9c844a7a5923bdf1fa60a3ae11299865077b47c95c26bf6900468192d059d538

Sharing

Copy URL Twitter E-mail

General

Target

9c844a7a5923bdf1fa60a3ae11299865077b47c95c26bf6900468192d059d538
Size

1.4MB
MD5

7cc6508ba1af274163b7262f96886249
SHA1

edab2ee72917e011c33e3fa2acccf65e0fa30927
SHA256

9c844a7a5923bdf1fa60a3ae11299865077b47c95c26bf6900468192d059d538
SHA512

66eaf978581b320dc7eb4128021856c11df0b8b5fae0764ea02933803b4595bb5788087eac249515d8b58b0add388a3196f159d94d1e06905228acdc6436566c
SSDEEP

12288:IM+xhrRp9ch4MxNhD+H3serbSBbhoi9pUI3Nei8+76TPnpyx4lpcpqmkA:OXgHx3h+bqoindhv6Tfc4kpnkA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c844a7a5923bdf1fa60a3ae11299865077b47c95c26bf6900468192d059d538

Files

9c844a7a5923bdf1fa60a3ae11299865077b47c95c26bf6900468192d059d538
.exe windows:4 windows x86 arch:x86

2076454e3bc2f7af010726663900cf84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
GetWindowsDirectoryW
VirtualFree
VirtualAlloc
FormatMessageW
InterlockedCompareExchange
FlushFileBuffers
CreateFileA
InterlockedIncrement
OutputDebugStringW
InterlockedDecrement
GetDiskFreeSpaceExW
GetExitCodeThread
SleepEx
DuplicateHandle
TerminateThread
SetEnvironmentVariableA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentDirectoryA
GetFullPathNameA
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LoadLibraryW
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStartupInfoA
GetStdHandle
SetHandleCount
HeapCreate
GetConsoleMode
GetConsoleCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
ExitProcess
GetModuleHandleA
GetSystemTimeAsFileTime
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
LoadLibraryA
GetThreadLocale
GetLocaleInfoA
GetACP
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetFileSize
CreateMutexW
RaiseException
GetModuleFileNameW
InterlockedExchange
LeaveCriticalSection
GetPrivateProfileIntW
EnterCriticalSection
SetLastError
GetCurrentThreadId
GetCommandLineW
GetPrivateProfileStringW
GetCurrentProcess
OpenProcess
RemoveDirectoryW
FindNextFileW
WaitForMultipleObjects
GetModuleFileNameA
SetFilePointer
SetEndOfFile
ResetEvent
SetEvent
CreateThread
CreateEventW
CopyFileW
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
QueryDosDeviceW
GetLogicalDriveStringsW
MoveFileW
ExpandEnvironmentStringsW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
ReleaseMutex
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
FlushInstructionCache
GetFileType
FreeResource
FreeLibrary
MultiByteToWideChar
WriteFile
lstrlenA
ReadFile
Sleep
WaitForSingleObject
FindClose
FindFirstFileW
GetStartupInfoW
DeleteFileW
FindResourceW
GetSystemDefaultLangID
GetLastError
GetVersionExW
GetSystemInfo
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
lstrlenW
GetSystemDirectoryW
CloseHandle
FileTimeToSystemTime
CreateFileW
FindResourceExW
LoadResource
LockResource
SizeofResource

user32

IsDialogMessageW
SetRectEmpty
IsChild
GetFocus
CallWindowProcW
GetDlgItem
GetParent
CreateWindowExW
SetWindowLongW
SetForegroundWindow
AttachThreadInput
LoadImageW
ReleaseCapture
UnionRect
SetCursor
PtInRect
SetActiveWindow
CopyRect
GetDesktopWindow
GetWindowLongW
DestroyWindow
DefWindowProcW
LoadCursorW
RegisterClassExW
IsWindow
IntersectRect
GetClientRect
GetWindow
PostMessageW
MapWindowPoints
SendMessageW
IsWindowEnabled
RegisterWindowMessageW
SetWindowPos
GetClassInfoExW
FindWindowW
InvalidateRect
GetActiveWindow
EnableWindow
GetDC
GetWindowThreadProcessId
GetForegroundWindow
ReleaseDC
SystemParametersInfoW
MoveWindow
ExitWindowsEx
PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetRect
EndPaint
SetFocus
BeginPaint
GetNextDlgTabItem
ClientToScreen
KillTimer
MonitorFromWindow
GetDlgCtrlID
InflateRect
GetMonitorInfoW
LoadIconW
DestroyIcon
OffsetRect
ShowWindow
IsRectEmpty
SetCapture
GetCursorPos
EqualRect
ScreenToClient
DrawTextW
UpdateLayeredWindow
DrawFrameControl
IsWindowVisible
SetTimer
DrawIconEx
GetWindowRect
UnregisterClassA

