833ad1d2420891168bc61dd242993a7dc82b28f37a2ef87526ad66854d17f103

Sharing

Copy URL Twitter E-mail

General

Target

833ad1d2420891168bc61dd242993a7dc82b28f37a2ef87526ad66854d17f103
Size

8.1MB
MD5

dc976e8f8320e742439212782d90fb6b
SHA1

c097fbaa6ea831799219c99c8bb128b37e561e4d
SHA256

833ad1d2420891168bc61dd242993a7dc82b28f37a2ef87526ad66854d17f103
SHA512

a8bbf507dd700f94de8ef9d3252a356ea13eb3eaf70e73e587db1d37418a2573fb838a1d047bc2dbc1dd4cabc927b9ad8a99a565ffeadcd05db064a771023df1
SSDEEP

98304:Ozu4+znHDSWkYUfyLY4aqz9oiUfiTHiPRe6q0LZXSeonLiBq8AwsvU6PzxOJt+Vz:dHqY9Laz/DvLZXSbgp2UYzx/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
833ad1d2420891168bc61dd242993a7dc82b28f37a2ef87526ad66854d17f103

Files

833ad1d2420891168bc61dd242993a7dc82b28f37a2ef87526ad66854d17f103
.exe windows:5 windows x86 arch:x86

6e29ff14498578289f970a9c6b7336aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetFileAttributesW
GetCommandLineW
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
HeapQueryInformation
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
GetTickCount
IsValidCodePage
GetOEMCP
GetCPInfo
GetTimeZoneInformation
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
GetSystemDefaultLangID
GetTempFileNameW
CreateFileA
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetLogicalDrives
GetSystemDefaultLCID
GetSystemPowerStatus
lstrcmpiW
GetTempPathW
CreateFileMappingW
QueryDosDeviceW
GetSystemInfo
GetTempPathA
GetFileAttributesW
SetErrorMode
GetLogicalDriveStringsW
OpenProcess
Process32FirstW
GetProcessId
Process32NextW
CreateToolhelp32Snapshot
GetLocalTime
OpenFile
SystemTimeToTzSpecificLocalTime
CreateDirectoryW
GetDriveTypeA
GetFileAttributesA
FindFirstFileA
RemoveDirectoryW
FindNextFileW
FindVolumeClose
SetVolumeMountPointW
GetVolumeInformationA
DeleteVolumeMountPointW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
DefineDosDeviceW
SetVolumeLabelW
DeviceIoControl
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
lstrcpynW
lstrlenW
lstrcatW
TryEnterCriticalSection
InterlockedCompareExchange
InterlockedExchange
PeekNamedPipe
CreateProcessW
GetExitCodeProcess
CreatePipe
InterlockedDecrement
WaitForMultipleObjects
GetExitCodeThread
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GlobalMemoryStatusEx
GetFullPathNameA
GetFileInformationByHandle
FindFirstFileExW
FindResourceA
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
MoveFileExW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
DeleteFileW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalSize
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
SetEvent
GlobalFree
GlobalUnlock
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
FreeResource
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
EncodePointer
FindResourceW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
LoadLibraryExW
FreeLibrary
GetVersionExW
GetCurrentThreadId
GetCurrentThread
LoadLibraryW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
SetLastError
OutputDebugStringA
GetACP
WideCharToMultiByte
MultiByteToWideChar
CopyFileExW
lstrcpyA
CreateMutexW
HeapCompact
FlushViewOfFile
WaitForSingleObjectEx
UnlockFileEx
FormatMessageA
HeapCreate
HeapValidate
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetVersionExA
GetSystemTime
DeleteFileA
GetThreadTimes
HeapReAlloc
InitializeSListHead
GetCurrentProcessId
CreateThread
CloseHandle
WaitForSingleObject
GetModuleHandleW
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
GetSystemDirectoryA

user32

SetRect
OffsetRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextW
RemovePropW
GetPropW
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
BeginPaint
IsWindowVisible
WinHelpW
MonitorFromWindow
GetMonitorInfoW
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
GetDesktopWindow
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMessageW
TranslateMessage
GetCursorPos
SetCursor
GetWindowThreadProcessId
SendMessageW
ShowWindow
KillTimer
SetTimer
PostMessageW
SetPropW
GetParent
EnableWindow
ReleaseDC
LoadIconW
GetClassInfoW
UnregisterClassW
PtInRect
GetWindowLongW
SetWindowLongW
GetClassLongW
CreateDesktopW
CloseDesktop
EndPaint
GetSystemMetrics
DestroyMenu
GetSysColorBrush
IsIconic
DestroyIcon
CharUpperW
IntersectRect
UnionRect
EnumDisplaySettingsW
SetClipboardData
UpdateLayeredWindow
GetCaretPos
SetWindowRgn
IsZoomed
CloseWindow
SetCaretPos
HideCaret
CreateCaret
DestroyCaret
GetClassNameW
GetTopWindow
GetLastActivePopup
GetWindow
SetWindowsHookExW
CallNextHookEx
OpenClipboard
MoveWindow
SetWindowTextW
IsDialogMessageW
SetCapture
ReleaseCapture
ClientToScreen
WindowFromPoint
LoadCursorW
SystemParametersInfoW
RealChildWindowFromPoint
InvalidateRect
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetDC
GetWindowDC
MessageBoxW
GetWindowRgn
RegisterClassExW
GetClassNameA
SendMessageA
wsprintfW
EnumChildWindows
CloseClipboard
ChangeDisplaySettingsW
SendDlgItemMessageA
PostQuitMessage
UnhookWindowsHookEx
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
ExitWindowsEx
EnumWindows
GetAsyncKeyState
GetClipboardData
EmptyClipboard
GetWindowPlacement
SetWindowPos
DestroyWindow
IsWindow
GetDlgItem
GetClassInfoExW
CreateWindowExW

