70d15f35b3adcf9444519da82972a0eb5ab068abc8a03bc0291a7c41be41ce37

Sharing

Copy URL Twitter E-mail

General

Target

70d15f35b3adcf9444519da82972a0eb5ab068abc8a03bc0291a7c41be41ce37
Size

1.9MB
MD5

fdf09f5c2612ae8be625ab75447b36b2
SHA1

af5d85428425c84c89b313edc5f79a6483d5b47f
SHA256

70d15f35b3adcf9444519da82972a0eb5ab068abc8a03bc0291a7c41be41ce37
SHA512

ef5d636b545e79d86e3d0ffa84e7f9e293f8431ce84f0070ea19d721b55a032d757f656f76edcce874c70edf11c69b0f63c0eed7286ff14e2ba6ee155a964c8d
SSDEEP

49152:+jNzZubw8aTpWcS/ZKRzejUWbZl9lPzQ6/Bdqdp2vl:+533JYpZzlvdu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70d15f35b3adcf9444519da82972a0eb5ab068abc8a03bc0291a7c41be41ce37

Files

70d15f35b3adcf9444519da82972a0eb5ab068abc8a03bc0291a7c41be41ce37
.dll windows:5 windows x64 arch:x64

2e24650084d4bae6889a7c219c04e654

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
GetModuleHandleW
TlsSetValue
WriteConsoleW
TlsGetValue
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
QueryPerformanceFrequency
GlobalFree
GlobalAlloc
SetCurrentDirectoryW
WinExec
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetEnvironmentVariableW
ExpandEnvironmentStringsW
HeapReAlloc
GlobalMemoryStatusEx
LockResource
LoadResource
SizeofResource
FindResourceW
GetExitCodeThread
WaitForMultipleObjects
GetCurrentThreadId
RemoveDirectoryW
WriteProcessMemory
SetEndOfFile
FormatMessageW
QueryPerformanceCounter
SetConsoleWindowInfo
GetLargestConsoleWindowSize
GetVolumeNameForVolumeMountPointW
SetFilePointerEx
GetSystemTimeAsFileTime
DefineDosDeviceW
VirtualAlloc
QueryDosDeviceW
SetThreadPriority
GetCurrentThread
CopyFileW
GetProcessTimes
GetLogicalDrives
WaitNamedPipeW
GlobalMemoryStatus
SleepEx
MoveFileW
MoveFileExW
OpenThread
TerminateThread
SetSystemPowerState
GetUserDefaultLCID
RaiseException
FileTimeToSystemTime
SystemTimeToFileTime
GetVolumeInformationW
GetDiskFreeSpaceW
ReleaseSemaphore
ResetEvent
DisconnectNamedPipe
lstrcpyA
lstrcpynA
GetHandleInformation
SetLocalTime
SetEnvironmentVariableA
GlobalAddAtomA
GetFileAttributesExW
DeleteVolumeMountPointW
GlobalUnlock
GlobalLock
CreateHardLinkW
VirtualProtect
GetConsoleWindow
SetConsoleScreenBufferSize
AllocConsole
DeleteFileW
FileTimeToLocalFileTime
LCMapStringA
GetSystemInfo
GetFileSize
EnumResourceNamesW
GetTempPathW
LCMapStringW
SetVolumeMountPointW
SetVolumeLabelW
FindFirstFileW
GetLongPathNameW
GetTimeZoneInformation
LocalFileTimeToFileTime
GlobalDeleteAtom
Beep
GetFileInformationByHandle
SetFileAttributesW
SetFileTime
OpenEventW
CreateNamedPipeW
CreateMailslotW
OpenMutexW
CreateSemaphoreW
OpenSemaphoreW
VirtualQueryEx
VirtualProtectEx
SetThreadContext
GetThreadContext
CompareStringA
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
HeapDestroy
HeapCreate
HeapSetInformation
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
RtlUnwindEx
RtlLookupFunctionEntry
GetFileSizeEx
CreateFileA
WideCharToMultiByte
CreateMutexA
GetVersionExW
LocalFree
lstrcmpA
lstrcmpiA
DeleteCriticalSection
InitializeCriticalSection
CreateThread
CreatePipe
DuplicateHandle
SetFilePointer
CreateNamedPipeA
SetNamedPipeHandleState
LoadLibraryExW
WriteFile
GetShortPathNameW
ConnectNamedPipe
GetOverlappedResult
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
GetExitCodeProcess
TerminateJobObject
GetCommandLineW
GetVersion
ReadProcessMemory
LoadLibraryW
WaitForSingleObject
ExitProcess
lstrcatA
GetModuleHandleA
CreateDirectoryW
CreateProcessW
FlushFileBuffers
FindFirstVolumeW
DeviceIoControl
FindNextVolumeW
CompareStringW
FindVolumeClose
GetProcessAffinityMask
HeapFree
GetModuleFileNameW
SearchPathW
CreateFileMappingA
OpenFileMappingA
TerminateProcess
UnmapViewOfFile
GetEnvironmentVariableA
Sleep
SetErrorMode
GetStdHandle
GetProcessHeap
TlsAlloc
LoadLibraryA
GetProcAddress
CreateFiber
ConvertThreadToFiber
DeleteFiber
SwitchToFiber
GetLocaleInfoW
GetCurrentProcess
SetProcessWorkingSetSize
GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentProcessId
OpenFileMappingW
GetLastError
SetLastError
CreateMutexW
CreateEventW
CreateFileMappingW
MapViewOfFile
GetCurrentDirectoryW
SetEvent
FreeEnvironmentStringsW
OpenProcess
ReleaseMutex
HeapAlloc
lstrlenA
lstrcpynW
lstrcatW
lstrcpyW
lstrcmpW
lstrcmpiW
FindNextFileW
FindClose
ReadFile
CreateFileW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
MulDiv
GetTickCount
GetStartupInfoW
FreeLibrary
GetFullPathNameW
lstrlenW

