a1d9d2e08f1f708b132486f8ed01324c7606fe6d5c94a8b88ae0cdce42621ab7

Sharing

Copy URL

Twitter E-mail

General

Target

a1d9d2e08f1f708b132486f8ed01324c7606fe6d5c94a8b88ae0cdce42621ab7
Size

2.4MB
MD5

f86afaa576fac8d9bc2d4767a6073ed0
SHA1

d4bf85e5c5272c6c23d34ac371aa7a6b697c48f8
SHA256

a1d9d2e08f1f708b132486f8ed01324c7606fe6d5c94a8b88ae0cdce42621ab7
SHA512

c5714541fbe2f35fe0909c9ed76ed794bbbba971b36b56a19f285f20ec337bff38b322f197fdb3792e19fb25ff733a30e13c1dc4f8e222aec2e9d82fcb4bb6fd
SSDEEP

24576:F0Q0vEOvCTt5TjfVwE/lmMVjgx3sQjGZ+s3zcFdledFdMU0K4bX66L2WfMlv5eQ6:qfsOA/TjfVwilVjMsPDcQDdh0bmFlo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1d9d2e08f1f708b132486f8ed01324c7606fe6d5c94a8b88ae0cdce42621ab7

Files

a1d9d2e08f1f708b132486f8ed01324c7606fe6d5c94a8b88ae0cdce42621ab7
.exe windows:4 windows x86 arch:x86

854c0bd049746a0bfaecb95c8fd77df5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

msacm32

acmStreamClose

winmm

waveOutRestart
waveOutReset
waveOutPrepareHeader
waveOutPause
waveOutOpen
waveOutGetNumDevs
waveOutGetErrorTextA
waveOutGetDevCapsW
waveOutClose
waveInUnprepareHeader
waveInStop
waveInStart
waveInReset
waveInPrepareHeader
waveOutWrite
mixerClose
mixerGetControlDetailsW
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
waveInOpen
waveInGetNumDevs
waveInGetDevCapsW
waveInClose
waveInAddBuffer
mixerSetControlDetails
mixerOpen
waveOutUnprepareHeader
mixerGetNumDevs

msvcrt

_fileno
_except_handler3
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
strchr
fclose
fprintf
_stricmp
tolower
wcsstr
strstr
localtime
mktime
time
_ftol
memmove
strncmp
toupper
_strnicmp
_errno
fopen
getenv
atoi
atof
strtol
fgets
_atoi64
srand
isalnum
towlower
towupper
fseek
_telli64
fread
fwrite
_filelengthi64
fflush
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
_tzset

comctl32

ord17
ImageList_Write
ImageList_SetImageCount
ImageList_SetIconSize
ImageList_SetBkColor
ImageList_Remove
ImageList_Read
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_GetDragImage
ImageList_GetBkColor
ImageList_EndDrag
ImageList_DrawEx
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
InitializeFlatSB

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

kernel32

ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
EnumCalendarInfoW
FlushInstructionCache
FormatMessageA
FormatMessageW
FreeResource
GetACP
GetCommandLineW
GetComputerNameA
GetComputerNameW
GetCPInfo
GetCurrentDirectoryA
GetCurrentDirectoryW
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetEnvironmentVariableW
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPriorityClass
GetPrivateProfileStringW
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadLocale
GetThreadPriority
GetTimeZoneInformation
GetVersionExA
GetVersionExW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsValidLocale
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalSize
LockResource
lstrcmpA
lstrcmpiW
lstrcpynW
lstrcpyW
lstrlenW
MapViewOfFile
MoveFileW
MulDiv
MultiByteToWideChar
OpenFileMappingA
OpenFileMappingW
OpenProcess
OutputDebugStringW
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetLastError
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
WriteProcessMemory
CloseHandle
CompareFileTime
GetSystemTime
GetOEMCP
SetFileTime
CreateSemaphoreA
ReleaseSemaphore
DuplicateHandle
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessW
CreateProcessA
CreatePipe
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
CompareStringW
CompareStringA
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetVersion
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
GetTickCount
ExitProcess
LeaveCriticalSection
LoadLibraryA
FindResourceW

