38599dd8659f9773489bdd8f31a28349d7d8eff10d8e1fd2468c2d1a2fe51cad

Sharing

Copy URL

Twitter E-mail

General

Target

38599dd8659f9773489bdd8f31a28349d7d8eff10d8e1fd2468c2d1a2fe51cad
Size

2.0MB
MD5

19cbe2153c5456a829bd5f5343b7ddd3
SHA1

e0abf6fe2e0cea1475458acbe2f07a32bcf268d2
SHA256

38599dd8659f9773489bdd8f31a28349d7d8eff10d8e1fd2468c2d1a2fe51cad
SHA512

a7b0295abe39aaf0e41fbaedaa59f4db481ac0b2e1272fe315864771434c47f324803b63a9c48e4d61b5eba56daf8ff485818e477f65156b634559027eddeae9
SSDEEP

49152:Cup9JovzZUl09wZ+bgf3+7w9bEJZhJCvOk:DswZu7w9EZ7k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38599dd8659f9773489bdd8f31a28349d7d8eff10d8e1fd2468c2d1a2fe51cad

Files

38599dd8659f9773489bdd8f31a28349d7d8eff10d8e1fd2468c2d1a2fe51cad
.exe windows:5 windows x86 arch:x86

551bf3acc3c65a184c16c8ffd4f0310b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\xra_common\xrtnews_v2\Release_tjsd\xrtnews.pdb

Imports

kernel32

ReadFile
FlushFileBuffers
FindClose
CreateProcessW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
FindNextFileW
DecodePointer
VirtualProtect
SetUnhandledExceptionFilter
lstrcmpiW
LoadLibraryExW
GetCommandLineW
SetCurrentDirectoryW
IsBadReadPtr
GetLongPathNameW
OpenProcess
GetCurrentThread
GetProcessId
MapViewOfFile
UnmapViewOfFile
lstrcpynW
lstrlenW
OpenFileMappingW
GetStartupInfoW
GetTempFileNameW
GetFileAttributesExW
MoveFileW
MoveFileExW
GetTempPathW
WriteFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
CreateMutexW
CloseHandle
Sleep
QueryPerformanceCounter
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
DuplicateHandle
WaitForSingleObjectEx
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
GetCurrentProcessId
WriteConsoleW
SetStdHandle
SetConsoleCtrlHandler
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetTimeZoneInformation
GetConsoleMode
ResetEvent
SetFilePointerEx
GetFileType
VirtualQuery
GetSystemInfo
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
InterlockedFlushSList
RtlUnwind
DosDateTimeToFileTime
FileTimeToDosDateTime
LocalFree
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
SetFileTime
GetFileTime
SetFilePointer
SetEndOfFile
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
TerminateProcess
UnhandledExceptionFilter
GetPrivateProfileIntW
CreateFileMappingW
GetFileSizeEx
GlobalFree
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
FormatMessageW
GetStringTypeW
LoadLibraryExA
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryW
GetCurrentProcess
GetProcAddress
FreeLibrary
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedDecrement
InterlockedIncrement
lstrcmpW
CreateEventW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
InterlockedCompareExchange
InterlockedExchange
GetTickCount
CreateThread
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetLastError
GetCurrentThreadId
RaiseException
WritePrivateProfileStringW
GetPrivateProfileStringW
FindResourceExW
FindResourceW
GetLocalTime
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
LockResource
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetFileSize
LocalFileTimeToFileTime
QueryPerformanceFrequency
DeleteFileW
GetConsoleCP
CreateFileW
HeapDestroy
FindFirstFileExA

user32

ShowWindow
UpdateLayeredWindow
SetWindowPos
IsWindow
DrawFocusRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
DestroyCursor
EqualRect
UnionRect
GetAsyncKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
GetClientRect
CallWindowProcW
DefWindowProcW
PostMessageW
DestroyWindow
wsprintfW
SendMessageW
TranslateMessage
GetWindowRect
GetTopWindow
AttachThreadInput
SetCursor
DrawTextW
CreateDialogParamW
GetMonitorInfoW
MonitorFromWindow
MapWindowPoints
SetForegroundWindow
EndDialog
FindWindowW
SystemParametersInfoW
LoadImageW
PtInRect
GetCursorPos
IsWindowEnabled
EnableWindow
DialogBoxParamW
OffsetRect
CopyRect
GetForegroundWindow
MsgWaitForMultipleObjectsEx
IsWindowVisible
PostQuitMessage
DispatchMessageW
ScreenToClient
GetSystemMetrics
GetWindow
GetClassNameW
GetDesktopWindow
FillRect
GetSysColor
ClientToScreen
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
DestroyAcceleratorTable
CreateAcceleratorTableW
GetFocus
SetFocus
CharNextW
GetDlgItem
MoveWindow
IsChild
RegisterWindowMessageW
PostThreadMessageW
PeekMessageW
GetMessageW
GetWindowThreadProcessId
FindWindowExW
SendMessageTimeoutW
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW

gdi32

RectVisible
EnumFontFamiliesW
GetTextMetricsW
SetTextColor
SetBkMode
ExtTextOutW
SetBkColor
GetStockObject
GetDeviceCaps
CreateSolidBrush
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
SaveDC
RestoreDC
DeleteObject
DeleteDC
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateFontW
SetViewportOrgEx
OffsetViewportOrgEx

advapi32

RegOpenKeyExW
CryptDecrypt
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
EqualSid
GetTokenInformation
OpenThreadToken
OpenProcessToken
RegQueryValueExW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
CryptContextAddRef
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptEncrypt
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey

shell32

CommandLineToArgvW
SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
ord165

ole32

CoTaskMemRealloc
OleRun
OleInitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
CoCreateGuid
CoTaskMemFree
OleUninitialize

oleaut32

VariantChangeType
GetErrorInfo
SetErrorInfo
LoadRegTypeLi
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantClear
VarBstrCmp
LoadTypeLi
CreateErrorInfo
DispCallFunc
OleCreateFontIndirect

shlwapi

PathRenameExtensionW
wnsprintfW
PathIsDirectoryW
SHDeleteKeyW
StrStrIA
PathFindExtensionW
SHSetValueW
SHGetValueW
PathAppendW
PathRemoveFileSpecW
PathIsPrefixW
StrTrimA
StrCmpNIW
AssocQueryStringW
StrStrIW
PathFindFileNameW
PathCombineW
PathFileExistsW
StrCmpIW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipSetStringFormatLineAlign
GdipCreateBitmapFromStream
GdipSetStringFormatAlign
GdipCreateBitmapFromStreamICM
GdipDrawString
GdipBitmapGetPixel
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDeleteFont
GdipCreateBitmapFromFile
GdipCreateFont
GdipCreateBitmapFromFileICM
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImagePointRectI
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipDrawRectangleI

psapi

GetModuleFileNameExW

setupapi

SetupIterateCabinetW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

imm32

ImmDisableIME
ImmAssociateContext

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 27KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 465KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

551bf3acc3c65a184c16c8ffd4f0310b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

setupapi

version

imm32

iphlpapi

wininet

urlmon

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 235KB - Virtual size: 235KB

.data Size: 27KB - Virtual size: 35KB

.rsrc Size: 465KB - Virtual size: 465KB

.reloc Size: 133KB - Virtual size: 136KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 235KB - Virtual size: 235KB

.data
Size: 27KB - Virtual size: 35KB

.rsrc
Size: 465KB - Virtual size: 465KB

.reloc
Size: 133KB - Virtual size: 136KB