d4752c36470ad3dfd473327ab198d900f9af8dd57ac62fbf3381a53cad8a1ea8

Sharing

Copy URL Twitter E-mail

General

Target

d4752c36470ad3dfd473327ab198d900f9af8dd57ac62fbf3381a53cad8a1ea8
Size

3.4MB
MD5

30c6e5bbc646b4db409864467f67b9b2
SHA1

4ea864281a5100f36a92447ba5177281e6a4ae6e
SHA256

d4752c36470ad3dfd473327ab198d900f9af8dd57ac62fbf3381a53cad8a1ea8
SHA512

61c474ea2b41b52ca94f62e4c5364ce0a96dbf1c9b8446cab73356f7cd94bf6f180c33ba4e73cfa76a3e64b88984c95aa947c1ee29455f361effa21f84e53652
SSDEEP

49152:t1ZM+drzCzw39TsxoOBx4BODBsOi0y7YVY+9uwVO4/Nv68Xny6UvPCKR1hM79Z:tEwirVv6QyniKRjM5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4752c36470ad3dfd473327ab198d900f9af8dd57ac62fbf3381a53cad8a1ea8

Files

d4752c36470ad3dfd473327ab198d900f9af8dd57ac62fbf3381a53cad8a1ea8
.exe windows:6 windows x64 arch:x64

8f506178f77c39d85e31df7d32ac2ad6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LockResource
LoadResource
FindResourceW
GetTickCount
LoadLibraryW
FreeLibrary
IsBadWritePtr
GetCommandLineW
GetFileAttributesW
GlobalFlags
GetSystemInfo
GetCurrentDirectoryW
SetCurrentDirectoryW
IsBadReadPtr
VirtualQuery
GenerateConsoleCtrlEvent
HeapReAlloc
ResetEvent
GlobalDeleteAtom
GlobalAddAtomW
GetLocalTime
VirtualProtect
VirtualFree
VirtualAlloc
FlushInstructionCache
InitializeCriticalSectionEx
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetWaitableTimer
LeaveCriticalSection
MoveFileW
WriteConsoleW
SetEndOfFile
FlushFileBuffers
HeapSize
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
LCMapStringW
RemoveDirectoryW
GetFileType
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
WideCharToMultiByte
TlsSetValue
SizeofResource
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
CreateWaitableTimerW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsGetValue
RaiseException
RtlPcToFileHeader
GetExitCodeThread
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExW
OutputDebugStringA
GetConsoleScreenBufferInfo
WriteConsoleA
GetNumaNodeProcessorMask
GetNumaHighestNodeNumber
GetLargePageMinimum
GetCurrentProcessorNumber
QueryPerformanceFrequency
QueryPerformanceCounter
FlsFree
FlsSetValue
FlsAlloc
WriteFile
GetEnvironmentVariableA
GetStdHandle
LocalFree
LocalSize
LocalAlloc
GetUserDefaultLocaleName
IsBadCodePtr
lstrlenA
lstrcpynW
lstrcmpW
lstrlenW
CreateFileW
ReadProcessMemory
GetProcessId
CreateProcessW
SetPriorityClass
lstrcatW
Sleep
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
FreeResource
TlsGetValue
MapViewOfFile
OpenFileMappingW
GetSystemTimeAsFileTime
GetProcessTimes
CreateEventW
CreateThread
SetEvent
ExpandEnvironmentStringsW
GetTickCount64
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetTimeFormatW
GetDateFormatW
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreatePipe
ExitProcess
GetCurrentThread
SetThreadPriority
GetEnvironmentVariableW
GetShortPathNameW
GetModuleFileNameW
TlsFree
GetPriorityClass
GetCurrentProcess
SetFileAttributesW
CreateDirectoryW
FindNextFileW
DeleteFileW
CopyFileW
FindClose
FindFirstFileW
MultiByteToWideChar
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetModuleFileNameA
GetCurrentThreadId
WaitForSingleObject
K32GetModuleFileNameExW
TerminateProcess
IsProcessorFeaturePresent
OpenProcess
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
CompareStringW

