27d51ed336d353a094814006f62f53f65943e38179a29eec2e2e52e5d2ca5e87

Sharing

Copy URL Twitter E-mail

General

Target

27d51ed336d353a094814006f62f53f65943e38179a29eec2e2e52e5d2ca5e87
Size

11.5MB
MD5

32d007bfb6e4252372f24c25ac622165
SHA1

71686849df360b716958da824aa39868985176f8
SHA256

27d51ed336d353a094814006f62f53f65943e38179a29eec2e2e52e5d2ca5e87
SHA512

58da11cf61e962046b054db2883c9d4995b8cdebb82197cfcf0191a46ac556a311b27d6b4ba7f46fcf490eafe6f02ee5f072b771df603ff9e02e814f40bb5096
SSDEEP

196608:EgZ+65ILakuxD4ruT8DftVLsn8QwzsHjVgu4E0raMKoMU1ODE+yGUY:Ew55uakMQtXQn8LNjaMKoMPy0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27d51ed336d353a094814006f62f53f65943e38179a29eec2e2e52e5d2ca5e87

Files

27d51ed336d353a094814006f62f53f65943e38179a29eec2e2e52e5d2ca5e87
.exe windows:4 windows x86 arch:x86

f4f4101e3a3f7dd7e17463a13ab0434c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHAutoComplete

winmm

waveInUnprepareHeader
waveInReset
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
PlaySoundA
waveInClose

kernel32

GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetDriveTypeA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
FatalAppExitA
IsBadWritePtr
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
SetStdHandle
HeapSize
GetACP
IsValidCodePage
GetSystemTime
GetTimeZoneInformation
RaiseException
ExitThread
HeapReAlloc
RtlUnwind
SetErrorMode
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
TlsSetValue
GlobalReAlloc
TlsFree
lstrcpyW
FindResourceExA
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
GetProfileIntA
GetProfileStringA
GetPrivateProfileSectionNamesA
EnumResourceLanguagesA
EnumResourceTypesA
GetDateFormatA
GetTimeFormatA
GetCurrentProcessId
GetExitCodeThread
ResetEvent
IsValidLocale
TerminateProcess
CreateEventA
GlobalHandle
CloseHandle
TerminateThread
WaitForSingleObject
TlsAlloc
GlobalFlags
SystemTimeToFileTime
LocalFileTimeToFileTime
MulDiv
GetDiskFreeSpaceA
GetFileTime
SetFileTime
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
GetVolumeInformationA
GetComputerNameA
SetFilePointer
ReadFile
GetFileSize
CreateFileA
CopyFileA
DeleteFileA
lstrcatA
GetModuleFileNameA
WriteFile
GetCurrentDirectoryA
LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
FindClose
FindNextFileA
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
FindFirstFileA
GlobalUnlock
GlobalLock
GetTickCount
CreateProcessA
lstrcpyA
GetLastError
GetTempPathA
GetLocalTime
GetTempFileNameA
GetCurrentThread
SuspendThread
SetThreadPriority
SetLastError
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
FormatMessageA
GetVersion
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpA
LocalSize
LocalReAlloc
GetModuleHandleA
GlobalSize
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceNamesA
HeapFree
IsBadReadPtr
VirtualProtect
GetProcessHeap
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
CancelIo
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
PostQueuedCompletionStatus
InitializeCriticalSection
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryExA
FreeLibrary
CreateDirectoryA
MoveFileA
lstrcpynA
LocalAlloc
lstrlenA
GlobalFree
LocalFree
SetUnhandledExceptionFilter
FreeResource
LoadLibraryA
GetProcAddress
GetCommandLineA
GetStartupInfoA
ExitProcess
GetSystemDirectoryA
IsBadCodePtr

