480d666b4d818b7c16823b07b3f85300bc684a9c66cfec8d0cb6aa043a179104

Sharing

Copy URL

Twitter E-mail

General

Target

480d666b4d818b7c16823b07b3f85300bc684a9c66cfec8d0cb6aa043a179104
Size

11.1MB
MD5

f4da2565553cfe5066d5d459482446d7
SHA1

ca8e60f2a2266504a1cd4afac8da5cab9a974983
SHA256

480d666b4d818b7c16823b07b3f85300bc684a9c66cfec8d0cb6aa043a179104
SHA512

1ffaf7edf6c4bc68b362ffc0ab5a15414834ec13525af9d5488498d4a5bd25c29b1fb9eef556e43cc2fae0fde26103de12465b561d0336422388b1cf01472fbd
SSDEEP

196608:dQmJ1OorhZnExfbRIM4Jsv6tWKFdu9CW6A:dQ8jMIM4Jsv6tWKFdu9CC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
480d666b4d818b7c16823b07b3f85300bc684a9c66cfec8d0cb6aa043a179104

Files

480d666b4d818b7c16823b07b3f85300bc684a9c66cfec8d0cb6aa043a179104
.exe windows:5 windows x86 arch:x86

16248b756d7be5bf6396afcdb21bc87f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
FlushFileBuffers
GetFileType
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetFilePointer
ConnectNamedPipe
CreateNamedPipeW
GetExitCodeProcess
GetProcessId
MultiByteToWideChar
WideCharToMultiByte
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
FreeLibrary
GetModuleHandleExW
FindFirstFileExW
FindNextFileW
ReadFileEx
PeekNamedPipe
CancelIo
SleepEx
GetModuleHandleA
WriteFileEx
ExitProcess
DisconnectNamedPipe
WaitNamedPipeW
GetOverlappedResult
SetHandleInformation
lstrcmpW
GetVolumeInformationW
GetDriveTypeW
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
IsValidLocale
GetTempPathW
GetCommandLineA
HeapFree
HeapAlloc
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
AreFileApisANSI
ExitThread
LoadLibraryExW
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFileAttributesW
SetStdHandle
UnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
HeapSize
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
GetThreadTimes
FreeLibraryAndExitThread
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetProcessHeap
GetModuleFileNameA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetEnvironmentVariableA
WriteConsoleW
LCMapStringW
EnumSystemLocalesW
GetStringTypeW
RemoveDirectoryW
GetLongPathNameW
GetLogicalDrives
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetFileAttributesExW
CreateFileW
GetUserDefaultUILanguage
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
ResetEvent
LoadLibraryW
GetSystemDirectoryW
WaitForSingleObjectEx
GetConsoleWindow
OutputDebugStringW
WaitForMultipleObjects
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
FindNextChangeNotification
GetCurrentThread
CreateThread
SwitchToThread
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DuplicateHandle
GetCommandLineW
GetLocalTime
GetSystemTime
GetUserDefaultLCID
CompareStringW
GetCurrentProcessId
GlobalSize
LoadLibraryA
GetLocaleInfoW
GlobalUnlock
GlobalLock
GlobalAlloc
OpenProcess
CheckRemoteDebuggerPresent
GetUserDefaultLangID
CreateProcessW
RtlUnwind
IsValidLanguageGroup
FormatMessageW
LocalFree
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
GetLastError
ExpandEnvironmentStringsW
InitializeCriticalSection
ReleaseMutex
CreateMutexW
FindCloseChangeNotification
FindFirstChangeNotificationW
Module32Next
Process32Next
CreateToolhelp32Snapshot
GetVolumeInformationA
CreateProcessA
CloseHandle
GetShortPathNameA
SetUnhandledExceptionFilter
TerminateProcess
RaiseException
GetCurrentProcess

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

netapi32

Netbios

user32

CharNextExA
MessageBoxW
DrawIconEx
PostThreadMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
TranslateMessage
RealGetWindowClassW
GetDoubleClickTime
MessageBeep
GetCaretBlinkTime
GetDesktopWindow
EnumWindows
SendMessageW
PostMessageW
AttachThreadInput
DefWindowProcW
CreateWindowExW
IsChild
DestroyWindow
ShowWindow
GetWindowTextW
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
RegisterClassW
SetCursorPos
NotifyWinEvent
SetMenuItemInfoW
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
SetCaretPos
HideCaret
DestroyCaret
CreateCaret
RegisterWindowMessageW
GetKeyboardLayout
GetAsyncKeyState
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
LoadIconW
GetSysColor
EnumDisplayMonitors
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
SystemParametersInfoW
GetCursor
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetWindowRgn
SetFocus
GetCapture
SetCapture
ReleaseCapture
GetSystemMetrics
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
SetWindowTextW
GetWindowRect
GetMonitorInfoW
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
DestroyIcon
DestroyCursor
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
Shell_NotifyIconW

ole32

DoDragDrop
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoCreateGuid
CoInitialize
ReleaseStgMedium
CoGetMalloc
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoTaskMemAlloc
CoUninitialize
StringFromGUID2
CoTaskMemFree

advapi32

RegCloseKey
RegQueryValueExW
OpenProcessToken
CopySid
FreeSid
GetLengthSid
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegOpenKeyExW

ws2_32

WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
WSAAccept
setsockopt
select
listen
htons
getsockname
closesocket
WSARecv
__WSAFDIsSet
getsockopt
WSAGetLastError
gethostbyname
gethostbyaddr
ntohl
inet_addr
htonl
WSAAsyncSelect
WSACleanup
WSAStartup
gethostname
WSARecvFrom
WSASend
WSASendTo
WSASocketW
bind
getpeername

gdi32

BitBlt
CombineRgn
CreateRectRgn
DeleteObject
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
SelectObject
EnumFontFamiliesExW
CreateFontIndirectW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetObjectW
GetTextFaceW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
CreateDIBSection
GdiFlush
GetBitmapBits
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
CreateBitmap
GetDIBits
GetRegionData
SelectClipRgn

oleaut32

SysStringLen
VariantInit
VariantChangeType
SystemTimeToVariantTime
SysFreeString
SysAllocStringLen
SysAllocString

imm32

ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey

winmm

PlaySoundW

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16248b756d7be5bf6396afcdb21bc87f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

version

netapi32

user32

shell32

ole32

advapi32

ws2_32

gdi32

oleaut32

imm32

winmm

iphlpapi

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 60KB - Virtual size: 113KB

.qtmetad Size: 512B - Virtual size: 272B

_RDATA Size: 512B - Virtual size: 292B

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 231KB - Virtual size: 230KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 60KB - Virtual size: 113KB

.qtmetad
Size: 512B - Virtual size: 272B

_RDATA
Size: 512B - Virtual size: 292B

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 231KB - Virtual size: 230KB