user32

GetWindowThreadProcessId
SetScrollInfo
SetScrollPos
SetScrollRange
SetFocus
GetWindowDC
IsIconic
GetMessageW
DialogBoxParamW
RegisterClassExW
LockWorkStation
mouse_event
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxIndirectParamW
SetParent
BeginPaint
EndPaint
GetWindowLongPtrW
SetLayeredWindowAttributes
GetMenu
GetMenuItemCount
DefWindowProcW
LoadMenuW
RemoveMenu
InsertMenuW
GetDlgItemTextW
EndDialog
FillRect
RedrawWindow
CallWindowProcW
GetKeyState
EnumDisplaySettingsW
GetSubMenu
SetCursor
GetMenuStringW
ModifyMenuW
UnregisterHotKey
RegisterHotKey
ExitWindowsEx
LoadBitmapW
LoadImageW
DestroyIcon
MsgWaitForMultipleObjects
UnhookWindowsHookEx
SetWindowsHookExW
GetAsyncKeyState
PostQuitMessage
CallNextHookEx
GetKeyboardState
keybd_event
RegisterDeviceNotificationW
SendMessageTimeoutW
CharUpperW
IsWindow
ScreenToClient
GetWindowTextLengthW
OffsetRect
OpenDesktopW
SetThreadDesktop
SwitchDesktop
CloseDesktop
GetCursorPos
CreatePopupMenu
TrackPopupMenu
DestroyMenu
LoadCursorW
CopyImage
GetSysColor
IsDialogMessageW
AttachThreadInput
GetForegroundWindow
FindWindowExA
SetCursorPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
PtInRect
EnumChildWindows
PostMessageW
SendMessageW
SetTimer
KillTimer
IsRectEmpty
MessageBoxW
CreateIconFromResourceEx
IsWindowEnabled
GetClassNameW
SwitchToThisWindow
GetClipboardData
IsWindowVisible
CharUpperA
LoadStringA
FindWindowW
SetWindowRgn
CreateMenu
SetMenu
DrawIcon
FindWindowExW
CreateIconIndirect
DestroyCursor
GetScrollRange
SubtractRect
GetIconInfo
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
GetFocus
GetScrollPos
GetActiveWindow
CreateDialogParamW
SetMenuItemBitmaps
EnumWindows
UpdateWindow
SetCapture
ReleaseCapture
ShowCursor
GetWindowInfo
ScrollWindow
ChildWindowFromPointEx
CreateIconFromResource
GetScrollInfo
WindowFromPoint
GetMenuItemID
IsChild
wsprintfA
PeekMessageW
TranslateMessage
DispatchMessageW
LoadStringW
AppendMenuW
RegisterWindowMessageW
FindWindowA
GetLastInputInfo
SystemParametersInfoW
WaitForInputIdle
GetSystemMenu
EnableMenuItem
GetWindowLongW
SetWindowLongW
GetClientRect
wsprintfW
DrawTextW
GetSystemMetrics
ShowScrollBar
EnableWindow
GetDesktopWindow
SetActiveWindow
SetForegroundWindow
BringWindowToTop
GetWindowTextW
SetWindowTextW
ClientToScreen
MoveWindow
CreateWindowExW
SetWindowLongPtrW
GetDlgCtrlID
GetParent
LoadIconW
ReleaseDC
GetDC
SetDlgItemTextW
DestroyWindow
GetDlgItem
SetWindowPos
ShowWindow
GetWindowRect
InvalidateRect

