21ef6823028e787cbee43d6f37401a9cc5872534c2c2e5fe2b9165ceac1bdfdf

Sharing

Copy URL Twitter E-mail

General

Target

21ef6823028e787cbee43d6f37401a9cc5872534c2c2e5fe2b9165ceac1bdfdf
Size

347KB
MD5

bd9056f260e1442b8785cfff0f3dc0db
SHA1

18d17cebd2a88e8cab0750565c43ecbdea40c1e3
SHA256

21ef6823028e787cbee43d6f37401a9cc5872534c2c2e5fe2b9165ceac1bdfdf
SHA512

5748f5fa7667d9e1de2a81377c56bda9286f61103a7c7af0bf3ba51522f0db3291b918ddd5f243f1d3a21257d9c157c646da1f8f0f53dfeda24d1a6399340efa
SSDEEP

6144:LmWYIYBnBkQdnDo3Ki+0odhAbr1w7nOjvHSpbLmOwvSWTB4PlJRpH7K:LmWY5Bn2QG3BFod2bZ8DOSWT+bm

Score

10^/10

Malware Config

Signatures

Detects executables referencing many IR and analysis tools 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_References_SecTools

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21ef6823028e787cbee43d6f37401a9cc5872534c2c2e5fe2b9165ceac1bdfdf

Files

21ef6823028e787cbee43d6f37401a9cc5872534c2c2e5fe2b9165ceac1bdfdf
.dll windows:5 windows x86 arch:x86

a2e1a3f6cf20211afe0e922f8891d6ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winscard

SCardReleaseContext
SCardListReadersA
SCardDisconnect
SCardFreeMemory
SCardEstablishContext
SCardConnectA

sensapi

IsNetworkAlive

iphlpapi

GetTcpTable

dbghelp

MiniDumpWriteDump

psapi

GetModuleFileNameExW
EnumProcesses
GetModuleFileNameExA
GetProcessImageFileNameW

netapi32

NetQueryDisplayInformation
NetApiBufferFree

dnsapi

DnsFlushResolverCache

wininet

HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetCheckConnectionA
HttpOpenRequestA
InternetReadFile
InternetConnectA
InternetQueryOptionA
InternetSetStatusCallback
HttpQueryInfoA

ws2_32

inet_addr
getpeername
ntohs
send
closesocket
recv
shutdown
select
WSAStartup
connect
ioctlsocket
accept
gethostbyname
inet_ntoa
listen
__WSAFDIsSet
socket
bind
WSAGetLastError
recvfrom
setsockopt
htonl
htons

shell32

ord680
SHGetFolderPathA
SHFileOperationA
Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderPathA
ExtractIconExW

shlwapi

StrStrIW
StrToIntA
PathMakeSystemFolderA
StrCmpNIA
PathAppendA
PathAddBackslashA
StrStrA
StrChrIA
PathFileExistsA
PathCombineW
PathMatchSpecW
StrStrIA
PathFindFileNameA
StrNCatA

ntdll

memcpy
_chkstk
memset
_snprintf
sscanf
isprint
strchr
strncpy
sprintf
RtlImageNtHeader
atoi
strtol
ZwQueryInformationProcess
ZwOpenProcess
ZwClose
ZwSetInformationProcess
ZwQuerySystemInformation
strstr
RtlUnwind

kernel32

lstrcatA
lstrcpyW
GetLocaleInfoW
VerLanguageNameW
GetExitCodeThread
GlobalMemoryStatus
GetWindowsDirectoryA
GlobalFree
lstrcmpW
lstrcmpiW
OpenMutexW
SetPriorityClass
OpenFileMappingW
GetProcessHeap
SetFileAttributesW
FileTimeToLocalFileTime
DeleteFileW
FindNextFileW
GetTempPathW
FileTimeToSystemTime
GetFileAttributesW
FindFirstFileW
GetTempFileNameW
OpenEventW
Process32FirstW
Process32NextW
GetSystemInfo
GetModuleFileNameA
SwitchToThread
GetModuleFileNameW
SetFilePointer
SetEndOfFile
GetCurrentProcess
GetTickCount
WriteFile
ReadFile
CreateFileW
CloseHandle
GetVolumeInformationA
GetSystemWindowsDirectoryA
GetModuleHandleA
GetLastError
SetLastError
GetProcAddress
Sleep
GetEnvironmentVariableA
AddVectoredExceptionHandler
GetCurrentThreadId
GetCurrentProcessId
GetSystemDefaultLangID
Process32First
GetTimeFormatA
GetDateFormatA
OpenProcess
GetTimeZoneInformation
Process32Next
CreateToolhelp32Snapshot
WaitForSingleObject
LoadLibraryExA
ReleaseMutex
lstrcpynA
GetTempFileNameA
WaitForMultipleObjects
GetTempPathA
GetSystemTime
CreateFileA
MoveFileExA
SetFilePointerEx
UnlockFile
LockFile
IsBadWritePtr
CreateDirectoryA
GetFileSizeEx
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
FindClose
FindNextFileA
DeleteFileA
ExitProcess
GetCommandLineW
lstrcmpiA
OpenMutexA
lstrcpyA
SetEvent
IsBadReadPtr
CreateEventA
ResetEvent
GetCommandLineA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GlobalLock
GlobalUnlock
SetErrorMode
GetCurrentThread
GetDriveTypeA
SetThreadPriority
SetCurrentDirectoryA
GetLogicalDriveStringsA
CopyFileA
GetCurrentDirectoryA
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
HeapValidate
HeapSize
ExitThread
MoveFileA
WinExec
CreateMutexA
TerminateThread
FindNextChangeNotification
FindFirstChangeNotificationA
ResumeThread
CreateThread
FlushInstructionCache
InterlockedExchange
VirtualAlloc
GetThreadPriority
VirtualProtect
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetFileAttributesA
GetShortPathNameA
GetPrivateProfileStringA
GetComputerNameA
VirtualQuery
GetModuleHandleW
VirtualFree
CreateRemoteThread
CreateProcessA
Module32First
GetHandleInformation
VirtualAllocEx
LoadLibraryA
CreateFileMappingA
Module32Next
LocalFree
WriteProcessMemory
FileTimeToDosDateTime
GetFileSize
MapViewOfFile
UnmapViewOfFile
SystemTimeToFileTime
GetLocalTime
LocalAlloc
GetFileType
GetFileInformationByHandle
CreateMutexW
lstrlenA
SetThreadExecutionState
OpenThread
CreateFileMappingW
CreateEventW
GlobalAlloc
TerminateProcess
lstrlenW
lstrcatW

