13a5f23dafa40c1fdb0095cfa60dd7bb2bcc46a2518bb5f8e5a5e476d294ef05

Sharing

Copy URL Twitter E-mail

General

Target

13a5f23dafa40c1fdb0095cfa60dd7bb2bcc46a2518bb5f8e5a5e476d294ef05
Size

3.8MB
MD5

bbf2ff33acecd7b57f161430bbdf505e
SHA1

738231c4c0cbdba676ea7d045cf3b361fd8332f8
SHA256

13a5f23dafa40c1fdb0095cfa60dd7bb2bcc46a2518bb5f8e5a5e476d294ef05
SHA512

8befeb649485e38c85e2e23996251c5bb40c929cb604b7bd4c4e9c4366a93e107aad1d5327cbcd75b9e42bb17ae6dc0ba62401a487ab07e9cab9d3e8fe98fb94
SSDEEP

98304:eVxoYrk0yN3bOp1S7sjXqnmuqbeizQDg8u:MouaKpM7sjX33xkDi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13a5f23dafa40c1fdb0095cfa60dd7bb2bcc46a2518bb5f8e5a5e476d294ef05

Files

13a5f23dafa40c1fdb0095cfa60dd7bb2bcc46a2518bb5f8e5a5e476d294ef05
.exe windows:5 windows x86 arch:x86

5544d9eb583e4bfb7e693ee326ad9417

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Hxx\git\zzds_new\c++install\bin\ZZDS_.pdb

Imports

kernel32

GetFileAttributesExW
lstrcpyW
WideCharToMultiByte
CloseHandle
Process32FirstW
GlobalAlloc
Process32NextW
CreateToolhelp32Snapshot
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WriteFile
MultiByteToWideChar
GetModuleHandleW
lstrcatW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
GetLastError
FreeResource
CreateMutexW
GetCommandLineW
SizeofResource
OutputDebugStringA
GetTimeZoneInformation
HeapSize
WriteConsoleW
FlushFileBuffers
GetFullPathNameW
ReadConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetProcAddress
FormatMessageW
FreeLibrary
LoadLibraryW
VirtualAlloc
VirtualFree
VirtualProtect
HeapAlloc
HeapFree
GetProcessHeap
LoadLibraryA
IsBadReadPtr
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
GetFileInformationByHandle
GetStdHandle
GetCurrentProcessId
GetSystemDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
SetFileAttributesW
DeleteFileW
FindClose
GetModuleHandleA
FindFirstFileW
FindNextFileW
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
InitializeCriticalSection
SleepEx
VerSetConditionMask
VerifyVersionInfoW
WaitForSingleObject
WaitForMultipleObjects
GetFileType
PeekNamedPipe
ExpandEnvironmentStringsA
FormatMessageA
GlobalLock
GlobalUnlock
lstrlenW
GetACP
ExitProcess
MulDiv
SystemTimeToFileTime
LocalFileTimeToFileTime
LocalFree
DecodePointer
RaiseException
GetLocalTime
lstrcpynW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
GetModuleHandleExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetStringTypeW
CompareStringW
LCMapStringW
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA

user32

GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetParent
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
GetActiveWindow
SetPropW
GetPropW
LoadCursorW
SetCursor
InflateRect
SetWindowRgn
MessageBoxW
UpdateLayeredWindow
GetWindowRgn
DestroyWindow
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
IsWindowEnabled
EqualRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
SetFocus
CharNextW
IsZoomed
IsIconic
IsWindowVisible
IsWindow
CreateWindowExW
SendMessageW
SetForegroundWindow
FindWindowW
ShowWindow
PostMessageW
MoveWindow
GetWindowRect
SetWindowLongW
GetWindowLongW
wsprintfW
GetForegroundWindow
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
GetWindowThreadProcessId
SetWindowPos
AttachThreadInput
CharPrevW

advapi32

CryptAcquireContextW
CryptGetHashParam
CryptCreateHash
CryptHashData
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptReleaseContext

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
CommandLineToArgvW
DragQueryFileW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoCreateInstance
CoUninitialize
CoInitialize

iphlpapi

GetAdaptersInfo

shlwapi

PathRemoveBackslashW
PathIsRootW
PathFileExistsW
PathRemoveFileSpecW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

send
gethostbyname
gethostname
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
recv
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
WSACleanup
WSAStartup
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
bind
closesocket
connect
getpeername
getsockname
getsockopt

wldap32

ord118
ord41
ord142
ord26
ord27
ord167
ord145
ord219
ord46
ord14
ord216
ord208
ord79
ord133
ord147
ord301
ord127

gdi32

SetWindowOrgEx
CreateRoundRectRgn
CreateRectRgn
PtInRegion
GetObjectW
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextMetricsW
PlayEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
CreateDIBSection
BitBlt
SetBitmapBits
GetBitmapBits
GetTextExtentPoint32W
SelectClipRgn
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn

oleaut32

VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateTexture
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipFillPath
GdipCreateSolidFill
GdipCreateLineBrushFromRect
GdipSetLinePresetBlend
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 930KB - Virtual size: 929KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14.1MB - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5544d9eb583e4bfb7e693ee326ad9417

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

iphlpapi

shlwapi

version

ws2_32

wldap32

gdi32

oleaut32

comctl32

gdiplus

imm32

Sections

.text Size: 930KB - Virtual size: 929KB

.rdata Size: 227KB - Virtual size: 227KB

.data Size: 14KB - Virtual size: 21KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 14.1MB - Virtual size: 14.1MB

.reloc Size: 53KB - Virtual size: 53KB

.text
Size: 930KB - Virtual size: 929KB

.rdata
Size: 227KB - Virtual size: 227KB

.data
Size: 14KB - Virtual size: 21KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 14.1MB - Virtual size: 14.1MB

.reloc
Size: 53KB - Virtual size: 53KB