e926af977d66b68079f9dede686e12bc2a5529c0d5dea9c6b037e17ce969b935

Sharing

Copy URL Twitter E-mail

General

Target

e926af977d66b68079f9dede686e12bc2a5529c0d5dea9c6b037e17ce969b935
Size

4.5MB
MD5

f4a932bac23b07012f2cc257d7869ed6
SHA1

349490254785d48e3bae86136f225c824552ca8e
SHA256

e926af977d66b68079f9dede686e12bc2a5529c0d5dea9c6b037e17ce969b935
SHA512

7fe9ff61e54d24d5687753131bdcdab4531736311df4c95c72004cfcec0a93038ace816215cec1faf80df3ad6827cb33a757da4f72872fd6bf1a2bf2360575d6
SSDEEP

98304:BckDX/Z0jHEeyTZHdqtzB2k7hvpMAq7NH4xL:W+FvTK9X7hva89

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e926af977d66b68079f9dede686e12bc2a5529c0d5dea9c6b037e17ce969b935

Files

e926af977d66b68079f9dede686e12bc2a5529c0d5dea9c6b037e17ce969b935
.exe windows:5 windows x86 arch:x86

cd02ff844d71bb1ab80f247a29296ce7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
CreateProcessW
GetModuleHandleW
SetCurrentDirectoryW
GetFileSizeEx
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW
ReleaseMutex
CreateMutexW
WideCharToMultiByte
GetFileInformationByHandle
InterlockedCompareExchange
SystemTimeToFileTime
GetSystemTime
GetModuleFileNameW
GetStdHandle
GetFileType
WriteFile
GetLastError
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
FreeLibrary
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
MulDiv
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
DecodePointer
HeapDestroy
HeapAlloc
OutputDebugStringA
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
ReadFile
CreateFileW
LoadLibraryW
GetSystemDirectoryW
GetVolumeInformationW
GetLongPathNameW
FindClose
lstrcpyW
FindFirstFileW
FindNextFileW
LocalFree
GetVersionExW
DeleteFileA
GlobalFree
LocalAlloc
OpenProcess
GetExitCodeProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateDirectoryW
FileTimeToSystemTime
GetWindowsDirectoryW
DeviceIoControl
SetPriorityClass
GetFileAttributesExW
FlushInstructionCache
HeapCreate
FreeResource
LockResource
SetLastError
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetLocalTime
GetVersionExA
FormatMessageA
GetFileAttributesExA
SleepEx
VerSetConditionMask
GetSystemDirectoryA
QueryPerformanceFrequency
VerifyVersionInfoA
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
WriteConsoleW
ExitProcess
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetACP
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
OutputDebugStringW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
ReadConsoleW
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetCurrentDirectoryW
SetEndOfFile
WritePrivateProfileSectionW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedIncrement
DeleteCriticalSection
CreateThread
CloseHandle
TerminateThread
SetEvent
Sleep
GetExitCodeThread
CreateEventW
WaitForSingleObject
VirtualQuery
InitializeCriticalSection
LeaveCriticalSection
InterlockedDecrement
HeapReAlloc
EnterCriticalSection

user32

GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
SetFocus
GetFocus
EnableWindow
IsWindowEnabled
SetActiveWindow
GetDesktopWindow
TrackMouseEvent
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
GetCapture
SetCapture
ReleaseCapture
UpdateWindow
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetCursorPos
CreateCaret
GetCaretBlinkTime
HideCaret
SetCaretPos
ScreenToClient
DestroyIcon
CharNextW
LoadBitmapW
CreateIconFromResource
LoadImageW
GetMessageW
ClientToScreen
EnableMenuItem
GetSysColor
GetSystemMetrics
IsWindowVisible
DrawTextW
SystemParametersInfoA
CharLowerBuffW
DefWindowProcW
UpdateLayeredWindow
IsMenu
CreatePopupMenu
MapWindowPoints
GetMenuItemCount
AppendMenuW
TrackPopupMenu
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
TranslateMessage
GetWindowLongW
SetForegroundWindow
GetForegroundWindow
LoadStringW
UnregisterClassW
GetIconInfo
DrawIconEx
OffsetRect
InflateRect
ReleaseDC
GetDC
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
PtInRect
EqualRect
IsRectEmpty
UnionRect
CopyRect
SetRect
SetCursor
KillTimer
SetTimer
PostMessageW
PostQuitMessage
IsWindow
ShowWindow
SendMessageW
SetWindowPos
IntersectRect
GetWindowRect
GetClientRect
GetActiveWindow
SystemParametersInfoW
GetDlgItem
CreateWindowExW
RegisterClassExW
DestroyMenu
CallWindowProcW
DestroyWindow
DestroyCursor
LoadCursorW
GetKeyState
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
wsprintfW
GetClassNameW
MapVirtualKeyA
SetWindowLongW

