5fa28b1052cef6f5be404ec2d7a96d959cbaf3569c544727289daab64c1ec956[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5fa28b1052cef6f5be404ec2d7a96d959cbaf3569c544727289daab64c1ec956.exe
Size

21.4MB
MD5

73838e39fb7788036a5ea4fcf0044139
SHA1

a89701bd45030fa9dc50b069b58b1f9eda8fe138
SHA256

5fa28b1052cef6f5be404ec2d7a96d959cbaf3569c544727289daab64c1ec956
SHA512

8ffc9628734f3cc724e84e8940abcc987bf913fb2740b9d389f505d5c36e3bbcbdcf5e1438101de6ac76a2146840b3a6a4574b0ca23103444be1800a7c3e302c
SSDEEP

393216:ujHOH3wHOwavE2yqudzFcogBeGxAZSkgJSEvaC+eYpHpu:BXwHiudzFTceSAZS7JZUhl4

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

Processes:

resource yara_rule

sample UPX

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5fa28b1052cef6f5be404ec2d7a96d959cbaf3569c544727289daab64c1ec956.exe

Files

5fa28b1052cef6f5be404ec2d7a96d959cbaf3569c544727289daab64c1ec956.exe
.exe windows:4 windows x86 arch:x86

d3ec41c1519c53530454deed40c67dc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\sourcecode\photopad\release\PhotoPad.pdb

Imports

imm32

ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext
ImmNotifyIME
ImmGetVirtualKey
ImmGetCompositionStringW

kernel32

GlobalHandle
LockResource
GetComputerNameW
SetCurrentDirectoryW
SetFilePointer
HeapAlloc
GetPrivateProfileStringW
GetSystemTime
FindCloseChangeNotification
GetUserDefaultLCID
MapViewOfFile
ExitProcess
GetDiskFreeSpaceExW
CreateNamedPipeW
InterlockedExchange
SetEndOfFile
ConnectNamedPipe
GetFileSize
GetVersionExA
ReadProcessMemory
DuplicateHandle
PeekNamedPipe
lstrcpyW
GetStdHandle
HeapFree
CreateFileMappingW
TerminateProcess
ResumeThread
GetACP
GetEnvironmentVariableW
Process32NextW
GetTimeFormatW
GlobalAlloc
GetExitCodeProcess
SuspendThread
LocalAlloc
SystemTimeToTzSpecificLocalTime
GetEnvironmentVariableA
GetShortPathNameW
RtlCaptureContext
CreateThread
GetOverlappedResult
GetThreadContext
GetCurrentProcessId
Process32FirstW
GetTimeZoneInformation
GetCommandLineW
FileTimeToLocalFileTime
OpenFileMappingW
QueryPerformanceFrequency
GetCurrentProcess
QueryPerformanceCounter
ProcessIdToSessionId
WaitNamedPipeW
FindFirstChangeNotificationW
LocalFree
GetProcessHeap
SetEnvironmentVariableW
VirtualQuery
GetCurrentThread
InterlockedDecrement
GetFileAttributesW
lstrlenA
CreateFileA
SetEnvironmentVariableA
LoadLibraryExW
FreeResource
ReleaseMutex
SetUnhandledExceptionFilter
FindResourceW
CreateToolhelp32Snapshot
LoadResource
SetLastError
FileTimeToSystemTime
CancelIo
GetStartupInfoW
FindNextChangeNotification
GetPrivateProfileIntW
GetModuleFileNameW
GlobalMemoryStatusEx
GetDriveTypeW
GetCPInfo
GetModuleFileNameA
CreatePipe
GetPrivateProfileSectionNamesW
SizeofResource
UnmapViewOfFile
CreateMutexW
GetCurrentDirectoryA
FormatMessageW
GetFileSizeEx
OpenProcess
GetThreadPriority
GetLastError
InitializeCriticalSection
LeaveCriticalSection
VerifyVersionInfoW
GetModuleHandleW
InterlockedExchangeAdd
LoadLibraryW
LoadLibraryA
MoveFileW
SetEvent
DeleteFileW
GetTempPathW
DisconnectNamedPipe
FlushFileBuffers
SetThreadPriority
GlobalFree
EnterCriticalSection
WideCharToMultiByte
GetFileTime
GetSystemInfo
CloseHandle
FindFirstFileW
ReadFile
FindNextFileW
CopyFileW
CreateFileW
WriteFile
MulDiv
GetProcAddress
GlobalUnlock
FindClose
MoveFileExW
GetLocaleInfoW
VerSetConditionMask
CreateProcessW
WaitForMultipleObjects
GlobalSize
SetFilePointerEx
CreateDirectoryW
GlobalLock
DeleteCriticalSection
SetFileAttributesW
CreateEventW
WaitForSingleObject
InterlockedIncrement
ResetEvent
GetCurrentThreadId
TryEnterCriticalSection
GetCurrentDirectoryW
MultiByteToWideChar
FreeLibrary
Sleep
GetVersionExW
GetTickCount
RemoveDirectoryW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCommandLineA
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
HeapSize
LCMapStringW
LCMapStringA
VirtualAlloc
HeapReAlloc
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

