97335da6df8ba45babb4fa9fa1cf81afad5eae0bdd5f83ef60622d368692c793

Sharing

Copy URL

Twitter E-mail

General

Target

97335da6df8ba45babb4fa9fa1cf81afad5eae0bdd5f83ef60622d368692c793
Size

14.5MB
MD5

deba7797c1eb358689eb09accaf0b857
SHA1

4da5adb9c5fd90c89de450409078ed0b385927a0
SHA256

97335da6df8ba45babb4fa9fa1cf81afad5eae0bdd5f83ef60622d368692c793
SHA512

460589844cf7500ccda19a40d39eaf8ccd91311c9fad9337775ca67aea3f631271c393c8fc8fc29f3c443687fe5ec49fc8d645f8d4903f8439a5144ba860840b
SSDEEP

196608:b+jBE0BE3VczUxPBBrxCItCb++Q8ZJrMdGB66aYcBRt3pPmkfdKYdHiAyx4Lh:NzBNlDP8Q16XcXt3puw4YHh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97335da6df8ba45babb4fa9fa1cf81afad5eae0bdd5f83ef60622d368692c793

Files

97335da6df8ba45babb4fa9fa1cf81afad5eae0bdd5f83ef60622d368692c793
.exe windows:5 windows x86 arch:x86

482d7261baf4b98ca11e6bb6faedf21f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

powrprof

GetCurrentPowerPolicies

winspool.drv

EnumPrintProcessorsW
OpenPrinterA
EnumPrinterDriversW
DeletePrinter
AddPrinterA
ClosePrinter
GetPrintProcessorDirectoryA

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
CM_Get_Device_Interface_ListW
SetupDiEnumDeviceInterfaces
CM_Get_Device_Interface_List_SizeW

hid

HidD_GetHidGuid
HidD_GetPreparsedData
HidP_GetCaps
HidD_GetAttributes
HidD_FreePreparsedData

kernel32

GetNativeSystemInfo
OpenEventW
GetExitCodeThread
MoveFileExW
VerSetConditionMask
VerifyVersionInfoW
GetProcessId
WriteProcessMemory
VirtualProtect
VirtualFree
VirtualAlloc
VirtualAllocEx
FlushInstructionCache
CreateRemoteThread
lstrcpyA
GetSystemTime
GetTempFileNameA
ProcessIdToSessionId
TerminateThread
GetLocalTime
SetConsoleCtrlHandler
GetSystemTimes
CompareFileTime
GetCommandLineW
DeviceIoControl
GetVersion
OutputDebugStringW
FreeResource
VirtualQuery
GlobalAddAtomW
GlobalSize
WaitForSingleObjectEx
GetConsoleMode
WriteConsoleW
GetProcessAffinityMask
GetThreadPriority
EncodePointer
CompareStringW
LCMapStringW
InterlockedCompareExchange
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetDiskFreeSpaceExW
SetPriorityClass
LoadLibraryExA
CreateEventA
CreateSemaphoreA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RtlUnwind
LoadLibraryExW
GetFileType
GetFileAttributesExW
CreateDirectoryW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetConsoleCP
SetFilePointerEx
GetTimeZoneInformation
ExitProcess
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
ReadConsoleW
GetCurrentDirectoryW
SetStdHandle
SetEndOfFile
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
HeapQueryInformation
SetWaitableTimer
CreateWaitableTimerW
OpenMutexW
SwitchToThread
SetLastError
LocalFree
LocalAlloc
WritePrivateProfileStringA
WritePrivateProfileStringW
TryEnterCriticalSection
ConnectNamedPipe
GlobalUnlock
MapViewOfFile
CreateFileMappingW
WideCharToMultiByte
GetModuleHandleW
CreateProcessW
GetCurrentProcessId
GlobalLock
FindResourceW
LoadResource
FindResourceExW
GetSystemInfo
GlobalFree
Process32FirstW
DeleteFileW
GlobalAlloc
LockResource
GetCurrentThread
Process32NextW
GetTempPathA
CreateToolhelp32Snapshot
GetCommandLineA
UnmapViewOfFile
OpenFileMappingW
ReleaseMutex
GetFileAttributesW
CreateMutexA
FindClose
QueryPerformanceCounter
GetModuleFileNameW
TerminateProcess
FindNextFileW
FindFirstFileW
SizeofResource
GetModuleFileNameA
ReadFile
LoadLibraryA
GetVersionExW
GetCurrentProcess
GetFullPathNameW
GetSystemTimeAsFileTime
InterlockedExchange
TlsFree
TlsGetValue
CreateThread
TlsAlloc
Sleep
ResumeThread
SetThreadPriority
TlsSetValue
MultiByteToWideChar
IsDebuggerPresent
FreeLibrary
LoadLibraryW
GetCurrentThreadId
OutputDebugStringA
WriteFile
GetStdHandle
InterlockedIncrement
CreateSemaphoreW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
ResetEvent
RaiseException
CloseHandle
HeapReAlloc
SetEvent
GetLastError
CreateEventW
HeapSize
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
InterlockedDecrement
ReleaseSemaphore
EnterCriticalSection
HeapFree
GetTickCount
GetProcAddress
GetModuleHandleA
CreateFileW
CreateDirectoryA
GetExitCodeProcess
GetTempPathW
GetStringTypeW
DisconnectNamedPipe
PeekNamedPipe
CreateNamedPipeA
SetUnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetUserDefaultLangID
FileTimeToDosDateTime
GetFileTime
GetSystemDirectoryA
QueryPerformanceFrequency
GetLocaleInfoW

user32

ChangeDisplaySettingsExW
ExitWindowsEx
EnumDisplaySettingsExA
ChangeDisplaySettingsExA
GetPriorityClipboardFormat
RegisterClipboardFormatA
GetWindowRect
EnumDisplayDevicesA
GetMonitorInfoA
EnumDisplaySettingsA
DestroyWindow
GetParent
OpenDesktopW
InvalidateRect
GetUserObjectInformationW
OpenInputDesktop
EnumWindows
BlockInput
GetDoubleClickTime
RegisterClassW
VkKeyScanW
CloseDesktop
GetClassInfoW
GetThreadDesktop
SetThreadDesktop
WindowFromPoint
SetActiveWindow
GetKeyState
GetIconInfo
IsRectEmpty
OffsetRect
GetDesktopWindow
DrawTextW
SwapMouseButton
RegisterClipboardFormatW
GetUpdateRgn
EndDialog
DialogBoxIndirectParamW
GetDialogBaseUnits
SetLayeredWindowAttributes
PtInRect
EnumDisplayMonitors
GetMonitorInfoW
GetCursorInfo
SetRect
SetCursorPos
GetCursorPos
EnumDisplayDevicesW
EnumDisplaySettingsW
GetMessageW
DefWindowProcW
CallWindowProcW
MapVirtualKeyW
CreateWindowExW
GetSystemMetrics
RegisterClassExW
DispatchMessageW
SetTimer
ClientToScreen
LockWorkStation
TranslateMessage
LoadCursorW
SetWindowLongW
PostThreadMessageW
KillTimer
GetClassInfoExW
GetGUIThreadInfo
SendInput
FindWindowExW
SendMessageW
MessageBoxW
GetDC
GetWindowLongW
GetWindowThreadProcessId
PostMessageW
IsWindowVisible
GetKeyboardState
ShowWindow
IsWindow
OpenClipboard
CloseClipboard
EmptyClipboard
SetRectEmpty
RegisterWindowMessageW
IntersectRect
MsgWaitForMultipleObjects
ChangeClipboardChain
AttachThreadInput
GetForegroundWindow
GetClipboardData
GetWindowDC
SetClipboardData
SystemParametersInfoW
SetForegroundWindow
ReleaseDC
UnregisterClassW
GetClipboardOwner
SetClipboardViewer
PostQuitMessage
DrawIconEx
PeekMessageW
SetWindowPos
DrawIcon
GetClientRect
SetWindowsHookExW
SetPropW
UnhookWindowsHookEx
RemovePropW
CallNextHookEx
GetPropW
GetSysColor