gdi32

Rectangle
MoveToEx
LineTo
GetTextMetricsW
Polyline
CreateEllipticRgn
CreatePen
Ellipse
SetPixel
ExtTextOutW
GetPixel
CreateBitmap
SetBkColor
SetDIBits
CreateFontW
CreateRectRgn
CombineRgn
SelectPalette
RealizePalette
GetDIBits
CreateDCW
GetDeviceCaps
GetBkColor
StretchBlt
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
RemoveFontResourceW
AddFontResourceW
GetStockObject
SetBkMode
SetTextColor
DeleteDC
DeleteObject
SelectObject

advapi32

OpenServiceW
CheckTokenMembership
CryptEnumProviderTypesW
CryptGetProvParam
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptReleaseContext
CryptDestroyHash
RegLoadKeyW
RegUnLoadKeyW
GetUserNameW
LookupAccountNameW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExA
RegDeleteKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
InitiateSystemShutdownW
ChangeServiceConfigW
ChangeServiceConfig2W
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
GetSecurityInfo
FreeSid
CreateRestrictedToken
AllocateAndInitializeSid
OpenProcessToken
CreateProcessWithLogonW
CreateProcessAsUserW
AdjustTokenPrivileges
SetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
GetTokenInformation
StartServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
DeleteService
ControlService
SetServiceStatus
AbortSystemShutdownW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityInfo
SetEntriesInAclW

shell32

SHChangeNotify
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
SHFileOperationW
DragAcceptFiles
ShellExecuteExW
SHGetSpecialFolderPathA
DragQueryFileW
SHGetSpecialFolderPathW

oleaut32

OleLoadPicture

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstanceIdW
CM_Locate_DevNodeW
SetupDiEnumDriverInfoW
SetupDiGetDriverInfoDetailW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiClassNameFromGuidW
SetupDiSetClassInstallParamsW
SetupDiClassGuidsFromNameW
CM_Get_Device_IDW
SetupDiClassNameFromGuidA
CM_Get_DevNode_Status
CM_Request_Device_EjectW
CM_Query_And_Remove_SubTreeW
CM_Get_Parent
SetupDiOpenClassRegKey
SetupDiGetDeviceInfoListDetailW
CM_Get_DevNode_Status_Ex
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiChangeState
CM_Reenumerate_DevNode

shlwapi

StrCmpNIW
StrCmpNIA
StrCmpNW
StrChrW
StrRChrW
StrStrIW
StrStrW
StrCpyNW
StrToIntExW
PathMatchSpecW
StrStrA
wnsprintfW
StrCmpNA
StrCmpIW
StrPBrkW

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
main
main5
mainB
mainB_
mainW
main_

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

flag_dat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 686KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e24650084d4bae6889a7c219c04e654

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

version

setupapi

shlwapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 119KB - Virtual size: 118KB

.data Size: 10KB - Virtual size: 25KB

.pdata Size: 21KB - Virtual size: 21KB

flag_dat Size: 512B - Virtual size: 24B

.rsrc Size: 686KB - Virtual size: 685KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 119KB - Virtual size: 118KB

.data
Size: 10KB - Virtual size: 25KB

.pdata
Size: 21KB - Virtual size: 21KB

flag_dat
Size: 512B - Virtual size: 24B

.rsrc
Size: 686KB - Virtual size: 685KB

.reloc
Size: 8KB - Virtual size: 8KB