e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96

Sharing

Copy URL

Twitter E-mail

General

Target

e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96
Size

11.4MB
MD5

f25585c1b52299fb5286680b7303e3fa
SHA1

a45fa68de02fe4d2fca32d7b867bd10babe98b28
SHA256

e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96
SHA512

cdbcfe7693651d288750c89d45982eecd617694181ed9358d43ca3854aa5dd0e50843517f73e3898d1228fab5957afb833e846dbd354af529fcc47dd06cffe1a
SSDEEP

196608:Jua9H1n4YZUIeeUVJsv6tWKFdu9CY+7f:xyPVJsv6tWKFdu9Cx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96

Files

e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96
.exe windows:6 windows x86 arch:x86

5f43c644cf75a519939c4ef78cc40bda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
GetDriveTypeW
GetConsoleWindow
ExitProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CompareStringEx
GetCommandLineW
GetSystemTime
GetLocalTime
OutputDebugStringW
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
WaitForSingleObjectEx
GetSystemDirectoryW
LoadLibraryW
DuplicateHandle
WaitForMultipleObjects
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
ResetEvent
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetFileAttributesExW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
CompareStringW
CreateEventW
GetStartupInfoW
GetModuleFileNameW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLongPathNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointerEx
UnregisterWaitEx
RegisterWaitForSingleObject
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
MultiByteToWideChar
FindFirstFileExW
FindNextFileW
FreeLibrary
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetExitCodeProcess
ReleaseMutex
CreateMutexW
VirtualFree
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
VirtualQuery
SetLastError
LoadLibraryExW
GetCommandLineA
ExitThread
FreeLibraryAndExitThread
SetFileAttributesW
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetStdHandle
HeapAlloc
HeapFree
HeapReAlloc
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
HeapSize
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteFile
ReadFile
CreateFileW
GetUserDefaultLangID
GetCurrentProcessId
GlobalSize
LoadLibraryA
GetLocaleInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
OpenProcess
CheckRemoteDebuggerPresent
CreateProcessW
CloseHandle
ExpandEnvironmentStringsW
SetErrorMode
WTSGetActiveConsoleSessionId
FormatMessageW
LocalFree
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
GetLastError
lstrcmpW
Sleep
CreateThread
VirtualAlloc
VirtualProtect
GetLogicalDrives
LCMapStringW
WaitForSingleObject

imm32

ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetDefaultIMEWnd

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

GetThemeEnumValue
GetThemeInt
GetThemeColor
GetThemePartSize
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
GetCurrentThemeName
IsAppThemed
IsThemeActive
SetWindowTheme
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
ord47
OpenThemeData

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled

netapi32

NetApiBufferFree
NetShareEnum

userenv

GetUserProfileDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

user32

GetClassInfoW
RegisterClassExW
GetFocus
GetClientRect
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
RegisterClassW
EnumDisplayDevicesW
GetClipboardFormatNameW
TrackMouseEvent
AdjustWindowRectEx
GetAsyncKeyState
UnregisterClassW
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
MessageBoxW
DrawIconEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
RegisterDeviceNotificationW
UnregisterDeviceNotification
CharNextExA
GetForegroundWindow
EnableMenuItem
GetSystemMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
ShowWindow
IsChild
CreateWindowExW
AttachThreadInput
PostMessageW
SendMessageW
UpdateLayeredWindowIndirect
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
GetDesktopWindow
GetSysColor
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSystemMetrics
GetWindowRect
SetWindowTextW
InvalidateRect
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
GetTouchInputInfo
SetCursor
SetWindowRgn
GetUpdateRect
BeginPaint
EndPaint
GetMessageExtraInfo
SetForegroundWindow

gdi32

GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
RemoveFontMemResourceEx
GetDIBits
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
CombineRgn
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetFontData
EnumFontFamiliesExW
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
GetOutlineTextMetricsW

advapi32

AccessCheck
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
OpenProcessToken
GetTokenInformation
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW

shell32

SHGetKnownFolderPath
CommandLineToArgvW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW

ole32

CoCreateInstance
DoDragDrop
CoTaskMemFree
ReleaseStgMedium
CoGetMalloc
CoCreateGuid
OleIsCurrentClipboard
RevokeDragDrop
CoUninitialize
OleFlushClipboard
OleGetClipboard
OleSetClipboard
OleUninitialize
OleInitialize
RegisterDragDrop
CoLockObjectExternal
CoInitialize
StringFromGUID2
CoInitializeEx

oleaut32

SafeArrayPutElement
SafeArrayCreateVector
SysAllocString

winmm

timeSetEvent
timeKillEvent

ws2_32

WSAAsyncSelect

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f43c644cf75a519939c4ef78cc40bda

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

imm32

wtsapi32

uxtheme

dwmapi

netapi32

userenv

version

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

ws2_32

Sections

.text Size: 7.5MB - Virtual size: 7.5MB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.data Size: 277KB - Virtual size: 321KB

.qtmetad Size: 1KB - Virtual size: 1KB

.rsrc Size: 362KB - Virtual size: 361KB

.reloc Size: 233KB - Virtual size: 232KB

.text
Size: 7.5MB - Virtual size: 7.5MB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 277KB - Virtual size: 321KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 362KB - Virtual size: 361KB

.reloc
Size: 233KB - Virtual size: 232KB