fecbc117c31ed2c25fdd59a97ff0bca922042cace0f18a3a15766d0a69dd0ab8

Sharing

Copy URL Twitter E-mail

General

Target

fecbc117c31ed2c25fdd59a97ff0bca922042cace0f18a3a15766d0a69dd0ab8
Size

2.4MB
MD5

2a2b4d98ddd21e591773b5c3e5bf4370
SHA1

a00c2db164033661fe5c4ccae6cce0f587e29d09
SHA256

fecbc117c31ed2c25fdd59a97ff0bca922042cace0f18a3a15766d0a69dd0ab8
SHA512

ff797a9e3bf48372571cd595c379479f75ecc65783f8fef106af2351380de6f595354bb41ac4f9820b8fce138877789d19da9fbb619f37329997ba4784bae562
SSDEEP

49152:3iEk2AnAviJs2mc3X2H7fVQVDv6AozBTAo/HwTzFAesM9SXP:3tAfJcc3X2H7feBFozB/Nek

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fecbc117c31ed2c25fdd59a97ff0bca922042cace0f18a3a15766d0a69dd0ab8

Files

fecbc117c31ed2c25fdd59a97ff0bca922042cace0f18a3a15766d0a69dd0ab8
.exe windows:5 windows x86 arch:x86

301f00eef649dd69891fd54952029f9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
SetCurrentDirectoryW
GetTempPathW
SystemTimeToTzSpecificLocalTime
lstrlenA
CopyFileW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentThread
FileTimeToSystemTime
GetModuleHandleW
GetCurrentProcessId
GetLastError
GetLogicalDriveStringsW
QueryDosDeviceW
GetSystemWow64DirectoryW
DeleteCriticalSection
CreateThread
SetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
GetProcessHeap
HeapAlloc
GetNativeSystemInfo
LoadLibraryA
VirtualAlloc
lstrlenW
VirtualFree
SetLastError
HeapFree
VirtualProtect
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTickCount
GetFileSize
GetFileAttributesW
OutputDebugStringA
WriteFile
ReadFile
InterlockedIncrement
FreeLibrary
LocalFree
GetProcAddress
LoadLibraryW
CloseHandle
Process32FirstW
DeleteFileW
OutputDebugStringW
Process32NextW
Sleep
CreateToolhelp32Snapshot
OpenProcess
GetSystemDirectoryW
GetVersionExW
SetEndOfFile
FlushFileBuffers
GetCurrentDirectoryW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetFilePointerEx
GetDriveTypeW
GetACP
ExitProcess
ExitThread
WriteConsoleW
GetModuleHandleExW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
CreateFileW
LocalAlloc
GetModuleFileNameW
InterlockedDecrement
DeviceIoControl
GetCurrentProcess
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetPrivateProfileIntW
GlobalAlloc
GlobalFree
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetCurrentThreadId
GetSystemInfo
FormatMessageW
lstrcpyW
SetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
ReleaseMutex
CreateMutexW
GetVolumeInformationW
GetLongPathNameW
GetWindowsDirectoryW
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
AreFileApisANSI
SetPriorityClass
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
QueryPerformanceCounter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
MulDiv
GlobalLock
GlobalUnlock
FindFirstFileA
FindNextFileA
ExpandEnvironmentStringsA
CreateFileA
VerSetConditionMask
VerifyVersionInfoW
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetTempFileNameW
SleepEx
GetSystemDirectoryA
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsW
FlushInstructionCache
HeapCreate
GetFullPathNameW
GetLocalTime
GetVersionExA
GetSystemTime
GetModuleHandleA
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask

user32

PostMessageW
SetWindowTextW
ShowWindow
IsWindow
PostQuitMessage
wsprintfW
SendMessageW
UnregisterClassW
LoadStringW
SetForegroundWindow
GetKeyState
DrawTextW
GetDC
ReleaseDC
FillRect
InvertRect
InflateRect
OffsetRect
DrawIconEx
GetIconInfo
LoadCursorW
DestroyCursor
DestroyWindow
DefWindowProcW
CallWindowProcW
RegisterClassExW
CreateWindowExW
SetWindowPos
GetDlgItem
GetActiveWindow
GetClientRect
GetWindowRect
MapWindowPoints
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
SetFocus
GetFocus
SetCursor
SetTimer
KillTimer
CopyRect
IntersectRect
UnionRect
IsRectEmpty
EqualRect
PtInRect
CharNextW
DestroyIcon
TrackMouseEvent
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
GetCapture
SetCapture
ReleaseCapture
UpdateWindow
BeginPaint
EndPaint
InvalidateRect
GetCursorPos
ScreenToClient
GetClassNameW
LoadBitmapW
CreateIconFromResource
LoadImageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
ClientToScreen
SetRect
EnableMenuItem
GetSysColor
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetSystemMetrics
IsWindowVisible
SystemParametersInfoA
CharLowerBuffW
MapVirtualKeyA
UpdateLayeredWindow
IsMenu
IsWindowEnabled
CreatePopupMenu
DestroyMenu
GetMenuItemCount
AppendMenuW
TrackPopupMenu
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId

