52431e3f40e6e13fe0487c9df29d3569baa0f80d0fd9b247a7a0dff8374663b7

Sharing

Copy URL

Twitter E-mail

General

Target

52431e3f40e6e13fe0487c9df29d3569baa0f80d0fd9b247a7a0dff8374663b7
Size

3.7MB
MD5

69454b88df6e75166d5eb2f2adac31dc
SHA1

ec571a263dbd2d31a2906b248ec3636aba345e0b
SHA256

52431e3f40e6e13fe0487c9df29d3569baa0f80d0fd9b247a7a0dff8374663b7
SHA512

ebcf4c6d72b92c6e2d0b2c3000aff1b7db8a6101bf7769bea20f660d5bfb8dd7561e2231934ca0283ca21c511f9956f24924ab39c8b2759cb5a8bee857941197
SSDEEP

98304:ZtF6+Rc/LUiCNtGPiJFVsT6VXfXmzpzA:ZtbTXfX+z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52431e3f40e6e13fe0487c9df29d3569baa0f80d0fd9b247a7a0dff8374663b7

Files

52431e3f40e6e13fe0487c9df29d3569baa0f80d0fd9b247a7a0dff8374663b7
.exe windows:6 windows x86 arch:x86

049adbf07dc2401161a473a0cf535e9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
GetFileAttributesW
GetLastError
GetFileAttributesExW
GlobalFlags
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateProcessW
CopyFileW
VirtualQuery
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
ResetEvent
GetSystemTimeAsFileTime
lstrcpynW
TerminateThread
GetCommandLineW
SetLastError
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FlushFileBuffers
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetACP
FreeLibraryAndExitThread
ExitThread
SetStdHandle
ReadConsoleW
GetFileType
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
InitializeSListHead
GetStartupInfoW
ReadFile
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
CreateDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetUserDefaultLCID
FindResourceW
LoadResource
LockResource
FreeResource
GetCurrentThreadId
SizeofResource
MulDiv
WaitForMultipleObjects
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
GetCurrentProcess
TerminateProcess
OpenProcess
GetCurrentProcessId
Sleep
OpenEventW
GetLocalTime
GetTimeFormatW
GetDateFormatW
ExitProcess
SetWaitableTimer
CreateWaitableTimerW
GetModuleHandleW
IsDebuggerPresent
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetExitCodeThread
WaitForSingleObjectEx
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileInformationByHandleEx
CreateFileW
SetFileAttributesW
SetFileTime
WriteConsoleW
GetStdHandle
FindClose
GetDiskFreeSpaceExW
GetModuleFileNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
GetTickCount
GetTimeZoneInformation
LeaveCriticalSection
ReleaseSemaphore
PostQueuedCompletionStatus
CreateEventW
CreateIoCompletionPort
GetSystemInfo
CreateThread
GetQueuedCompletionStatus
SetEvent
SetThreadPriority
WaitForSingleObject
CloseHandle
CreateSemaphoreW
AreFileApisANSI
SetFilePointerEx
SetFileInformationByHandle
SetEndOfFile
GetFinalPathNameByHandleW
FindFirstFileExW
LocalFree
RaiseException
FormatMessageA
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetConsoleMode
WriteFile
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsProcessorFeaturePresent
DeleteCriticalSection

user32

OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
MonitorFromWindow
GetWindowLongW
DefWindowProcW
GetPropW
CreateWindowExW
RemovePropW
LoadStringW
GetClassInfoW
RegisterClassW
SetPropW
LoadIconW
GetDesktopWindow
GetParent
LoadImageW
GetDC
WaitForInputIdle
ReleaseDC
DestroyWindow
GetWindowThreadProcessId
MessageBoxTimeoutW
SetTimer
KillTimer
SetDlgItemTextW
IsWindow
FindWindowW
GetWindowTextW
GetWindowTextLengthW
GetAncestor
SendMessageW
EnumWindows
GetClassNameW
WindowFromPoint
DestroyCursor
DestroyIcon
wsprintfW
SetWindowLongW
MsgWaitForMultipleObjects
SetCursor
MessageBoxA
LoadCursorW
GetCursorPos
MessageBoxW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowPos

