d9c921fc7e16c1369953e1f774c8e94a959e2c950f4633a70680806aa5315fc6

Sharing

Copy URL

Twitter E-mail

General

Target

d9c921fc7e16c1369953e1f774c8e94a959e2c950f4633a70680806aa5315fc6
Size

4.8MB
MD5

02ed9c6ddc44ff5e2be44078691fa6e2
SHA1

a101adf9fa5cbeb3cff916cde79bcdf7627f73c9
SHA256

d9c921fc7e16c1369953e1f774c8e94a959e2c950f4633a70680806aa5315fc6
SHA512

120c9eb9ac76d1a16db605f0105dd089ca0d25bded3f5749f1faf91640d6a02baa1a4da580932e8884b3da47c27f0d5a1985fb779fd4fa1a39a8c9bbc61c1252
SSDEEP

98304:GPtUHbQZkc+RZ+yHOhgLRIuFiWSsmB8GkgnNz:GSQK/X+kLRFiJqlgx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9c921fc7e16c1369953e1f774c8e94a959e2c950f4633a70680806aa5315fc6

Files

d9c921fc7e16c1369953e1f774c8e94a959e2c950f4633a70680806aa5315fc6
.exe windows:5 windows x86 arch:x86

b713ac3775e33f38f811a7fa3e48c4d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetFileAttributesW
GetCommandLineW
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
HeapQueryInformation
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
GetTickCount
IsValidCodePage
GetOEMCP
GetCPInfo
GetTimeZoneInformation
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
CreateFileA
FindVolumeClose
GetDriveTypeW
GetLogicalDriveStringsW
SetVolumeMountPointW
GetLogicalDrives
GetDriveTypeA
GetVolumeInformationA
DeleteVolumeMountPointW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
DefineDosDeviceW
SetVolumeLabelW
QueryDosDeviceW
DeviceIoControl
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
OpenFile
SystemTimeToTzSpecificLocalTime
CreateDirectoryW
OpenProcess
GetFileAttributesA
FindFirstFileA
GetFileAttributesW
RemoveDirectoryW
FindNextFileW
GetSystemDefaultLangID
GetTempFileNameW
MapViewOfFile
UnmapViewOfFile
GetSystemDefaultLCID
GetSystemPowerStatus
GetSystemDirectoryA
GetTempPathW
CreateFileMappingW
GetSystemInfo
GetTempPathA
SetErrorMode
MoveFileExW
Process32FirstW
GetProcessId
Process32NextW
CreateToolhelp32Snapshot
GetLocalTime
lstrlenW
TryEnterCriticalSection
InterlockedCompareExchange
InterlockedExchange
InterlockedDecrement
PeekNamedPipe
CreateProcessW
GetExitCodeProcess
CreatePipe
GetLogicalDriveStringsA
lstrlenA
WaitForMultipleObjects
CloseHandle
CreateThread
GetCurrentProcessId
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
HeapDestroy
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
GetModuleHandleW
GlobalFree
InitializeSListHead
GetThreadTimes
FileTimeToLocalFileTime
GetExitCodeThread
DeleteFileA
GetSystemTime
GetVersionExA
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapValidate
HeapCreate
FormatMessageA
UnlockFileEx
WaitForSingleObjectEx
FlushViewOfFile
HeapCompact
CreateMutexW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
CopyFileExW
GlobalMemoryStatusEx
SetDllDirectoryW
GetFullPathNameA
GetFileInformationByHandle
VirtualQuery
VirtualProtect
VirtualAlloc
FindFirstFileExW
SystemTimeToFileTime
FileTimeToSystemTime
FindResourceA
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
GetACP
OutputDebugStringA
SetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryW
EncodePointer
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetSystemDirectoryW
FreeLibrary
FreeResource
LoadLibraryExW
LoadResource
LockResource
GlobalDeleteAtom
lstrcmpW
LoadLibraryA
FindResourceW
GlobalAddAtomW
GlobalFindAtomW
GlobalLock
GlobalUnlock
GetCurrentThread
GetVersionExW
SizeofResource
GlobalAlloc
lstrcmpA
SetEvent
CreateEventW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalSize
LocalFree
MulDiv
FormatMessageW
CopyFileW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetCurrentDirectoryW
DeleteFileW
CreateFileW
FindClose
FindFirstFileW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW

