c2f38e306b23161922f5f4b926b2623e93414abbc7fefb04ec8ebb1b1489344c

Sharing

Copy URL Twitter E-mail

General

Target

c2f38e306b23161922f5f4b926b2623e93414abbc7fefb04ec8ebb1b1489344c
Size

6.2MB
MD5

1b11c0299b0e4704c23f53f03e7feb30
SHA1

9ec6124ca74d0cc15576ed60149dddaeb9a3f027
SHA256

c2f38e306b23161922f5f4b926b2623e93414abbc7fefb04ec8ebb1b1489344c
SHA512

967769d4aa4fc003f4f397685785f28008dce3abad0dfbfe0189cb4bf5b4511fb7b691a8694129fa387ef195482f0816f4edd32dd957d342edee8fc007ce834f
SSDEEP

196608:5YBAzrnl0iZvblS/Ind2+YFqIoUANIFkCd8+lQQFo8hqM/+3mvzqJsv6tWKFdu96:5DCiq/Ind2+zIFkg82QQHqrJsv6tWKFZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2f38e306b23161922f5f4b926b2623e93414abbc7fefb04ec8ebb1b1489344c

Files

c2f38e306b23161922f5f4b926b2623e93414abbc7fefb04ec8ebb1b1489344c
.exe windows:5 windows x86 arch:x86

a47657fcc5cb32d0aed0d3eb9e38a14f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SelectPalette
SetTextColor
SelectObject
CreateCompatibleBitmap
CreateFontIndirectW
DeleteObject
EnumFontFamiliesExW
SetBkMode
GetDIBits
GetRegionData
GdiFlush
CreateEllipticRgn
CreatePalette
GetTextFaceW
GetCharABCWidthsFloatW
CombineRgn
GetStockObject
GetTextMetricsW
SetGraphicsMode
ExtTextOutW
CreateRectRgn
GetGlyphOutlineW
OffsetRgn
BitBlt
GetFontData
CreateBitmap
GetCharABCWidthsW
GetPaletteEntries
GetTextExtentPoint32W
SelectClipRgn
GetOutlineTextMetricsW
PtInRegion
GetCharABCWidthsI
GetDeviceCaps
SetTextAlign
RealizePalette
SetWorldTransform
CreateDIBSection
CreateCompatibleDC
DeleteDC
GetObjectW

oleaut32

SysAllocString
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit

imm32

ImmGetCompositionStringW
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetContext
ImmAssociateContext
ImmReleaseContext
ImmSetCompositionFontW
ImmGetDefaultIMEWnd

winmm

PlaySoundW

ws2_32

closesocket
send
WSAGetLastError
freeaddrinfo
WSACloseEvent
WSAIoctl
getaddrinfo
recv
WSACreateEvent
setsockopt
getsockname
ntohs
bind
ntohl
htons
getsockopt
getpeername
socket
connect
WSAAsyncSelect
WSASetLastError
WSAEventSelect
WSAResetEvent
accept
listen
htonl
sendto
recvfrom
select
WSAWaitForMultipleEvents
WSAStartup
WSACleanup
__WSAFDIsSet
ioctlsocket
gethostname
WSAEnumNetworkEvents

ole32

DoDragDrop
OleIsCurrentClipboard
ReleaseStgMedium
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoLockObjectExternal
OleSetClipboard
RegisterDragDrop
RevokeDragDrop
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
OleFlushClipboard
CoGetMalloc
CoCreateGuid
OleGetClipboard

user32

GetDesktopWindow
UpdateWindow
MoveWindow
DestroyCaret
SetParent
EndPaint
KillTimer
GetClassInfoW
GetKeyboardState
GetSysColorBrush
CreateIconIndirect
GetWindowRect
SetCaretBlinkTime
MsgWaitForMultipleObjectsEx
SetWindowLongW
AdjustWindowRectEx
SendMessageW
IsChild
UnhookWindowsHookEx
ChangeClipboardChain
GetCursorPos
ClientToScreen
MessageBeep
SetTimer
GetWindowThreadProcessId
SetFocus
GetSysColor
SetCursor
TrackPopupMenuEx
SetCursorPos
SetWindowRgn
ScreenToClient
TranslateMessage
EnableMenuItem
WindowFromPoint
GetUpdateRect
SetWindowTextW
ClipCursor
IsZoomed
SystemParametersInfoW
GetWindowPlacement
GetAsyncKeyState
GetWindowLongW
SetCapture
GetDC
SetCaretPos
RegisterClassExW
GetSystemMetrics
GetDoubleClickTime
SetWindowPos
PostMessageW
HideCaret
GetIconInfo
SetForegroundWindow
GetClientRect
CallNextHookEx
GetQueueStatus
ReleaseDC
ScrollWindowEx
DrawIconEx
GetCaretBlinkTime
DestroyCursor
GetWindowRgn
ShowWindow
DispatchMessageW
RegisterWindowMessageW
SetDoubleClickTime
LoadIconW
DestroyIcon
CreateWindowExW
IsIconic
GetKeyboardLayout
DestroyWindow
GetParent
DefWindowProcW
GetKeyboardLayoutList
ToUnicode
MapVirtualKeyW
CharNextExA
UnregisterClassW
FlashWindowEx
ReleaseCapture
ValidateRgn
RegisterClassW
SetWindowPlacement
InvalidateRect
PeekMessageW
GetKeyState
GetMenu
IsWindowVisible
BeginPaint
SetClipboardViewer
GetSystemMenu
LoadImageW
SetMenuItemInfoW
RegisterClipboardFormatW
CreateCaret
GetActiveWindow
ToAscii
SetWindowsHookExW
InvalidateRgn
CreateCursor
GetClipboardFormatNameW
GetFocus