gdi32

GetObjectW
DeleteObject
CreateBitmap
SelectObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GetStockObject
GetDeviceCaps
DeleteDC

advapi32

RegQueryValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
DragQueryFileW
DragFinish
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

ole32

GetHGlobalFromStream
StringFromGUID2
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CLSIDFromProgID
OleRun
CLSIDFromString

oleaut32

LHashValOfNameSys
SafeArrayGetDim
VariantInit
SafeArrayGetUBound
LoadTypeLi
SafeArrayGetLBound
VariantCopyInd
SysFreeString
RegisterTypeLi
SysAllocString
VariantCopy
SafeArrayUnaccessData
SafeArrayCreate
VarCmp
SafeArrayAccessData
VariantChangeType
VariantClear
VariantTimeToSystemTime
SysAllocStringLen
SysStringLen
SafeArrayGetElemsize
SystemTimeToVariantTime

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create

hpsocket_u

HP_Create_TcpPackServer
HP_Destroy_TcpPackClient
HP_Create_TcpPackClient
HP_Destroy_TcpPackServer

sqlite3

sqlite3_open_v2
sqlite3_close_v2
sqlite3_prepare_v2
sqlite3_errmsg
sqlite3_column_text
sqlite3_finalize
sqlite3_initialize
sqlite3_step

libcurl

curl_global_cleanup
curl_easy_cleanup
curl_slist_append
curl_easy_pause
curl_slist_free_all
curl_easy_perform
curl_easy_getinfo
curl_easy_init
curl_easy_setopt
curl_global_init

ftbrowser

FT_RunMessageLoop
FT_Shutdown
FT_V8CGetGlobal
FT_V8CreateString
FT_V8SetValue
FT_V8SetValueEx
FT_Browser_SendMouse
FT_Browser_Focus
FT_Browser_Close
FT_Browser_SendKey
FT_Browser_Move
FT_Browser_Create
FT_Browser_StopLoad
FT_Browser_GetMframe
FT_Frame_LoadUrl
FT_QuitMessageLoop
FT_Frame_GetWebcode
FT_V8CreateObject
FT_V8GetIntValue
FT_V8CreateInt
FT_V8IsFunction
FT_V8ExecuteFunction_String
FT_V8CreateFunction
FT_Browser_Init

