ea18f425705bded62ee266291e3f240003a741b36639a4f6c01347381613689e

Sharing

Copy URL Twitter E-mail

General

Target

ea18f425705bded62ee266291e3f240003a741b36639a4f6c01347381613689e
Size

6.1MB
MD5

545380c34b3ad73635eeb4701292a5a9
SHA1

291ef90b13c85735d2d522ffee6e1f77a1f3d279
SHA256

ea18f425705bded62ee266291e3f240003a741b36639a4f6c01347381613689e
SHA512

609241199a3d4332cf453068be731dbdb27c7634a45566a2b8bb0d77403f2e8196488c49dfe65efee7e7c43e2a2e629fe81f6f71353d4a3daf5dd5d0a25533f0
SSDEEP

196608:IwPo5CbHOJJNkMU39NxZA5t1ndd5smIVf2bNEStVljMbFJsv6tWKFdu9Cop:IwPyCbHLdZmd/sPVfJg0FJsv6tWKFdud

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea18f425705bded62ee266291e3f240003a741b36639a4f6c01347381613689e

Files

ea18f425705bded62ee266291e3f240003a741b36639a4f6c01347381613689e
.exe windows:5 windows x86 arch:x86

1a43828ec6412473890e942c0d25f104

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateDIBSection
GetPaletteEntries
GetTextExtentPoint32W
SelectObject
DeleteDC
CreateFontIndirectW
GetCharABCWidthsW
GetStockObject
PtInRegion
CreatePalette
CombineRgn
ExtTextOutW
SelectPalette
CreateRectRgn
GetOutlineTextMetricsW
SetBkMode
GetFontData
CreateEllipticRgn
CreateCompatibleBitmap
DeleteObject
GetDIBits
RealizePalette
CreateCompatibleDC
GetDeviceCaps
EnumFontFamiliesExW
GetCharABCWidthsI
SetWorldTransform
CreateBitmap
GetCharABCWidthsFloatW
GetTextMetricsW
GdiFlush
SelectClipRgn
GetTextFaceW
SetTextColor
GetObjectW
GetGlyphOutlineW
GetRegionData
SetGraphicsMode
OffsetRgn
BitBlt
SetTextAlign

oleaut32

SysAllocString
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit

imm32

ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetDefaultIMEWnd
ImmSetCompositionFontW
ImmNotifyIME
ImmSetCandidateWindow
ImmSetCompositionWindow

winmm

PlaySoundW

ws2_32

closesocket
send
WSAGetLastError
freeaddrinfo
getaddrinfo
WSAEventSelect
WSAResetEvent
recv
WSAEnumNetworkEvents
setsockopt
getsockname
ntohs
bind
ntohl
htons
getsockopt
getpeername
socket
connect
WSAAsyncSelect
WSASetLastError
WSACloseEvent
WSACreateEvent
accept
listen
htonl
sendto
recvfrom
select
WSAWaitForMultipleEvents
WSAStartup
WSACleanup
__WSAFDIsSet
ioctlsocket
gethostname
WSAIoctl

ole32

ReleaseStgMedium
CoUninitialize
CoTaskMemFree
OleSetClipboard
CoGetMalloc
CoInitialize
CoCreateGuid
OleIsCurrentClipboard
OleGetClipboard
OleUninitialize
RegisterDragDrop
DoDragDrop
RevokeDragDrop
CoLockObjectExternal
OleFlushClipboard
StringFromGUID2
CoCreateInstance
OleInitialize

user32

GetWindowLongW
CreateWindowExW
RegisterClassW
TrackPopupMenuEx
WindowFromPoint
ScrollWindowEx
SetDoubleClickTime
SystemParametersInfoW
UnhookWindowsHookEx
GetIconInfo
RegisterWindowMessageW
SetParent
IsIconic
TranslateMessage
ShowWindow
ClientToScreen
GetFocus
GetKeyboardLayout
SetWindowTextW
GetSystemMetrics
DestroyIcon
SetMenuItemInfoW
InvalidateRect
IsWindowVisible
GetKeyboardState
EndPaint
GetUpdateRect
DispatchMessageW
MoveWindow
GetKeyboardLayoutList
InvalidateRgn
EnableMenuItem
SetCaretPos
GetDoubleClickTime
SetWindowRgn
SetCursorPos
UnregisterClassW
ChangeClipboardChain
ScreenToClient
SetCaretBlinkTime
GetClientRect
GetDC
SetTimer
GetActiveWindow
LoadIconW
GetQueueStatus
CreateIconIndirect
GetAsyncKeyState
RegisterClassExW
CreateCaret
DefWindowProcW
LoadImageW
DestroyCursor
GetParent
SetWindowsHookExW
ReleaseDC
DestroyCaret
GetWindowPlacement
IsChild
CallNextHookEx
KillTimer
DrawIconEx
CreateCursor
AdjustWindowRectEx
RegisterClipboardFormatW
GetWindowRgn
SetClipboardViewer
SetWindowPos
PostMessageW
SetWindowLongW
IsZoomed
GetMenu
ToUnicode
MessageBeep
PeekMessageW
GetClassInfoW
SetCapture
GetSystemMenu
GetWindowThreadProcessId
FlashWindowEx
GetClipboardFormatNameW
ReleaseCapture
CharNextExA
SetCursor
GetCaretBlinkTime
DestroyWindow
GetWindowRect
HideCaret
MsgWaitForMultipleObjectsEx
ClipCursor
GetSysColorBrush
SetForegroundWindow
MapVirtualKeyW
GetSysColor
GetKeyState
SendMessageW
SetFocus
UpdateWindow
GetDesktopWindow
ValidateRgn
GetCursorPos
SetWindowPlacement
BeginPaint
ToAscii

