0836a9c814854bd2b81037d696b82e0f83cd8ed4a30f347b69936df5e4eaf9c9

Sharing

Copy URL Twitter E-mail

General

Target

0836a9c814854bd2b81037d696b82e0f83cd8ed4a30f347b69936df5e4eaf9c9
Size

3.0MB
MD5

5ebf04849386deeeedc276ba72fb3fd6
SHA1

1027d0ca6b9a3122e309013da4e6f7d25d8a3d2f
SHA256

0836a9c814854bd2b81037d696b82e0f83cd8ed4a30f347b69936df5e4eaf9c9
SHA512

631eb0fd0030ce9d5f3631af6796f0c0df3e8b44be50316227a950ad287c27fe7391dfa79cdc20853e60dbe30a7a3e616f15a0e41504c1471ff3e73563a9f6fb
SSDEEP

49152:L4dy8j7l1H1H2I1fDgkKd3hSSElCn21ybVuvaB:L4dy8j7Am3Kd3hStY2Ebeq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0836a9c814854bd2b81037d696b82e0f83cd8ed4a30f347b69936df5e4eaf9c9

Files

0836a9c814854bd2b81037d696b82e0f83cd8ed4a30f347b69936df5e4eaf9c9
.exe windows:5 windows x86 arch:x86

995de4a3c59c59acaf4f26efe84b21bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msacm32

acmStreamClose

msvcrt

_tzset
isalnum
_except_handler3
__CxxFrameHandler
??3@YAXPAX@Z
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
fflush
_filelengthi64
fwrite
fread
_telli64
fseek
towupper
towlower
srand
_fileno
gmtime
mktime
localtime
strtol
_ftol
getenv
fprintf
fclose
fopen
_errno
time
_strnicmp
toupper
strncmp
memmove
memchr
strstr
wcsstr
tolower
_stricmp
strchr
??2@YAPAXI@Z

comctl32

ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Destroy
InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetDateFormatA
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberFormatW
GetOEMCP
GetPrivateProfileIntW
GetProcAddress
GetProcessHeap
GetProfileIntW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetSystemTime
GetThreadLocale
GetTimeFormatA
GetCurrentThread
GetUserDefaultLCID
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
lstrcmpA
lstrcmpiW
lstrcmpW
lstrcpynW
lstrcpyW
lstrlenA
lstrlenW
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenFileMappingW
OutputDebugStringA
QueryDosDeviceW
RaiseException
ReadFile
ReleaseMutex
ResetEvent
ResumeThread
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringW
GetComputerNameW
FormatMessageA
CompareFileTime
CloseHandle
GetCurrentDirectoryA
GetFileSize
CreateSemaphoreA
ReleaseSemaphore
GetCurrentDirectoryW
GetCPInfo
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetACP
FreeResource
FreeEnvironmentStringsW
FormatMessageW
FlushFileBuffers
FindResourceW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExitThread
EnumSystemLocalesA
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
DuplicateHandle
DosDateTimeToFileTime
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreateMutexW
CreateFileW
CreateFileMappingW
CreateFileA
CreateEventW
CreateDirectoryW
ConvertDefaultLocale
CompareStringW
CompareStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetVersion
GetCommandLineW
InitializeCriticalSection
EnterCriticalSection
GetTickCount
ExitProcess
LeaveCriticalSection
LoadLibraryA
GetTimeZoneInformation

