1b5b5061c3e0833f16671b5d937a1d7227e117e4f078c732b26ca4ea80874ccf

Sharing

Copy URL Twitter E-mail

General

Target

1b5b5061c3e0833f16671b5d937a1d7227e117e4f078c732b26ca4ea80874ccf
Size

581KB
MD5

e6d731f5fab9b1783a6792a8c46cf2ae
SHA1

b1fb3d6c685e33dcf591707a1b33e283813d2048
SHA256

1b5b5061c3e0833f16671b5d937a1d7227e117e4f078c732b26ca4ea80874ccf
SHA512

69cc99e7283d09461980fc384dd390ffe9458ba83b833946d405509b3dc8d84ef759a4e5a41da5715413d9e33f79b9bae2bfb1e011ddb3ae2c4ef338073a1f24
SSDEEP

12288:GfqhGS2zgeYmbaEGYfTgRMcp7YJhswtCcQmglIo8535zW:BhGLceH+4TgRMceJiwrtgOo8531W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b5b5061c3e0833f16671b5d937a1d7227e117e4f078c732b26ca4ea80874ccf

Files

1b5b5061c3e0833f16671b5d937a1d7227e117e4f078c732b26ca4ea80874ccf
.exe windows:6 windows x86 arch:x86

46aca5759420fb75562f95de5336470f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dbghelp

SymGetModuleInfoW
SymFunctionTableAccess
MiniDumpWriteDump
SymLoadModule
SymInitialize
StackWalk
SymCleanup
SymSetOptions

wininet

InternetConnectA
HttpOpenRequestA
InternetOpenA
HttpSendRequestA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

psapi

GetModuleFileNameExA
GetModuleFileNameExW

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

tinyxml

??1TiXmlDocument@@UAE@XZ
??0TiXmlDocument@@QAE@XZ
?GetText@TiXmlElement@@QBEPBDXZ
?FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@XZ
?NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@@XZ
?Value@TiXmlNode@@QBEPBDXZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?ToDocument@TiXmlDocument@@UAEPAV1@XZ
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@@@Z
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?ToDocument@TiXmlDocument@@UBEPBV1@XZ
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ

kernel32

GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
GetStringTypeW
LCMapStringW
GetFileType
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
VirtualProtect
GetModuleHandleW
GetCommandLineW
SetCurrentDirectoryW
SetErrorMode
GetTickCount
MultiByteToWideChar
CreateFileA
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
CloseHandle
GetLastError
SetEvent
WaitForSingleObject
TerminateProcess
CreateThread
OpenThread
CreateProcessW
OpenProcess
GetLocalTime
GetWindowsDirectoryW
FindFirstFileExW
ReadProcessMemory
WriteProcessMemory
FreeLibrary
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryW
lstrcpyW
lstrcatW
lstrlenW
CopyFileW
WideCharToMultiByte
Sleep
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
IsDBCSLeadByte
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
ResetEvent
CreateEventW
ResumeThread
FreeResource
CreateFileW
GetFileAttributesW
GetProcAddress
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WriteFile
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateDirectoryW
GetFileSize
ReadFile
SetFilePointer
GetTempPathW
GetVersionExW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileSectionW
GetSystemDefaultLCID
GetThreadSelectorEntry
GetCurrentProcessId
GetCurrentThreadId
VirtualAlloc
VirtualFree
SetFileAttributesW
QueryPerformanceCounter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
GetCurrentProcess
GetSystemTimeAsFileTime
MoveFileW
DeviceIoControl
FindResourceExW
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
SetEndOfFile
VirtualQueryEx
WriteConsoleW
OutputDebugStringW

user32

InvalidateRect
GetWindowTextLengthW
GetWindowRect
ClientToScreen
MapWindowPoints
GetSysColorBrush
SetWindowLongW
MapDialogRect
ReleaseDC
GetGuiResources
IsWindow
CreatePopupMenu
DestroyMenu
TrackPopupMenu
DefWindowProcW
RegisterClassExW
EndPaint
CreateWindowExW
DestroyWindow
GetClassNameW
EnumWindows
EnumChildWindows
GetDesktopWindow
GetWindowLongW
GetWindowTextW
PostMessageW
DrawIconEx
LoadImageW
LoadIconW
GetClientRect
SetWindowTextW
GetDlgItem
EndDialog
SetWindowPos
BeginPaint
GetDC
DrawTextW
GetMenuItemCount
GetMenuItemID
EnableMenuItem
GetSystemMenu
EnableWindow
ShowWindow
KillTimer
SetTimer
SendMessageW
GetKeyState
EmptyClipboard
RegisterClipboardFormatW
SetClipboardData
CloseClipboard
OpenClipboard
SendDlgItemMessageW
SetDlgItemTextW
DialogBoxParamW
CallWindowProcW
GetClassInfoExW
GetWindowThreadProcessId

gdi32

SetBkMode
SelectObject
GetStockObject
SetTextColor
CreateFontW
DeleteObject

advapi32

RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHBindToParent
SHGetDesktopFolder
ord155
SHGetFileInfoW

ole32

OleUninitialize
OleInitialize
DoDragDrop
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysStringLen

gdiplus

GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipImageGetFrameDimensionsCount
GdiplusShutdown
GdipImageSelectActiveFrame
GdiplusStartup
GdipAlloc
GdipFree
GdipLoadImageFromStreamICM
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipGetPropertyItem

shlwapi

PathFileExistsW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

crypt32

CertGetNameStringW

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust

ws2_32

inet_ntoa

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

netapi32

Netbios

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

46aca5759420fb75562f95de5336470f

Headers

DLL Characteristics

File Characteristics

Imports

version

dbghelp

wininet

psapi

comctl32

tinyxml

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

wtsapi32

crypt32

wintrust

ws2_32

iphlpapi

netapi32

Sections

.text Size: 274KB - Virtual size: 273KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 62KB - Virtual size: 62KB

.reloc Size: 76KB - Virtual size: 76KB

.text
Size: 274KB - Virtual size: 273KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 62KB - Virtual size: 62KB

.reloc
Size: 76KB - Virtual size: 76KB