694272aa51b78abf5b61fc3e8feb1dee313b27f05ecfb22f8b8a172c1f7897e2

Sharing

Copy URL

Twitter E-mail

General

Target

694272aa51b78abf5b61fc3e8feb1dee313b27f05ecfb22f8b8a172c1f7897e2
Size

4.6MB
MD5

5d7140f9b4d99fed9ac8043cbb949ba1
SHA1

20116908ccd41dab31d753111e6739e1e8bb0d36
SHA256

694272aa51b78abf5b61fc3e8feb1dee313b27f05ecfb22f8b8a172c1f7897e2
SHA512

3ca4b0ff200e8b8fa154fb31cbfabc942f940b2337f1971bf3807ab7e516121cc3140cb05b4936fcc69991dee6761c90efbbdcb8be802693bbcd894461c08fff
SSDEEP

98304:8yqaj1UXXJdcrxhkwSTzNRqYI8yd3anUraW0qC1HkMxFrJ:8daCZdcr+ao00V1HrxFr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
694272aa51b78abf5b61fc3e8feb1dee313b27f05ecfb22f8b8a172c1f7897e2

Files

694272aa51b78abf5b61fc3e8feb1dee313b27f05ecfb22f8b8a172c1f7897e2
.exe windows:5 windows x86 arch:x86

e91ad112e9d39788e63cf2324010fd65

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetFileSize
GetFileTime
SystemTimeToFileTime
SetErrorMode
GetCurrentDirectoryA
RtlUnwind
HeapFree
RaiseException
HeapReAlloc
GetTimeZoneInformation
GetStartupInfoA
GetCommandLineA
GetACP
HeapSize
SetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
GetCPInfo
GetUserDefaultLCID
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualProtect
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
lstrcmpA
MulDiv
SetLastError
GetFullPathNameA
GetVolumeInformationA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
AreFileApisANSI
CreateFileW
CreateFileMappingW
CreateMutexW
DeleteFileW
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
GetSystemInfo
GetTempPathW
GetVersionExW
HeapValidate
HeapCompact
LoadLibraryW
LockFileEx
UnlockFileEx
WaitForSingleObjectEx
OutputDebugStringW
InterlockedCompareExchange
FlushViewOfFile
FlushConsoleInputBuffer
QueryPerformanceCounter
GlobalMemoryStatus
GetCurrentProcessId
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateEventA
GetVersion
lstrcatA
GlobalGetAtomNameA
lstrcmpiA
GlobalFindAtomA
GlobalDeleteAtom
FormatMessageA
InterlockedDecrement
GetCurrentThreadId
GetSystemTimeAsFileTime
CreateMutexA
CopyFileA
GetTempPathA
GetTempFileNameA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualAlloc
VirtualQuery
Module32First
IsBadWritePtr
MoveFileExA
SetFileAttributesA
CreateToolhelp32Snapshot
Process32First
TerminateProcess
Process32Next
lstrcpyA
TerminateThread
ExitThread
PulseEvent
SetEvent
ResetEvent
InterlockedIncrement
GlobalFree
LockResource
LoadLibraryA
LocalAlloc
LocalFree
FreeLibrary
GetTickCount
GlobalSize
OpenProcess
WideCharToMultiByte
ResumeThread
WaitForSingleObject
CreateThread
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
SuspendThread
InterlockedExchangeAdd
GetSystemTime
InterlockedExchange
GlobalAddAtomA
GetFileAttributesA
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
OutputDebugStringA
GetProcAddress
GetProcessHeap
HeapAlloc
CreateProcessA
GetLastError
GetModuleHandleA
GetModuleFileNameA
WinExec
Sleep
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindFirstFileA
FindNextFileA
FindClose
GetLocalTime
CreateFileA
FreeResource
WriteFile
CloseHandle
DeleteFileA
lstrlenA
CreateDirectoryA
IsBadReadPtr
MultiByteToWideChar
FindResourceA
SizeofResource
LoadResource
GlobalAlloc
GlobalLock
GlobalUnlock
EnumSystemLocalesA
FlushInstructionCache
GetCurrentProcess
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
GetProcAddress
LocalAlloc
LoadLibraryA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
VirtualQuery
LocalFree
CreateFileA
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetScrollPos
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetDlgCtrlID
GetKeyState
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetWindow
OffsetRect
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
ReleaseDC
GetDC
GetClientRect
GetSystemMetrics
GetDesktopWindow
IsWindow
wsprintfA
RegisterWindowMessageA
PtInRect
SetDlgItemTextA
SetWindowsHookExA
GetDlgItem
ScreenToClient
ClientToScreen
IsIconic
DrawIcon
GetSystemMenu
InsertMenuA
AppendMenuA
CreatePopupMenu
GetForegroundWindow
GetParent
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
CopyRect
EqualRect
IsWindowVisible
LoadKeyboardLayoutA
DestroyWindow
PostQuitMessage
SendDlgItemMessageA
GetClassInfoExA
RegisterClassExA
CreateWindowExA
SetForegroundWindow
UpdateWindow
EnableWindow
InvalidateRect
SendMessageA
PostMessageA
SetWindowTextA
MessageBoxA
GetCursorPos
CallNextHookEx
GetKeyNameTextA
MapVirtualKeyA
GetWindowRect
RegisterHotKey
UnregisterHotKey
UnhookWindowsHookEx
DispatchMessageA
UnregisterClassA
GetProcessWindowStation
GetUserObjectInformationW
GetUpdateRect
GetDlgItemInt
SetDlgItemInt
IsDialogMessageA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ValidateRect
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
InflateRect
DestroyMenu
LoadStringA
GetSysColorBrush
GetWindowInfo
GetWindowRgn
IsZoomed
SetTimer
MenuItemFromPoint
GetMenuItemRect
GetComboBoxInfo
TrackMouseEvent
DrawStateA
DestroyIcon
KillTimer
GetIconInfo
AdjustWindowRectEx
GetSysColor
MapWindowPoints
DrawIconEx
IsRectEmpty
SetWindowRgn
WindowFromDC
EnableScrollBar
GetScrollBarInfo
GetDCEx
GetWindowLongW
SetWindowLongW
IsMenu
GetMenuItemInfoA
SetMenuItemInfoA
EnumThreadWindows
SetRect
TranslateMessage
PeekMessageA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
SetWindowLongA
GetWindowLongA
GetSubMenu
LoadMenuA
LoadIconA
SetCursor
LoadCursorA
ReleaseCapture
SetCapture
GetAsyncKeyState
SetWindowPos
GetClassNameA
GetWindowTextA
EnumChildWindows
EnumWindows
FindWindowExA
SetCursorPos
WindowFromPoint
FindWindowA
ShowWindow
EnableMenuItem
SetFocus
GetFocus
GetWindowTextLengthA
GetMessageA
SetMenu
SetRectEmpty
DefWindowProcA
CharUpperBuffW
MessageBoxW

