70be4623b91e67ed1c9f5da0e36aff15b031b84e9775a7ce49fae9e844ccf849

Sharing

Copy URL

Twitter E-mail

General

Target

70be4623b91e67ed1c9f5da0e36aff15b031b84e9775a7ce49fae9e844ccf849
Size

14.8MB
MD5

ebb837de5e0a5361e08a0b5f1b91d663
SHA1

df35fc640dbd033a51d16530064609ffdedd66d1
SHA256

70be4623b91e67ed1c9f5da0e36aff15b031b84e9775a7ce49fae9e844ccf849
SHA512

80d17d47bf151f3a6d070a52c2673f6b8b1a696046fcd3d15c24f4054169c26c1d7cc6f43fe512cd5548bb95627d24aa0be285efba8420f7c8f5644717a9c71f
SSDEEP

393216:d+S2dlA3J9ARMj/0RLIUI++rd4jK/drQAIBITVVZlNovTffMITI1kJqGxl3ACqAV:p3J9ARMj/0LIUI++rd4jK/d8AIBITVVE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70be4623b91e67ed1c9f5da0e36aff15b031b84e9775a7ce49fae9e844ccf849

Files

70be4623b91e67ed1c9f5da0e36aff15b031b84e9775a7ce49fae9e844ccf849
.exe windows:4 windows x86 arch:x86

ddb4a183cb1a090bcef433272f4ad676

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNW
ChrCmpIW
StrToIntExW
StrChrW
StrCmpNIW
StrStrIW
StrRChrW
PathFindExtensionW
PathIsDirectoryW
PathRemoveBackslashW
PathRenameExtensionW
PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW
PathRemoveExtensionW
PathFindFileNameW
StrChrA
PathCombineW

kernel32

GetSystemTime
GetLocalTime
HeapReAlloc
CreateThread
ExitThread
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
Sleep
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetSystemTimeAsFileTime
GetSystemInfo
InitializeCriticalSectionAndSpinCount
CreateFileMappingA
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
HeapSize
HeapAlloc
HeapFree
RaiseException
RtlUnwind
ExitProcess
GetStartupInfoW
GetPrivateProfileIntW
GetProcessVersion
SetErrorMode
GetCurrentProcessId
GetDriveTypeA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindResourceA
GlobalAddAtomA
GetProfileStringA
IsDBCSLeadByte
ConvertDefaultLocale
CreateMutexW
CreateFileMappingW
MapViewOfFile
ResetEvent
WaitForMultipleObjects
GetExitCodeProcess
ReleaseMutex
UnmapViewOfFile
lstrcpynA
CreateFileA
GetTickCount
CreateEventA
GetFullPathNameA
DeleteFileA
InterlockedCompareExchange
InterlockedExchange
GlobalSize
SizeofResource
LockResource
LoadResource
FindResourceW
lstrlenW
lstrlenA
lstrcmpW
GetPrivateProfileStringW
lstrcpyW
lstrcatW
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
GetVersionExW
lstrcmpiW
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
MoveFileW
DeleteCriticalSection
EnterCriticalSection
GetTimeZoneInformation
LeaveCriticalSection
InitializeCriticalSection
WritePrivateProfileStringW
lstrcpynW
GetTempFileNameW
GetTempPathW
CreateDirectoryW
GetCurrentDirectoryW
GetVersion
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
GetModuleHandleA
MulDiv
GetLastError
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
DuplicateHandle
GetCurrentProcess
CreateFileW
ReadFile
lstrcmpiA
GetCurrentThread
SystemTimeToFileTime
GetFileTime
GetFileSize
GetFileAttributesW
CreateEventW
ResumeThread
SetEvent
WaitForSingleObject
LoadLibraryA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleW
LocalFree
WriteFile
GetFullPathNameW
GetVolumeInformationW
DeleteFileW
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer

