13eaf84917d9be300596f97b21893ce3f05bc220e751d0a7dceadd32be2f0b76

Sharing

Copy URL Twitter E-mail

General

Target

13eaf84917d9be300596f97b21893ce3f05bc220e751d0a7dceadd32be2f0b76
Size

14.8MB
MD5

928cb24bd1d1f8abe5ba205b1163a33a
SHA1

6bb9ea8d0e1b873e16e7e1b2319d1507b553cfe5
SHA256

13eaf84917d9be300596f97b21893ce3f05bc220e751d0a7dceadd32be2f0b76
SHA512

9570d212d26fd10ab5b4d3f9233d8e81e67ce1bfd1e1531cdef19863faef4f06651aff4c01d8dbda4250d86b003f96e09d4a421944921f539573ac58a2e27ae9
SSDEEP

196608:b8NYUJfCkjXxMxmki437Ul++wfxWVdFWO1ojjxp/XHulT9fqHjSwZZyB5d+65u53:b8NY5yB5d+64NU99s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13eaf84917d9be300596f97b21893ce3f05bc220e751d0a7dceadd32be2f0b76

Files

13eaf84917d9be300596f97b21893ce3f05bc220e751d0a7dceadd32be2f0b76
.exe windows:5 windows x86 arch:x86

ffe788b4189214c914445e1eaa340214

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreateSequential

setupapi

CM_Get_Device_IDA
SetupDiGetClassDevsA
CM_Get_Parent
CM_Get_Sibling
CM_Get_Child
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
CM_Get_DevNode_Registry_PropertyA
CM_Locate_DevNodeA
CM_Disconnect_Machine
CM_Connect_MachineA
CM_Get_Sibling_Ex
CM_Get_DevNode_Registry_Property_ExA
CM_Locate_DevNode_ExA
CM_Get_Child_Ex

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
IsValidCodePage
GetACP
GetStdHandle
SetHandleCount
HeapSize
GetFileType
SetStdHandle
CreateThread
ExitThread
HeapReAlloc
GetStartupInfoA
GetCommandLineA
HeapAlloc
VirtualQuery
GetDateFormatA
GetTimeFormatA
HeapFree
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
FindResourceExA
SetErrorMode
GetModuleHandleW
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GlobalFlags
GetStringTypeW
GetFileSizeEx
GetFileAttributesExA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
SuspendThread
SetThreadPriority
VirtualProtect
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GlobalReAlloc
GetCurrentProcessId
InterlockedDecrement
GetModuleFileNameW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
SetLastError
RaiseException
InterlockedExchange
LocalAlloc
InitializeCriticalSectionAndSpinCount
HeapCreate
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetTickCount
GetVersion
GetDriveTypeA
SetEvent
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreA
MulDiv
lstrcmpA
CreateEventA
ResetEvent
WaitForMultipleObjects
GetOverlappedResult
GetCommTimeouts
SetCommTimeouts
GetCommState
SetCommState
lstrlenA
CreateMutexA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
GetSystemInfo
GetVersionExA
Beep
WritePrivateProfileStringA
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeResource
WaitForSingleObject
GetExitCodeProcess
SetFilePointerEx
LoadLibraryA
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResumeThread
OutputDebugStringA
CreateFileW
GetModuleFileNameA
GetComputerNameA
GetModuleHandleA
VirtualAlloc
VirtualFree
GetUserDefaultUILanguage
InitializeCriticalSection
SetFileAttributesA
GetFileAttributesA
CopyFileA
MoveFileA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
FormatMessageA
LocalFree
FindClose
DeviceIoControl
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileSize
GetLastError
GetPrivateProfileStringA
WriteFile
Sleep
FindFirstFileA
lstrcpyA
lstrcatA
FindNextFileA
CreateFileA
SetFilePointer
CloseHandle
ReadFile
GetPrivateProfileIntA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateProcessA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
LocalUnlock
LocalLock
MoveFileExA
GetSystemDirectoryA
GetFileTime