advapi32

RegCreateKeyExW
CryptDestroyKey
RegFlushKey
OpenProcessToken
RegEnumValueW
RegQueryValueExW
CryptCreateHash
RegSetValueExW
RegEnumKeyExW
CryptReleaseContext
RegDeleteKeyW
CryptGenRandom
CryptHashData
CryptAcquireContextW
CryptEncrypt
CopySid
CryptImportKey
RegDeleteValueW
RegOpenKeyExW
CryptDestroyHash
CryptGetHashParam
FreeSid
RegCloseKey
GetLengthSid
RegQueryInfoKeyW
GetTokenInformation

shell32

ShellExecuteW

kernel32

CreateThread
SetEndOfFile
VirtualAlloc
OutputDebugStringW
VirtualQuery
GetDriveTypeA
GetCurrencyFormatW
InterlockedExchange
QueryPerformanceFrequency
GlobalLock
GetFileAttributesA
GetCurrentDirectoryW
ExitThread
GetOEMCP
LoadLibraryW
CopyFileW
WaitForSingleObject
WriteConsoleA
IsValidLocale
WaitForMultipleObjects
GetCurrentThread
VerSetConditionMask
DeviceIoControl
FileTimeToLocalFileTime
TlsAlloc
DeleteFileA
UnmapViewOfFile
GetStartupInfoA
FileTimeToSystemTime
MapViewOfFile
IsValidLanguageGroup
VerifyVersionInfoW
GetACP
TlsFree
SetFilePointer
GetStringTypeW
GetCPInfo
TlsSetValue
GetFullPathNameA
HeapSize
SetFilePointerEx
SleepEx
GetTimeZoneInformation
GetUserDefaultUILanguage
GetLocaleInfoW
LeaveCriticalSection
GetLocaleInfoA
EnumSystemLocalesA
GetDateFormatA
GetSystemDirectoryW
GetConsoleOutputCP
SetEnvironmentVariableA
FreeLibrary
DuplicateHandle
FindNextFileW
SetLastError
GetModuleFileNameW
GetProcessHeap
GetConsoleMode
GetSystemInfo
GetCurrentThreadId
GetEnvironmentStrings
FreeEnvironmentStringsW
GetCommandLineA
DeleteFileW
GetFileInformationByHandle
FlushFileBuffers
WriteConsoleW
CloseHandle
RemoveDirectoryW
GetLastError
GetLocalTime
MoveFileExW
GetCurrentDirectoryA
SetUnhandledExceptionFilter
ReleaseSemaphore
GetModuleFileNameA
GetCurrentProcessId
GetFileAttributesExW
Sleep
GetVersionExW
FreeEnvironmentStringsA
CreateFileW
EnterCriticalSection
GetEnvironmentStringsW
WideCharToMultiByte
GetStartupInfoW
PeekNamedPipe
UnhandledExceptionFilter
RaiseException
LocalFree
SetFileAttributesW
CompareStringA
GetConsoleCP
SetEvent
CreateSemaphoreW
ExitProcess
CompareStringW
SetErrorMode
CreateFileA
OpenFileMappingW
FindClose
SetThreadPriority
GetLongPathNameW
GetModuleHandleA
GetThreadPriority
HeapAlloc
FindFirstFileExW
FormatMessageW
TerminateProcess
SystemTimeToTzSpecificLocalTime
HeapReAlloc
GetEnvironmentVariableA
QueryPerformanceCounter
GlobalUnlock
GetLogicalDrives
GlobalSize
LoadLibraryA
IsValidCodePage
ReadFile
LCMapStringA
GetTimeFormatW
lstrcmpW
GetCommandLineW
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableW
GetModuleHandleW
GetUserDefaultLCID
GetVolumeInformationW
GetTickCount64
GetTickCount
CreateProcessW
DeleteCriticalSection
OpenProcess
GetFullPathNameW
IsDebuggerPresent
HeapCreate
InterlockedIncrement
GlobalAlloc
CreateEventW
ResetEvent
SetStdHandle
GetCurrentProcess
GetFileSizeEx
GetStringTypeA
FindFirstFileA
TlsGetValue
GetDriveTypeW
GetProcAddress
InterlockedDecrement
CheckRemoteDebuggerPresent
GetUserDefaultLangID
RtlUnwind
GetStdHandle
GetDateFormatW
WriteFile
GetFileSize
SetHandleCount
ResumeThread
GetTimeFormatA
SwitchToThread
LCMapStringW
GetFileAttributesW
FindFirstFileW
MultiByteToWideChar
CreateDirectoryW
MoveFileW
TerminateThread
InitializeCriticalSection
ExpandEnvironmentStringsW
VirtualFree
CreateFileMappingW
HeapFree
GetFileType
GetSystemTimeAsFileTime

crypt32

CertOpenStore
CertFindExtension
CertFindCertificateInStore
CryptQueryObject
CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CertFreeCertificateContext
CryptStringToBinaryW
CertCloseStore
CertFreeCertificateChainEngine
CryptDecodeObjectEx
CertEnumCertificatesInStore
PFXImportCertStore
CertGetCertificateChain
CertFreeCertificateChain

wldap32

ord46
ord216
ord73
ord27
ord301
ord167
ord79
ord142
ord127
ord147
ord133
ord26
ord208
ord145
ord219
ord14
ord117
ord41

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a43828ec6412473890e942c0d25f104

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

oleaut32

imm32

winmm

ws2_32

ole32

user32

advapi32

shell32

kernel32

crypt32

wldap32

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 37KB - Virtual size: 57KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 234KB - Virtual size: 234KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 37KB - Virtual size: 57KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 234KB - Virtual size: 234KB