d57efe73036649744120e78368620855035db47a32f946553c2148278ae879f4

Sharing

Copy URL Twitter E-mail

General

Target

d57efe73036649744120e78368620855035db47a32f946553c2148278ae879f4
Size

4.9MB
MD5

c71ee1c9876d3b30a5875c44c709d98e
SHA1

d4e1ae603f34b771d3d0028c33b891a02a9da82e
SHA256

d57efe73036649744120e78368620855035db47a32f946553c2148278ae879f4
SHA512

9f05e5aff7061da9d9cdaaa6cb0a253743ea50e4632cdcef5a5142c2ffbe091c85091c6c3e9a1326eb46203154e5d1835aadcc158afcc9cd7d7bc3e84236ecfc
SSDEEP

98304:J2rO+eS5v6kjd7YPboCLmYaTkgOzFABtkFzTPO0kCAdoyE3kmjER3O:x+eS5vsPboCLmYSBurQBE0NZO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d57efe73036649744120e78368620855035db47a32f946553c2148278ae879f4

Files

d57efe73036649744120e78368620855035db47a32f946553c2148278ae879f4
.exe windows:5 windows x64 arch:x64

5f67343adc5d5e620479b0db71aac9f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetModuleHandleA
GetFileTime
GetSystemTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
FormatMessageW
MoveFileExW
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
GetEnvironmentVariableA
SleepEx
VerSetConditionMask
VerifyVersionInfoW
FindResourceExW
FindResourceW
LoadResource
lstrcmpW
IsBadCodePtr
SetFileTime
SetThreadExecutionState
FreeLibrary
SetEndOfFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteFileA
lstrcpyA
CreateToolhelp32Snapshot
Process32NextW
Module32FirstW
Process32FirstW
TerminateProcess
OpenProcess
GetCurrentProcessId
GetLocalTime
SystemTimeToFileTime
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryW
CreateThread
SetUnhandledExceptionFilter
FreeResource
CreateMutexW
GetCommandLineW
GetTempPathA
OutputDebugStringA
WritePrivateProfileStringA
SetFileAttributesA
WritePrivateProfileStringW
OutputDebugStringW
SetFileAttributesW
lstrcpyW
GetPrivateProfileSectionW
DeleteFileW
CloseHandle
FindNextFileW
lstrcatW
FindNextFileA
GetSystemInfo
RemoveDirectoryW
SetCurrentDirectoryW
GetProcessId
FindClose
MoveFileW
GetProcAddress
GetCurrentDirectoryW
FindFirstFileA
GetFileSizeEx
CreateDirectoryA
GetPrivateProfileIntW
GetTempPathW
SetThreadPriority
MultiByteToWideChar
GetModuleFileNameW
ReadFile
GetExitCodeProcess
CopyFileW
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
SizeofResource
Sleep
WideCharToMultiByte
WriteFile
GetPrivateProfileStringW
GetCurrentThread
GetTickCount
GetModuleHandleW
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
FindFirstFileW
SetPriorityClass
GetFileSize
CreateFileA
GetEnvironmentVariableW
DeviceIoControl
CreateFileW
GetVolumeInformationW
LocalFree
GetSystemDirectoryW
GetTimeZoneInformation
WriteConsoleW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
GetFullPathNameW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetOEMCP
IsValidCodePage
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
SetFilePointerEx
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetFileAttributesExW
GetCurrentDirectoryA
GetComputerNameW
DeleteCriticalSection
DecodePointer
LockResource
SetCurrentDirectoryA
SetEnvironmentVariableA
GetSystemTimeAsFileTime
LoadLibraryExW
ExitThread
GetCurrentThreadId
AreFileApisANSI
GetModuleHandleExW
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
lstrcpynW
lstrcmpiW
GlobalAlloc
MulDiv
lstrlenW
GlobalUnlock
GlobalLock
ExitProcess
GetACP
GetFileAttributesW
HeapSize
GetLastError
RaiseException
HeapDestroy
HeapReAlloc
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