user32

GetWindow
mouse_event
SetClipboardData
SetCaretBlinkTime
PostThreadMessageW
FindWindowExW
SetThreadDesktop
EmptyClipboard
SystemParametersInfoW
GetClipboardData
CreateDesktopA
GetTopWindow
ToUnicodeEx
IsWindowVisible
GetAsyncKeyState
GetKeyboardLayout
GetLastActivePopup
PostMessageW
IsIconic
MapVirtualKeyW
VkKeyScanW
VkKeyScanExW
keybd_event
RegisterWindowMessageA
IsRectEmpty
MapWindowPoints
SendMessageTimeoutW
SetWindowPos
GetWindowLongW
GetClassLongW
GetMenuItemInfoW
GetWindowInfo
GetMenuDefaultItem
ScreenToClient
GetSystemMenu
IsWindow
ShowWindow
EnumChildWindows
SetWindowLongW
BringWindowToTop
PtInRect
SetFocus
WindowFromPoint
AttachThreadInput
GetFocus
SetForegroundWindow
RealChildWindowFromPoint
GetShellWindow
MoveWindow
SetWindowTextW
EndDialog
GetDlgItem
SetClassLongW
LoadIconW
GetClientRect
DialogBoxIndirectParamW
GetWindowTextLengthW
PrintWindow
FrameRect
RedrawWindow
GetWindowRgn
GetScrollBarInfo
DrawEdge
DrawIcon
FillRect
CheckMenuItem
DestroyIcon
DestroyMenu
CreatePopupMenu
AppendMenuW
CheckMenuRadioItem
CreateIconIndirect
DrawTextW
TrackPopupMenu
SetTimer
SetWinEventHook
UnhookWinEvent
ActivateKeyboardLayout
CallWindowProcW
EndMenu
HiliteMenuItem
GetMenuItemCount
WindowFromDC
GetMenuState
TrackPopupMenuEx
GetMenuItemRect
GetMenu
MenuItemFromPoint
GetSubMenu
SetKeyboardState
GetMenuItemID
ClientToScreen
DefWindowProcW
SetLayeredWindowAttributes
GetUserObjectInformationW
DestroyWindow
CloseClipboard
GetMessageW
IsClipboardFormatAvailable
LoadCursorW
OpenInputDesktop
OpenDesktopW
wsprintfW
GetDoubleClickTime
GetIconInfo
ChangeClipboardChain
DestroyCursor
CreateWindowExW
OpenClipboard
RegisterClassW
SendMessageW
SetClipboardViewer
GetKeyboardLayoutList
wsprintfA
GetWindowRect
GetWindowDC
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
GetDesktopWindow
DispatchMessageW
FindWindowW
ToAscii
GetKeyboardState
GetGUIThreadInfo
GetWindowTextA
GetAncestor
GetWindowThreadProcessId
GetOpenClipboardWindow
GetParent
GetWindowTextW
ReleaseDC
GetCursorPos
GetUserObjectInformationA
OpenDesktopA
GetThreadDesktop
CloseDesktop
GetDC
GetSystemMetrics
CharUpperA
GetClassNameA
GetActiveWindow

gdi32

CreateSolidBrush
SelectClipRgn
OffsetRgn
CreateRectRgn
CreateFontIndirectW
GetObjectW
SetDIBitsToDevice
CreateDIBSection
CreateFontW
GdiFlush
DeleteDC
CreateBitmap
GetDeviceCaps
CreatePatternBrush
GetStockObject
BitBlt
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetDIBits
GetClipRgn
GetViewportOrgEx
SetViewportOrgEx
SetTextColor
SetBkColor

advapi32

RegFlushKey
GetTokenInformation
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegNotifyChangeKeyValue
OpenThreadToken
SetNamedSecurityInfoA
RegDeleteKeyA
RegEnumKeyExA
LookupPrivilegeValueA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
AdjustTokenPrivileges
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueW
OpenProcessToken

ole32

CoInitializeEx
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

gdiplus

GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipDisposeImage

msvcrt

fclose
fseek
realloc
fwrite
fopen
fread
free
calloc
malloc
exit
_strrev

avicap32

capCreateCaptureWindowW

msvfw32

ICClose
ICOpen
ICDecompress
ICSendMessage

Sections

.text
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2e1a3f6cf20211afe0e922f8891d6ff

Headers

DLL Characteristics

File Characteristics

Imports

winscard

sensapi

iphlpapi

dbghelp

psapi

netapi32

dnsapi

wininet

ws2_32

shell32

shlwapi

ntdll

kernel32

user32

gdi32

advapi32

ole32

oleaut32

gdiplus

msvcrt

avicap32

msvfw32

Sections

.text Size: 275KB - Virtual size: 274KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 7KB - Virtual size: 34KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 275KB - Virtual size: 274KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 7KB - Virtual size: 34KB

.reloc
Size: 17KB - Virtual size: 17KB