1c5b1a695869a3cc7f8dff9045898399bb5263eb3f938470814d66a8d289400c

Sharing

Copy URL

Twitter E-mail

General

Target

1c5b1a695869a3cc7f8dff9045898399bb5263eb3f938470814d66a8d289400c
Size

3.2MB
MD5

d3af2e8b87c9c91bb42f2505440635ee
SHA1

dc1508df8bba93ee8a7818bb66777a3aa506ed2d
SHA256

1c5b1a695869a3cc7f8dff9045898399bb5263eb3f938470814d66a8d289400c
SHA512

0c834a39649a7cb90a7f9a8ab8691781ae0aa201d73bd0e3aeecb2660c381a0a453a408d568b880c3e63ec0df33f8c2a720870ae672cee273f96f74042ccda6e
SSDEEP

49152:A4abpvNITTinggggMwxX9l/2KHbSf8o/+8pZ29SQKP/hBmmjH+vDTQ8EbI:IoT2FXj/2KH+fm8pgngh7HN8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c5b1a695869a3cc7f8dff9045898399bb5263eb3f938470814d66a8d289400c

Files

1c5b1a695869a3cc7f8dff9045898399bb5263eb3f938470814d66a8d289400c
.exe windows:5 windows x86 arch:x86

e6b9534c601d78e0c773e7996da29a60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GlobalLock
GlobalUnlock
GetFileSize
ReadFile
lstrlenW
LoadLibraryW
GetCurrentDirectoryW
CreateFileW
GetACP
VerSetConditionMask
OpenProcess
MulDiv
VerifyVersionInfoW
ExitProcess
WriteFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
GetFileAttributesW
LocalFree
GlobalAlloc
GetLocalTime
lstrcmpiW
lstrcpynW
lstrcpyW
FreeLibrary
FindResourceExW
DeleteFileW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
MoveFileW
InitializeCriticalSection
DeviceIoControl
GetSystemDirectoryA
CreateFileA
GetSystemInfo
GetVersionExW
FindClose
GetLocaleInfoW
GetEnvironmentVariableW
GetDriveTypeW
FindFirstFileW
FindNextFileW
MoveFileExW
SetErrorMode
LocalAlloc
CloseHandle
VirtualAlloc
VirtualFree
VirtualProtect
GetNativeSystemInfo
LoadLibraryA
IsBadReadPtr
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlUnwind
GetTimeZoneInformation
GetModuleHandleExW
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ExitThread
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
ReadConsoleW
SetEndOfFile
WriteConsoleW
GetFileAttributesExW
FlushFileBuffers
LCMapStringW
CompareStringW
EncodePointer
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
SetLastError
QueryPerformanceFrequency
QueryPerformanceCounter
GetStringTypeW
FormatMessageW
TryEnterCriticalSection
SetEvent
GetFullPathNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetEnvironmentVariableA
CompareFileTime
GetSystemDirectoryW
SleepEx
GetCPInfo
LeaveCriticalSection
ReadConsoleA
SetConsoleMode
SwitchToFiber
DeleteFiber
CreateFiber
GlobalMemoryStatus
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
GetCommandLineW
Sleep
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
GetModuleFileNameW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetLogicalDriveStringsW
GetProcAddress

user32

SetPropW
EnableWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
wsprintfW
LoadImageW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
OffsetRect
UnionRect
IntersectRect
LoadCursorW
SetCursor
InflateRect
MonitorFromPoint
SetWindowRgn
MessageBoxW
UpdateLayeredWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
GetSysColor
MapWindowPoints
ScreenToClient
GetCursorPos
GetWindowRect
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextW
IsZoomed
IsIconic
IsWindowVisible
DestroyWindow
IsWindow
CreateWindowExW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetProcessWindowStation
GetUserObjectInformationW
HideCaret
ShowCaret
SetCaretPos
GetPropW
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
DrawTextA
wsprintfA
IsWindowEnabled
GetWindowTextLengthW
GetWindowTextW
EqualRect
DrawIconEx
DestroyIcon
PrivateExtractIconsW
SetForegroundWindow
ShowWindow
SetWindowTextW
UpdateWindow
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
IsChild
GetMonitorInfoW
MonitorFromWindow
MoveWindow
SetWindowPos
GetSystemMetrics
PostMessageW
PostQuitMessage
ReleaseDC
GetDC
ClientToScreen
GetCaretPos

advapi32

RegCloseKey
RegQueryValueExW
GetUserNameW
OpenProcessToken
RegCreateKeyExW
GetTokenInformation
LookupAccountSidW
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
RegOpenKeyExW
RegSetValueExW
DeregisterEventSource

ole32

CoCreateGuid
CoCreateInstance
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
OleLockRunning
CLSIDFromProgID
CoInitializeEx
CoUninitialize
CoInitialize

oleaut32

VariantInit
SysAllocString
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantCopy

shlwapi

SHDeleteKeyW
PathFindFileNameW
PathIsDirectoryW
PathCombineW
PathFileExistsW
UrlUnescapeW
PathRemoveFileSpecW

gdi32

GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
TextOutW
GetTextExtentPoint32W
GetDeviceCaps
SetWindowOrgEx
CreatePen
DeleteDC
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CreateFontIndirectW
CreateRoundRectRgn
CreateRectRgn
MoveToEx
LineTo
CombineRgn
CreateDIBSection
DeleteObject
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
PtInRegion

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

dbghelp

MiniDumpWriteDump

psapi

GetProcessImageFileNameW
EnumProcesses

urlmon

ObtainUserAgentString

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW
DragQueryFileW
SHGetFileInfoW

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

ws2_32

setsockopt
getnameinfo
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAIoctl
WSASetLastError
socket
shutdown
ntohs
htons
WSAStartup
gethostname
gethostbyname
getsockopt
getsockname
getpeername
closesocket
recv
send
WSAGetLastError
bind
connect

gdiplus

GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipSetTextRenderingHint
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdiplusStartup
GdipDeleteGraphics
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateFromHDC
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipCreateFontFromDC
GdipGetPropertyItem
GdipSetSmoothingMode
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipGetPropertyItemSize
GdipSetStringFormatFlags

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

crypt32

CertDuplicateCertificateContext
CertCloseStore
CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertEnumCertificatesInStore
CertFreeCertificateContext
CertOpenStore
CertFindCertificateInStore
CertGetEnhancedKeyUsage
CertGetCertificateContextProperty

wldap32

ord147
ord219
ord46
ord301
ord145
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 47KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e6b9534c601d78e0c773e7996da29a60

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

gdi32

version

dbghelp

psapi

urlmon

shell32

comctl32

ws2_32

gdiplus

imm32

crypt32

wldap32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 566KB - Virtual size: 566KB

.data Size: 47KB - Virtual size: 73KB

.rsrc Size: 205KB - Virtual size: 205KB

.reloc Size: 172KB - Virtual size: 172KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 566KB - Virtual size: 566KB

.data
Size: 47KB - Virtual size: 73KB

.rsrc
Size: 205KB - Virtual size: 205KB

.reloc
Size: 172KB - Virtual size: 172KB