user32

ShowWindow
GetWindowTextLengthW
GetWindow
IsMenu
MessageBeep
GetSysColor
SetCaretPos
LoadCursorW
EnableWindow
SendMessageW
IsWindow
SetWindowLongPtrW
LoadStringW
ShowCaret
HideCaret
DestroyCaret
CreateCaret
LoadMenuW
ChangeWindowMessageFilterEx
SetClassLongPtrW
GetClassLongPtrW
GetCaretPos
GetUpdateRect
GetMenuItemRect
SetMenuItemInfoW
GetMenuItemInfoW
EndMenu
GetMenuStringW
ToUnicode
GetKeyboardState
GetAsyncKeyState
UpdateLayeredWindow
RegisterClassExW
PostQuitMessage
DestroyCursor
IsRectEmpty
OffsetRect
UnionRect
IntersectRect
SetCursor
KillTimer
SetProcessDPIAware
CharLowerW
GetDoubleClickTime
GetMessageW
GetWindowTextW
SetWindowTextW
IsWindowVisible
IsWindowEnabled
GetWindowRect
GetParent
GetWindowLongPtrW
ScreenToClient
SetWindowPos
DestroyWindow
SetFocus
GetFocus
InvalidateRect
UpdateWindow
EqualRect
CallNextHookEx
SetCapture
SetWindowsHookExW
ReleaseCapture
MoveWindow
GetKeyState
SetActiveWindow
DialogBoxIndirectParamW
MapVirtualKeyW
GetKeyNameTextW
GetWindowThreadProcessId
WaitForInputIdle
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
GetMenuItemCount
TrackPopupMenu
GetSubMenu
DestroyMenu
EnableMenuItem
GetSystemMenu
DispatchMessageW
DeleteMenu
IsIconic
BeginPaint
EndPaint
DestroyIcon
UnregisterHotKey
RegisterHotKey
wsprintfW
MonitorFromWindow
DefWindowProcW
PostMessageW
CreateWindowExW
GetActiveWindow
GetClassInfoW
SetTimer
RegisterClassW
LoadIconW
LoadImageW
EndDialog
RegisterWindowMessageW
SetLayeredWindowAttributes
SendNotifyMessageW
EnumDisplayMonitors
PtInRect
MonitorFromPoint
UnhookWinEvent
SetWinEventHook
MessageBoxW
ReleaseDC
GetDC
SystemParametersInfoW
GetSystemMetrics
UnhookWindowsHookEx
CallWindowProcW
ShowWindowAsync
GetAncestor
SetForegroundWindow
GetClassNameW
WindowFromPoint
GetCursorPos
GetForegroundWindow
IsZoomed
GetDesktopWindow
FindWindowExW
FindWindowW
SetPropW
GetWindowLongW
SetWindowLongW
GetPropW
SetParent
SendMessageTimeoutW
RemovePropW
GetMonitorInfoW

gdi32

CreateFontIndirectW
BitBlt
SelectObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
SetBkColor
GetDeviceCaps
DeleteDC
GetObjectW
EnumFontFamiliesExW
GetPixel
DeleteObject
GetStockObject
SetBkMode
GetTextMetricsW

comdlg32

PrintDlgExW
GetOpenFileNameW

advapi32

AdjustTokenPrivileges
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
OpenProcessToken
DuplicateTokenEx
LookupPrivilegeValueW
RegQueryValueW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
FreeSid
EqualSid
GetTokenInformation
AllocateAndInitializeSid
CreateProcessWithTokenW
RegGetValueW

shell32

SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileW
ShellExecuteExW
ord190
ord155
ExtractIconW
Shell_NotifyIconW
SHChangeNotify
SHAppBarMessage
SHGetPropertyStoreFromParsingName

ole32

CoUninitialize
CLSIDFromProgID
CoInitialize
ReleaseStgMedium
CoCreateInstance
PropVariantClear
CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
RegisterDragDrop

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VariantInit
SysFreeString
SafeArrayDestroy
VariantClear

comctl32

ImageList_Destroy
ImageList_Create
ImageList_AddMasked

dnsapi

DnsQuery_W
DnsFree

ntdll

RtlAdjustPrivilege

propsys

PSGetPropertyKeyFromName

shlwapi

PathFindFileNameW
PathFindExtensionW
PathFileExistsW
ord12
PathIsDirectoryW

ws2_32

WSACleanup
ioctlsocket
inet_addr
recv
WSAStartup
htons
connect
socket
send
WSAAsyncSelect
gethostbyname
closesocket

gdiplus

GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageRectI
GdipSetCompositingMode
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipFree
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipGetImagePixelFormat
GdipDisposeImage
GdipAlloc
GdipGetImagePalette

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmAssociateContext

winmm

timeGetTime

d3d11

D3D11CreateDevice

d2d1

ord2
ord1

dwrite

DWriteCreateFactory

msimg32

GradientFill

prntvpt

ord9
ord4
ord2

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 735KB - Virtual size: 735KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f506178f77c39d85e31df7d32ac2ad6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

dnsapi

ntdll

propsys

shlwapi

ws2_32

gdiplus

imm32

winmm

d3d11

d2d1

dwrite

msimg32

prntvpt

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 436KB - Virtual size: 435KB

.data Size: 40KB - Virtual size: 259KB

.pdata Size: 67KB - Virtual size: 66KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 735KB - Virtual size: 735KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 436KB - Virtual size: 435KB

.data
Size: 40KB - Virtual size: 259KB

.pdata
Size: 67KB - Virtual size: 66KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 735KB - Virtual size: 735KB

.reloc
Size: 14KB - Virtual size: 13KB