f4e16311590a71ed8569008a21bda5fff2fb44544fa3a3ff753e00cfa4d47b72

Sharing

Copy URL

Twitter E-mail

General

Target

f4e16311590a71ed8569008a21bda5fff2fb44544fa3a3ff753e00cfa4d47b72
Size

7.8MB
MD5

c086504debd2dc660726e657c9e2fd7e
SHA1

ca1cbea59ac1cf969bcb764642480a13af1e4f94
SHA256

f4e16311590a71ed8569008a21bda5fff2fb44544fa3a3ff753e00cfa4d47b72
SHA512

e97a69994840438abe5bab89c248f77fc906e3d69ea0afe7eb90b1881e0c89646430ccb043d98e62a31a29047da4cf7da297a4f2f3b1e51c965620443c52d3e4
SSDEEP

196608:Dy09fSQ5LIDpT+LpCMnbxz9pWspHKO2NxX:G40pUCMVhpWGK1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4e16311590a71ed8569008a21bda5fff2fb44544fa3a3ff753e00cfa4d47b72

Files

f4e16311590a71ed8569008a21bda5fff2fb44544fa3a3ff753e00cfa4d47b72
.exe windows:5 windows x86 arch:x86

e86db3666510b91d1fc21049ba246a34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
GetWindowsDirectoryW
SearchPathW
GetTickCount64
GetProfileIntW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
GetUserDefaultLCID
UnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
RaiseException
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
VirtualQuery
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
UnlockFile
MoveFileExW
GetExitCodeProcess
GetTimeZoneInformation
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetFileType
SetStdHandle
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
GetCommandLineW
GetCommandLineA
QueryPerformanceFrequency
GetModuleHandleExW
RtlUnwind
CreateSemaphoreA
CreateEventA
ResetEvent
VirtualFree
VirtualAlloc
GetCPInfo
GetStringTypeW
InitializeCriticalSectionEx
OutputDebugStringW
DuplicateHandle
SetEndOfFile
LockFile
GetFullPathNameW
FlushFileBuffers
lstrcmpiW
DeleteFileW
FindResourceExW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalGetAtomNameW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalFlags
VerifyVersionInfoW
VerSetConditionMask
FileTimeToSystemTime
SetEvent
lstrcpyW
GetCurrentThread
GetThreadLocale
VirtualProtect
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
CopyFileW
FormatMessageW
MulDiv
GlobalSize
LoadLibraryW
GetModuleHandleA
GetModuleFileNameW
SetLastError
OutputDebugStringA
GetModuleFileNameA
LoadLibraryExA
FreeLibrary
SetThreadPriority
LocalFree
FormatMessageA
CreateIoCompletionPort
CreateProcessA
CreatePipe
GetSystemInfo
GetVolumeInformationW
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
HeapFree
CopyFileA
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
GetCurrentDirectoryW
GetACP
GetPrivateProfileIntW
TerminateProcess
lstrlenW
IsDBCSLeadByte
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedExchange
ExitProcess
OpenProcess
GetVersionExW
ReadProcessMemory
VirtualProtectEx
GetComputerNameA
LCMapStringA
SetFilePointer
UnmapViewOfFile
OpenFileMappingA
lstrcmpA
LoadLibraryA
DeleteFileA
GetCurrentDirectoryA
WriteProcessMemory
GetTickCount
SetWaitableTimer
CreateWaitableTimerW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
VirtualFreeEx
CreateDirectoryA
VirtualAllocEx
SuspendThread
GetFileAttributesW
FindNextFileW
FindFirstFileW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
SetCurrentDirectoryW
GetProcAddress
lstrcatW
TerminateThread
CreateThread
ResumeThread
MapViewOfFile
CreateFileMappingA
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateProcessW
InterlockedDecrement
lstrcpyA
GetModuleHandleW
lstrcpynA
WriteFile
lstrlenA
WritePrivateProfileStringA
lstrcatA
GetLastError
MoveFileA
WideCharToMultiByte
lstrcpynW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateFileW
MultiByteToWideChar
GetCurrentProcess
SetProcessWorkingSetSize
ReadFile
GetFileSize
Sleep
GetPrivateProfileIntA
FindClose
FindNextFileA
CloseHandle
CreateFileA
FindFirstFileA
lstrcmpiA
GetPrivateProfileStringA
FindFirstFileExW
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