gdi32

CreateFontIndirectW
GdiFlush
GetTextFaceW
ExtTextOutW
SetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetGlyphIndicesW
CreateSolidBrush
GetOutlineTextMetricsW
GetGlyphOutlineW
GetFontData
GetCharABCWidthsW
EnumFontFamiliesExW
SetGraphicsMode
CreateBitmap
CreateRoundRectRgn
EnumFontsW
SetViewportOrgEx
GetObjectW
CreateDIBSection
DeleteObject
GetStockObject
Rectangle
SetBkMode
BitBlt
StretchBlt
GetCurrentObject
GetFontUnicodeRanges
GetViewportOrgEx
SelectObject
SelectClipRgn
IntersectClipRect
GetRegionData
ExtCreateRegion
DeleteDC
CreateCompatibleDC
GetDeviceCaps

advapi32

CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
DuplicateTokenEx
GetTokenInformation
OpenProcessToken
RegOpenKeyW
RegEnumKeyW
ImpersonateLoggedOnUser
RevertToSelf
RegQueryValueExW
CryptAcquireContextA
CryptDestroyKey
CryptSetHashParam
RegSetValueExW
RegOpenKeyExW
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegCloseKey
RegCreateKeyExW
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoCreateGuid
CLSIDFromString
CoUninitialize
OleLockRunning
CreateBindCtx
CLSIDFromProgID
CoInitialize

shlwapi

StrToIntExW
PathFileExistsW

gdiplus

GdipCreateBitmapFromFileICM
GdipGetImageWidth
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipBitmapLockBits
GdipImageSelectActiveFrame
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipSaveImageToFile
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipFree
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipGetPropertyItemSize
GdipDrawImageI
GdipCreateBitmapFromStreamICM
GdipImageGetFrameDimensionsCount
GdipCloneImage
GdipBitmapUnlockBits
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipAlloc
GdipCreateBitmapFromFile

wke

jsUndefined
wkeFireKeyPressEvent
wkeOnPaintUpdated
wkeOnTitleChanged
wkeGetViewDC
wkeOnCreateView
wkeFireKeyDownEvent
wkeInitialize
wkeOnNavigation
wkeSetHostWindow
wkeRepaintIfNeeded
jsBindFunction
jsToTempStringW
wkeReload
wkeOnURLChanged
wkeGetStringW
jsStringW
wkeResize
wkeDestroyWebView
wkeCreateWebWindow
wkeCreateWebView
jsArg
wkeFireMouseWheelEvent
wkeFireKeyUpEvent
wkeShowWindow
wkeSetTransparent
wkeKillFocus
wkeLoadW
wkeSetFocus
wkeFinalize
wkeFireMouseEvent
wkeGetCaretRect

imm32

ImmSetCandidateWindow
ImmAssociateContext
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

shell32

SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW

oleaut32

SysAllocString
SysFreeString

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

wldap32

ord79
ord35
ord33
ord30
ord200
ord26
ord301
ord41
ord50
ord60
ord211
ord46
ord217
ord143
ord22
ord27
ord32

ws2_32

getsockopt
htons
ntohs
setsockopt
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
shutdown
htonl
gethostbyname
getservbyname
WSAIoctl
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname

usp10

ScriptFreeCache
ScriptShape
ScriptItemize

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 969KB - Virtual size: 969KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 97KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 231KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd02ff844d71bb1ab80f247a29296ce7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

shlwapi

gdiplus

wke

imm32

shell32

oleaut32

crypt32

wldap32

ws2_32

usp10

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 969KB - Virtual size: 969KB

.data Size: 97KB - Virtual size: 199KB

.gfids Size: 512B - Virtual size: 456B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 334KB - Virtual size: 333KB

.reloc Size: 231KB - Virtual size: 232KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 969KB - Virtual size: 969KB

.data
Size: 97KB - Virtual size: 199KB

.gfids
Size: 512B - Virtual size: 456B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 334KB - Virtual size: 333KB

.reloc
Size: 231KB - Virtual size: 232KB