user32

GetDlgItem
GetDlgCtrlID
SetFocus
SetRect
KillTimer
SetTimer
PostMessageW
MoveWindow
IsWindow
GetParent
CallNextHookEx
SendDlgItemMessageA
WinHelpW
SendMessageW
SetForegroundWindow
ShowWindow
MonitorFromWindow
GetMonitorInfoW
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetActiveWindow
GetDesktopWindow
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
PostQuitMessage
GetMessageW
TranslateMessage
GetCursorPos
SetCursor
GetWindowThreadProcessId
EnableWindow
GetFocus
IsWindowEnabled
SetWindowTextW
GetWindowTextW
GetWindowLongW
SetWindowLongW
GetWindow
IsDialogMessageW
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoExW
CreateWindowExW
DestroyWindow
GetWindowPlacement
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
ClientToScreen
GetSystemMetrics
DestroyMenu
SystemParametersInfoW
GetSysColorBrush
LoadCursorW
RealChildWindowFromPoint
SetCapture
ReleaseCapture
WindowFromPoint
InvalidateRect
IsIconic
DestroyIcon
CharUpperW
IntersectRect
MessageBoxW
LoadIconW
UnionRect
wsprintfW
SetClipboardData
UpdateLayeredWindow
SetCaretPos
IsWindowVisible
HideCaret
CreateCaret
CloseWindow
GetWindowRgn
RegisterClassExW
GetCaretPos
GetKeyState
GetCapture
SetWindowRgn
IsZoomed
DestroyCaret
GetClassNameA
SendMessageA
CloseClipboard
EnumWindows
GetAsyncKeyState
GetClipboardData
EmptyClipboard
OpenClipboard
SetWindowPos
OffsetRect
UnregisterClassW
GetClassInfoW
CreateDesktopW
CloseDesktop
GetMenu
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
UpdateWindow
SetActiveWindow
GetForegroundWindow
ValidateRect
RedrawWindow
SetPropW
GetPropW
RemovePropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
GetSysColor
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
CopyRect
EqualRect
PtInRect

gdi32

EnumFontFamiliesExW
GetFontData
GetObjectW
SetBitmapBits
GetBitmapBits
PtInRegion
FillRgn
CreatePolygonRgn
CreateDIBSection
CreateRoundRectRgn
SetPixel
GetDIBits
CreateFontW
CreateCompatibleBitmap
GetTextExtentPoint32W
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetMapMode
SetBkMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
GetStockObject
GetClipBox
Escape
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateBitmap
SetTextColor
SetBkColor

shell32

SHGetSpecialFolderPathA
ShellExecuteW
DragQueryFileW
SHGetFileInfoW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
ord165
DragAcceptFiles

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathIsUNCW
PathIsRootW
PathIsDirectoryW
PathCanonicalizeW
PathIsRootA
PathStripToRootW
PathFileExistsA

oleacc

LresultFromObject
CreateStdAccessibleObject

imagehlp

MakeSureDirectoryPathExists

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetDevCaps
timeKillEvent
timeSetEvent

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyExW
RegQueryValueExW
ControlService
UnlockServiceDatabase
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
LockServiceDatabase
OpenServiceW
OpenSCManagerW
CloseServiceHandle
LsaFreeMemory
LsaRetrievePrivateData
LsaNtStatusToWinError
LsaClose
LsaOpenPolicy
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegEnumKeyW
RegQueryValueW
AdjustTokenPrivileges
RegEnumValueW
LookupPrivilegeValueW
LookupAccountNameW
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority

ole32

CoInitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
CreateStreamOnHGlobal
OleSetContainedObject
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocString
VariantTimeToSystemTime
VarDateFromStr

msimg32

AlphaBlend

setupapi

CM_Get_Device_IDA
CM_Get_Parent
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

gdiplus

GdipGetImageWidth
GdipDeletePath
GdipDrawPath
GdipDeletePen
GdipCreatePen1
GdipResetClip
GdipGetImageHeight
GdipAddPathRectangleI
GdipAddPathEllipseI
GdipResetPath
GdipDrawImageRectRect
GdipSetSmoothingMode
GdipSaveImageToFile
GdipCreateBitmapFromFile
GdipCreateFontFamilyFromName
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromStream
GdipCreateSolidFill
GdipDeleteBrush
GdipFillPath
GdipSetPenDashStyle
GdipSetClipPath
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipCreateFromHDC
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipCreatePath
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsCount
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipDrawLineI

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmDestroyContext
ImmSetCompositionWindow

ws2_32

connect
WSAStartup
send
gethostbyname
closesocket
inet_addr
select
WSAGetLastError
htons
shutdown
setsockopt
WSACleanup
recv
ioctlsocket
socket

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA

iphlpapi

GetAdaptersInfo

wlanapi

WlanCloseHandle
WlanGetProfile
WlanOpenHandle
WlanEnumInterfaces
WlanFreeMemory
WlanGetProfileList

rpcrt4

UuidFromStringW
UuidToStringW
RpcStringFreeW

crypt32

CryptUnprotectData
CryptStringToBinaryW

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 557KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 193KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 521KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26.6MB - Virtual size: 26.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b713ac3775e33f38f811a7fa3e48c4d2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

shlwapi

oleacc

imagehlp

version

winmm

winspool.drv

advapi32

ole32

oleaut32

msimg32

setupapi

gdiplus

imm32

ws2_32

wininet

iphlpapi

wlanapi

rpcrt4

crypt32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 557KB - Virtual size: 556KB

.data Size: 193KB - Virtual size: 236KB

.vmp0 Size: 521KB - Virtual size: 521KB

.reloc Size: 221KB - Virtual size: 221KB

.rsrc Size: 26.6MB - Virtual size: 26.6MB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 557KB - Virtual size: 556KB

.data
Size: 193KB - Virtual size: 236KB

.vmp0
Size: 521KB - Virtual size: 521KB

.reloc
Size: 221KB - Virtual size: 221KB

.rsrc
Size: 26.6MB - Virtual size: 26.6MB