1b6d49a8fac845180aabff07bcd017045b3266b3163a1ed0030bcb91cfe29918

Sharing

Copy URL

Twitter E-mail

General

Target

1b6d49a8fac845180aabff07bcd017045b3266b3163a1ed0030bcb91cfe29918
Size

5.7MB
MD5

036cf662f5a2920f880475e3295dc99a
SHA1

bea1bb2c877403a97bbb29b6664ebb4b1fcb2a0e
SHA256

1b6d49a8fac845180aabff07bcd017045b3266b3163a1ed0030bcb91cfe29918
SHA512

83a04806a8e02ba388ae72d680c0bc1ab03d393b0b4716c4fc0658ad4934297a7175794a6d75cce656e60051ce5d73428083177b575469b8c26c881311c9a33f
SSDEEP

98304:j/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmDkV6:mMD+cpvJ/4H3nmghWoa/fsysMF4JD855

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1b6d49a8fac845180aabff07bcd017045b3266b3163a1ed0030bcb91cfe29918

Files

1b6d49a8fac845180aabff07bcd017045b3266b3163a1ed0030bcb91cfe29918
.exe windows:5 windows x86 arch:x86

629c376f922ac7af64aae2bcd675c1b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord127
ord27
ord26
ord117
ord41
ord167
ord145
ord208
ord216
ord14
ord46
ord219
ord79
ord133
ord147
ord301
ord142

kernel32

InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
GetUserDefaultLCID
SearchPathW
GetProfileIntW
GetTempFileNameW
GetWindowsDirectoryW
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
VirtualFree
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SwitchToThread
SignalObjectAndWait
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
WriteConsoleW
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetFilePointerEx
GetDriveTypeW
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetCommandLineW
FindResourceExW
HeapQueryInformation
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
DosDateTimeToFileTime
GetLocalTime
ExitProcess
GetACP
CreateMutexW
GetVersionExA
SetEnvironmentVariableA
FormatMessageA
CreateWaitableTimerA
GetLogicalProcessorInformation
OpenEventA
GetSystemTime
GlobalMemoryStatus
FlushConsoleInputBuffer
GetCPInfo
LCMapStringW
GetStringTypeW
TryEnterCriticalSection
MoveFileExW
PeekNamedPipe
GetStdHandle
GetFileType
VerSetConditionMask
GetCurrentDirectoryW
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
GetEnvironmentVariableA
SetStdHandle
CompareFileTime
DecodePointer
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedCompareExchange
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
OpenProcess
GetCurrentProcessId
TerminateProcess
RaiseException
TerminateThread
GetLastError
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
QueueUserAPC
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
Sleep
CloseHandle
GetSystemTimeAsFileTime
TlsAlloc
TlsGetValue
TlsSetValue
GetCommandLineA
TlsFree
SleepEx
WaitForSingleObjectEx
WaitForMultipleObjectsEx
VirtualProtect
GetCurrentThread
GlobalFlags
GetUserDefaultUILanguage
GetLocaleInfoW
CompareStringW
lstrcmpiW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
EncodePointer
SystemTimeToFileTime
FileTimeToSystemTime
GlobalGetAtomNameW
lstrcmpA
ResumeThread
SetThreadPriority
FormatMessageW
MulDiv
GlobalSize
LockResource
LocalFree
LocalReAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalAlloc
GetCurrentThreadId
SetUnhandledExceptionFilter
GetVersionExW
CreateThread
WriteFile
MoveFileW
GetSystemDirectoryW
GetModuleHandleA
GetSystemInfo
GetCurrentProcess
GetModuleHandleW
lstrcpyW
CreateFileW
CopyFileW
FindNextFileW
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
FindClose
FindResourceW
SizeofResource
LoadResource
FreeResource
CreateMutexA
ReleaseMutex
GetTickCount
DeleteFileW
CreateDirectoryW
GetTempPathW
GetPrivateProfileIntW
GetModuleFileNameA
InitializeCriticalSection
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
CreateFileA
WritePrivateProfileStringA
OutputDebugStringW
OutputDebugStringA
GetEnvironmentVariableW
CreateProcessW
LoadLibraryW
GetNativeSystemInfo
DeviceIoControl
LocalAlloc
GetProcAddress
FreeLibrary
MultiByteToWideChar
VerifyVersionInfoW
GetPrivateProfileStringA
GetModuleFileNameW
SetWaitableTimer
CreateWaitableTimerW
CreateSemaphoreA
CreateEventW
CreateEventA
OpenMutexA