user32

GetWindowDC
IsRectEmpty
FillRect
IsZoomed
SetRectEmpty
DestroyMenu
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
ValidateRect
CharUpperA
LoadStringA
wvsprintfA
OemToCharA
CharToOemA
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
MapWindowPoints
PeekMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
TabbedTextOutA
GrayStringA
LoadAcceleratorsA
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
SendMessageTimeoutA
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
TranslateAcceleratorA
SetMenu
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
GetClassNameA
GetDialogBaseUnits
RemoveMenu
CopyAcceleratorTableA
GetNextDlgGroupItem
GetDCEx
RegisterClipboardFormatA
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
BeginPaint
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
SendMessageA
EnableWindow
RegisterWindowMessageA
UpdateWindow
InvalidateRect
SetRect
wsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
IsWindowVisible
RedrawWindow
PostMessageA
MessageBoxA
DestroyIcon
LoadImageA
GetCursorPos
GetMenuItemCount
GetSubMenu
LoadMenuA
LockWindowUpdate
GetDesktopWindow
ReleaseDC
GetDC
GetSysColor
LoadCursorA
SetCursor
ReleaseCapture
SetWindowPos
GetDlgCtrlID
CharNextA
WindowFromDC
UnregisterClassA
MsgWaitForMultipleObjects
InSendMessage
DefMDIChildProcA
InvertRect
PostThreadMessageA
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
IntersectRect
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
InsertMenuA
GetMenuStringA
CreateMenu
PtInRect
DeleteMenu
SetWindowRgn
LoadBitmapA
GetSysColorBrush
RegisterClassExA
ShowScrollBar
CheckMenuRadioItem
GetMenuState
AppendMenuA
DrawTextA
GetScrollBarInfo
DrawIconEx
GetKeyState
SetClassLongA
DestroyCursor
SetWindowLongA
SendDlgItemMessageA
SetParent
DrawMenuBar
TranslateMDISysAccel
UnhookWindowsHookEx
EndPaint
DefFrameProcA
ExcludeUpdateRgn
DefDlgProcA
GetTabbedTextExtentA
GetClipboardFormatNameA
GetAsyncKeyState
GetDoubleClickTime
IsWindowUnicode
GetWindowLongW
SetWindowLongW
CopyImage
SetCursorPos
UnionRect
GetMenuDefaultItem
LoadMenuIndirectA
GetMenuStringW
LookupIconIdFromDirectoryEx
GetCursor
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
IsClipboardFormatAvailable
CopyIcon
CreateIconIndirect
GetIconInfo
GetWindowRgn
HideCaret
ShowCaret
IsMenu
GetMenuItemInfoA
DrawFocusRect
DrawFrameControl
CreatePopupMenu
DrawAnimatedRects
EnumChildWindows
KillTimer
GetFocus
SetTimer
WaitForInputIdle
GetWindowLongA
GetWindowThreadProcessId
IsIconic
DrawIcon
ClipCursor
SystemParametersInfoA
EnumWindows
FindWindowA
ShowWindow
SetMenuDefaultItem
DrawEdge
WaitMessage
MapVirtualKeyA
DrawStateA
CheckMenuItem
EnableMenuItem
GetClientRect
ClientToScreen
ScreenToClient
SetCapture
GetWindow
GetParent
WindowFromPoint
GetWindowRect
CreateIconFromResource
CreateIconFromResourceEx
LookupIconIdFromDirectory
GetClipboardData
GetSystemMetrics
MessageBeep
InflateRect
OffsetRect
GetSystemMenu

gdi32

StartDocA
SaveDC
RestoreDC
SelectPalette
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
OffsetClipRgn
MoveToEx
LineTo
CreateFontIndirectA
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
DPtoLP
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
Escape
GetMapMode
SetRectRgn
CopyMetaFileA
CreateDCA
GetTextColor
GetBkColor
GetPixel
CreateFontA
TextOutA
SetBkMode
GetDCOrgEx
LPtoDP
GetCharWidthA
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
GdiFlush
DeleteDC
StretchBlt
SetStretchBltMode
BitBlt
SetDIBColorTable
SelectObject
CreateCompatibleDC
CreateDIBSection
GetStockObject
GetPaletteEntries
CreateHalftonePalette
StretchDIBits
ExtTextOutA
SetTextColor
SetBkColor
GetObjectA
CombineRgn
PolyBezierTo
CreateRectRgn
GetClipBox
CreateBitmap
PatBlt
CreateRectRgnIndirect
GetTextExtentPoint32A
SetTextAlign
IntersectClipRect
Polygon
GetTextAlign
SetPixel
GetCurrentObject
PtInRegion
GetDIBits
GetWindowOrgEx
GetBitmapBits
ExtCreateRegion
EnumFontFamiliesExA
Rectangle
Polyline
GetViewportOrgEx
ExtFloodFill
Ellipse
SetBrushOrgEx
GetRgnBox
CreatePolygonRgn
RoundRect
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
GetTextExtentPoint32W
ExtTextOutW
GetTextExtentPointA
CreateDIBitmap
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
GetTextMetricsA