user32

MsgWaitForMultipleObjectsEx
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
PostThreadMessageA
PostThreadMessageW
RedrawWindow
RegisterClassA
RegisterClassW
RegisterClipboardFormatW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageTimeoutA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
ShowOwnedPopups
InvalidateRect
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UnregisterClassA
UpdateWindow
WaitMessage
WindowFromPoint
DrawMenuBar
DrawIconEx
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefWindowProcA
DefMDIChildProcW
DefFrameProcW
CreateWindowExW
CreateWindowExA
MessageBeep
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerW
CharLowerBuffW
CallWindowProcW
CallWindowProcA
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
GetKeyboardType
IntersectRect
InsertMenuW
InsertMenuItemW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextA
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMenu
GetSysColorBrush
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetMessageW
GetMessagePos
GetMessageA
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetLastActivePopup
GetKeyState
GetKeyNameTextW
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetCursorPos
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowW
FindWindowExW
FindWindowA
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
MapWindowPoints
MapVirtualKeyW
LoadKeyboardLayoutW
LoadStringW
LoadImageW
LoadImageA
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsIconic
IsDialogMessageW
IsDialogMessageA
CreatePopupMenu
DrawTextW
DrawTextExW
IsChild
ShowScrollBar
DrawTextA

gdi32

PlayEnhMetaFile
PatBlt
OffsetViewportOrgEx
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWinMetaFileBits
GetWindowOrgEx
GetViewportOrgEx
GetTextMetricsW
GetTextFaceA
GetTextExtentPointW
GetTextExtentPoint32W
GetTextExtentPoint32A
StretchBlt
GetSystemPaletteEntries
GetStockObject
GetROP2
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetObjectType
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDIBits
GetDIBColorTable
GetDeviceCaps
RealizePalette
Rectangle
RectVisible
ResizePalette
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixelV
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
SetWinMetaFileBits
StartDocA
StartDocW
GetTextColor
StartPage
StretchDIBits
TextOutA
TextOutW
UnrealizeObject
Polyline
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBitmap
CreateDIBSection
CreateFontA
CreateFontIndirectW
CreateFontW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
EndDoc
EndPage
ExcludeClipRect
ExtSelectClipRgn
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBkColor
GetBkMode
GetBrushOrgEx
GetClipBox
GetCurrentObject
GetCurrentPositionEx
GetDCOrgEx
CopyEnhMetaFileW

advapi32

RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryInfoKeyA
RegOpenKeyExW
RegFlushKey
RegEnumKeyA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
RegCreateKeyExA
OpenProcessToken
LookupAccountSidW
GetUserNameW
GetUserNameA
GetTokenInformation
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptExportKey
CryptCreateHash
CryptSetHashParam
CryptDestroyHash
CryptSignHashA
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
CryptGetProvParam
CryptGetUserKey
CryptAcquireContextA

shell32

ShellExecuteA
Shell_NotifyIconW
ShellExecuteExA

ole32

CoUninitialize
OleInitialize
OleUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantCopy
VariantClear
VariantChangeType
SysReAllocStringLen
SysFreeString
SysAllocStringLen
SetErrorInfo
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
GetErrorInfo
VariantInit

ws2_32

send
shutdown
closesocket
recv
connect
gethostbyname
htons
inet_addr
ioctlsocket
recvfrom
select
sendto
setsockopt
socket
WSACleanup
WSAGetLastError
WSAStartup
getsockopt
accept
WSAIoctl
ntohs
inet_ntoa
getsockname
__WSAFDIsSet
bind
listen

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 392KB - Virtual size: 14.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xcore
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

854c0bd049746a0bfaecb95c8fd77df5

Headers

File Characteristics

Imports

msacm32

winmm

msvcrt

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 308KB - Virtual size: 307KB

.data Size: 392KB - Virtual size: 14.5MB

.xcore Size: 8KB - Virtual size: 7KB

.rsrc Size: 74KB - Virtual size: 74KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 308KB - Virtual size: 307KB

.data
Size: 392KB - Virtual size: 14.5MB

.xcore
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 74KB - Virtual size: 74KB