257f3589759e929a0614925607da7a90c96c466982ab2d87ef09a694e816b735

Sharing

Copy URL

Twitter E-mail

General

Target

257f3589759e929a0614925607da7a90c96c466982ab2d87ef09a694e816b735
Size

4.7MB
MD5

7f1ad034af4fb0523c7255ad70f4bdef
SHA1

ac81d79a6cdc5db2d038edad3466a293c8cae364
SHA256

257f3589759e929a0614925607da7a90c96c466982ab2d87ef09a694e816b735
SHA512

e99a59c4fd88cddfd6e97405a73d352f5e80926eaf530b2dd184267d6c75200ac0291dabdf55244763bed4b31bcdfdd46af87289ec1ab8352088e3dd463a41ce
SSDEEP

98304:8FYiQ/RGPGpfrwAQLDFJTmUdPa23weCa1/rhfAffNRqAhfu9w4TzVU6Ou:8FYiQ/RGPGpfrwAQLDFJTxdS23weCa1h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
257f3589759e929a0614925607da7a90c96c466982ab2d87ef09a694e816b735

Files

257f3589759e929a0614925607da7a90c96c466982ab2d87ef09a694e816b735
.exe windows:6 windows x64 arch:x64

98f6caeab06b85c2ff3544fe7cd17b42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

V:\image2\win32\en_gui\x64\ReleaseUnicode\imagew.pdb

Imports

mpr

WNetGetUserW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection3W
WNetGetConnectionW

comctl32

ImageList_Create
ImageList_Destroy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_AddMasked
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Draw
ImageList_ReplaceIcon

ws2_32

__WSAFDIsSet
getservbyname
getservbyport
gethostbyaddr
ntohs
listen
inet_ntoa
getsockopt
ioctlsocket
accept
WSAIoctl
getsockname
setsockopt
sendto
recvfrom
htonl
bind
closesocket
recv
inet_addr
select
connect
htons
send
shutdown
WSAStringToAddressW
WSAAddressToStringW
WSASetLastError
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
socket

kernel32

GetLogicalDrives
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
ReadFile
WriteFile
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
GetProcessHeap
ReleaseMutex
CreateMutexW
GetExitCodeProcess
GetCurrentThreadId
CreateProcessW
GetPriorityClass
GetLocalTime
GetSystemDirectoryW
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
ExpandEnvironmentStringsW
OutputDebugStringW
ResetEvent
GetSystemTime
GetWindowsDirectoryW
DeleteFileW
FlushFileBuffers
GetFileAttributesW
SetEndOfFile
SetFilePointer
SetLastError
FormatMessageW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetDiskFreeSpaceExW
WideCharToMultiByte
QueryDosDeviceW
GetOverlappedResult
lstrlenW
GetDiskFreeSpaceW
GetVolumeInformationW
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
LocalAlloc
LocalLock
LocalUnlock
GetFullPathNameW
RemoveDirectoryW
CreateDirectoryW
MoveFileW
SetFileAttributesW
GlobalMemoryStatus
FindNextFileW
SetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
GetStdHandle
ExitProcess
FindFirstFileExW
GetFileType
SetEnvironmentVariableW
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
CreateThread
LoadLibraryA
GetSystemDirectoryA
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindFirstFileW
FindClose
FileTimeToLocalFileTime
GetTickCount
LocalFree
MulDiv
VirtualUnlock
VirtualLock
VirtualFree
VirtualAlloc
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetModuleHandleW
GetCurrentThread
GetCurrentProcess
SearchPathW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersionExW
OpenProcess
CreateSemaphoreW
WaitForMultipleObjects
ReleaseSemaphore
GetLastError
GetLocaleInfoW
lstrcpynW
CreateEventW
WaitForSingleObject
SetEvent
Sleep
DeviceIoControl
CreateFileW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcessId
SetErrorMode
GetDriveTypeW
CloseHandle
GetTimeZoneInformation
GetCPInfo
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
HeapSize
HeapQueryInformation
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
GetFileSizeEx
WriteConsoleW
MultiByteToWideChar
RtlUnwind

