9e74a7dc6d2024e94437811da5ad81cef166ac3adfefe3f0dff787eeb48cd2f1

Sharing

Copy URL Twitter E-mail

General

Target

9e74a7dc6d2024e94437811da5ad81cef166ac3adfefe3f0dff787eeb48cd2f1
Size

2.8MB
MD5

04a84e9997f287239f5bdfe18a3a8de6
SHA1

ca83bd44652959b0ab94f7a920cb3e342a260553
SHA256

9e74a7dc6d2024e94437811da5ad81cef166ac3adfefe3f0dff787eeb48cd2f1
SHA512

172586c372b4f9495913eff46822c80908bf1a68763635fbcaaa647206637010b67d26a8eac3869f58b0fd44fd79c90253b69b1e985d5e19bffdada5de611612
SSDEEP

49152:lx/o+qZJr5RbgW2SdHFpmFKnLnDZ+udMj4DullZdovhir7Dhw8RPm3m:lx/cTsmeKLnTDu5dovhw7DhLOm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e74a7dc6d2024e94437811da5ad81cef166ac3adfefe3f0dff787eeb48cd2f1

Files

9e74a7dc6d2024e94437811da5ad81cef166ac3adfefe3f0dff787eeb48cd2f1
.exe windows:5 windows x86 arch:x86

df91de2129db6d8ad9eb9aea3624f0e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileInformationByHandle
GetFileAttributesA
ExitThread
DeleteCriticalSection
WaitForMultipleObjects
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
CreateProcessW
WritePrivateProfileStringW
LocalFree
CreateThread
lstrcpyW
DuplicateHandle
GetCurrentDirectoryW
GlobalUnlock
TerminateThread
GlobalAlloc
WaitForSingleObject
GlobalLock
GetSystemTime
GetVolumeNameForVolumeMountPointW
GetDriveTypeW
OutputDebugStringW
FindClose
GetLogicalDriveStringsW
SetFileAttributesW
GetCurrentProcessId
DeleteFileW
CloseHandle
GetCurrentThreadId
IsDebuggerPresent
DeviceIoControl
LockResource
GetLocalTime
GetProcAddress
GetLastError
RaiseException
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
ReadFile
FileTimeToSystemTime
TerminateProcess
IsBadWritePtr
SizeofResource
CopyFileW
Sleep
LoadLibraryW
WideCharToMultiByte
OpenProcess
WriteFile
GetPrivateProfileStringW
IsBadReadPtr
FlushConsoleInputBuffer
GlobalMemoryStatus
SetConsoleMode
ReadConsoleInputA
GetVolumeInformationW
DeleteFileA
GetTickCount
GetModuleHandleW
CreateDirectoryW
GetCurrentProcess
MoveFileExW
LoadResource
FreeLibrary
FindResourceW
MoveFileExA
PeekNamedPipe
CompareFileTime
VerSetConditionMask
VerifyVersionInfoW
SleepEx
GetSystemDirectoryA
FormatMessageW
SetFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
MulDiv
FreeResource
IsBadCodePtr
GetVersionExA
GetNativeSystemInfo
GetEnvironmentVariableA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetVersion
GetCommandLineA
GetFileSize
FindFirstFileA
ExitProcess
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FileTimeToLocalFileTime
GetTimeFormatA
GetDateFormatA
HeapReAlloc
GetStartupInfoW
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetTimeZoneInformation
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
SetHandleCount
GetFileType
GetStartupInfoA
HeapSize
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
LoadLibraryA
CreateFileA
SetStdHandle
FlushFileBuffers
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
GetFullPathNameA
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
RtlMoveMemory
GetVolumeInformationA
GetWindowsDirectoryA
QueryPerformanceFrequency
lstrcpyn
OpenMutexA
GetExitCodeThread
CreateMutexA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowLongW
CreateWindowExW
GetKeyState
SendMessageW
UnionRect
InvalidateRect
SetTimer
KillTimer
SetCapture
ReleaseCapture
ScreenToClient
PtInRect
CharNextW
SetFocus
GetFocus
MapWindowPoints
IntersectRect
GetUpdateRect
IsRectEmpty
EndPaint
BeginPaint
GetActiveWindow
GetCursorPos
DispatchMessageW
GetMessageW
IsZoomed
SetWindowRgn
EnableWindow
LoadImageW
CallWindowProcW
GetPropW
SetPropW
RegisterClassW
GetClassInfoExW
OffsetRect
SetCursor
wvsprintfW
GetWindowTextW
GetWindowTextLengthW
SetWindowLongW
GetCaretBlinkTime
FillRect
InvalidateRgn
GetGUIThreadInfo
CreateAcceleratorTableW
SetForegroundWindow
DrawTextW
CharPrevW
SetRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetSysColor
DestroyWindow
MoveWindow
GetWindowRgn
LoadCursorW
RegisterClassExW
MessageBoxA
ShowWindow
ClientToScreen
PostMessageW
SetWindowTextW
GetClientRect
GetUserObjectInformationW
GetProcessWindowStation
IsWindowVisible
EnumDisplayDevicesW
GetWindow
GetMonitorInfoW
GetSystemMetrics
SetWindowPos
MessageBoxW
MonitorFromWindow
ReleaseDC
DefWindowProcW
IsWindow
PeekMessageA
wsprintfA
DispatchMessageA
TranslateMessage
GetDC
wsprintfW
GetMessageA
GetCaretPos
GetParent
GetWindowRect
PostQuitMessage
IsIconic

