297e04feb346880f3e26f5dc2983bb7daaea5ab8706dca417f33957600f45529

Sharing

Copy URL Twitter E-mail

General

Target

297e04feb346880f3e26f5dc2983bb7daaea5ab8706dca417f33957600f45529
Size

886KB
MD5

db61d8afa93c77233aa289ecdd76a8ef
SHA1

da4a1032fcd094e6d38ad511ba4f32f929ce629d
SHA256

297e04feb346880f3e26f5dc2983bb7daaea5ab8706dca417f33957600f45529
SHA512

5dfb903589211c7420d09864aed4135e958678ff56c4a0bf22c5c965d483cedca109ba420f64dae5b8ffb99575c0ff878f757ac3521a72d2a412cc7b9cdd2c7b
SSDEEP

12288:i7KS3LjhBQ+5I03XEOMKN1SMsImtz1MKtb6WQxkHOR9EczwjGFNTIX/:KDEOMKNpVEz1MbWxuWATs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
297e04feb346880f3e26f5dc2983bb7daaea5ab8706dca417f33957600f45529

Files

297e04feb346880f3e26f5dc2983bb7daaea5ab8706dca417f33957600f45529
.exe windows:5 windows x86 arch:x86

46a6bd123dad15a5c52564271b7932e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

crypt32

CertOpenStore
CertGetCertificateContextProperty
PFXImportCertStore
CryptAcquireCertificatePrivateKey
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CryptEncodeObjectEx
CertCreateCertificateContext
CertGetIntendedKeyUsage
CertNameToStrA
CertGetNameStringA

kernel32

GetModuleHandleW
FreeLibrary
lstrcpyW
GetTempFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
OpenFileMappingW
UnmapViewOfFile
FileTimeToSystemTime
LoadLibraryW
FileTimeToLocalFileTime
MapViewOfFile
LoadLibraryA
CreateProcessW
ReleaseMutex
LocalFree
CreateFileMappingW
LCMapStringW
SystemTimeToFileTime
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
lstrcatW
GetTempPathA
GetPrivateProfileStringW
MultiByteToWideChar
HeapSize
GetSystemDirectoryW
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
lstrlenW
HeapFree
CreateSemaphoreW
FindResourceW
LeaveCriticalSection
LoadResource
LockResource
FreeResource
GetVersionExW
SetThreadUILanguage
GetThreadLocale
SetThreadLocale
SizeofResource
GetTickCount
FindVolumeClose
FindNextVolumeA
SetFilePointerEx
GetLogicalDriveStringsA
GetLocalTime
SetVolumeLabelA
CreateFileA
SetVolumeMountPointA
GetLastError
GetVolumePathNamesForVolumeNameA
GetVolumeNameForVolumeMountPointA
GetVolumeInformationA
FindFirstVolumeA
QueryDosDeviceA
GetDriveTypeA
DeviceIoControl
WriteFile
DeleteVolumeMountPointA
SetLastError
ReadFile
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
GetProcAddress
GetSystemInfo
OpenProcess
GetModuleHandleA
CreateThread
FlushFileBuffers
FindNextFileA
FindFirstFileExA
FindClose
GetCommandLineW
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
WriteConsoleW
CloseHandle
Sleep
WaitForSingleObject
WideCharToMultiByte
GetStringTypeW
SetStdHandle
SetEndOfFile
CreateMutexW
GetCurrentDirectoryW
GetACP
GetFileSize
CreateFileW
MulDiv
GetCurrentProcess
GetFileType
SetFilePointer
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
CreateDirectoryW
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetConsoleMode
ReadConsoleW
GetConsoleCP
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameA
GetFileAttributesExW

user32

IsWindow
DestroyWindow
SetWindowPos
IsWindowVisible
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
PtInRect
GetParent
GetWindow
wvsprintfW
SetCursor
OffsetRect
LoadCursorW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
CharPrevW
DrawTextW
FillRect
SetRect
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
IsIconic
GetClientRect
SetWindowLongW
LoadStringW
ScreenToClient
SetWindowRgn
CreateWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxW
RemovePropW
GetSystemMetrics
CreatePopupMenu
TrackPopupMenu
ShowWindow
RegisterDeviceNotificationW
AttachThreadInput
GetForegroundWindow
SetPropW
LoadIconW
AppendMenuW
PostQuitMessage
UnregisterDeviceNotification
SetForegroundWindow
GetCursorPos
GetPropW
GetWindowThreadProcessId
FindWindowExW
SendMessageW
FindWindowW
PostMessageW
SetTimer
wsprintfW
KillTimer
GetWindowLongW
GetWindowRect

gdi32

SaveDC
RestoreDC
Rectangle
GetStockObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetTextExtentPointW
CreatePatternBrush
GetObjectA
BitBlt
GetDeviceCaps
CreateRoundRectRgn
DeleteObject
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
MoveToEx
TextOutW
ExtTextOutW
GdiFlush
GetCharABCWidthsW

comdlg32

GetOpenFileNameW

advapi32

CryptGetUserKey
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
CryptExportKey
RegCloseKey
SystemFunction036
CryptDestroyKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl

shell32

ShellExecuteW
Shell_NotifyIconW
ShellExecuteA

ole32

CoInitializeEx
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoInitialize

setupapi

CM_Get_Child
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
CM_Get_Device_IDW
SetupDiEnumDeviceInfo
CM_Get_Sibling
SetupDiDestroyDeviceInfoList

shlwapi

PathFileExistsW
wnsprintfW

comctl32

_TrackMouseEvent
ord17

imm32

ImmSetCompositionFontW
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

gdiplus

GdipSetPixelOffsetMode
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetStringFormatLineAlign
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign

Sections

.text
Size: 491KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46a6bd123dad15a5c52564271b7932e7

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

crypt32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

setupapi

shlwapi

comctl32

imm32

oleaut32

gdiplus

Sections

.text Size: 491KB - Virtual size: 491KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 6KB - Virtual size: 12KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 238KB - Virtual size: 237KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 491KB - Virtual size: 491KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 6KB - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 238KB - Virtual size: 237KB

.reloc
Size: 27KB - Virtual size: 27KB