advapi32

RegCreateKeyExW
CryptReleaseContext
RegCloseKey
RegEnumKeyExW
ConvertSidToStringSidW
CryptDestroyKey
InitializeSid
RegOpenKeyExW
CryptGetKeyParam
GetUserNameW
GetSidSubAuthority
RegEnumValueW
FreeSid
CryptHashData
CryptAcquireContextW
RegEnumKeyW
InitializeSecurityDescriptor
RegQueryValueExW
CryptDuplicateKey
RegDeleteValueW
InitializeAcl
CryptDestroyHash
CryptDeriveKey
AllocateAndInitializeSid
AddAccessAllowedAce
RegSetValueExW
OpenProcessToken
SetFileSecurityW
CryptDecrypt
RegOpenKeyW
RegSetKeySecurity
GetSidLengthRequired
CheckTokenMembership
RegDeleteKeyW
CryptSetKeyParam
CryptEncrypt
CryptCreateHash
GetTokenInformation
RegQueryInfoKeyW
DuplicateTokenEx
GetAce
SetSecurityDescriptorDacl
CryptImportKey

comctl32

_TrackMouseEvent
CreatePropertySheetPageW
PropertySheetW
InitCommonControlsEx
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_EndDrag
ImageList_GetIconSize
ord17
ImageList_DrawEx
ImageList_Remove
ImageList_Merge
ImageList_DragEnter
ImageList_GetImageInfo
ImageList_BeginDrag
ImageList_DragMove
ImageList_Destroy
ImageList_DragLeave
ImageList_AddMasked
ImageList_Create
ImageList_Replace
ImageList_DragShowNolock

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgW
CommDlgExtendedError

gdi32

CreateBitmap
SetBrushOrgEx
StartDocW
SetBkColor
LineTo
CreateCompatibleDC
GetCurrentObject
CreateCompatibleBitmap
CreateSolidBrush
TextOutW
GetDeviceCaps
GetObjectW
GetStockObject
CreateFontW
DeleteDC
GetBkMode
SelectObject
SetTextColor
StretchDIBits
DeleteObject
SetBkMode
StartPage
Polygon
GetTextMetricsW
CreatePatternBrush
ExtTextOutW
GetTextCharset
EndDoc
SetWindowExtEx
StretchBlt
GetClipBox
CreateBrushIndirect
SelectClipRgn
SetBitmapBits
GetTextExtentPoint32W
GetObjectA
SetDCBrushColor
EnumFontFamiliesExW
SetViewportOrgEx
CreateDIBitmap
GetTextMetricsA
FillRgn
GetWindowExtEx
CreateDIBSection
IntersectClipRect
Rectangle
SetViewportExtEx
PolyPolyline
GetViewportExtEx
Polyline
CombineRgn
SetPixel
SetStretchBltMode
PolyTextOutW
CreateDCW
CreateRectRgn
CreatePolygonRgn
GetDIBits
GetTextFaceW
GetBitmapBits
GetGlyphIndicesW
SetTextAlign
SetDIBitsToDevice
BitBlt
CreateFontIndirectW
EndPage
CreateRectRgnIndirect
MoveToEx
SetDIBits
PolyDraw
GetDIBColorTable
CreatePen

