abc8df55f9d496b3b730ef513aaee87a696e291d6c6ebc738bf7f190787c92ba

Sharing

Copy URL Twitter E-mail

General

Target

abc8df55f9d496b3b730ef513aaee87a696e291d6c6ebc738bf7f190787c92ba
Size

3.6MB
MD5

f716a75486c6cd6d5e1af6081812a31f
SHA1

3eb157a2a0f03567eec9c45965c6128964ffef3f
SHA256

abc8df55f9d496b3b730ef513aaee87a696e291d6c6ebc738bf7f190787c92ba
SHA512

e29b2ce10c21224fcfab191edf6d191fb622aa64543e88bfd431f5cb9dd56c52832c9e5e8c08cc52cba3e5edc0512c05218c4ec65b08f0558df02be3dae812da
SSDEEP

49152:0CP4e9e3+eDLZRo4CxqvIGf4amGCO0E7I2MK3sN9qcKP/hrwjRFnwEZfHewK6pyQ:1F9qvorAICmZYSKcNghCTnjIQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abc8df55f9d496b3b730ef513aaee87a696e291d6c6ebc738bf7f190787c92ba

Files

abc8df55f9d496b3b730ef513aaee87a696e291d6c6ebc738bf7f190787c92ba
.exe windows:5 windows x86 arch:x86

6e679ce9840acf0a10fa04ddf37640a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
GlobalUnlock
GetFileSize
ReadFile
lstrlenW
LoadLibraryW
GetCurrentDirectoryW
CreateFileW
VerSetConditionMask
OpenProcess
MulDiv
VerifyVersionInfoW
GetACP
ExitProcess
WriteFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
GetFileAttributesW
LocalFree
GlobalAlloc
GetModuleHandleA
GetLocalTime
lstrcpynW
lstrcpyW
VirtualQuery
MoveFileW
InitializeCriticalSection
Sleep
WaitForSingleObject
FindClose
GetTempPathW
RemoveDirectoryW
CreateFileA
DeleteFileW
FindFirstFileW
FindNextFileW
TerminateProcess
LocalAlloc
GetFileInformationByHandle
GetHandleInformation
GetLogicalDriveStringsW
CreateProcessW
QueryDosDeviceW
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeviceIoControl
GetSystemDirectoryA
GetEnvironmentVariableW
GetDriveTypeW
VirtualAlloc
VirtualFree
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
GetStartupInfoW
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlUnwind
GetTimeZoneInformation
GetModuleHandleExW
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
ReadConsoleW
SetEndOfFile
WriteConsoleW
GetFileAttributesExW
FlushFileBuffers
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
ReadConsoleA
SetConsoleMode
SwitchToFiber
DeleteFiber
CreateFiber
GlobalMemoryStatus
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
SetLastError
TryEnterCriticalSection
GetStringTypeW
WideCharToMultiByte
FormatMessageW
OutputDebugStringW
IsDebuggerPresent
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
InitializeSListHead
FreeLibraryAndExitThread
GetFullPathNameW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
WaitForMultipleObjects
GetEnvironmentVariableA
CompareFileTime
GetSystemDirectoryW
SleepEx
IsProcessorFeaturePresent
FindResourceExW
CreateThread
CopyFileW
MoveFileExW
SetErrorMode
GetModuleFileNameA
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
FreeResource
InterlockedDecrement
SizeofResource
GetTickCount
DeleteCriticalSection
GetCurrentThreadId
GetProcessHeap
GetCurrentProcessId
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetCommandLineW
GlobalFree
HeapFree

user32

UpdateLayeredWindow
MessageBoxW
SetWindowRgn
InflateRect
SetCursor
MonitorFromPoint
LoadCursorW
GetPropW
SetPropW
GetSystemMetrics
EnableWindow
ShowWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
wsprintfW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
OffsetRect
ShowCaret
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
GetGUIThreadInfo
GetWindowRect
GetClientRect
InvalidateRect
MoveWindow
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
SetTimer
SetCaretPos
GetCaretPos
ClientToScreen
UpdateWindow
PrivateExtractIconsW
DestroyIcon
DrawIconEx
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
EqualRect
SetWindowTextW
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
IsWindow
CreateWindowExW
SendMessageW
GetProcessWindowStation
GetWindowTextW
GetWindowTextLengthW
IsWindowEnabled
wsprintfA
GetUserObjectInformationW
DrawTextA
CreateAcceleratorTableW
GetCursor
FindWindowW
GetDesktopWindow
GetUpdateRect
HideCaret
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
UnionRect
SetForegroundWindow
DestroyWindow
ActivateKeyboardLayout
PostQuitMessage
GetMessageW
DispatchMessageW
PeekMessageW
CharNextW
TranslateMessage
PostMessageW
GetCursorPos
InvalidateRgn

advapi32

DeregisterEventSource
CryptExportKey
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
ImpersonateLoggedOnUser
GetUserNameW
RevertToSelf
RegQueryValueExW
DuplicateTokenEx
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptGetUserKey
GetTokenInformation
OpenProcessToken
CryptDecrypt
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
CryptSetHashParam
RegOpenKeyExW
RegDeleteValueW

shell32

ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHGetFileInfoW
DragQueryFileW

ole32

CLSIDFromProgID
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
OleLockRunning

oleaut32

SysFreeString
VarUI4FromStr
VariantInit
VariantClear
SysAllocString

shlwapi

PathFileExistsW
PathCombineW
SHDeleteKeyW
PathIsSameRootW
PathFindFileNameW
PathRemoveFileSpecW
PathIsDirectoryW

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses
GetProcessImageFileNameW

dbghelp

MiniDumpWriteDump

urlmon

ObtainUserAgentString

gdi32

TextOutW
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
MoveToEx
GetObjectA
SetBkColor
CreateCompatibleBitmap
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
CreateCompatibleDC
ExtSelectClipRgn
SelectClipRgn
LineTo
CreateDIBitmap
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
BitBlt

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipMeasureString
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdiplusStartup
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteStringFormat
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDeleteFont
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipDrawString
GdipStringFormatGetGenericTypographic
GdipSetInterpolationMode
GdipDrawImageRectI

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

crypt32

CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore
CryptMsgClose
CertFreeCertificateContext
CertDuplicateCertificateContext
CertOpenStore
CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertGetNameStringW
CryptQueryObject
CertGetCertificateContextProperty

ws2_32

ntohs
getnameinfo
sendto
recvfrom
WSAEventSelect
gethostbyname
gethostname
WSAStartup
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
shutdown
htons
getsockopt
getsockname
getpeername
connect
closesocket
recv
send
WSAGetLastError
bind

wldap32

ord147
ord219
ord46
ord301
ord145
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 565KB - Virtual size: 565KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 47KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 679KB - Virtual size: 679KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 179KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6e679ce9840acf0a10fa04ddf37640a0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

dbghelp

urlmon

gdi32

comctl32

gdiplus

imm32

crypt32

ws2_32

wldap32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 565KB - Virtual size: 565KB

.data Size: 47KB - Virtual size: 67KB

.rsrc Size: 679KB - Virtual size: 679KB

.reloc Size: 179KB - Virtual size: 180KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 565KB - Virtual size: 565KB

.data
Size: 47KB - Virtual size: 67KB

.rsrc
Size: 679KB - Virtual size: 679KB

.reloc
Size: 179KB - Virtual size: 180KB