30a54c66af658fbec92497e7d13020af63afd1ed453a70eafbce9908ea41e74a

Sharing

Copy URL Twitter E-mail

General

Target

30a54c66af658fbec92497e7d13020af63afd1ed453a70eafbce9908ea41e74a
Size

4.2MB
MD5

eab0898f99aa033c905b8a29ee585ad9
SHA1

fa5075594611367828c8b72d12c8757834656135
SHA256

30a54c66af658fbec92497e7d13020af63afd1ed453a70eafbce9908ea41e74a
SHA512

8ecaa259c40cc6286a9f232fe8d48a2ce0dcb7cce09a5efd61d65bd318538f81178514e6691e4fb3f715a54666b122ca0878814a58c41a7612246954bc9f4120
SSDEEP

98304:0RLCIAn+wmp/76nWK03l6hZA5D5tJiGw3lbLKa+/bw9QH/G7Nrk6hY/qj4:0ViJhZAXiP3lvKWoO2qU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30a54c66af658fbec92497e7d13020af63afd1ed453a70eafbce9908ea41e74a

Files

30a54c66af658fbec92497e7d13020af63afd1ed453a70eafbce9908ea41e74a
.exe windows:5 windows x86 arch:x86

4335e06e66851d3c119850f1ba23f2a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
OutputDebugStringW
GetVersionExW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileIntW
WritePrivateProfileStringW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateDirectoryW
GetFileSize
WriteFile
ReadFile
lstrcpyW
CreateFileW
SetFileAttributesW
GetFileAttributesExW
GlobalFree
VirtualAlloc
VirtualFree
HeapAlloc
HeapFree
GetProcessHeap
GetLogicalDriveStringsW
QueryDosDeviceW
GlobalAlloc
HeapReAlloc
HeapSize
GetLongPathNameW
GetVolumeInformationW
GetSystemInfo
GetTickCount
FileTimeToSystemTime
DeviceIoControl
SetPriorityClass
FlushInstructionCache
HeapCreate
InitializeCriticalSection
FreeResource
LockResource
SetLastError
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetLocalTime
GetVersionExA
LoadLibraryA
GetModuleHandleA
EncodePointer
LocalFree
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
WaitForSingleObjectEx
SetStdHandle
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
SetEndOfFile
GetCurrentDirectoryW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
ResetEvent
SetEvent
lstrlenA
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
GetFileInformationByHandle
InterlockedCompareExchange
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
GetFileAttributesExA
FormatMessageA
CreateEventW
QueryPerformanceFrequency
MultiByteToWideChar
MulDiv
LocalAlloc
GetSystemWindowsDirectoryW
lstrcmpiW
GlobalUnlock
GetSystemTime
SystemTimeToFileTime
RtlUnwind
GlobalLock
FlushConsoleInputBuffer
GlobalMemoryStatus
ReadConsoleInputA
SetConsoleMode
SetCurrentDirectoryW
GetModuleHandleW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DecodePointer
FreeLibrary
Sleep
WideCharToMultiByte
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
CopyFileW
GetPrivateProfileStringW
TerminateProcess
OpenProcess
lstrlenW
GetTempPathW
CreateThread
MoveFileExW
FindNextFileW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
FindClose
GetSystemDirectoryW
LoadLibraryW
CloseHandle
GetProcAddress
HeapDestroy