comdlg32

PageSetupDlgA
ChooseColorA
CommDlgExtendedError
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA
PrintDlgA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegDeleteKeyA

shell32

DragQueryFileA
Shell_NotifyIconA
DragFinish
DragAcceptFiles
SHAppBarMessage
ExtractIconA
SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

comctl32

CreatePropertySheetPageA
ImageList_Write
ImageList_Read
ImageList_Merge
ImageList_LoadImageA
ImageList_Create
ImageList_Destroy
ord14
ord13
ord17
ImageList_AddMasked
ImageList_SetBkColor
ImageList_ReplaceIcon
PropertySheetA
ImageList_Remove
ImageList_Draw
ImageList_GetImageInfo
ImageList_Add
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetIcon
_TrackMouseEvent
DestroyPropertySheetPage

oledlg

ord4
ord9
ord5
ord6
ord7
ord3
ord1
ord8

ole32

WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
OleTranslateAccelerator
CreateDataAdviseHolder
CoGetClassObject
WriteClassStg
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
IsAccelerator
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
GetRunningObjectTable
OleRegGetUserType
OleRun
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegEnumVerbs
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoGetMalloc
DoDragDrop
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CreateFileMoniker
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
OleLockRunning
OleSetContainedObject
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromFile
OleCreateLinkToFile
OleCreate
OleLoad
OleSave
GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
OleSaveToStream
CreateItemMoniker
CreateGenericComposite
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
OleSetMenuDescriptor
GetClassFile

olepro32

ord253

oleaut32

SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysFreeString
SysAllocStringLen
VariantTimeToSystemTime
SysReAllocStringLen
SafeArrayCreateVector
SysStringLen
LoadTypeLi
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayAllocDescriptor
OleLoadPicturePath
VariantChangeTypeEx
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VariantInit

urlmon

URLDownloadToFileA

skinh

SkinH_AttachEx

ws2_32

WSACreateEvent
WSAEventSelect
bind
listen
WSAStartup
socket
WSACleanup
ioctlsocket
htons
connect
select
gethostname
gethostbyname
closesocket
getpeername
inet_ntoa
WSAGetLastError
getsockname
ntohs
inet_addr
__WSAFDIsSet
recv
send
WSACloseEvent
WSASend
WSARecv
WSAWaitForMultipleEvents
WSAIoctl
WSASocketA
accept
setsockopt
WSAEnumNetworkEvents

pdh

PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery
PdhAddCounterA
PdhOpenQueryA

avifil32

AVIFileExit
AVIFileCreateStreamA
AVIFileOpenA
AVIStreamWrite
AVIStreamSetFormat
AVIFileRelease
AVIFileInit
AVIStreamRelease

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibClose

wininet

FtpOpenFileA
FtpPutFileA
FtpGetFileA
GopherCreateLocatorA
GopherGetAttributeA
GopherOpenFileA
HttpOpenRequestA
InternetErrorDlg
HttpAddRequestHeadersA
HttpSendRequestA
HttpEndRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpFindFirstFileA
InternetFindNextFileA
GopherFindFirstFileA
InternetGetLastResponseInfoA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetConnectA
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetGetCookieA
InternetSetCookieA
InternetSetStatusCallback
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetGetConnectedState
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FtpGetCurrentDirectoryA

imm32

ImmAssociateContext

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 484KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.maopo
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_MEM_EXECUTE

Sharing

General

Malware Config

Signatures

Files

f4f4101e3a3f7dd7e17463a13ab0434c

Headers

File Characteristics

Imports

shlwapi

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

skinh

ws2_32

pdh

avifil32

msvfw32

wininet

imm32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 108KB - Virtual size: 107KB

.rdata Size: 484KB - Virtual size: 480KB

.data Size: 244KB - Virtual size: 700KB

.rsrc Size: 3.2MB - Virtual size: 3.2MB

.maopo Size: 4.7MB - Virtual size: 4.7MB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 108KB - Virtual size: 107KB

.rdata
Size: 484KB - Virtual size: 480KB

.data
Size: 244KB - Virtual size: 700KB

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

.maopo
Size: 4.7MB - Virtual size: 4.7MB