d9740c96bfb10b9ce43ecf4ba3c741826d0373781136b3c74a6778a1147f1523

Sharing

Copy URL Twitter E-mail

General

Target

d9740c96bfb10b9ce43ecf4ba3c741826d0373781136b3c74a6778a1147f1523
Size

1.3MB
MD5

fab4735365e97744ad81e9bcabbb3ee5
SHA1

725aa2cc1b73ccd1a256ccbd61a182942f1eb629
SHA256

d9740c96bfb10b9ce43ecf4ba3c741826d0373781136b3c74a6778a1147f1523
SHA512

67e6f42aff6c6c3b40a333e6b9cdcd75c14607ee88aa02530e3e19a94ce9ce13988b031e857fa9133ff7d88a53eef789cac603c3b6daec834789647db1f66cba
SSDEEP

24576:3X6Phm6b8f3U8zclny46fWDgz8nL+lMz7gv554ChW:Kt8M8YlywgzasGChW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9740c96bfb10b9ce43ecf4ba3c741826d0373781136b3c74a6778a1147f1523

Files

d9740c96bfb10b9ce43ecf4ba3c741826d0373781136b3c74a6778a1147f1523
.exe windows:4 windows x86 arch:x86

63f305c8347c3c05f09a04b0cea67b49

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionA

hwiufat

?HwiBootFormat@CHwiDevice@@QAEJF@Z
?HwiSortByIndex@CHwiDevice@@QAEJHH@Z
?HwiFormat@CHwiDevice@@QAEJF@Z
?HwiFormat@CHwiDevice@@QAEJFPAUHWND__@@H@Z
?HwiDeleteByindex@CHwiDevice@@QAEJFF@Z
?HwiWriteFileStart@CHwiDevice@@QAEJF@Z
?HwiRenameByIndex@CHwiDevice@@QAEJHHPAD@Z
?HwiRemoveDirectory@CHwiDevice@@QAEJFPBD@Z
?HwiCloseFile@CHwiDevice@@QAEJXZ
??0CPDFileInfo@@QAE@XZ
??1CPDFileInfo@@UAE@XZ
?HwiSetCurrentDirectory@CHwiDevice@@QAEJFPBD@Z
?CloseDevice@CHwiDevice@@QAEJXZ
?HwiIsDocked@CHwiDevice@@QAEJXZ
?OpenDevice@CHwiDevice@@SAPAV1@XZ
?GetPlayerName@CDeviceInfo@@QAEPADXZ
?GetPlayerId@CDeviceInfo@@QAEPADXZ
?GetDeviceVersion@CDeviceInfo@@QAEPADXZ
?HwiGetLastError@CHwiDevice@@QAEJXZ
?HwiGetDeviceInfo@CHwiDevice@@QAEJAAPAVCDeviceInfo@@@Z
?GetPDTotalSpace@CStorageInfo@@QAEKXZ
?GetPDFreeSpace@CStorageInfo@@QAEKXZ
?GetMultiBlockSize@CStorageInfo@@QAEKXZ
?GetAttribMask@CStorageInfo@@QAEKXZ
?HwiGetStorageInfo@CHwiDevice@@QAEJFAAPAVCStorageInfo@@@Z
?HwiGetStorageCount@CHwiDevice@@QAEJXZ
?GetFileSize@CPDFileInfo@@UAEKXZ
?GetFileExt@CPDFileInfo@@UAEPADXZ
?GetFileName@CPDFileInfo@@UAEPADXZ
?GetAttribMark@CPDFileInfo@@UAEKXZ
?HwiGetFIleInfo@CHwiDevice@@QAEJHHPAVCPDFileInfo@@@Z
?HwiGetFileCount@CHwiDevice@@QAEJF@Z
?HwiCreateDirectory@CHwiDevice@@QAEJFPBDK@Z
?HwiFirmwareDone@CHwiDevice@@QAEJXZ
?HwiFirmwareData@CHwiDevice@@QAEJPAE@Z
?HwiFirmwareStart@CHwiDevice@@QAEJJF@Z
?HwiReadFileBlock@CHwiDevice@@QAEJPAEPAJJ@Z
?HwiReadFileInfo@CHwiDevice@@QAEJPAVCPDFileInfo@@@Z
?HwiReadFileStart@CHwiDevice@@QAEJF@Z
?HwiWriteFileInfo@CHwiDevice@@QAEJPAVCPDFileInfo@@@Z
?HwiWriteFileBlock@CHwiDevice@@QAEJPAEJ@Z