user32

SetParent
GetDCEx
DestroyMenu
GetSysColorBrush
GetDesktopWindow
SetRectEmpty
GetMessageW
ValidateRect
GetActiveWindow
CreateDialogIndirectParamW
GetCursorPos
WindowFromPoint
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
wvsprintfW
SendDlgItemMessageA
MapWindowPoints
SetActiveWindow
AdjustWindowRectEx
DeferWindowPos
IsWindowVisible
MessageBoxA
GetWindowRect
ReleaseDC
GetDC
PtInRect
EqualRect
IsClipboardFormatAvailable
CloseClipboard
OpenClipboard
GetScrollInfo
GetTopWindow
IsChild
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
DestroyWindow
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetForegroundWindow
IntersectRect
GetWindowPlacement
MoveWindow
SetClipboardData
EmptyClipboard
wsprintfW
EnableWindow
SetRect
GetParent
GetSystemMetrics
DrawFocusRect
GetSysColor
OffsetRect
InflateRect
DrawEdge
DrawFrameControl
CopyRect
RedrawWindow
UnregisterClassW
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetWindowTextLengthW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
CharUpperW
LoadStringW
GrayStringW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
DrawTextExW
FillRect
DrawTextW
LoadIconW
RegisterWindowMessageW
DrawIcon
SetTimer
KillTimer
GetLastActivePopup
SetForegroundWindow
IsIconic
GetDlgCtrlID
FindWindowExW
UpdateWindow
AdjustWindowRect
ClientToScreen
ShowWindow
GetWindowTextA
DrawTextA
GetClassInfoA
ScreenToClient
CreateWindowExW
GetWindowTextW
EndDialog
MessageBeep
DestroyCursor
LockWindowUpdate
MessageBoxW
GetClassNameW
SetWindowTextW
GetDlgItem
PeekMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
GetWindow
PostMessageW
GetFocus
IsWindowEnabled
SetFocus
GetKeyState
GetWindowLongW
SetCursor
LoadImageW
DestroyIcon
SetWindowPos
SetWindowLongW
LoadCursorW
SystemParametersInfoW
GetMessagePos
InvalidateRect
ReleaseCapture
GetClientRect
GetCapture
SetCapture
SendMessageW
IsWindow
CharNextW
GetPropA
SetPropA
SetWindowLongA
GetClassNameA
IsWindowUnicode
SendMessageA
GetWindowLongA
SetWindowsHookExA
RemovePropA
CallWindowProcA
CharNextA
DefWindowProcA
DefDlgProcA
SetMenuItemBitmaps

gdi32

StretchDIBits
SetDIBitsToDevice
CreateDIBitmap
DeleteObject
CreateHalftonePalette
GetPaletteEntries
GetObjectW
GetStockObject
SelectPalette
RealizePalette
GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
CreatePalette
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SaveDC
SetBrushOrgEx
CreatePatternBrush
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateBitmap
PatBlt
SetRectRgn
CombineRgn
GetCharWidthW
CreateFontW
GetTextMetricsW
CreateDCW
RestoreDC
SelectObject
SetBkColor
SetBkMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetStretchBltMode
Rectangle
CreatePen
GetTextExtentPoint32W
CreateFontIndirectW
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
SetBitmapDimensionEx
CreateDIBSection
StretchBlt
ExtTextOutA
GetTextExtentPointA
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateRectRgn
GetClipBox

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetFileTitleW
ChooseColorW
GetSaveFileNameW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderW
DragFinish
ShellExecuteExW
SHFileOperationW
DragQueryFileW
ShellExecuteW

comctl32

ImageList_Destroy
ord17

ole32

CoInitialize
CoCreateInstance
CoUninitialize
OleGetClipboard

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
VariantClear
SysAllocStringLen

ws2_32

htons
ntohs
htonl

Sections

.text
Size: 12.4MB - Virtual size: 12.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 572KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bak
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ddb4a183cb1a090bcef433272f4ad676

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

ws2_32

Sections

.text Size: 12.4MB - Virtual size: 12.4MB

.text1 Size: 300KB - Virtual size: 297KB

.rdata Size: 436KB - Virtual size: 434KB

.data Size: 572KB - Virtual size: 1.1MB

.data1 Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 80KB - Virtual size: 78KB

.bak Size: 8KB - Virtual size: 6KB

.bak Size: 8KB - Virtual size: 6KB

.bak Size: 8KB - Virtual size: 6KB

.text
Size: 12.4MB - Virtual size: 12.4MB

.text1
Size: 300KB - Virtual size: 297KB

.rdata
Size: 436KB - Virtual size: 434KB

.data
Size: 572KB - Virtual size: 1.1MB

.data1
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 80KB - Virtual size: 78KB

.bak
Size: 8KB - Virtual size: 6KB

.bak
Size: 8KB - Virtual size: 6KB

.bak
Size: 8KB - Virtual size: 6KB