2d831cabd0105dac3c6d70755cd98d81e2ffa721675caf72e31a2fe84ff744d2

Sharing

Copy URL Twitter E-mail

General

Target

2d831cabd0105dac3c6d70755cd98d81e2ffa721675caf72e31a2fe84ff744d2
Size

3.8MB
MD5

4480b6f3f843f626e41f923955e0489b
SHA1

44e7b5de50fb9ceab30f6510e0eb8e383cf72524
SHA256

2d831cabd0105dac3c6d70755cd98d81e2ffa721675caf72e31a2fe84ff744d2
SHA512

f2b7d2aabb48bc9f41a51c53acd5b8d5fd069bee7cb840e9611ca98a29397223d122d5e3065c1e2cf404d457de697c368fd82eb4a7256c51d6b14916a6a73355
SSDEEP

98304:rQWniQvNm159vWoMw1IgZsQQQ0FLOAkGkzdnEVomFHKnPlz0:rIiwIgZsQQpFLOyomFHKnP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d831cabd0105dac3c6d70755cd98d81e2ffa721675caf72e31a2fe84ff744d2

Files

2d831cabd0105dac3c6d70755cd98d81e2ffa721675caf72e31a2fe84ff744d2
.exe windows:6 windows x86 arch:x86

3afa6f8a1bf16703ae346fe5be8a17c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetFilePointerEx
WriteConsoleW
GetVolumeInformationW
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
ResetEvent
CreateThread
CreateEventW
SetThreadPriority
VirtualQuery
WideCharToMultiByte
CopyFileW
GetCurrentDirectoryW
CloseHandle
DeleteFileW
GetFileAttributesExW
MultiByteToWideChar
GetSystemDirectoryW
GetVersionExW
GetCurrentThreadId
GetFileAttributesW
WaitForSingleObject
FindClose
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
FindNextFileW
GetCommandLineW
SetLastError
FindFirstFileW
ReadFile
FreeLibrary
LoadLibraryW
GetProcAddress
LoadResource
LockResource
FreeResource
InitializeCriticalSection
SizeofResource
GlobalReAlloc
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
IsDebuggerPresent
GetTickCount
FindResourceW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
VirtualAlloc
GetSystemInfo
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
GetCommandLineA
RtlUnwind
OutputDebugStringW
GetStartupInfoW
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetTempFileNameW
SetErrorMode
GetFileTime
GetFileSizeEx
SystemTimeToTzSpecificLocalTime
Sleep
GetProfileIntW
GetTempPathW
SearchPathW
GetWindowsDirectoryW
FindResourceExW
HeapReAlloc
GetLastError
HeapSize
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameW
FlushFileBuffers
GetFileSize
CreateFileW
VerifyVersionInfoW
VerSetConditionMask
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
lstrcpyW
GetThreadLocale
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetEvent
CompareStringA
lstrcmpA
GetCurrentThread
FormatMessageW
LocalFree
GetCurrentProcessId
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
EncodePointer
OutputDebugStringA
GetStringTypeW
EnterCriticalSection
LCMapStringW
HeapFree