msacm32

acmStreamUnprepareHeader
acmStreamClose
acmStreamConvert
acmStreamPrepareHeader
acmStreamOpen
acmStreamSize

ole32

CoGetMalloc
CoCreateInstance
CoResumeClassObjects
CoAddRefServerProcess
CreateStreamOnHGlobal
CoRegisterClassObject
CoRevokeClassObject
CoInitializeSecurity
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoSetProxyBlanket
ReleaseStgMedium
RegisterDragDrop

oleaut32

VariantClear
OleLoadPicture
SysAllocStringLen
SysAllocStringByteLen
OleLoadPicturePath
SysFreeString
VariantInit
SysAllocString
OleCreatePropertyFrame
SysStringByteLen

shell32

Shell_NotifyIconW
ShellExecuteA
DragAcceptFiles
SHGetDesktopFolder
SHParseDisplayName
CommandLineToArgvW
SHEmptyRecycleBinW
SHBrowseForFolderW
SHChangeNotify
ord155
SHCreateShellItem
ord680
SHGetPathFromIDListW
DragFinish
SHGetMalloc
DragQueryFileW
DragQueryPoint
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW

shlwapi

SHDeleteKeyW
SHDeleteEmptyKeyW
StrCmpLogicalW
PathCompactPathExW

user32

LoadIconW
CheckDlgButton
FillRect
EndPaint
EmptyClipboard
PostMessageW
GetDlgCtrlID
GetParent
IsDlgButtonChecked
IsIconic
SetActiveWindow
ScrollWindowEx
GetMenu
IsWindowEnabled
EnableWindow
RegisterClassW
SetWindowPos
AppendMenuW
SetFocus
UpdateWindow
GetWindowLongW
DialogBoxParamW
SetCapture
ShowWindow
SetClassLongW
TrackPopupMenu
DestroyIcon
InsertMenuItemW
DestroyWindow
EnableMenuItem
SystemParametersInfoW
GetWindowRect
IsWindow
GetScrollBarInfo
SetMenuItemInfoW
LoadImageW
ScreenToClient
SetScrollInfo
GetCursorInfo
RemovePropW
GetDesktopWindow
SetWindowTextW
GetDC
DestroyMenu
SetForegroundWindow
GetKeyState
SetWindowsHookExW
BeginPaint
DefWindowProcW
MapWindowPoints
MessageBoxW
SetWindowLongW
KillTimer
GetForegroundWindow
ModifyMenuW
ReleaseDC
IsClipboardFormatAvailable
DrawTextW
GetMenuItemID
ShowScrollBar
wsprintfW
GetComboBoxInfo
SetWindowRgn
CheckMenuItem
SetClipboardData
SetMenuInfo
IsDialogMessageW
GetClassNameA
AdjustWindowRectEx
GetMenuInfo
FindWindowExW
DrawEdge
NotifyWinEvent
GetWindowTextW
InflateRect
EndMenu
MonitorFromWindow
SetDlgItemTextW
MonitorFromPoint
MapVirtualKeyW
GetClassInfoW
AllowSetForegroundWindow
GetScrollInfo
GetKeyboardState
PeekMessageW
GetMenuBarInfo
GetMonitorInfoW
GetKeyNameTextW
EnumChildWindows
FlashWindowEx
GetUpdateRect
GetAncestor
GetIconInfo
GetMessageW
MapDialogRect
OffsetRect
IsCharAlphaW
CreateIconIndirect
FindWindowW
TranslateMessage
CallNextHookEx
EnumWindows
EnumDisplaySettingsW
CharUpperW
CountClipboardFormats
InvalidateRgn
MsgWaitForMultipleObjects
DrawFocusRect
DrawTextExW
InvalidateRect
MonitorFromRect
PostQuitMessage
keybd_event
EqualRect
WindowFromDC
GetSysColorBrush
SetMenuDefaultItem
GetPriorityClipboardFormat
EndDialog
SendInput
GetWindow
EnumDisplayMonitors
SetWindowPlacement
ValidateRect
ChildWindowFromPoint
AttachThreadInput
DispatchMessageW
GetDlgItemTextW
GetActiveWindow
EnumDisplayDevicesW
WindowFromPoint
LoadStringW
DrawStateW
GetWindowThreadProcessId
CheckRadioButton
GetClassNameW
CreateDialogIndirectParamW
MoveWindow
GetMenuItemCount
SetPropW
WaitForInputIdle
GetWindowTextLengthW
OpenClipboard
GetFocus
LoadCursorW
GetWindowDC
GetCursor
FrameRect
GetMenuItemInfoW
CopyImage
UnhookWindowsHookEx
GetClientRect
ReleaseCapture
GetSubMenu
CallWindowProcW
RemoveMenu
CreatePopupMenu
GetSysColor
GetAsyncKeyState
CloseClipboard
GetDlgItem
SetCursor
GetWindowPlacement
CreateWindowExW
GetClipboardData
SendDlgItemMessageW
VkKeyScanW
GetSystemMetrics
GetDialogBaseUnits
PtInRect
DialogBoxIndirectParamW
GetCapture
ClientToScreen
RedrawWindow
SetLayeredWindowAttributes
CreateDialogParamW
SendMessageW
IsWindowVisible
GetPropW
GetDoubleClickTime
SetMenu
DrawIconEx
InsertMenuW
DeleteMenu
SetTimer
RegisterClipboardFormatW
DestroyCursor
IsZoomed
GetNextDlgGroupItem