xcgui

XEdit_EnablePassword
XWnd_SetPosition
XAdListView_DeleteAllItem
XEle_GetPosition
XEle_SetPosition
XBtn_IsCheck
XListView_DeleteAllItem
XBtn_SetCheck
XListView_Item_GetTextEx
XDraw_EnableSmoothingMode
XDraw_SetBrushColor
XDraw_FillRoundRect
XDraw_ImageAdaptiveF
XSView_GetScrollBarV
XSBar_GetRange
XComboBox_GetSelItem
XSView_ScrollPosV
XComboBox_GetItemText
XEle_EnableTopmost
XListView_SetSelectItem
XWidget_EnableLayoutControl
XBtn_SetTypeEx
XWnd_IsMaxWindow
XComboBox_GetCount
XComboBox_DeleteItemAll
XAdListView_Item_GetTextEx
XListView_GetTemplateObject
XEle_SetTextColor
XListView_SetRowSpace
XAdListView_Item_GetCount
XListView_DeleteAll
XEle_SetSize
XWnd_MaxWindow
XEle_AddBkFill
XFont_Create
XShapeText_Create
XShapeText_SetTextColor
XWnd_ShowWindow
XWnd_CreateEx
XWidget_GetName
XSvg_LoadFile
XAdListView_Group_AddItemText
XImage_LoadSvg
XNotifyMsg_WindowPopupEx
XEle_EnableBkTransparent
XListView_SetItemSize
XListView_SetItemTemplateXML
XListView_RefreshItem
XShape_Redraw
XListView_Item_GetCount
XAdListView_Item_SetImageEx
XAdListView_Item_SetTextEx
XAdListView_Item_SetText
XAdListView_Item_AddItemImage
XImage_LoadFile
XComboBox_AddItemText
XC_GetObjectByID
XComboBox_CreateAdapter
XWnd_CloseWindow
XWnd_Center
XProgBar_EnableShowText
XC_GetObjectByName
XEle_Enable
XBtn_GetText
XWnd_EnableDragBorder
XWnd_EnableDragWindow
XEle_EnableMouseThrough
XC_LoadLayout
XC_LoadResource
XC_AddFileSearchPath
XShapePic_SetImage
XShapeText_SetText
XShapeText_SetFont
XInitXCGUI
XImage_LoadMemory
XEle_EnableEvent_XE_MOUSEWHEEL
XWidget_GetHWND
XEle_GetHeight
XEle_ClearBkInfo
XEle_AddBkImage
XEle_GetWidth
XEle_GetUserData
XAdListView_Item_AddColumn
XAdListView_Group_AddColumn
XListView_BindAdapter
XAdListView_Create
XImage_SetDrawTypeAdaptive
XWnd_AdjustLayout
XSView_ShowSBarH
XListView_SetGroupHeight
XSvg_SetSize
XWidget_Show
XWnd_SetTop
XWnd_GetHWND
XC_CallUiThread
XWnd_Show
XEle_Redraw
XWnd_Redraw
XWidget_LayoutItem_SetHeight
XWidget_LayoutItem_SetWidth
XEle_SetCapture
XWidget_GetHWINDOW
XWnd_SetFocusEle
XImage_Release
XDraw_Image
XImage_LoadFromHBITMAP
XEle_SetUserData
XC_IsHXCGUI
_XWnd_RegEvent
_XEle_RegEvent
_XWnd_RemoveEvent
_XEle_RemoveEvent
XSView_Create
XProgBar_SetPos
XComboBox_GetState
XComboBox_SetSelItem
XComboBox_Create
XEdit_SetText
XEdit_GetText
XEdit_GetLength
XEdit_Create
XListView_Create
XLayout_Create
XTextLink_Create
XBtn_SetTextAlign
XBtn_SetText
XBtn_Create
XEle_Create
XEle_IsEnable
XEle_SetWidth
XEle_SetToolTip
XEle_GetStateFlags
XEle_SetHeight
XEle_SetFont
XEle_SetCursor
XEle_DrawEle
XWnd_GetRect
XWidget_IsShow
XEle_AdjustLayout
XExitXCGUI
XRunXCGUI
XC_EnableDebugFile
XListView_SetColumnSpace
XC_SetTextRenderingHint
XC_SetPaintFrequency
XAdListView_Item_GetText
XShapeText_GetText

gdiplus

GdipGetImageHeight
GdipCloneImage
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipSaveImageToStream
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipGetImagePalette
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipFree
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipAlloc
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipGetImagePaletteSize
GdipSetCompositingMode

iphlpapi

GetExtendedTcpTable

psapi

GetProcessImageFileNameW

winmm

timeSetEvent
PlaySoundW
timeKillEvent

dsound

ord11

ws2_32

WSACleanup

Exports

Exports

?active_implementation@simdutf@@3V?$atomic_ptr@$$CBVimplementation@simdutf@@@internal@1@A
?available_implementations@simdutf@@3Vavailable_implementation_list@internal@1@B

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 498KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

�Y4��u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

049adbf07dc2401161a473a0cf535e9f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

hpsocket_u

sqlite3

libcurl

ftbrowser

xcgui

gdiplus

iphlpapi

psapi

winmm

dsound

ws2_32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 498KB - Virtual size: 498KB

.data Size: 27KB - Virtual size: 130KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 155KB - Virtual size: 154KB

�Y4��u� Size: 16KB - Virtual size: 20KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 498KB - Virtual size: 498KB

.data
Size: 27KB - Virtual size: 130KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 155KB - Virtual size: 154KB

�Y4��u�
Size: 16KB - Virtual size: 20KB