66c3c9b376f6af9d6eaebad671095fcf21cf79f1998e7a0500bc19deec1ad4a1

Sharing

Copy URL Twitter E-mail

General

Target

66c3c9b376f6af9d6eaebad671095fcf21cf79f1998e7a0500bc19deec1ad4a1
Size

4.5MB
MD5

1096bb8d69662056a3859b3a5b71c297
SHA1

825740c59d4dfc61bedd525bb2f75443e369b7b2
SHA256

66c3c9b376f6af9d6eaebad671095fcf21cf79f1998e7a0500bc19deec1ad4a1
SHA512

45f8ed6c220fba107a438e7d99a16f929090869ab8bf2b1eec0031b11f6b9d49824899d93fa9265d2754d45170b1beea7c0948cd0438cb1950640ee561855d6f
SSDEEP

98304:CQeWiSiGZo1Xa0wveTpphpSV1PHEBLPkJCyZZDNWgQxgaFrtztX:qLuo1X57SABaCgDNWgqvvp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66c3c9b376f6af9d6eaebad671095fcf21cf79f1998e7a0500bc19deec1ad4a1

Files

66c3c9b376f6af9d6eaebad671095fcf21cf79f1998e7a0500bc19deec1ad4a1
.exe windows:5 windows x86 arch:x86

418461e7dc02adf9d2c2232a7bb03cec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ctreew2k

ord89
ord94
ord120
ord182
ord8
ord125
ord128
ord14
ord17
ord78
ord74
ord153
ord150
ord100
ord5
ord169
ord161
ord162
ord154
ord163
ord48
ord77
ord200
ord201
ord65
ord83
ord105
ord121
ord137
ord147
ord84
ord64
ord40
ord3
ord87
ord25
ord142
ord15
ord51

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetUserDefaultUILanguage
GetTickCount
FindNextFileA
ReplaceFileA
GetDiskFreeSpaceA
SearchPathA
GetProfileIntA
VirtualQueryEx
GlobalReAlloc
GetThreadContext
CreateThread
TlsGetValue
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
lstrcmpA
TlsFree
GlobalFlags
GetACP
GetCPInfo
GetOEMCP
GetSystemDirectoryW
FindResourceExW
GetWindowsDirectoryA
GetNumberFormatA
HeapFree
HeapAlloc
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
ExitProcess
FindFirstFileExA
HeapReAlloc
HeapSize
SetEnvironmentVariableA
GetDriveTypeW
GetCurrentDirectoryW
GetTimeZoneInformation
HeapCompact
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
RaiseException
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
ExitThread
HeapQueryInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
HeapCreate
GetStdHandle
IsValidCodePage
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
CompareStringW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
WriteConsoleW
GetProcessHeap
CreateFileW
GetFileTime
GetFileSizeEx
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesExA
VirtualProtect
SetEvent
WaitForSingleObject
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
ConvertDefaultLocale
LoadLibraryW
lstrcmpW
FindResourceA
FreeResource
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
CreateEventA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
DeleteFileA
CreateFileA
lstrcmpiA
GetThreadLocale
GetStringTypeExA
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
lstrlenW
MulDiv
GetCurrentThreadId
GetLocaleInfoA
VirtualFree
VirtualAlloc
GetCurrentProcessId
GetDiskFreeSpaceExA
OutputDebugStringA
GlobalUnlock
GlobalLock
GetShortPathNameA
GetModuleFileNameA
SuspendThread
GetComputerNameExA
MultiByteToWideChar
CreateDirectoryA
lstrcatA
ActivateActCtx
GetModuleHandleA
LoadLibraryA
DeactivateActCtx
GetExitCodeThread
WinExec
SetProcessWorkingSetSize
SetErrorMode
SetThreadIdealProcessor
SetHandleCount
GlobalMemoryStatus
CloseHandle
CreateMutexA
Sleep
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
FindClose
FindFirstFileA
GetTempPathA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetPrivateProfileStringA
WritePrivateProfileStringA
GetProcAddress
LoadLibraryExA
FreeLibrary
SetLastError
InterlockedIncrement
WaitForMultipleObjects
ResumeThread
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
FormatMessageA
LocalAlloc
LocalFree
InterlockedDecrement
GetTempFileNameA
lstrlenA
GetPrivateProfileIntA
lstrcpyA
lstrcpynA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetSystemDefaultUILanguage
GetModuleHandleW
CompareStringA
InterlockedExchange
LocalReAlloc