gdi32

ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
GetClipRgn
SelectClipPath
CreatePen
SetViewportExtEx
CreateSolidBrush
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CombineRgn
GetTextExtentPoint32A
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
RestoreDC
SaveDC
PatBlt
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetDeviceCaps
CreateFontIndirectA
GetMapMode
GetBkColor
CreateRectRgn
SetDIBitsToDevice
CreateCompatibleDC
CreateDIBSection
GetPixel
ExtCreateRegion
ExtTextOutW
GetTextColor
OffsetRgn
PtInRegion
EndPath
Rectangle
BeginPath
StretchBlt
CreateRoundRectRgn
GetTextExtentPointA
SetPixel
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetDIBits
GetClipBox
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

EqualSid
AllocateAndInitializeSid
RegisterEventSourceA
ReportEventA
DeregisterEventSource
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
FreeSid
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

ShellExecuteA
SHChangeNotify
SHGetPathFromIDListA
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHFileOperationA
SHBrowseForFolderA
DragQueryFileA

comctl32

ord17
ImageList_Destroy
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_Draw

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
SysFreeString

urlmon

URLDownloadToFileA

shlwapi

PathFileExistsA
PathIsDirectoryA

gdiplus

GdipCreateBitmapFromFile
GdipAlloc
GdipFree
GdipImageRotateFlip
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromStreamICM
GdiplusStartup
GdipCreateBitmapFromFileICM
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipLoadImageFromStream
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdiplusShutdown
GdipSaveImageToFile

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCheckConnectionA
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile

ws2_32

htonl

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpQueryOption
WinHttpSetOption
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl

psapi

GetModuleFileNameExA

winmm

timeKillEvent
timeSetEvent
timeGetTime

msimg32

TransparentBlt

msvfw32

DrawDibOpen
DrawDibDraw

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT1
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 1016KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e91ad112e9d39788e63cf2324010fd65

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

shlwapi

gdiplus

wininet

ws2_32

winhttp

psapi

winmm

msimg32

msvfw32

wtsapi32

Sections

.text Size: - Virtual size: 1.5MB

.rdata Size: - Virtual size: 295KB

.data Size: - Virtual size: 137KB

INIT0 Size: - Virtual size: 2.9MB

INIT1 Size: 4.6MB - Virtual size: 4.6MB

.rsrc Size: 28KB - Virtual size: 1016KB

.text
Size: - Virtual size: 1.5MB

.rdata
Size: - Virtual size: 295KB

.data
Size: - Virtual size: 137KB

INIT0
Size: - Virtual size: 2.9MB

INIT1
Size: 4.6MB - Virtual size: 4.6MB

.rsrc
Size: 28KB - Virtual size: 1016KB