OffsetRect
SetRectEmpty
IsDialogMessageW
SetWindowTextW
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextW
MoveWindow
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetWindow
GetTopWindow
GetClassLongW
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
IsMenu
GetClassInfoExW
GetAsyncKeyState
DefWindowProcW
GetMessageTime
GetMessagePos
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetFocus
EndPaint
BeginPaint
GetWindowDC
InsertMenuW
GetMenuItemCount
GetMenuState
GetMenuStringW
GetLastActivePopup
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DeleteMenu
LoadBitmapW
GetClassNameW
DrawStateW
AppendMenuW
ReleaseCapture
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ClientToScreen
RemoveMenu
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
wsprintfA
MessageBoxW
wsprintfW
GetMenuItemID
ModifyMenuW
GetSubMenu
LoadMenuW
SetParent
UnregisterClassW
MessageBeep
MessageBoxA
TranslateAcceleratorW
GetDesktopWindow
DrawIcon
IsIconic
RegisterWindowMessageW
GrayStringW
DrawTextExW
TabbedTextOutW
ScreenToClient
GetCursorPos
MapDialogRect
WindowFromPoint
GetKeyNameTextW
MapVirtualKeyW
CharNextW
NotifyWinEvent
PostQuitMessage
SetWindowContextHelpId
DrawEdge
SetWindowRgn
GetSysColorBrush
InflateRect
IsRectEmpty
DrawIconEx
ShowOwnedPopups
SetCursor
SetRect
FrameRect
DestroyMenu
GetMenuItemInfoW
SystemParametersInfoW
SetLayeredWindowAttributes
LoadCursorW
EnumDisplayMonitors
RealChildWindowFromPoint
IntersectRect
TrackMouseEvent
IsZoomed
CharUpperW
GetClassInfoW
EnableWindow
SendMessageW
CallWindowProcW
InvalidateRect
GetParent
GetWindowLongW
CallWindowProcA
GetClientRect
PtInRect
SetWindowLongW
CopyRect
GetSysColor
DrawFrameControl
DrawTextW
DrawFocusRect
FillRect
GetSystemMetrics
SetCursorPos
SendDlgItemMessageW
GetDlgItem
SendMessageA
SendDlgItemMessageA
GetMessageW
RegisterClassW
CreateWindowExW
UpdateWindow
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId
EnumWindows
EnumThreadWindows
PostMessageW
SetTimer
GetWindowTextA
GetClassNameA
LoadIconW
ShowWindow
GetDC
ReleaseDC
LoadAcceleratorsW
PeekMessageW
MsgWaitForMultipleObjects
GetWindowRect
KillTimer
IsWindowVisible
PostThreadMessageW
IsWindow
FindWindowW
EnumDisplaySettingsW
UnionRect
MonitorFromPoint
CopyImage
DestroyIcon
SetCapture
CheckMenuItem
LoadImageW
CopyAcceleratorTableW
GetSystemMenu
InvalidateRgn
WaitMessage
IsClipboardFormatAvailable
GetNextDlgGroupItem
GetWindowRgn
DestroyCursor
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
SubtractRect
InvertRect
HideCaret
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
CharUpperBuffW
RegisterClipboardFormatW
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
GetUpdateRect
SetClassLongW
DestroyAcceleratorTable
CopyIcon
GetIconInfo
GetDoubleClickTime
LockWindowUpdate
BringWindowToTop
DestroyWindow
CharUpperBuffW

gdi32

GetTextColor
TextOutW
PtVisible
RectVisible
Escape
GetDeviceCaps
GetDIBits
CreateDCA
SelectPalette
RealizePalette
CopyMetaFileW
CreateDCW
CreateBitmap
CreateHatchBrush
CreatePatternBrush
CreateRectRgn
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
Polyline
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
GetBkColor
CombineRgn
CreateEllipticRgn
Ellipse
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
CreateFontIndirectW
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetMapMode
SetRectRgn
DPtoLP
CreateRoundRectRgn
EnumFontFamiliesExW
GetRgnBox
SetPixel
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
SetBkMode
StretchBlt
BitBlt
CreateFontIndirectA
CreateFontW
CreateDIBSection
SetDIBColorTable
DeleteDC
CreatePen
GetStockObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
CreateSolidBrush
ExtTextOutW
SetTextColor
SetBkColor
SetWindowExtEx
GetObjectW
GetTextMetricsW

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegDeleteValueW
LookupPrivilegeValueW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
OpenProcessToken
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges

shell32

Shell_NotifyIconW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHAppBarMessage
SHGetFileInfoW
DragQueryFileW
DragFinish
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFileExistsW
StrCpyW
PathFindExtensionW
StrStrIA
StrStrA
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathFindFileNameW

uxtheme

GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
SetWindowTheme
IsAppThemed
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
GetThemeColor
GetCurrentThemeName
DrawThemeParentBackground
DrawThemeText

ole32

OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRevokeClassObject
CoRegisterMessageFilter
OleLockRunning
CoCreateInstance
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleCreateMenuDescriptor
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
OleGetClipboard

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocStringLen
VariantCopy
VarBstrFromDate
LoadTypeLi
SafeArrayAccessData
VariantClear
SysFreeString
SysAllocStringByteLen
SysStringLen
VarBstrCat
SysAllocString
VariantInit

oledlg

OleUIBusyW

gdiplus

GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePixelFormat
GdiplusStartup
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdiplusShutdown
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipDrawImageI

ws2_32

inet_ntoa
gethostname
getpeername
WSACleanup
recv
__WSAFDIsSet
getsockopt
htonl
bind
closesocket
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send
WSASend
WSASocketW
WSAIoctl
WSAGetLastError

netapi32

Netbios

dbghelp

MakeSureDirectoryPathExists
MiniDumpWriteDump

rpcrt4

UuidCreateSequential

d3d9

Direct3DCreate9

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

timeBeginPeriod
PlaySoundW

Sections

.text
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: - Virtual size: 1002B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7WW
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.L4J
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.T=g
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 143KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e86db3666510b91d1fc21049ba246a34

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

ws2_32

netapi32

dbghelp

rpcrt4

d3d9

oleacc

imm32

winmm

Sections

.text Size: - Virtual size: 2.5MB

.rdata Size: - Virtual size: 540KB

.data Size: - Virtual size: 500KB

.msvcjmc Size: - Virtual size: 1002B

.7WW Size: - Virtual size: 3.8MB

.L4J Size: 4KB - Virtual size: 3KB

.T=g Size: 7.6MB - Virtual size: 7.6MB

.rsrc Size: 143KB - Virtual size: 1.4MB

.text
Size: - Virtual size: 2.5MB

.rdata
Size: - Virtual size: 540KB

.data
Size: - Virtual size: 500KB

.msvcjmc
Size: - Virtual size: 1002B

.7WW
Size: - Virtual size: 3.8MB

.L4J
Size: 4KB - Virtual size: 3KB

.T=g
Size: 7.6MB - Virtual size: 7.6MB

.rsrc
Size: 143KB - Virtual size: 1.4MB