advapi32

RegCreateKeyExW
RevertToSelf
GetSecurityDescriptorDacl
SetFileSecurityW
GetAclInformation
GetAce
EqualSid
GetSecurityDescriptorControl
AddAce
GetFileSecurityW
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
LookupAccountNameW
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
RegSetValueExW
StartServiceW
RegCreateKeyW
RegDeleteValueW
OpenServiceW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
RegOpenKeyExW
CreateProcessAsUserW
LookupAccountSidW
RegQueryValueExW
GetTokenInformation
DuplicateTokenEx
ImpersonateLoggedOnUser
RegFlushKey
RegQueryValueExA
RegOpenKeyW
RegEnumKeyW
SetTokenInformation
SetSecurityDescriptorDacl

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHChangeNotify
SHGetSpecialFolderLocation

ole32

CreateBindCtx
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
OleUninitialize
OleInitialize

iphlpapi

GetAdaptersInfo

shlwapi

SHGetValueW
PathFileExistsW
SHSetValueW
SHDeleteKeyW
SHDeleteValueW
StrToIntExW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcessModules

crypt32

CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertFreeCertificateContext
CryptMsgClose
CertGetNameStringW

msimg32

AlphaBlend
GradientFill

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wininet

InternetOpenW
InternetQueryOptionW
InternetSetOptionW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW

ws2_32

WSAStartup
WSACleanup
recv
send
WSAGetLastError
closesocket
socket
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSASetLastError
htonl
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
getservbyname
__WSAFDIsSet
select
recvfrom
sendto
accept
listen
ioctlsocket
gethostname

gdiplus

GdipDrawImageRectI
GdipGraphicsClear
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetPropertyItemSize
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile

imm32

ImmGetContext
ImmAssociateContext
ImmReleaseContext
ImmDestroyContext
ImmCreateContext

gdi32

StretchBlt
GetCurrentObject
GetViewportOrgEx
CreateDIBSection
SetWorldTransform
SetTextColor
SetROP2
SetRectRgn
SetGraphicsMode
SetBkMode
SelectObject
ExtSelectClipRgn
GetDeviceCaps
ExtCreatePen
EnumFontsW
SetViewportOrgEx
Polyline
CreatePolygonRgn
GetWorldTransform
GetObjectW
SaveDC
RoundRect
RestoreDC
Rectangle
RectInRegion
PtInRegion
Pie
OffsetRgn
IntersectClipRect
GetTextExtentPoint32W
GetTextColor
GetStockObject
GetRgnBox
GetClipRgn
GetClipBox
ExcludeClipRect
EqualRgn
Ellipse
DeleteObject
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePatternBrush
CreatePen
CreateFontIndirectW
CreateEllipticRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
BitBlt
Arc
CreateBitmap

oleaut32

SysStringLen
SysFreeString
SysAllocString

Exports

Exports

AddProtectFile
AddProtectReg
AddTrustProcess
ClearProtectFile
ClearProtectReg
ClearTrustProcess
SHDeleteSelfProtectService
SHGetDumpPath
SHStartSelfProtectService

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

301f00eef649dd69891fd54952029f9e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

iphlpapi

shlwapi

psapi

crypt32

msimg32

version

userenv

wininet

ws2_32

gdiplus

imm32

gdi32

oleaut32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 359KB - Virtual size: 359KB

.data Size: 34KB - Virtual size: 117KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 426KB - Virtual size: 425KB

.reloc Size: 96KB - Virtual size: 95KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 359KB - Virtual size: 359KB

.data
Size: 34KB - Virtual size: 117KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 426KB - Virtual size: 425KB

.reloc
Size: 96KB - Virtual size: 95KB