user32

SystemParametersInfoW
LoadIconW
FindWindowW
IsRectEmpty
InflateRect
GetSysColorBrush
ScreenToClient
GetCursorPos
MessageBeep
GetWindowRect
GetWindowTextLengthW
GetScrollRange
GetScrollPos
CreatePopupMenu
IsWindowEnabled
KillTimer
SetTimer
GetKeyState
GetActiveWindow
SetFocus
DefDlgProcW
GetDlgCtrlID
SendDlgItemMessageW
GetDlgItemInt
TrackPopupMenu
EndDialog
DialogBoxParamW
CreateDialogParamW
IsIconic
IsWindowVisible
SetWindowPos
IsChild
IsWindow
CreateWindowExW
RegisterClassW
WaitMessage
PostMessageW
ExitWindowsEx
PeekMessageW
RegisterWindowMessageW
LoadStringW
IsDialogMessageW
LoadCursorW
SetCursor
MessageBoxW
GetAsyncKeyState
AppendMenuW
SetMenuItemInfoW
SendNotifyMessageW
UpdateWindow
DrawIconEx
GetSystemMetrics
DialogBoxIndirectParamW
CheckDlgButton
GetDialogBaseUnits
DrawFrameControl
SendMessageW
DefWindowProcW
GetSystemMenu
EnableMenuItem
DrawIcon
GetDesktopWindow
WinHelpW
OemToCharW
DestroyMenu
GetMenuItemCount
GetMenuItemInfoW
SetDlgItemInt
GetWindowTextW
CallWindowProcW
GetDlgItem
DrawTextW
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
SetPropW
GetPropW
RemovePropW
GetClientRect
GetSysColor
DrawFocusRect
FillRect
PtInRect
GetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
GetComboBoxInfo
SetWindowTextW
SetForegroundWindow
EnableWindow
GetFocus
GetDlgItemTextW
SetDlgItemTextW
CreateDialogIndirectParamW
DestroyWindow
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
GetIconInfo
CreateIconIndirect
CopyImage
LoadImageW
DestroyIcon
SetWindowLongW
OffsetRect
ShowWindow

gdi32

GetTextMetricsW
BitBlt
CreateDCW
CreateDIBSection
CreateCompatibleBitmap
Polygon
StretchBlt
Rectangle
GetTextExtentPoint32W
GetStockObject
GetDeviceCaps
DeleteDC
CreateHatchBrush
CreateFontIndirectW
CreateCompatibleDC
GetObjectW
ExtTextOutW
SetBkMode
SetBkColor
SelectObject
LineTo
DeleteObject
CreateSolidBrush
CreatePen
SetTextColor
MoveToEx

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

EnumServicesStatusW
StartServiceW
QueryServiceStatus
OpenServiceW
DeleteService
CreateServiceW
ControlService
CryptGenRandom
RegQueryValueExW
RegOpenKeyExW
OpenThreadToken
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenSCManagerW
RegSetValueExW
CloseServiceHandle
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegUnLoadKeyW
RegLoadKeyW
RegOpenKeyW
RegCreateKeyW
RegEnumValueW
LogonUserW
LookupAccountSidW

shell32

ShellExecuteW
SHGetFileInfoW
DragAcceptFiles
DragFinish
DragQueryFileW

ole32

CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CLSIDFromString

oleaut32

VariantChangeType
VariantCopy
VariantTimeToSystemTime
SysAllocStringByteLen
SysStringByteLen
VariantClear
CreateErrorInfo
SysFreeString
SysAllocString
VariantInit
GetErrorInfo
SetErrorInfo

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlNtStatusToDosError

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 560KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98f6caeab06b85c2ff3544fe7cd17b42

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mpr

comctl32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ntdll

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

RT_CODE Size: 2KB - Virtual size: 2KB

.rdata Size: 560KB - Virtual size: 560KB

.data Size: 31KB - Virtual size: 91KB

.pdata Size: 128KB - Virtual size: 128KB

.gehcont Size: 512B - Virtual size: 40B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 2.5MB - Virtual size: 2.5MB

RT_CODE
Size: 2KB - Virtual size: 2KB

.rdata
Size: 560KB - Virtual size: 560KB

.data
Size: 31KB - Virtual size: 91KB

.pdata
Size: 128KB - Virtual size: 128KB

.gehcont
Size: 512B - Virtual size: 40B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB