5743015bbdfe025c61498b8fb50c66ff850198c9391c0c23f6dca566f9e3fb78

Sharing

Copy URL Twitter E-mail

General

Target

5743015bbdfe025c61498b8fb50c66ff850198c9391c0c23f6dca566f9e3fb78
Size

2.2MB
MD5

0f8cf56635c5f85ca41ededeb13e0023
SHA1

86f5d63accf17193040fbf5aeb86bff2f9c0d1a6
SHA256

5743015bbdfe025c61498b8fb50c66ff850198c9391c0c23f6dca566f9e3fb78
SHA512

6118da757e5ac4c2ccc7ef6d99fb0a16243a834a7a53b2dfbf2eb59e81b4882ebc469de11cc69b6defdf8e496fa3a2ec66303dc263a539ca63aaee41a4a3e26f
SSDEEP

24576:DMLlBpw28f4EidfwsR95Sr6DowuDP6ejSifXlYX403BxEoVIH06iy3iRk1ng:DMLljsxidIkoyejSif1B03BxEIIU6iKu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5743015bbdfe025c61498b8fb50c66ff850198c9391c0c23f6dca566f9e3fb78

Files

5743015bbdfe025c61498b8fb50c66ff850198c9391c0c23f6dca566f9e3fb78
.exe windows:5 windows x64 arch:x64

6f35509b64dd62c30e4611a2fc117838

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetDateFormatA
GetTimeFormatA
ExitThread
GetCommandLineA
GetStartupInfoA
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
Sleep
SetStdHandle
GetFileType
HeapSize
HeapQueryInformation
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
GetCurrentDirectoryA
GetStdHandle
GetTickCount
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapSetInformation
HeapCreate
QueryPerformanceCounter
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
GlobalFlags
GetFileTime
CreateFileW
SetConsoleMode
ReadConsoleInputA
FlushConsoleInputBuffer
LoadLibraryW
GlobalMemoryStatus
GetVersion
GetSystemTime
FreeEnvironmentStringsA
SetErrorMode
GetFileSizeEx
GetFileAttributesA
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
GetModuleHandleW
FileTimeToLocalFileTime
FindNextFileA
SystemTimeToFileTime
FileTimeToSystemTime
GetModuleFileNameW
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
MoveFileA
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LoadLibraryA
lstrcmpW
GetModuleHandleA
GetProcAddress
GetVersionExA
FreeResource
GlobalGetAtomNameA
SetThreadPriority
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
GetCurrentThreadId
SetLastError
CreateIoCompletionPort
ReleaseSemaphore
CreateSemaphoreA
GlobalMemoryStatusEx
GetCurrentProcess
ExitProcess
InitializeCriticalSectionAndSpinCount
DeleteFileA
GetLocalTime
GetTimeZoneInformation
ResetEvent
WritePrivateProfileStringA
CreateDirectoryA
GetModuleFileNameA
CreateMutexA
GetLastError
OpenProcess
ReleaseMutex
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateEventA
CreateThread
ResumeThread
CloseHandle
WaitForSingleObject
SetEvent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
lstrlenA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
LCMapStringW
SizeofResource

user32

SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
PostMessageA
EnableWindow
SendMessageA
EnableScrollBar
GetCursorPos
ValidateRect
PeekMessageA
DispatchMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSysColor
MessageBoxA
GetSystemMetrics
PostThreadMessageA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
GetDC
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
IsIconic
GetDesktopWindow
GetWindow
SetForegroundWindow
GetPropA
CopyRect
DrawIcon
AppendMenuA
GetSystemMenu
GetWindowRect
GetClientRect
SetTimer
KillTimer
LoadIconA
RegisterClipboardFormatA
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
WindowFromPoint
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
ReleaseDC
DestroyMenu
SetWindowContextHelpId
MapDialogRect
CharUpperA
GetWindowThreadProcessId
SetCursor
PostQuitMessage
CallWindowProcA
TabbedTextOutA

gdi32

SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
RestoreDC
SaveDC
ExtTextOutA
CreateRectRgnIndirect
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegisterEventSourceW
DeregisterEventSource
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ReportEventW

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathFileExistsA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemFree
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc

oleaut32

VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
SysStringLen
SafeArrayDestroy
OleCreateFontIndirect
SysAllocString

wsock32

inet_addr
gethostbyname
gethostname
select
socket
recv
__WSAFDIsSet
htons
ioctlsocket
closesocket
send
connect
sendto
WSAGetLastError
inet_ntoa
ntohs
getpeername
setsockopt
WSACleanup
WSAStartup
getsockopt
shutdown
recvfrom
WSASetLastError
accept

pdh

PdhAddCounterA
PdhOpenQueryA
PdhCloseQuery
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhRemoveCounter

psapi

EnumProcessModules
EnumProcesses
GetProcessMemoryInfo
GetModuleBaseNameA
GetModuleFileNameExA

ws2_32

WSARecv
WSAEventSelect
WSAWaitForMultipleEvents
WSASocketA
getaddrinfo
freeaddrinfo
WSAAccept

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 914KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f35509b64dd62c30e4611a2fc117838

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oledlg

ole32

oleaut32

wsock32

pdh

psapi

ws2_32

iphlpapi

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 524KB - Virtual size: 524KB

.data Size: 196KB - Virtual size: 914KB

.pdata Size: 77KB - Virtual size: 76KB

.rsrc Size: 70KB - Virtual size: 69KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 524KB - Virtual size: 524KB

.data
Size: 196KB - Virtual size: 914KB

.pdata
Size: 77KB - Virtual size: 76KB

.rsrc
Size: 70KB - Virtual size: 69KB