user32

ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromPoint
UpdateLayeredWindow
UnionRect
DrawIcon
EqualRect
CopyRect
MapWindowPoints
GetKeyboardState
CreateAcceleratorTableW
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
SetWindowRgn
SetClassLongW
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
GetMenuDefaultItem
NotifyWinEvent
InvertRect
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
wsprintfW
MoveWindow
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
SendMessageW
PostMessageW
PostQuitMessage
KillTimer
CreatePopupMenu
DestroyMenu
AppendMenuW
TrackPopupMenu
UpdateWindow
SetForegroundWindow
MessageBoxW
FindWindowW
InvalidateRgn
GetCaretPos
ShowCaret
CharPrevW
CharNextW
RegisterClassExW
GetCaretBlinkTime
SetCaretPos
CreateCaret
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetCursorPos
LoadIconW
UnhookWindowsHookEx
EnableWindow
IsWindowEnabled
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
SetWindowsHookExW
CallNextHookEx
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
DeleteMenu
SetCursor
ShowOwnedPopups
LoadImageW
InvalidateRect
TrackMouseEvent
IntersectRect
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
CopyImage
InflateRect
GetMenuItemInfoW
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RealChildWindowFromPoint
GetDesktopWindow
ClientToScreen
CharUpperW
DestroyIcon
IsDialogMessageW
SetWindowTextW
CheckDlgButton
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
CreateMenu
GetWindowRgn
DestroyCursor
SetTimer
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
RegisterWindowMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetForegroundWindow
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
SetActiveWindow
GetScrollInfo
SetScrollInfo
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect

gdi32

SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
DeleteObject
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
CreateDCW
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
GetLayout
Rectangle
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
LPtoDP
GetTextCharsetInfo
GetObjectA
GetCharABCWidthsW
GetRgnBox
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
CopyMetaFileW
CombineRgn

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

CryptEnumProvidersA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegQueryValueW
StartServiceW
OpenServiceW
DeleteService
CreateServiceW
OpenSCManagerW
EnumServicesStatusA
CloseServiceHandle
RegOpenKeyExW
RegOpenKeyW
RegCloseKey
CryptSignHashA

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetDesktopFolder

ole32

OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CLSIDFromString
CoDisconnectObject
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
ReleaseStgMedium
CLSIDFromProgID
CoCreateGuid
CoTaskMemFree
OleDuplicateData
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantTimeToSystemTime
VariantClear
VariantCopy
VariantChangeType
VarBstrFromDate
VariantInit
SysAllocString
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
LoadTypeLi
SysFreeString

iphlpapi

GetExtendedTcpTable
GetAdaptersInfo

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty

shlwapi

StrFormatKBSizeW
wnsprintfW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathRemoveFileSpecW

ws2_32

getsockopt
inet_addr
gethostbyname
bind
closesocket
ioctlsocket
htonl
htons
ntohl
ntohs
setsockopt
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
WSASend
WSASocketW
WSAStringToAddressW
getpeername
getsockname
select
shutdown
WSARecv
listen
getaddrinfo
freeaddrinfo
__WSAFDIsSet
accept
connect
gethostname
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
socket
send
recv
WSAIoctl
getservbyname

mswsock

AcceptEx
GetAcceptExSockaddrs

msimg32

AlphaBlend
TransparentBlt

uxtheme

DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize
DrawThemeText

gdiplus

GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipAlloc
GdipCreateBitmapFromStream
GdipLoadImageFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusShutdown
GdipGetImagePaletteSize
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawPath
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipDrawRectangleI
GdipSetPenMode
GdipDrawLineI
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipDrawString
GdipMeasureString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdiplusStartup

imm32

ImmGetOpenStatus
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

dbghelp

MiniDumpWriteDump

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

winmm

PlaySoundW

comctl32

ord17
_TrackMouseEvent

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 904KB - Virtual size: 903KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 614KB - Virtual size: 614KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

629c376f922ac7af64aae2bcd675c1b3

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

iphlpapi

crypt32

shlwapi

ws2_32

mswsock

msimg32

uxtheme

gdiplus

imm32

dbghelp

oleacc

winmm

comctl32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 904KB - Virtual size: 903KB

.data Size: 85KB - Virtual size: 129KB

.gfids Size: 106KB - Virtual size: 105KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 614KB - Virtual size: 614KB

.reloc Size: 235KB - Virtual size: 234KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 904KB - Virtual size: 903KB

.data
Size: 85KB - Virtual size: 129KB

.gfids
Size: 106KB - Virtual size: 105KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 614KB - Virtual size: 614KB

.reloc
Size: 235KB - Virtual size: 234KB