1859fc0cd6cd4b5fac4d56c27ac161b37082fe6f8cbf377302a1e11fad98aa35

Sharing

Copy URL Twitter E-mail

General

Target

1859fc0cd6cd4b5fac4d56c27ac161b37082fe6f8cbf377302a1e11fad98aa35
Size

15.1MB
MD5

609167f8ec606e8e64eb71a9b89e31f0
SHA1

80089c2e2cc9bb4c7c5ac50b6f284f05631457d8
SHA256

1859fc0cd6cd4b5fac4d56c27ac161b37082fe6f8cbf377302a1e11fad98aa35
SHA512

5fb8edae3e437207e932dcaf8e3184c5f63fe4c9ad4a73b592d1e88219f6133d3bad7f81f244c8b76fb14067abe489680b540056ace52788a3b239485f693001
SSDEEP

393216:T3SbDi72JHStW16IA+77pWoWQ6XYVX8uG0lJMZt0gCf/7wLwcwK3S:T3+e72ZYIAQNnV6X2M0lJMZFCf/7wL2l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1859fc0cd6cd4b5fac4d56c27ac161b37082fe6f8cbf377302a1e11fad98aa35

Files

1859fc0cd6cd4b5fac4d56c27ac161b37082fe6f8cbf377302a1e11fad98aa35
.exe windows:5 windows x86 arch:x86

202aff11737dcce14a5d73736443d694

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerifyVersionInfoA
ExpandEnvironmentStringsA
PeekNamedPipe
InterlockedCompareExchange
MulDiv
GetLastError
MultiByteToWideChar
LocalFree
FormatMessageW
GetFileAttributesW
MoveFileExW
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetModuleHandleW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
FileTimeToLocalFileTime
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetVersionExW
WaitForMultipleObjects
WriteFile
SetEndOfFile
GetSystemDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
GetModuleHandleA
GetSystemWindowsDirectoryW
CopyFileW
LocalAlloc
GetCurrentProcess
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
MapViewOfFile
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetPrivateProfileIntW
GetPrivateProfileStringW
GetExitCodeProcess
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalFree
lstrcpyW
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetVolumeInformationW
GetFileInformationByHandle
GetLongPathNameW
GetFileAttributesExW
FileTimeToSystemTime
ReleaseMutex
CreateMutexW
DeviceIoControl
SetPriorityClass
FlushInstructionCache
HeapCreate
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetLocalTime
GetVersionExA
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetFileType
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
WaitForSingleObjectEx
SetStdHandle
GetConsoleCP
FlushFileBuffers
WriteConsoleW
GetSystemDirectoryA
VerSetConditionMask
SleepEx
GetFileAttributesExA
FormatMessageA
QueryPerformanceFrequency
UnmapViewOfFile
CreateFileMappingW
lstrlenA
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetSystemTime
SystemTimeToFileTime
GetFileSizeEx
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteFileW
GetTempPathW
SetCurrentDirectoryW
GetModuleFileNameW
WideCharToMultiByte
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
CreateFileW
WritePrivateProfileStringW
ReadFile
GetFileSize
CreateEventW
Sleep
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
FreeLibrary
EnterCriticalSection
InitializeCriticalSection
GetExitCodeThread
TerminateThread
CreateThread
QueryDosDeviceW
GetWindowsDirectoryW
LoadLibraryW
GetLogicalDriveStringsW
lstrcmpiW
CloseHandle
OpenProcess
LoadLibraryA
lstrlenW
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
VirtualFree
VirtualAlloc
GetProcAddress
IsProcessorFeaturePresent