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
DragAcceptFiles
ord165
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetDesktopFolder
ShellExecuteW
DragQueryFileW
SHGetFileInfoW
SHChangeNotify

shlwapi

PathFileExistsW
PathIsRootW
PathIsDirectoryW
PathFileExistsA
PathCanonicalizeW
PathIsRootA
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW

gdiplus

GdipCreateBitmapFromFile
GdipDeletePath
GdipDrawPath
GdipDeletePen
GdipCreatePen1
GdipResetClip
GdipSetClipPath
GdipAddPathRectangleI
GdipGetImageHeight
GdipResetPath
GdipDrawImageRectRect
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdiplusShutdown
GdipCreatePath
GdipAddPathArcI
GdiplusStartup
GdipGetImageWidth
GdipDeleteBrush
GdipAddPathLineI
GdipClosePathFigure
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromStream
GdipCreateSolidFill
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsCount
GdipFillPath
GdipSetPenDashStyle
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipDrawLineI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipAddPathEllipseI
GdipSetStringFormatAlign

oleacc

LresultFromObject
CreateStdAccessibleObject

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

imagehlp

MakeSureDirectoryPathExists

winmm

timeSetEvent
timeKillEvent
timeGetDevCaps

gdi32

SetBkMode
EnumFontFamiliesExW
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateFontW
GetDIBits
CreateDIBSection
PtInRegion
CreateRoundRectRgn
CreatePolygonRgn
FillRgn
SetPixel
GetBitmapBits
SetBitmapBits
SetMapMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
GetStockObject
GetClipBox
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateCompatibleDC
BitBlt
DeleteObject
GetDeviceCaps
CreateBitmap
GetObjectW
SetTextColor
ExtTextOutW
SetBkColor

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetSidIdentifierAuthority
LsaNtStatusToWinError
RegQueryInfoKeyW
ControlService
UnlockServiceDatabase
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
LockServiceDatabase
OpenServiceW
OpenSCManagerW
CloseServiceHandle
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupAccountNameW
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
OpenProcessToken
LsaStorePrivateData
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LsaRetrievePrivateData
ImpersonateLoggedOnUser
RevertToSelf
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
LsaOpenPolicy
LsaClose
LsaFreeMemory

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
CoInitializeEx
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
CreateStreamOnHGlobal
OleSetContainedObject

oleaut32

VariantTimeToSystemTime
VariantChangeType
VariantClear
VariantInit
SysAllocString
VarDateFromStr
SysFreeString

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

imm32

ImmDestroyContext
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmAssociateContext

ws2_32

htons
WSAGetLastError
shutdown
inet_addr
WSAStartup
connect
ioctlsocket
closesocket
gethostbyname
send
setsockopt
WSACleanup
select
recv
socket

iphlpapi

GetAdaptersInfo

wininet

InternetCrackUrlA
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionExW
InternetQueryOptionW
InternetQueryDataAvailable
InternetSetFilePointer
InternetReadFile
InternetCanonicalizeUrlA
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpQueryInfoW
HttpOpenRequestW
InternetConnectW
HttpAddRequestHeadersW
HttpSendRequestW
InternetWriteFile

wlanapi

WlanFreeMemory
WlanEnumInterfaces
WlanOpenHandle
WlanScan
WlanGetProfile
WlanReasonCodeToString
WlanCloseHandle
WlanSetProfile
WlanGetProfileList

rpcrt4

UuidToStringW
UuidFromStringW
RpcStringFreeW

rasapi32

RasSetEntryPropertiesA
RasEnumEntriesA
RasGetEntryPropertiesA
RasDeleteEntryA

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

crypt32

CryptUnprotectData
CryptStringToBinaryW

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 581KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27.0MB - Virtual size: 27.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e29ff14498578289f970a9c6b7336aa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

gdiplus

oleacc

version

imagehlp

winmm

gdi32

winspool.drv

comdlg32

advapi32

ole32

oleaut32

msimg32

comctl32

imm32

ws2_32

iphlpapi

wininet

wlanapi

rpcrt4

rasapi32

setupapi

crypt32

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 581KB - Virtual size: 580KB

.data Size: 198KB - Virtual size: 241KB

.vmp0 Size: 504KB - Virtual size: 504KB

.reloc Size: 232KB - Virtual size: 232KB

.rsrc Size: 27.0MB - Virtual size: 27.0MB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 581KB - Virtual size: 580KB

.data
Size: 198KB - Virtual size: 241KB

.vmp0
Size: 504KB - Virtual size: 504KB

.reloc
Size: 232KB - Virtual size: 232KB

.rsrc
Size: 27.0MB - Virtual size: 27.0MB