user32

CreateCaret
GetCursorPos
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
TrackMouseEvent
GetMonitorInfoW
MonitorFromWindow
GetWindow
MapWindowPoints
GetWindowRect
GetClientRect
GetActiveWindow
GetDlgItem
CreateWindowExW
RegisterClassExW
CallWindowProcW
GetCaretBlinkTime
UpdateLayeredWindow
SetFocus
DestroyIcon
CharNextW
PtInRect
EqualRect
IsRectEmpty
HideCaret
SetCaretPos
ScreenToClient
LoadBitmapW
CreateIconFromResource
LoadImageW
GetMessageW
ClientToScreen
PostMessageW
ShowWindow
SetWindowTextW
SendMessageW
UnregisterClassW
DrawTextW
IsWindowVisible
UnionRect
IntersectRect
CopyRect
SetRect
SetCursor
KillTimer
SetTimer
DestroyWindow
IsWindow
DestroyCursor
MsgWaitForMultipleObjects
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsWindowEnabled
SystemParametersInfoA
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
IsMenu
MapVirtualKeyA
GetFocus
CharLowerBuffW
GetSystemMetrics
GetSysColor
DefWindowProcW
EnableMenuItem
GetParent
SystemParametersInfoW
GetDC
ReleaseDC
InflateRect
OffsetRect
DrawIconEx
GetIconInfo
LoadStringW
GetKeyState
wsprintfW
TranslateMessage
DispatchMessageW
PeekMessageW
GetClassNameW
SetWindowPos
GetForegroundWindow
SetForegroundWindow
GetWindowLongW
SetWindowLongW
LoadCursorW

advapi32

CryptEnumProvidersA
RegOpenKeyW
ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx
SetSecurityDescriptorDacl
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
RegEnumKeyW
RegCreateKeyExA
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
OpenProcessToken
GetTokenInformation
LookupAccountSidW
InitializeSecurityDescriptor
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
CloseServiceHandle

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHChangeNotify
SHGetFolderPathW

ole32

OleInitialize
CoUninitialize
CoInitialize
OleUninitialize
CreateBindCtx
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CoCreateGuid

shlwapi

SHGetValueW
SHSetValueW
StrStrIW
PathAppendW
SHDeleteValueW
PathFileExistsW
SHDeleteKeyW
StrToIntExW

gdiplus

GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipGetImageHeight
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDisposeImage
GdipGetImageWidth

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext

gdi32

SetGraphicsMode
GetDeviceCaps
CreateBitmap
CreateRoundRectRgn
EnumFontsW
BitBlt
SetViewportOrgEx
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
IntersectClipRect
GetRegionData
ExtCreateRegion
DeleteObject
CreateFontIndirectW
CreateSolidBrush
GetStockObject
Rectangle
SetBkMode
GdiFlush
GetTextFaceW
ExtTextOutW
SetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsW
GetGlyphOutlineW
GetFontData
GetCharABCWidthsW
EnumFontFamiliesExW
StretchBlt
GetCurrentObject
GetViewportOrgEx
DeleteDC
CreateCompatibleDC

oleaut32

SysFreeString
SysAllocString

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptMsgGetParam
CryptMsgClose
CryptQueryObject

psapi

GetModuleFileNameExW
EnumProcessModules
GetProcessImageFileNameW

wldap32

ord60
ord217
ord143
ord32
ord27
ord46
ord22
ord26
ord41
ord50
ord211
ord35
ord79
ord30
ord200
ord301
ord33

ws2_32

socket
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
getservbyname
gethostbyname
htonl
shutdown
setsockopt
WSAIoctl
WSAStartup
listen
WSACleanup
getaddrinfo
freeaddrinfo
accept
gethostname
ioctlsocket
sendto
recvfrom
WSAGetLastError

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 766KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 102KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 237KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4335e06e66851d3c119850f1ba23f2a1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

gdiplus

imm32

gdi32

oleaut32

crypt32

psapi

wldap32

ws2_32

usp10

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 766KB - Virtual size: 765KB

.data Size: 102KB - Virtual size: 214KB

.gfids Size: 512B - Virtual size: 436B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 223KB - Virtual size: 222KB

.reloc Size: 237KB - Virtual size: 240KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 766KB - Virtual size: 765KB

.data
Size: 102KB - Virtual size: 214KB

.gfids
Size: 512B - Virtual size: 436B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 223KB - Virtual size: 222KB

.reloc
Size: 237KB - Virtual size: 240KB