advapi32

CryptImportKey
CryptGetHashParam
CryptHashData
OpenProcessToken
CryptDestroyHash
RegDeleteValueW
CryptReleaseContext
GetTokenInformation
RegCloseKey
RegSetValueExW
CryptDestroyKey
CryptGenRandom
GetLengthSid
RegQueryValueExW
RegDeleteKeyW
CryptCreateHash
RegEnumValueW
RegFlushKey
CryptEncrypt
RegQueryInfoKeyW
CopySid
RegEnumKeyExW
RegCreateKeyExW
FreeSid
CryptAcquireContextW
RegOpenKeyExW

shell32

ShellExecuteW

kernel32

GetVolumeInformationW
SetUnhandledExceptionFilter
VerifyVersionInfoW
VirtualAlloc
CopyFileW
FileTimeToSystemTime
SetErrorMode
Sleep
GetFileInformationByHandle
GetLastError
GetDriveTypeA
SleepEx
TlsGetValue
HeapCreate
GetTimeZoneInformation
TlsSetValue
HeapReAlloc
WriteConsoleW
GetDateFormatW
UnmapViewOfFile
SetThreadPriority
GetFileAttributesExW
WaitForMultipleObjects
GetModuleFileNameW
GetCurrencyFormatW
ReleaseSemaphore
LCMapStringW
GetConsoleOutputCP
ExitProcess
HeapFree
GlobalSize
GetFileAttributesA
VerSetConditionMask
GetThreadPriority
SetEndOfFile
TlsAlloc
SetFilePointerEx
OpenProcess
IsValidLanguageGroup
MultiByteToWideChar
ExpandEnvironmentStringsW
SetFileAttributesW
TerminateThread
GetLocaleInfoA
FileTimeToLocalFileTime
SetFilePointer
SwitchToThread
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GlobalLock
GetCurrentThreadId
FreeLibrary
OpenFileMappingW
GetLocaleInfoW
GetDateFormatA
SetStdHandle
GetEnvironmentStrings
CompareStringW
VirtualFree
SetEnvironmentVariableA
RemoveDirectoryW
ResumeThread
GetSystemDirectoryW
GetCommandLineW
GetCPInfo
GetCurrentProcess
GetProcAddress
GetDriveTypeW
GetTimeFormatW
FindFirstFileA
MoveFileExW
FlushFileBuffers
GlobalAlloc
GetSystemInfo
QueryPerformanceFrequency
VirtualQuery
GetCommandLineA
InterlockedDecrement
TerminateProcess
CreateFileW
CreateDirectoryW
SystemTimeToTzSpecificLocalTime
OutputDebugStringW
GetFullPathNameA
FindNextFileW
GetEnvironmentStringsW
GetModuleHandleW
GetCurrentDirectoryW
WriteFile
DeleteFileA
QueryPerformanceCounter
CreateProcessW
WriteConsoleA
GetCurrentThread
SetHandleCount
HeapSize
FindClose
LeaveCriticalSection
SetLastError
GetUserDefaultLCID
GetProcessHeap
GetOEMCP
EnumSystemLocalesA
CreateThread
GlobalUnlock
TlsFree
EnterCriticalSection
SetEnvironmentVariableW
PeekNamedPipe
GetConsoleMode
DeleteFileW
GetTickCount64
LocalFree
FreeEnvironmentStringsA
ResetEvent
LCMapStringA
GetCurrentProcessId
InterlockedIncrement
CreateFileA
GetTickCount
GetUserDefaultLangID
ExitThread
GetStartupInfoA
CreateEventW
GetLocalTime
DuplicateHandle
GetFileAttributesW
GetStdHandle
GetVersionExW
GetACP
GetEnvironmentVariableA
GetFileSizeEx
LoadLibraryA
GetLongPathNameW
CreateSemaphoreW
IsValidCodePage
GetTimeFormatA
IsDebuggerPresent
RtlUnwind
CompareStringA
FreeEnvironmentStringsW
GetUserDefaultUILanguage
GetCurrentDirectoryA
WaitForSingleObject
HeapAlloc
LoadLibraryW
CloseHandle
WideCharToMultiByte
DeviceIoControl
CheckRemoteDebuggerPresent
CreateFileMappingW
UnhandledExceptionFilter
MapViewOfFile
ReadFile
FormatMessageW
MoveFileW
GetFileType
GetConsoleCP
GetModuleHandleA
GetFileSize
InterlockedExchange
lstrcmpW
GetLogicalDrives
SetEvent
FindFirstFileExW
FindFirstFileW
GetStartupInfoW
InitializeCriticalSection
GetStringTypeA
DeleteCriticalSection
GetStringTypeW
IsValidLocale
GetFullPathNameW
RaiseException
GetSystemTimeAsFileTime

crypt32

CertFindExtension
CertAddCertificateContextToStore
CertFreeCertificateChain
CryptQueryObject
CertCreateCertificateChainEngine
CertFindCertificateInStore
CertGetCertificateChain
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertCloseStore
CertFreeCertificateContext
CertOpenStore
CertFreeCertificateChainEngine
CertEnumCertificatesInStore

wldap32

ord46
ord216
ord73
ord27
ord301
ord167
ord79
ord142
ord127
ord147
ord133
ord26
ord208
ord145
ord219
ord14
ord117
ord41

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a47657fcc5cb32d0aed0d3eb9e38a14f

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

oleaut32

imm32

winmm

ws2_32

ole32

user32

advapi32

shell32

kernel32

crypt32

wldap32

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 37KB - Virtual size: 57KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 235KB - Virtual size: 234KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 37KB - Virtual size: 57KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 235KB - Virtual size: 234KB