user32

GetClassInfoA
GetClassInfoExA
CreateWindowExA
GetMenuItemCount
GetMenuItemID
SetForegroundWindow
SetMenu
DestroyMenu
DestroyCursor
DestroyIcon
SetCursor
PostMessageA
TrackPopupMenuEx
SendMessageA
GetSubMenu
FillRect
GetSysColor
ReleaseDC
GetDC
CreateIconIndirect
GetIconInfo
LoadImageA
LoadMenuA
CopyRect
InflateRect
OffsetRect
FrameRect
DrawStateA
DrawFocusRect
GetWindowRect
GetClientRect
GetDlgItem
SetActiveWindow
GetLastActivePopup
GetWindowTextA
GetWindowTextLengthA
SetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
IsChild
WinHelpA
SendDlgItemMessageA
LoadIconA
RegisterWindowMessageA
CheckRadioButton
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
CharUpperA
EndDialog
CreateDialogIndirectParamA
GetAsyncKeyState
MapDialogRect
ValidateRect
TranslateMessage
GetMessageA
SetWindowContextHelpId
GetSysColorBrush
LoadCursorA
UnregisterClassA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
SetRect
InvalidateRgn
SetCapture
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
ClientToScreen
InvalidateRect
GetActiveWindow
GetNextDlgTabItem
GetParent
WindowFromPoint
EnableWindow
GetWindowLongA
GetMessagePos
PtInRect
ScreenToClient
SetTimer
KillTimer
GetFocus
MessageBoxA
UnregisterHotKey
RegisterHotKey
GetSystemMetrics
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
DrawIcon
IsIconic
UpdateWindow
IsWindowVisible
CloseWindow
LoadBitmapA
GetForegroundWindow
GetDesktopWindow
PostQuitMessage
SetWindowLongA
LockWindowUpdate
RedrawWindow
IsWindow
GetCursorPos
GetCapture
ReleaseCapture
GetNextDlgGroupItem
DrawEdge
SetWindowRgn
wsprintfA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
IsWindowEnabled
SetWindowPos
GetKeyState
MapWindowPoints
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetWindowThreadProcessId
GetTopWindow
RegisterClassA
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem

gdi32

StretchBlt
GetTextExtentPoint32A
GetDIBits
RealizePalette
SelectPalette
GetDeviceCaps
CreateDCA
SelectClipRgn
CombineRgn
CreateRectRgn
SaveDC
RestoreDC
SetBkMode
SetMapMode
GetClipBox
LineTo
MoveToEx
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
DeleteObject
ExtTextOutA
Escape
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePen
CreateRectRgnIndirect
GetMapMode
EnumFontFamiliesExA
GetBkColor
GetTextColor
GetRgnBox
DeleteDC
GetStockObject
SetTextColor
BitBlt
SetBkColor
SelectObject
CreateCompatibleDC
CreateBitmap
CreateCompatibleBitmap
SetPixel
GetPixel
GetObjectA
CreateSolidBrush
CreateFontIndirectA
Rectangle
TextOutA
SetViewportOrgEx
CreateFontA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

ShellExecuteExA
ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA

comctl32

_TrackMouseEvent

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CoInitializeEx
CoCreateInstance
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VarBstrFromDate
SysFreeString
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
VarDateFromStr

odbc32

ord13
ord51
ord17
ord41
ord10
ord61
ord3
ord16
ord2
ord1
ord15
ord9
ord14
ord20
ord8
ord48
ord49
ord11
ord19
ord12
ord46
ord18
ord50
ord59
ord43
ord68
ord44
ord45
ord5

ws2_32

WSACleanup
htons
inet_addr
socket
closesocket
send
recv
gethostname
WSAStartup
gethostbyname
connect

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetCanonicalizeUrlA
InternetCrackUrlA

shlwapi

PathIsUNCA
PathStripToRootA
UrlUnescapeA
PathRemoveFileSpecW
PathFindExtensionA
PathFindFileNameA

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 547KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffe788b4189214c914445e1eaa340214

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

odbc32

ws2_32

wininet

shlwapi

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 547KB - Virtual size: 580KB

.rsrc Size: 8.6MB - Virtual size: 8.6MB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 547KB - Virtual size: 580KB

.rsrc
Size: 8.6MB - Virtual size: 8.6MB