user32

SetParent
CreateMenu
GetTabbedTextExtentW
GetSystemMenu
GetMenuDefaultItem
InvertRect
HideCaret
EnableScrollBar
NotifyWinEvent
GetIconInfo
DrawIconEx
DestroyAcceleratorTable
SetClassLongA
DrawEdge
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableA
SetCursorPos
IsClipboardFormatAvailable
LoadImageW
IsCharLowerA
MapVirtualKeyExA
UpdateLayeredWindow
MonitorFromPoint
IsMenu
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
FrameRect
GetUpdateRect
CopyIcon
CharUpperBuffA
GetDoubleClickTime
SubtractRect
GetWindowRgn
DestroyIcon
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
IntersectRect
BringWindowToTop
TranslateAcceleratorA
SetWindowRgn
DrawIcon
IsRectEmpty
IsIconic
LoadCursorW
LoadCursorA
DestroyCursor
SetRect
SetRectEmpty
ShowOwnedPopups
SetCursor
SetWindowContextHelpId
RegisterClipboardFormatA
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
MapDialogRect
GetAsyncKeyState
GetWindowThreadProcessId
MapVirtualKeyA
GetKeyNameTextA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
CheckDlgButton
LoadIconA
SendDlgItemMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
GetMenu
SetWindowPos
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
UnhookWindowsHookEx
WaitMessage
CharUpperA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
SetMenuDefaultItem
LoadIconW
GetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
ClientToScreen
DrawFrameControl
DrawStateA
ReleaseCapture
PtInRect
SetCapture
GetCapture
OffsetRect
InflateRect
LoadMenuW
GetSystemMetrics
GetWindowLongA
LoadBitmapW
SetDlgItemTextA
IsChild
PostThreadMessageA
DrawFocusRect
FillRect
GetFocus
CopyRect
InvalidateRect
LockWindowUpdate
RegisterWindowMessageA
GetClientRect
IsWindow
KillTimer
SetTimer
PostQuitMessage
UpdateWindow
GetSysColor
SetWindowLongA
GetWindowRect
CallWindowProcA
ReleaseDC
GetDC
GetWindow
GetKeyState
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadAcceleratorsW
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
DeleteMenu
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyImage
UnregisterClassA
RealChildWindowFromPoint
GetSysColorBrush
SetClipboardData
UnionRect
IsZoomed
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetParent
PostMessageA
MessageBeep
SendMessageA
EnableWindow
wsprintfA
WindowFromPoint
UnpackDDElParam
ReuseDDElParam
LoadMenuA
MapWindowPoints
LoadImageA
AdjustWindowRectEx

gdi32

SetROP2
SetStretchBltMode
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
SelectPalette
GetObjectType
CreateHatchBrush
CreateCompatibleBitmap
DPtoLP
StartDocA
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetViewportOrgEx
CreateEllipticRgn
SetPolyFillMode
Ellipse
RestoreDC
GetCharWidthA
StretchDIBits
GetBkColor
SetRectRgn
CombineRgn
GetMapMode
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
EnumFontFamiliesExA
GetTextColor
GetRgnBox
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetTextExtentPoint32W
GetWindowOrgEx
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateRoundRectRgn
CreatePolygonRgn
Polyline
Polygon
SetDIBColorTable
StretchBlt
OffsetRgn
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetPixel
GetWindowExtEx
GetViewportExtEx
LPtoDP
SetBkMode
CreateRectRgn
SelectClipRgn
DeleteObject
SaveDC
ExtTextOutA
BitBlt
CreateCompatibleDC
PatBlt
CreateRectRgnIndirect
SetBkColor
SetTextColor
CreateBitmap
CreateDCA
CopyMetaFileA
SetPixel
SelectObject
Rectangle
CreatePen
CreateSolidBrush
GetStockObject
CreateDIBSection
CreateFontA
GetObjectA
SetViewportOrgEx
Escape
TextOutA
RectVisible
GetTextExtentPoint32A
CreateFontIndirectA
GetTextMetricsA
GetDeviceCaps
PtVisible

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

GetJobA
ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyA
RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumValueA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegOpenKeyExA
RegOpenKeyExW
RegSetValueA

shell32

SHGetSpecialFolderLocation
DragAcceptFiles
SHGetFileInfoA
DragFinish
DragQueryFileA
SHAppBarMessage
SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
SHGetDesktopFolder
ExtractIconA
SHAddToRecentDocs

comctl32

ImageList_DrawEx
ImageList_GetIconSize

shlwapi

PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

ole32

OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoGetClassObject
CoInitialize
CoDisconnectObject
OleRun
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
StringFromCLSID
CoCreateInstance
OleDestroyMenuDescriptor
OleLockRunning
CoLockObjectExternal
OleGetClipboard
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CoInitializeEx
CoTaskMemFree
CoUninitialize

oleaut32

VarUdateFromDate
SystemTimeToVariantTime
SysFreeString
SysAllocString
VariantChangeType
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
LoadTypeLi
VariantInit
VarBstrFromDate
OleCreateFontIndirect
VariantCopy
VariantClear
VariantTimeToSystemTime
GetErrorInfo

oledlg

ord8

wsock32

bind
setsockopt
ntohs
inet_addr
WSAStartup
WSACleanup
closesocket
accept
socket
select
gethostbyname
htonl
htons
ioctlsocket
WSAGetLastError
getsockname
getpeername
WSASetLastError
connect
sendto
recvfrom
WSAAsyncSelect
send
recv
gethostname
shutdown
inet_ntoa
listen

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown
GdipDrawImageI

dbghelp

SymGetOptions
SymSetOptions
StackWalk
SymCleanup
SymGetSymFromAddr
UnDecorateSymbolName
SymUnDName
SymGetModuleInfo
SymLoadModule
SymFunctionTableAccess
SymInitialize

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 902KB - Virtual size: 901KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

418461e7dc02adf9d2c2232a7bb03cec

Headers

DLL Characteristics

File Characteristics

Imports

ctreew2k

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

wsock32

oleacc

gdiplus

dbghelp

imm32

winmm

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 902KB - Virtual size: 901KB

.data Size: 56KB - Virtual size: 97KB

.rsrc Size: 53KB - Virtual size: 53KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 902KB - Virtual size: 901KB

.data
Size: 56KB - Virtual size: 97KB

.rsrc
Size: 53KB - Virtual size: 53KB