adp2wav

StopAudioConvert
AudioConvert
GetLastErrorCode

wmvcore

WMCreateEditor

kernel32

GetCommandLineA
GetCurrentThread
lstrlenW
GlobalSize
RtlUnwind
GetFileType
GetDriveTypeA
RaiseException
GetOEMCP
GetCurrentDirectoryA
ExitProcess
HeapFree
HeapAlloc
ExitThread
TerminateProcess
GetTimeZoneInformation
GetSystemTime
GetACP
GetStartupInfoA
TlsGetValue
MulDiv
FatalAppExitA
SetHandleCount
GetStdHandle
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetCurrentDirectoryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetProcessVersion
GetCPInfo
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetLocaleInfoW
SetEnvironmentVariableA
SetLastError
CreateEventA
SetThreadPriority
SetEvent
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GlobalAlloc
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
LocalAlloc
GetSystemInfo
RtlMoveMemory
GetVersionExA
GetModuleHandleW
GetProcAddress
LoadLibraryA
DeviceIoControl
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
SizeofResource
GlobalFlags
FileTimeToLocalFileTime
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetVolumeInformationA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
DuplicateHandle
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
IsBadWritePtr
VirtualAlloc
GlobalLock
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetLocalTime
QueryPerformanceCounter
GlobalMemoryStatus
GetDiskFreeSpaceA
GetComputerNameA
FileTimeToSystemTime
GetProfileStringA
GetVersion
GetTempPathA
WaitForSingleObject
CreateDirectoryA
SetFileAttributesA
GetFileAttributesA
lstrlenA
FormatMessageA
LocalFree
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
FindNextFileA
GetLastError
UnmapViewOfFile
OpenFile
FindFirstFileA
FindClose
CreateProcessA
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcpynA
lstrcmpA
WriteFile
Sleep
TerminateThread
CopyFileA
CreateFileA
GetFileSize
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
GetPrivateProfileIntA
lstrcatA
lstrcpyA
DeleteFileA
SuspendThread
ResumeThread
CreateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleFileNameA
HeapReAlloc
HeapSize
SetErrorMode
SetStdHandle

user32

MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableA
DestroyIcon
GetDCEx
AppendMenuA
GetSystemMenu
RegisterClipboardFormatA
RemoveMenu
PostThreadMessageA
SetParent
UnpackDDElParam
InvertRect
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
IsRectEmpty
GetDesktopWindow
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
GrayStringA
ReuseDDElParam
EndPaint
BeginPaint
GetWindowDC
FindWindowA
wvsprintfA
OemToCharA
CharToOemA
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextA
TabbedTextOutA
CheckRadioButton
CheckDlgButton
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
DeferWindowPos
IsWindowVisible
ScrollWindow
ValidateRect
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
GetDlgItemInt
GetMenuStringA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemID
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DeleteMenu
BringWindowToTop
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterWindowMessageA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDC
ReleaseDC
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
LockWindowUpdate
SetTimer
DrawTextExA
FillRect
DrawTextA
GetCursorPos
ScreenToClient
CreatePopupMenu
TrackPopupMenu
DestroyMenu
SetWindowLongA
EqualRect
InflateRect
BeginDeferWindowPos
EndDeferWindowPos
GetParent
CopyRect
GetSysColor
OffsetRect
GetCapture
SetCapture
WindowFromPoint
ReleaseCapture
InsertMenuA
LoadStringA
GetSysColorBrush
GetDialogBaseUnits
GetClassNameA
DestroyCursor
SetCursorPos
SetRect
KillTimer
IsZoomed
WinHelpA
IsChild
GetMessageTime
GetWindowLongA
PtInRect
MessageBoxA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
WaitMessage
InvalidateRect
MoveWindow
RedrawWindow
RegisterDeviceNotificationA
UnregisterDeviceNotification
LoadMenuA
ModifyMenuA
GetMenuItemCount
SetMenu
GetFocus
SetFocus
ClientToScreen
GetSubMenu
GetSystemMetrics
LoadBitmapA
LoadCursorA
SetCursor
GetWindowRect
ShowScrollBar
SetWindowPos
CharUpperA
SetDlgItemTextA
ShowWindow
UpdateWindow
CharNextA
LoadImageA
wsprintfA
GetDlgItem
PostMessageA
LoadIconA
GetClientRect
EnableWindow
SendMessageA
GetMessagePos
IsWindowEnabled
DestroyWindow
GetScrollInfo
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode

gdi32

SelectObject
LineTo
SetTextJustification
SetTextCharacterExtra
GetCharWidthA
SetTextAlign
GetMapMode
CreateRectRgn
CreateRectRgnIndirect
DeleteObject
BitBlt
CreateCompatibleDC
CreateFontA
PatBlt
CreateDIBitmap
GetTextExtentPointA
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
LPtoDP
DPtoLP
GetTextExtentPoint32A
GetTextMetricsA
StretchDIBits
CreateCompatibleBitmap
GetDCOrgEx
GetObjectA
SetRectRgn
CombineRgn
CreateFontIndirectA
GetTextColor
GetBkColor
CopyMetaFileA
CreateDCA
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
GetStockObject
RestoreDC
SaveDC
StartDocA
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyA
GetUserNameA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegSetValueA
RegOpenKeyA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyA

shell32

ExtractIconA
DragAcceptFiles
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
DragQueryFileA
DragFinish
SHGetFileInfoA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

ImageList_SetBkColor
ImageList_DragMove
ord13
ord14
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_Merge
ImageList_Read
ImageList_Write
ord17
ImageList_LoadImageA
ImageList_ReplaceIcon

oledlg

ord8

ole32

StgCreateDocfileOnILockBytes
ReleaseStgMedium
CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
OleInitialize
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StringFromCLSID
CreateILockBytesOnHGlobal
OleRun
CoDisconnectObject
CoFreeUnusedLibraries
OleDuplicateData
CreateBindCtx
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CoRevokeClassObject
CoTreatAsClass
CoRegisterMessageFilter
CoRegisterClassObject
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard

olepro32

ord253

oleaut32

VarBstrFromCy
SysFreeString
LoadTypeLi
SysStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
SafeArrayGetUBound
VarCyFromStr
SysStringByteLen
SysAllocStringByteLen
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
VariantChangeType
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysReAllocStringLen
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen

wininet

InternetOpenA
InternetFindNextFileA
FtpFindFirstFileA
InternetSetFilePointer
InternetGetLastResponseInfoA
GopherFindFirstFileA
HttpQueryInfoA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
HttpAddRequestHeadersA
InternetErrorDlg
HttpOpenRequestA
GopherOpenFileA
GopherGetAttributeA
GopherCreateLocatorA
FtpPutFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetWriteFile
InternetOpenUrlA
InternetGetCookieA
InternetSetCookieA
InternetConnectA
InternetCrackUrlA
InternetCloseHandle
InternetSetOptionExA
FtpOpenFileA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetReadFile
InternetSetStatusCallback
FtpGetFileA

Sections

.text
Size: 604KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 544KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63f305c8347c3c05f09a04b0cea67b49

Headers

File Characteristics

Imports

shlwapi

hwiufat

adp2wav

wmvcore

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

Sections

.text Size: 604KB - Virtual size: 601KB

.rdata Size: 128KB - Virtual size: 126KB

.data Size: 60KB - Virtual size: 84KB

.rsrc Size: 544KB - Virtual size: 542KB

.text
Size: 604KB - Virtual size: 601KB

.rdata
Size: 128KB - Virtual size: 126KB

.data
Size: 60KB - Virtual size: 84KB

.rsrc
Size: 544KB - Virtual size: 542KB