gdi32

CombineRgn
GetClipRgn
CreateRectRgn
SetViewportOrgEx
GetViewportOrgEx
BitBlt
DeleteDC
GetTextColor
ExtTextOutW
GetCurrentObject
SetBkColor
SelectObject
CreateCompatibleDC
SelectClipRgn
SetBkMode
RestoreDC
ExtSelectClipRgn
CreateRoundRectRgn
CreateFontIndirectW
GetStockObject
RectInRegion
OffsetRgn
GetObjectW
CreateRectRgnIndirect
GetTextExtentPoint32W
LineTo
MoveToEx
TextOutW
CreatePen
SetTextColor
RoundRect
Rectangle
GetDeviceCaps
DeleteObject
SaveDC
CreateDIBSection

advapi32

RegOpenKeyExA
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

shlwapi

StrToIntA
PathAddBackslashW
PathFileExistsW
PathRemoveFileSpecW
StrToIntW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdiplusStartup
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipNewPrivateFontCollection
GdipTranslateWorldTransform
GdipMeasureString
GdipResetWorldTransform
GdipDrawString
GdipSetInterpolationMode
GdipSetImageAttributesColorMatrix
GdipPrivateAddFontFile
GdipRotateWorldTransform
GdipDeletePrivateFontCollection
GdipFillPath
GdipDisposeImageAttributes
GdipSetTextRenderingHint
GdipCreateImageAttributes
GdipAddPathArcI
GdipDisposeImage
GdipSetPixelOffsetMode
GdipFillRectangleI
GdipGetImageHeight
GdipFillRectangle
GdipSetPenMode
GdipGetImageWidth
GdipGraphicsClear
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipClosePathFigure
GdipAlloc
GdipCreateFromHDC
GdipCloneImage
GdipDrawPath
GdipDeletePath
GdipSetPenEndCap
GdipLoadImageFromFile
GdipSetPenStartCap
GdipSetClipPath
GdipCreateSolidFill
GdipCreatePath
GdipGetFontSize
GdipDeletePen
GdipCloneBrush
GdipDrawRectangleI
GdipDeleteBrush
GdipGetFamily
GdipCreatePen1
GdipDeleteFont
GdipSetStringFormatTrimming
GdipCreateFont
GdipCreateFontFromLogfontW
GdipDrawLinesI
GdipDrawLineI
GdipDrawImageRectRectI
GdipDrawLine
GdipAddPathStringI
GdipSetStringFormatLineAlign
GdipCreateBitmapFromScan0
GdipDrawImageRectRect
GdipSetStringFormatAlign
GdipAddPathPieI
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipDrawImageRectI
GdipDrawImageI
GdipCreateStringFormat
GdiplusShutdown
GdipAddPathRectangleI
GdipFree
GdipDeleteFontFamily
GdipSetPenDashStyle
GdipCreateLineBrushFromRectWithAngleI
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipCloneFontFamily

ws2_32

connect
__WSAFDIsSet
WSASetLastError
ioctlsocket
WSAStartup
socket
closesocket
gethostbyname
WSACleanup
inet_ntoa
WSAGetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt
setsockopt
select

Sections

.text
Size: 732KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2076454e3bc2f7af010726663900cf84

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

msimg32

version

gdiplus

ws2_32

Sections

.text Size: 732KB - Virtual size: 729KB

.rdata Size: 144KB - Virtual size: 142KB

.data Size: 16KB - Virtual size: 24KB

.rsrc Size: 484KB - Virtual size: 484KB

.text
Size: 732KB - Virtual size: 729KB

.rdata
Size: 144KB - Virtual size: 142KB

.data
Size: 16KB - Virtual size: 24KB

.rsrc
Size: 484KB - Virtual size: 484KB