b945169945558bf28e472c6a102b63eed6628594c18d4e0b757d9f7eab770b26

Sharing

Copy URL Twitter E-mail

General

Target

b945169945558bf28e472c6a102b63eed6628594c18d4e0b757d9f7eab770b26
Size

3.4MB
MD5

8d1c1c5ed7f8a0a6f116739f2b7c15f4
SHA1

3f7e2ea85c3df8a2aecb606958a697577f96bde3
SHA256

b945169945558bf28e472c6a102b63eed6628594c18d4e0b757d9f7eab770b26
SHA512

c8ee517498a3d73f30a3980661245917fa1fcc58400bdf8ab9a138f89397c752d85aa698c5b8ed483fbc0b7f8f0928469a4c8c23661d696e71853cd4b8ec2458
SSDEEP

24576:6kGTcZJo53+y8LN+JpCiaB7/7ffRivFCieqzG5HyQaFWgEm4gH/m:Ao+JpCia5jfI8ieCMHNgzf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b945169945558bf28e472c6a102b63eed6628594c18d4e0b757d9f7eab770b26

Files

b945169945558bf28e472c6a102b63eed6628594c18d4e0b757d9f7eab770b26
.exe windows:5 windows x86 arch:x86

29d3852d3f06bb4b4647f8f401959da3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\Projects\ShareModules\bin\Browser.pdb

Imports

kernel32

ExitThread
FileTimeToLocalFileTime
GetFileInformationByHandle
FindFirstFileExW
GetFullPathNameW
LocalFree
SetUnhandledExceptionFilter
GetCommandLineW
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
GetTempPathW
lstrcpyW
EnterCriticalSection
LeaveCriticalSection
Sleep
TerminateThread
InitializeCriticalSection
GetTickCount
WaitForSingleObject
CreateThread
DeleteFileW
CloseHandle
DeleteCriticalSection
lstrcatW
DecodePointer
FindClose
GetProcAddress
GetLastError
GetPrivateProfileIntW
RaiseException
GlobalUnlock
WritePrivateProfileStringW
lstrlenW
MultiByteToWideChar
lstrcmpW
CreateFileW
GetModuleFileNameW
FileTimeToSystemTime
TerminateProcess
lstrcpynW
InitializeCriticalSectionAndSpinCount
LoadLibraryW
WideCharToMultiByte
GlobalAlloc
WriteFile
GetPrivateProfileStringW
GetModuleHandleW
GlobalLock
GetModuleHandleExW
GetCurrentProcess
InterlockedDecrement
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileW
GetLocalTime
FormatMessageW
GetFileAttributesW
CreateDirectoryW
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFilePointer
lstrcmpiW
GetCurrentDirectoryW
GetFileSize
MulDiv
InterlockedIncrement
ExpandEnvironmentStringsA
LoadLibraryA
PeekNamedPipe
WaitForMultipleObjects
FormatMessageA
VerifyVersionInfoA
SleepEx
VerSetConditionMask
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
GetConsoleCP
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryExW
FreeLibrary
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
HeapSize
GetTimeZoneInformation
GetStdHandle
GetCurrentThreadId
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetProcessHeap
RtlUnwind
AreFileApisANSI
ExitProcess
GetSystemTimeAsFileTime
ReadFile
IsProcessorFeaturePresent
EncodePointer
HeapAlloc
HeapFree
OutputDebugStringW
IsDebuggerPresent

user32

wsprintfA
GetWindowRect
LoadImageW
SendMessageW
IsZoomed
SetWindowLongW
SetTimer
PostQuitMessage
SystemParametersInfoW
IsWindowVisible
GetForegroundWindow
GetWindowLongW
ShowWindow
IsWindow
PtInRect
ClientToScreen
KillTimer
GetParent
LoadCursorW
WindowFromPoint
wsprintfW
SetWindowPos
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
DrawTextA
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
GetWindowRgn
UpdateLayeredWindow
SetForegroundWindow
SetRect
DrawTextW
CharPrevW
IsWindowEnabled
CreateWindowExW
MessageBoxW
RegisterClassW
GetSystemMetrics
DefWindowProcW
GetFocus
DestroyWindow
MoveWindow
SetCapture
ReleaseCapture
CreateAcceleratorTableW
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
GetClientRect
GetCaretBlinkTime
ScreenToClient
FillRect
GetGUIThreadInfo
CharNextW
SetCursor
IntersectRect
IsRectEmpty
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
IsIconic
SetFocus
GetActiveWindow
GetKeyState
GetUpdateRect
GetCursorPos
MapWindowPoints
GetSysColor
UnionRect
OffsetRect
GetWindow
MonitorFromWindow
GetMonitorInfoW
SetWindowRgn
InflateRect
CallWindowProcW
RegisterClassExW
GetClassInfoExW
EnableWindow
SetPropW
GetPropW
UpdateWindow

gdi32

CreatePenIndirect
CombineRgn
CreateRoundRectRgn
SetWindowOrgEx
CreateRectRgnIndirect
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
CreateSolidBrush
GetTextMetricsW
GetCharABCWidthsW
SaveDC
BitBlt
GetTextExtentPoint32W
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetClipBox
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreateRectRgn
PtInRegion
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
CreatePen
CreateFontIndirectW
CreateDIBitmap
GetDeviceCaps

advapi32

RegQueryValueExW
RegSetValueExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegOpenKeyExW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW
DragQueryFileW

ole32

OleUninitialize
OleInitialize
CoInitialize
CoTaskMemFree
ReleaseStgMedium
OleDuplicateData
DoDragDrop
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

PathRemoveFileSpecW

gdiplus

GdipGetImageWidth
GdipCloneImage
GdipSetInterpolationMode
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncodersSize
GdipAlloc
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipCloneBrush
GdiplusStartup
GdiplusShutdown
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCreateFromHDC
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipFree

sqlite3

sqlite3_exec
sqlite3_open
sqlite3_vmprintf
sqlite3_column_type
sqlite3_changes
sqlite3_free
sqlite3_column_count
sqlite3_column_text
sqlite3_close
sqlite3_errmsg
sqlite3_busy_timeout
sqlite3_prepare_v2
sqlite3_mprintf
sqlite3_step
sqlite3_finalize
sqlite3_column_int

ws2_32

recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
ioctlsocket
gethostname
gethostbyname
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAStartup
WSACleanup
sendto
WSAGetLastError

wldap32

ord301
ord50
ord60
ord211
ord46
ord143
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord41

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 774KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 761KB - Virtual size: 761KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29d3852d3f06bb4b4647f8f401959da3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

sqlite3

ws2_32

wldap32

comctl32

imm32

Sections

.text Size: 774KB - Virtual size: 773KB

.rdata Size: 182KB - Virtual size: 181KB

.data Size: 18KB - Virtual size: 28KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 761KB - Virtual size: 761KB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 774KB - Virtual size: 773KB

.rdata
Size: 182KB - Virtual size: 181KB

.data
Size: 18KB - Virtual size: 28KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 761KB - Virtual size: 761KB

.reloc
Size: 47KB - Virtual size: 47KB