IntersectRect
GetSysColor
MapWindowPoints
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
CharNextW
IsWindowVisible
DestroyWindow
SetWindowLongW
ScreenToClient
SetWindowRgn
IsZoomed
IsIconic
OffsetRect
UnionRect
InflateRect
SetCursor
GetMonitorInfoW
MonitorFromWindow
LoadImageW
LoadCursorW
GetWindow
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowLongW
IsRectEmpty
GetPropW
SetPropW
mouse_event
PtInRect
FindWindowA
DestroyMenu
EnableWindow
SetFocus
IsWindow
CreateWindowExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
DispatchMessageW
TranslateMessage
UpdateLayeredWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
EnableMenuItem
AppendMenuW
TrackPopupMenu
SendMessageW
CreatePopupMenu
GetCursorPos
SetWindowPos
SetCursorPos
GetWindowRect
MessageBoxW
ShowWindow
ExitWindowsEx
KillTimer
PostMessageW
PostQuitMessage
SetTimer
MoveWindow
GetSystemMetrics
wsprintfW
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
IsWindowEnabled
UpdateWindow
EqualRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
wsprintfA
GetClientRect
GetClassInfoExW
GetMessageW
CreateAcceleratorTableW
InvalidateRgn
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
SetForegroundWindow
GetGUIThreadInfo
DrawTextA

advapi32

ConvertSidToStringSidW
CryptGetHashParam
CryptAcquireContextW
LookupAccountNameW
CryptCreateHash
CryptHashData
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
RegCloseKey
RegSetValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryInfoKeyW
RegDeleteKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueW
RegDeleteValueA
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyW
CryptReleaseContext
CryptGenRandom
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW
DragQueryFileW
SHGetDesktopFolder
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathA
SHChangeNotify

ole32

CoUninitialize
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoInitialize
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

PathIsDirectoryW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsA
PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdiplus

GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipSetPenMode
ord1

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

ws2_32

WSACleanup
sendto
WSAWaitForMultipleEvents
ntohl
inet_addr
WSAEnumNetworkEvents
htons
WSAEventSelect
accept
ntohs
socket
recvfrom
WSAStartup
send
recv
setsockopt
WSAGetLastError
connect
getsockopt
WSACloseEvent
WSAResetEvent
closesocket
WSASetLastError
ioctlsocket
gethostname
getpeername
select
__WSAFDIsSet
htonl
WSAIoctl
freeaddrinfo
getaddrinfo
listen
getsockname
bind
WSACreateEvent
gethostbyname

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

crypt32

CertCloseStore
CertFreeCertificateContext
CertOpenStore
CertAddEncodedCertificateToStore

wininet

InternetCheckConnectionW
InternetCheckConnectionA

winmm

mixerGetLineInfoW
mixerClose
mixerOpen
mixerGetLineControlsW
mixerSetControlDetails

wldap32

ord117
ord41
ord208
ord216
ord14
ord26
ord219
ord145
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord46

wlanapi

WlanSetProfile
WlanCloseHandle
WlanReasonCodeToString
WlanOpenHandle
WlanEnumInterfaces

gdi32

CreateRectRgnIndirect
CreateSolidBrush
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteDC
CreatePen
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
CreateRoundRectRgn
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
CreateRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
CreatePatternBrush
SelectObject
SaveDC
GdiFlush
TextOutW
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nws0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nws1
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f67343adc5d5e620479b0db71aac9f7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

imm32

ws2_32

iphlpapi

crypt32

wininet

winmm

wldap32

wlanapi

gdi32

Sections

.text Size: - Virtual size: 1.5MB

.rdata Size: - Virtual size: 470KB

.data Size: - Virtual size: 35KB

.pdata Size: - Virtual size: 95KB

.tls Size: 512B - Virtual size: 25B

.nws0 Size: - Virtual size: 1.0MB

.nws1 Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 512B - Virtual size: 40B

.rsrc Size: 3KB - Virtual size: 4.4MB

.text
Size: - Virtual size: 1.5MB

.rdata
Size: - Virtual size: 470KB

.data
Size: - Virtual size: 35KB

.pdata
Size: - Virtual size: 95KB

.tls
Size: 512B - Virtual size: 25B

.nws0
Size: - Virtual size: 1.0MB

.nws1
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 512B - Virtual size: 40B

.rsrc
Size: 3KB - Virtual size: 4.4MB