winmm

waveOutReset
waveOutPause
waveOutUnprepareHeader
waveOutOpen
waveOutGetPosition
waveOutRestart
waveOutPrepareHeader
waveOutWrite
waveOutClose
waveOutGetNumDevs

ws2_32

socket
inet_addr
ioctlsocket
__WSAFDIsSet
send
select
ntohs
setsockopt
closesocket
htons
WSAGetLastError
gethostbyname
connect
recv
WSAStartup
gethostbyaddr
gethostname

winspool.drv

OpenPrinterW

rpcrt4

UuidToStringW
UuidFromStringW
RpcStringFreeW
UuidCreate

netapi32

NetApiBufferFree
NetUserGetInfo

usp10

ScriptLayout
ScriptRecordDigitSubstitution
ScriptItemize
ScriptApplyDigitSubstitution

msimg32

AlphaBlend
GradientFill

iphlpapi

GetAdaptersAddresses
GetIpAddrTable

wininet

InternetAutodial
InternetGetConnectedState
InternetQueryOptionA
InternetAutodialHangup

dnsapi

DnsRecordListFree
DnsQuery_W

secur32

DeleteSecurityContext
InitializeSecurityContextW
DecryptMessage
FreeContextBuffer
ApplyControlToken
AcquireCredentialsHandleW
QueryContextAttributesW
EncryptMessage
FreeCredentialsHandle

crypt32

CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CryptQueryObject

wintrust

WinVerifyTrust

Exports

Exports

NvOptimusEnablement

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 632KB - Virtual size: 631KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3ec41c1519c53530454deed40c67dc8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

kernel32

advapi32

comctl32

comdlg32

gdi32

msacm32

ole32

oleaut32

shell32

shlwapi

user32

winmm

ws2_32

winspool.drv

rpcrt4

netapi32

usp10

msimg32

iphlpapi

wininet

dnsapi

secur32

crypt32

wintrust

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 632KB - Virtual size: 631KB

.data Size: 165KB - Virtual size: 446KB

.tls Size: 512B - Virtual size: 3B

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 226KB - Virtual size: 226KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 632KB - Virtual size: 631KB

.data
Size: 165KB - Virtual size: 446KB

.tls
Size: 512B - Virtual size: 3B

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 226KB - Virtual size: 226KB