user32

RegisterClassW
GetClassInfoW
LoadStringW
CreateWindowExW
CopyImage
SetForegroundWindow
GetParent
EnumDisplaySettingsW
GetDesktopWindow
SetClipboardData
MoveWindow
EmptyClipboard
CloseClipboard
GetMonitorInfoW
OpenClipboard
SetActiveWindow
MonitorFromWindow
GetWindowThreadProcessId
LoadIconW
LoadCursorW
LoadImageW
GetSystemMetrics
GetWindowDC
ReleaseDC
DefWindowProcW
CallWindowProcW
GetWindowLongW
MessageBoxW
CheckMenuItem
GetMenuState
AdjustWindowRectEx
SetCursor
GetKeyState
GetWindowRect
WinHelpW
SendMessageW
InvalidateRect
EnableWindow
ReleaseCapture
SetCapture
DestroyCursor
DestroyIcon
GetDC
GetCursorPos
CreateMenu
AppendMenuW
InsertMenuW
TranslateAcceleratorW
DestroyMenu
CreateAcceleratorTableW
DestroyAcceleratorTable
GetClientRect
EndPaint
BeginPaint
UnregisterClassW
SetWindowLongW
IsWindow
GetSubMenu
TrackPopupMenu
CreatePopupMenu
DeleteMenu
GetMessagePos
InvertRect
ScreenToClient
ChildWindowFromPointEx
IsZoomed
SetRect
GetSystemMenu
GetWindow
GetFocus
DestroyWindow
IsWindowVisible
SetWindowPos
SetWindowRgn
FillRect
MessageBeep
WindowFromPoint
GetScrollPos
DrawIcon
GetActiveWindow
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessageTime
GetClassInfoExW
IsMenu
IsChild
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetMenu
GetMenuItemID
GetMenuItemCount
GetForegroundWindow
ValidateRect
ScrollWindow
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
MapWindowPoints
EqualRect
GetClassLongW
GetTopWindow
GetLastActivePopup
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetScrollInfo
GetScrollInfo
GetMenuStringW
RemoveMenu
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
ShowWindow
CheckDlgButton
SetWindowTextW
IsDialogMessageW
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
CreateDialogIndirectParamW
EndDialog
SystemParametersInfoW
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
TranslateMessage
ShowOwnedPopups
CharNextW
DrawFocusRect
NotifyWinEvent
SendDlgItemMessageA
SetRectEmpty
GetMenuItemInfoW
InflateRect
MonitorFromPoint
GetSysColorBrush
RealChildWindowFromPoint
GetAsyncKeyState
BringWindowToTop
LoadAcceleratorsW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
SetLayeredWindowAttributes
EnumDisplayMonitors
DrawStateW
TrackMouseEvent
CharUpperW
ModifyMenuW
PostThreadMessageW
WaitMessage
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CopyAcceleratorTableW
EnumChildWindows
LockWindowUpdate
SetClassLongW
InvalidateRgn
GetNextDlgGroupItem
DrawEdge
DrawFrameControl
DrawIconEx
UnionRect
GetIconInfo
GetMenuDefaultItem
SetCursorPos
CharUpperBuffW
UpdateLayeredWindow
EnableScrollBar
SetMenuDefaultItem
CopyIcon
FrameRect
IsClipboardFormatAvailable
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetUpdateRect
HideCaret
GetDoubleClickTime
GetComboBoxInfo
GetWindowRgn
OffsetRect
GetCapture
SetTimer
RedrawWindow
GetScrollRange
CopyRect
GetDlgCtrlID
ClientToScreen
GetSysColor
IsWindowEnabled
SetMenu
LoadBitmapW
IsRectEmpty
IntersectRect
SetFocus
GetClassNameW
SetParent
SetScrollRange
KillTimer
SetScrollPos
PtInRect
UpdateWindow
IsIconic
GetNextDlgTabItem
PostMessageW

gdi32

EndDoc
GetTextColor
StartDocW
EndPage
GetROP2
CreateDCW
SetPixelV
Polygon
LPtoDP
DPtoLP
GetWindowExtEx
SetPixel
CreateBrushIndirect
CreateHatchBrush
GetWindowOrgEx
CreatePatternBrush
GetStretchBltMode
CreateBitmap
CombineRgn
GetViewportOrgEx
PatBlt
CreateRoundRectRgn
GetBkMode
CreateRectRgn
CreatePen
Rectangle
Ellipse
CreateEllipticRgn
GetCurrentObject
RoundRect
FillRgn
GetTextExtentPoint32W
CreateFontIndirectW
CreateCompatibleBitmap
SetDIBColorTable
StretchBlt
RealizePalette
GetDIBits
GetDeviceCaps
GetSystemPaletteEntries
SelectPalette
CreatePalette
SetStretchBltMode
GetObjectW
GetStockObject
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
BitBlt
CreateSolidBrush
StartPage
GetPolyFillMode
GetBkColor
GetTextMetricsW
SetTextColor
SetBkColor
GetPixel
DeleteDC
GetTextFaceW
PtInRegion
GetBoundsRect
FrameRgn
SetPaletteEntries
ExtFloodFill
GetPaletteEntries
GetNearestPaletteIndex
EnumFontFamiliesExW
Polyline
CreatePolygonRgn
OffsetRgn
GetRgnBox
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
SetRectRgn
GetMapMode
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetViewportExtEx
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CopyMetaFileW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteValueW
RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegCloseKey
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

shell32

Shell_NotifyIconW
ShellExecuteW
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
DragAcceptFiles
SHGetFileInfoW