gdi32

DeleteDC
CreateCompatibleDC
SelectObject
GetDeviceCaps
CreateSolidBrush
DeleteObject
Ellipse
MoveToEx
Rectangle
CreatePen
LineTo
SetBkMode
SetTextColor
GetStockObject
CreateFontW
CreateDIBSection
BitBlt
GetObjectW
GetBitmapBits
GetPixel
CreateDCW
GetDIBColorTable
ExtEscape
CreateFontIndirectW
GetRgnBox
CombineRgn
CreateRectRgnIndirect
StretchBlt
SetDIBColorTable
GetRegionData
CreateRectRgn
SetDIBitsToDevice
GdiFlush
GetDIBits
SelectClipRgn

advapi32

RegSetValueExW
FreeSid
CheckTokenMembership
InitializeSecurityDescriptor
RegEnumKeyExW
CryptAcquireContextA
RegOpenKeyExW
CreateProcessAsUserW
RegDeleteValueW
GetUserNameW
DuplicateTokenEx
RegQueryValueExW
OpenProcessToken
CryptGenRandom
RegQueryInfoKeyW
RegCreateKeyW
EnumServicesStatusW
SetEntriesInAclW
SetSecurityInfo
BuildTrusteeWithSidW
GetSecurityInfo
QueryServiceStatus
UnlockServiceDatabase
CloseServiceHandle
OpenSCManagerW
LockServiceDatabase
ControlService
StartServiceW
QueryServiceConfigW
ChangeServiceConfigW
OpenServiceW
QueryServiceStatusEx
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptReleaseContext
SetSecurityDescriptorDacl
RegCloseKey
SetTokenInformation
AllocateAndInitializeSid
CreateWellKnownSid
RegCreateKeyExW

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
DragQueryFileW
DragQueryPoint
ord727
SHGetFolderPathW

ole32

OleUninitialize
CoCreateInstance
CoUninitialize
RegisterDragDrop
CoInitialize
ReleaseStgMedium
OleSetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleInitialize
StringFromGUID2

oleaut32

SysAllocString
SysFreeString
SysStringByteLen
SysAllocStringByteLen

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathRemoveFileSpecA
StrStrIA
PathFindExtensionW
PathFileExistsA

userenv

CreateEnvironmentBlock

ws2_32

getsockname
send
socket
connect
bind
WSAGetLastError
setsockopt
ioctlsocket
getsockopt
getpeername
listen
closesocket
getaddrinfo
freeaddrinfo
gethostbyname
shutdown
WSASetLastError
inet_addr
gethostbyaddr
getservbyport
ntohs
inet_ntoa
getservbyname
htonl
htons
__WSAFDIsSet
select
WSACleanup
WSAStartup
accept
recv

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGetImagePalette
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImagePaletteSize
GdipCloneImage
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipAlloc
GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipGetImageGraphicsContext

msimg32

TransparentBlt
AlphaBlend

dbghelp

SymGetSymFromAddr64
SymCleanup
SymGetModuleBase64
SymGetModuleInfo64
SymGetLineFromAddr64
SymFunctionTableAccess64
SymInitialize
StackWalk64

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 783KB - Virtual size: 783KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

482d7261baf4b98ca11e6bb6faedf21f

Headers

DLL Characteristics

File Characteristics

Imports

winmm

powrprof

winspool.drv

setupapi

hid

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

ws2_32

wtsapi32

gdiplus

msimg32

dbghelp

version

Sections

.text Size: 9.8MB - Virtual size: 9.8MB

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 107KB - Virtual size: 8.6MB

.gfids Size: 2KB - Virtual size: 2KB

.rodata Size: 31KB - Virtual size: 30KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 7KB - Virtual size: 7KB

.rsrc Size: 783KB - Virtual size: 783KB

.reloc Size: 311KB - Virtual size: 310KB

.text
Size: 9.8MB - Virtual size: 9.8MB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 107KB - Virtual size: 8.6MB

.gfids
Size: 2KB - Virtual size: 2KB

.rodata
Size: 31KB - Virtual size: 30KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 783KB - Virtual size: 783KB

.reloc
Size: 311KB - Virtual size: 310KB