gdi32

SelectClipRgn
SetBkMode
SetTextColor
CreatePatternBrush
CreateSolidBrush
CreateRoundRectRgn
SaveDC
BitBlt
CreateRectRgnIndirect
GetClipBox
CombineRgn
StretchBlt
SetStretchBltMode
ExtTextOutW
GetCharABCWidthsW
SetBkColor
RestoreDC
Rectangle
SetWindowOrgEx
CreatePen
LineTo
MoveToEx
CreatePenIndirect
GetDeviceCaps
DeleteDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
RoundRect
GetStockObject
GetObjectW
CreateFontIndirectW
GetTextExtentPoint32W
GetObjectA
GdiFlush
GetTextMetricsW
CreateDIBSection
CreateRectRgn
PtInRegion
DeleteObject
TextOutW
ExtSelectClipRgn

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextA
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashA
CryptSetHashParam
CryptCreateHash
CryptDecrypt
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CreateServiceW
CloseServiceHandle
OpenProcessToken
DeleteService
OpenSCManagerW
OpenServiceW
RegQueryValueExW
LookupPrivilegeValueW
StartServiceW
RegOpenKeyExW
RegEnumKeyExW
AdjustTokenPrivileges
RegCloseKey
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
CryptEnumProvidersA

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal

crypt32

CertOpenSystemStoreA
CertDuplicateCertificateContext
CertGetEnhancedKeyUsage
CertOpenStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertGetIntendedKeyUsage
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo
GetExtendedUdpTable
GetExtendedTcpTable
GetAdaptersAddresses

ws2_32

recvfrom
ioctlsocket
gethostname
sendto
htonl
getservbyname
gethostbyname
listen
accept
getaddrinfo
freeaddrinfo
__WSAFDIsSet
select
WSASetLastError
connect
socket
getpeername
getsockopt
htons
ntohs
inet_addr
bind
getsockname
setsockopt
WSAIoctl
recv
WSAStartup
WSACleanup
WSAGetLastError
closesocket
WSACloseEvent
send
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
WSACreateEvent
shutdown

shlwapi

PathFileExistsW

winmm

waveOutGetDevCapsW
waveOutGetNumDevs

comctl32

ord17
_TrackMouseEvent

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

gdiplus

GdipGetPropertyItem
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCloneImage
GdipCloneBrush
GdipGetFamily
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectI
GdipDrawImage
GdipDrawString
GdipGraphicsClear
GdipSetPixelOffsetMode
GdipGetPropertyItemSize
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdipSetSmoothingMode
GdipImageSelectActiveFrame

wldap32

ord217
ord33
ord22
ord143
ord301
ord27
ord41
ord46
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord60
ord211

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vm0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vm1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df91de2129db6d8ad9eb9aea3624f0e5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

crypt32

iphlpapi

ws2_32

shlwapi

winmm

comctl32

imm32

oleaut32

gdiplus

wldap32

Sections

.text Size: - Virtual size: 1.8MB

.rdata Size: - Virtual size: 422KB

.data Size: - Virtual size: 164KB

.vm0 Size: - Virtual size: 1.2MB

.vm1 Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 512B - Virtual size: 156B

.rsrc Size: 19KB - Virtual size: 316KB

.text
Size: - Virtual size: 1.8MB

.rdata
Size: - Virtual size: 422KB

.data
Size: - Virtual size: 164KB

.vm0
Size: - Virtual size: 1.2MB

.vm1
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 512B - Virtual size: 156B

.rsrc
Size: 19KB - Virtual size: 316KB