user32

PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
ScrollWindow
SendDlgItemMessageA
SendDlgItemMessageW
SendMessageTimeoutW
SendMessageW
SendNotifyMessageW
SetActiveWindow
SetCapture
SetCursor
SetCursorPos
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemBitmaps
SetParent
SetPropW
SetRectEmpty
SetScrollInfo
SetScrollPos
SetTimer
SetWindowContextHelpId
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
TabbedTextOutW
ToUnicodeEx
TrackPopupMenu
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassW
UpdateWindow
ValidateRect
WaitMessage
WindowFromPoint
WinHelpW
wsprintfW
MapVirtualKeyW
MapDialogRect
LookupIconIdFromDirectoryEx
LockWindowUpdate
LoadStringW
LoadMenuW
LoadMenuIndirectW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
LoadAcceleratorsW
KillTimer
IsWindowVisible
IsWindowUnicode
IsRectEmpty
IsMenu
IsIconic
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaW
InvertRect
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuW
InsertMenuItemW
InflateRect
HideCaret
GrayStringW
PeekMessageW
GetWindowTextW
GetWindowTextLengthW
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetTabbedTextExtentA
GetSystemMenu
GetSysColorBrush
GetSubMenu
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetNextDlgTabItem
GetNextDlgGroupItem
GetMessageW
GetMessageTime
GetMessagePos
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
GetMenuCheckMarkDimensions
GetMenu
GetLastActivePopup
GetKeyState
GetKeyboardState
GetKeyboardLayoutList
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDCEx
GetCursorPos
GetCursor
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetClassInfoExW
GetCapture
GetAsyncKeyState
OffsetRect
GetActiveWindow
FillRect
EqualRect
EndPaint
EndDialog
EnableWindow
EnableMenuItem
DrawTextW
DrawTextExW
DrawTextA
DrawStateW
DrawMenuBar
DrawIconEx
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DeleteMenu
DefWindowProcW
DefFrameProcW
DeferWindowPos
CreatePopupMenu
CreateWindowExW
CreateIconIndirect
CreateIconFromResourceEx
CreateDialogIndirectParamW
CopyRect
CopyIcon
CopyAcceleratorTableW
ClientToScreen
CheckMenuItem
CharUpperW
CharNextW
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
GetDesktopWindow
MoveWindow
ModifyMenuW
MessageBeep
GetWindowThreadProcessId
MapWindowPoints
DestroyCursor

gdi32

GetWindowOrgEx
IntersectClipRect
LineTo
MoveToEx
OffsetViewportOrgEx
OffsetWindowOrgEx
PatBlt
PolyBezierTo
Polygon
Polyline
GetWindowExtEx
PtVisible
Rectangle
RectVisible
RestoreDC
RoundRect
SaveDC
GetTextColor
ScaleWindowExtEx
SelectClipRgn
SelectObject
GetViewportOrgEx
GetViewportExtEx
GetTextMetricsW
GetTextExtentPoint32W
PtInRegion
GetTextExtentPoint32A
SetBkColor
SetBkMode
SetMapMode
GetTextAlign
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StretchDIBits
StrokeAndFillPath
StrokePath
SetTextColor
SetStretchBltMode
SetRectRgn
GetStockObject
GetRgnBox
GetPixel
GetObjectW
GetMapMode
GetDIBits
GetDeviceCaps
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetCharWidthW
GetBkColor
GetBitmapBits
FillPath
ExtTextOutW
ExtSelectClipRgn
SetPixel
ExtCreateRegion
ExcludeClipRect
Escape
EnumFontFamiliesExW
Ellipse
DPtoLP
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreatePolygonRgn
CreatePen
CreatePatternBrush
CreateFontW
CreateFontIndirectW
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
CombineRgn
ScaleViewportExtEx
CloseFigure
SetViewportExtEx

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

CryptExportKey
CryptDestroyKey
CryptGenRandom
CryptCreateHash
CryptSetHashParam
CryptDestroyHash
CryptSignHashA
CryptReleaseContext
CryptGetUserKey
CryptGetProvParam
CryptAcquireContextA
RegSetValueExW
RegQueryValueW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegEnumKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
OpenThreadToken
OpenProcessToken
GetTokenInformation
FreeSid
EqualSid
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
DragFinish
DragQueryFileW
ExtractIconW

ole32

CoCreateInstance
CoDisconnectObject
CoFreeUnusedLibraries
CoGetClassObject
CoInitialize
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleRun
OleIsCurrentClipboard
OleInitialize
OleFlushClipboard
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromString
CoLockObjectExternal

oleaut32

GetErrorInfo

shlwapi

PathRemoveFileSpecW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW

ws2_32

closesocket
recv
bind
select
shutdown
connect
htons
inet_addr
gethostbyname
getsockname
inet_ntoa
__WSAFDIsSet
ntohs
socket
WSAGetLastError
WSAIoctl
ioctlsocket
send
WSAStartup
getsockopt
setsockopt

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 14.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trouh
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

995de4a3c59c59acaf4f26efe84b21bc

Headers

File Characteristics

Imports

msacm32

msvcrt

comctl32

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 304KB - Virtual size: 302KB

.data Size: 388KB - Virtual size: 14.4MB

.trouh Size: 8KB - Virtual size: 7KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 304KB - Virtual size: 302KB

.data
Size: 388KB - Virtual size: 14.4MB

.trouh
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB