c17f33f7
SHA512

2c3485df685dbc3571c5bc4154098cc088d6881b5c5a7b71f26a43f643cdb8ede2cfb03a99c52ea5d359067dfaaf3c599f7e47b1eb1d201bcea64ae65bf72e1f
SSDEEP

49152:d55h4R+iwIRneb2GbPGzbmyf3QRgQScldIAKmLBLMTxaPXuOIFsIwZevKFCde:nj4ktIleb2UPGzbdARgQScMAKzO3X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53fda50cbec4f1bd5a6918490043a4bf63e79475349b63ee6b549114c17f33f7

Files

53fda50cbec4f1bd5a6918490043a4bf63e79475349b63ee6b549114c17f33f7
.exe windows:6 windows x86 arch:x86

bf0db1fc9ba93569775c9bdeb6d24b8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseSemaphore
QueueUserAPC
SleepEx
SetWaitableTimer
SetLastError
CreateWaitableTimerW
GetModuleHandleA
GetSystemTimeAsFileTime
ReleaseMutex
CreateSemaphoreA
CreateSemaphoreW
TlsGetValue
TlsSetValue
PeekNamedPipe
FileTimeToLocalFileTime
GetDriveTypeW
SetConsoleMode
ReadConsoleInputA
SetUnhandledExceptionFilter
GlobalUnlock
CreateDirectoryW
GlobalLock
GlobalAlloc
GlobalMemoryStatus
FreeResource
LoadLibraryW
GetModuleFileNameA
CreateMutexW
ReadFile
GetFileSize
TerminateProcess
VirtualFree
ResumeThread
WriteProcessMemory
VirtualFreeEx
VirtualAlloc
VirtualAllocEx
ReadProcessMemory
GetThreadContext
CreateProcessW
GetExitCodeThread
GetSystemInfo
CreateFileW
WriteFile
GetQueuedCompletionStatus
CreateIoCompletionPort
TerminateThread
CancelIoEx
TlsFree
PostQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
TlsAlloc
Sleep
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
OpenMutexW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentProcess
GetProcAddress
GetModuleHandleW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ResetEvent
LocalFree
FindNextFileA
FindClose
FindFirstFileA
GetLocalTime
CreateThread
CloseHandle
CreateEventW
SetEvent
WaitForSingleObject
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
DecodePointer
HeapSize
GetLastError
RaiseException
InitializeCriticalSectionEx
MultiByteToWideChar
HeapDestroy
WideCharToMultiByte
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
InitializeCriticalSection
SystemTimeToFileTime
DosDateTimeToFileTime
SetFilePointer
FormatMessageW
lstrcpyW
MulDiv
DeviceIoControl
SetFileTime
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
GetCurrentDirectoryW
FormatMessageA
lstrlenW
lstrlenA
FlushConsoleInputBuffer
LoadLibraryA
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
GetStringTypeW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
FlushFileBuffers
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
SetConsoleCtrlHandler
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
CreateTimerQueue
ExitThread
LoadLibraryExW
GetCommandLineW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
GetStartupInfoW
GetTickCount
RtlUnwind
GetConsoleMode
ReadConsoleW
GetCurrentThread
DuplicateHandle
InitializeSListHead
UnregisterWaitEx
GetVersionExW
VirtualProtect
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetFilePointerEx
GetFileType
GetConsoleCP
FindFirstFileExW
FindNextFileW
DeleteFileW

user32

GetWindowRgn
ShowWindow
IsWindow
IsWindowVisible
IsIconic
SetForegroundWindow
SetWindowPos
MapWindowPoints
GetClientRect
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetCursorPos
KillTimer
SetTimer
PostQuitMessage
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
TranslateMessage
DispatchMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
SetWindowLongW
LoadCursorW
LoadImageW
IsZoomed
CharNextW
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
GetSysColor
IntersectRect
UnionRect
IsRectEmpty
PtInRect
SetWindowRgn
OffsetRect
SetCursor
InflateRect
LoadIconW
UpdateLayeredWindow
wsprintfW
CharPrevW
DrawTextW
FillRect
SetRect
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
IsWindowEnabled
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
MoveWindow
DestroyWindow
SendMessageW
GetWindowLongW
PostMessageW
FindWindowW
GetMessageW
MessageBoxW
PeekMessageW
PostThreadMessageW
UnregisterHotKey
RegisterHotKey

gdi32

CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SaveDC
RestoreDC
GetStockObject
GetTextExtentPoint32W
SelectObject
GetCharABCWidthsW
GetClipBox
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
MoveToEx
TextOutW
GdiFlush
SetBitmapBits
CreatePen
CreateFontIndirectW
CreateDIBitmap
GetObjectA
GetDeviceCaps
GetBitmapBits
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap

advapi32

RegOpenKeyExW
CryptEnumProvidersA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW

shell32

ShellExecuteW
DragQueryFileW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetFolderPathA

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitialize
CoSetProxyBlanket

oleaut32

SysAllocString
SysAllocStringLen
VariantInit
VariantClear
SysFreeString

shlwapi

PathAppendA
PathIsDirectoryA
PathFileExistsA
PathFileExistsW
PathRemoveFileSpecA

dbghelp

MakeSureDirectoryPathExists

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

connect
__WSAFDIsSet
htonl
ntohl
freeaddrinfo
WSAAddressToStringA
setsockopt
select
gethostbyname
gethostname
recv
getsockname
getpeername
getaddrinfo
getsockopt
WSAStartup
WSACleanup
shutdown
closesocket
listen
WSARecv
WSASend
WSASocketW
htons
WSAGetLastError
inet_addr
accept
bind
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
ntohs
WSASetLastError
ioctlsocket
send

libcurl

curl_easy_setopt
CRYPTO_thread_setup
curl_global_init
curl_global_cleanup
curl_slist_append
curl_slist_free_all
curl_easy_strerror
curl_easy_reset
curl_easy_getinfo
curl_easy_cleanup
curl_easy_perform
curl_easy_init

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

gdiplus

GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 589KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf0db1fc9ba93569775c9bdeb6d24b8d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

dbghelp

version

ws2_32

libcurl

comctl32

imm32

gdiplus

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 589KB - Virtual size: 588KB

.data Size: 96KB - Virtual size: 141KB

.rsrc Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 131KB - Virtual size: 130KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 589KB - Virtual size: 588KB

.data
Size: 96KB - Virtual size: 141KB

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 131KB - Virtual size: 130KB