ole32

CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
DoDragDrop
OleGetClipboard
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoDisconnectObject
CoInitialize
CoCreateGuid
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CLSIDFromString
CLSIDFromProgID
CoCreateInstance

oleaut32

VarBstrFromDate
SafeArrayDestroy
VariantInit
SysStringLen
SysAllocStringLen
LoadTypeLi
SysFreeString
OleCreateFontIndirect
SysAllocString
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantChangeType

comctl32

InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Create

cximagecrt

?Negative@CxImage@@QAE_NXZ
?Copy@CxImage@@QAEXABV1@_N11@Z
?GrayScale@CxImage@@QAE_NXZ
?RedEyeRemove@CxImage@@QAE_NM@Z
?Contour@CxImage@@QAE_NXZ
?Dilate@CxImage@@QAE_NH@Z
?Edge@CxImage@@QAE_NH@Z
?Erode@CxImage@@QAE_NH@Z
?Dither@CxImage@@QAE_NH@Z
?Mirror@CxImage@@QAE_N_N0@Z
?Flip@CxImage@@QAE_N_N0@Z
?GetLastError@CxImage@@QAEPBDXZ
?Light@CxImage@@QAE_NHH@Z
?SelectionDelete@CxImage@@QAE_NXZ
?Load@CxImage@@QAE_NPB_WI@Z
?GetHeight@CxImage@@QBEIXZ
?LoadResource@CxImage@@QAE_NPAUHRSRC__@@IPAUHINSTANCE__@@@Z
??0CxMemFile@@QAE@PAEI@Z
??1CxMemFile@@UAE@XZ
?Open@CxMemFile@@QAE_NXZ
?Encode@CxImage@@QAE_NPAVCxFile@@I@Z
?Size@CxMemFile@@UAEHXZ
?GetBuffer@CxMemFile@@QAEPAE_N@Z
?Draw@CxImage@@QAEHPAUHDC__@@HHHHPAUtagRECT@@_N2@Z
?RotateLeft@CxImage@@QAE_NPAV1@@Z
?RotateRight@CxImage@@QAE_NPAV1@@Z
?Thumbnail@CxImage@@QAE_NHHUtagRGBQUAD@@PAV1@@Z
?Rotate@CxImage@@QAE_NMPAV1@@Z
?Rotate180@CxImage@@QAE_NPAV1@@Z
?GaussianBlur@CxImage@@QAE_NMPAV1@@Z
?SelectionAddRect@CxImage@@QAE_NUtagRECT@@E@Z
??0CxImage@@QAE@I@Z
?GetWidth@CxImage@@QBEIXZ
?CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@_N@Z
?MakeBitmap@CxImage@@QAEPAUHBITMAP__@@PAUHDC__@@_N@Z
?IsValid@CxImage@@QBE_NXZ
?DestroyFrames@CxImage@@QAE_NXZ
?Colorize@CxImage@@QAE_NEEM@Z
?Destroy@CxImage@@QAE_NXZ

msimg32

TransparentBlt
AlphaBlend

uxtheme

GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeColor
DrawThemeParentBackground
DrawThemeText
GetWindowTheme
IsAppThemed
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData

oledlg

OleUIBusyW

gdiplus

GdiplusStartup
GdipDeletePen
GdipFree
GdipAlloc
GdipCloneBrush
GdipDeleteBrush
GdipCreatePen1
GdipCreateFontFamilyFromName
GdipCreateSolidFill
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipGetImageHeight
GdipGetImagePaletteSize
GdipCloneImage
GdipGraphicsClear
GdipCreateFromHDC
GdipSetPenColor
GdipSetPenWidth
GdipDrawLineI
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipGetImagePalette
GdipDeleteGraphics
GdiplusShutdown
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipDisposeImage
GdipCreateBitmapFromStream
GdipBitmapUnlockBits

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3afa6f8a1bf16703ae346fe5be8a17c5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

cximagecrt

msimg32

uxtheme

oledlg

gdiplus

oleacc

imm32

winmm

shlwapi

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 361KB - Virtual size: 361KB

.data Size: 27KB - Virtual size: 46KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 154KB - Virtual size: 153KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 361KB - Virtual size: 361KB

.data
Size: 27KB - Virtual size: 46KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 154KB - Virtual size: 153KB