user32

ReleaseCapture
SetCapture
GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
PostMessageW
TrackMouseEvent
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
MapWindowPoints
GetWindowRect
GetClientRect
GetActiveWindow
GetDlgItem
CreateWindowExW
CallWindowProcW
DefWindowProcW
GetFocus
SetFocus
PtInRect
EqualRect
IsRectEmpty
UnionRect
CopyRect
SetRect
SetCursor
KillTimer
SetTimer
DestroyWindow
GetSysColor
LoadCursorW
IntersectRect
GetKeyState
UpdateWindow
SetWindowLongW
GetWindowLongW
GetForegroundWindow
UnregisterClassW
GetClassNameW
BeginPaint
EndPaint
InvalidateRect
GetCursorPos
CreateCaret
SendMessageW
ShowWindow
SetWindowPos
SetWindowTextW
IsWindow
EnableMenuItem
ClientToScreen
GetMessageW
CharNextW
LoadImageW
CreateIconFromResource
LoadBitmapW
DestroyIcon
PeekMessageW
DispatchMessageW
TranslateMessage
wsprintfW
CharPrevExA
CharUpperW
MsgWaitForMultipleObjects
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
GetMenuItemCount
SetForegroundWindow
RegisterClassExW
FindWindowW
DestroyMenu
CreatePopupMenu
IsWindowEnabled
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
CharLowerBuffW
SystemParametersInfoA
DrawTextW
IsWindowVisible
LoadStringW
GetSystemMetrics
ScreenToClient
SetCaretPos
HideCaret
DestroyCursor
GetCaretBlinkTime
SystemParametersInfoW
GetDC
ReleaseDC
InflateRect
OffsetRect
DrawIconEx
GetIconInfo

advapi32

CryptEnumProvidersA
RegOpenKeyW
RegEnumKeyW
ImpersonateLoggedOnUser
RevertToSelf
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashA
DuplicateTokenEx
CreateProcessAsUserW
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegDeleteKeyW
SetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

SHBrowseForFolderW
SHChangeNotify
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHFileOperationW

ole32

CoInitialize
CoUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateGuid
CreateBindCtx
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoCreateInstance
OleUninitialize

psapi

GetProcessImageFileNameW
EnumProcessModules
GetModuleFileNameExW
EnumProcesses

shlwapi

SHSetValueW
SHGetValueW
SHCreateStreamOnFileEx
StrStrIW
PathAppendW
SHDeleteKeyW
SHDeleteValueW
PathFileExistsW
StrToIntExW

gdiplus

GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipFree
GdipCloneImage
GdipGetImageEncoders
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipDrawImageI
GdipSaveImageToFile
GdipGraphicsClear

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

gdi32

CreateBitmap
CreateRoundRectRgn
EnumFontsW
BitBlt
GetViewportOrgEx
GetCurrentObject
SetViewportOrgEx
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
IntersectClipRect
GetRegionData
ExtCreateRegion
DeleteObject
GetDeviceCaps
SetGraphicsMode
CreateFontIndirectW
CreateSolidBrush
GetStockObject
Rectangle
GdiFlush
GetTextFaceW
ExtTextOutW
SetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsW
GetGlyphOutlineW
GetFontData
GetCharABCWidthsW
EnumFontFamiliesExW
SetBkMode
StretchBlt
DeleteDC
CreateCompatibleDC

oleaut32

SysAllocStringLen
VariantCopy
VariantClear
SysFreeString
SysAllocString

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptMsgGetParam
CryptMsgClose
CryptQueryObject

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wldap32

ord32
ord27
ord26
ord33
ord41
ord50
ord60
ord211
ord46
ord217
ord143
ord35
ord79
ord30
ord301
ord22
ord200

ws2_32

WSASetLastError
recv
send
bind
closesocket
gethostname
ioctlsocket
sendto
__WSAFDIsSet
recvfrom
listen
accept
getservbyname
gethostbyname
htonl
shutdown
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
setsockopt
connect
ntohs
htons
getsockopt
socket
WSAGetLastError
getsockname
getpeername
select

usp10

ScriptShape
ScriptFreeCache
ScriptItemize

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 820KB - Virtual size: 819KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18.5MB - Virtual size: 18.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

202aff11737dcce14a5d73736443d694

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

psapi

shlwapi

gdiplus

imm32

gdi32

oleaut32

crypt32

userenv

wldap32

ws2_32

usp10

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 820KB - Virtual size: 819KB

.data Size: 108KB - Virtual size: 239KB

.gfids Size: 512B - Virtual size: 436B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 18.5MB - Virtual size: 18.5MB

.reloc Size: 189KB - Virtual size: 188KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 820KB - Virtual size: 819KB

.data
Size: 108KB - Virtual size: 239KB

.gfids
Size: 512B - Virtual size: 436B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 18.5MB - Virtual size: 18.5MB

.reloc
Size: 189KB - Virtual size: 188KB