797c3f17647f661b5968ffa7b357df527e654a57fe220b728461b21eafbbbe9c

Sharing

Copy URL Twitter E-mail

General

Target

797c3f17647f661b5968ffa7b357df527e654a57fe220b728461b21eafbbbe9c
Size

760KB
MD5

745385ce803e73f36a8d8fb68643d4b4
SHA1

b643bc229a48317681463a0d990f6f9bd4a6bf11
SHA256

797c3f17647f661b5968ffa7b357df527e654a57fe220b728461b21eafbbbe9c
SHA512

e20b5d545ebf241c29cc3839b161d36311698e6fae014723eb0d194fd8cf6c619eba2da085604a0ca68f89ff3c7bb53858e5d7bceca4d16a1529e315f2c40504
SSDEEP

12288:JI8ruJc20h8v/stN6bqMSGsJhbOuqPoLT41IGdacpvp6jeFNYfOJKrAMMJnG:JIRV06vq6bqIsTOtwLs1IGdaRKYf80AE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
797c3f17647f661b5968ffa7b357df527e654a57fe220b728461b21eafbbbe9c

Files

797c3f17647f661b5968ffa7b357df527e654a57fe220b728461b21eafbbbe9c
.dll windows:4 windows x86 arch:x86

220b0580b42d16cd5afb20ee41e58be7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutSetVolume
midiStreamPosition
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
midiStreamPause
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiOutUnprepareHeader
midiOutSetVolume
midiStreamOpen
midiOutGetNumDevs
midiOutGetDevCapsA
midiOutGetErrorTextA
PlaySoundA
mixerSetControlDetails
mixerGetControlDetailsA
mciGetErrorStringA
mixerGetLineInfoA
mixerGetLineControlsA
mixerClose
mixerGetNumDevs
mixerOpen
mixerGetDevCapsA
mciSendCommandA

imm32

ImmReleaseContext
ImmGetConversionStatus
ImmGetContext
ImmNotifyIME
ImmSetCandidateWindow
ImmSetCompositionStringA
ImmGetOpenStatus
ImmSetConversionStatus

msvfw32

MCIWndCreateA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msimg32

TransparentBlt
AlphaBlend

kernel32

FlushFileBuffers
LockFile
UnlockFile
GetThreadLocale
FileTimeToSystemTime
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
GlobalFindAtomA
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
GetFileTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
RtlUnwind
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetFileType
RaiseException
ExitProcess
TerminateProcess
CreateThread
ExitThread
HeapSize
HeapReAlloc
GetACP
SetStdHandle
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetStartupInfoA
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsBadCodePtr
GetModuleHandleA
SetThreadPriority
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
SetEndOfFile
FileTimeToLocalFileTime
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetCurrentProcess
GetVersion
lstrcmpiA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
lstrcpynA
SetFilePointer
Beep
SetLocalTime
GetLocalTime
lstrcatA
lstrlenA
GetOverlappedResult
WaitForMultipleObjects
WaitCommEvent
ClearCommError
GetCommMask
ResetEvent
InitializeCriticalSection
EnterCriticalSection
SetCommTimeouts
SetCommMask
GetCommState
BuildCommDCBA
SetCommState
PurgeComm
LeaveCriticalSection
DeleteCriticalSection
RemoveDirectoryA
GetProcAddress
lstrcpyA
LoadLibraryA
SetEvent
CreateEventA
ReadFile
WriteFile
GetFullPathNameA
GetProfileStringA
GlobalSize
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
SetLastError
IsBadStringPtrA
IsBadReadPtr
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetLocaleInfoA
GetCurrentDirectoryA
GetDiskFreeSpaceA
GetDriveTypeA
GetVolumeInformationA
SetCurrentDirectoryA
GetCommandLineA
GetShortPathNameA
CreateFileA
GetFileSize
CloseHandle
GetFileAttributesA
GlobalMemoryStatus
FormatMessageA
LocalFree
MoveFileA
FindFirstFileA
SetFileAttributesA
DeleteFileA
CopyFileA
FindNextFileA
FindClose
CreateDirectoryA
SearchPathA
MulDiv
FreeLibrary
GetVersionExA
SuspendThread
ResumeThread
GlobalAlloc
GlobalLock
GlobalUnlock
IsDBCSLeadByte
GetExitCodeThread
WaitForSingleObject
TerminateThread
GetLastError
Sleep
DuplicateHandle
InterlockedDecrement
InterlockedIncrement
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalFree
GlobalAddAtomA
TlsSetValue

user32

GetClassNameA
UnregisterClassA
GetDesktopWindow
CharNextA
EndDialog
CreateDialogIndirectParamA
WindowFromPoint
MapDialogRect
SetWindowContextHelpId
CharUpperA
EndPaint
BeginPaint
GetWindowDC
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
LoadIconA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
SetActiveWindow
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
IsIconic
GetWindowPlacement
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
GetNextDlgTabItem
GetActiveWindow
ValidateRect
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
DrawFrameControl
FindWindowA
ShowWindow
SystemParametersInfoA
SendMessageTimeoutA
EnumWindows
GetWindowTextA
InvertRect
DrawEdge
ShowScrollBar
CallWindowProcA
GetCursor
ClipCursor
ClientToScreen
SetCursorPos
LoadCursorFromFileA
DrawTextExA
wsprintfA
RegisterClipboardFormatA
GetForegroundWindow
SetForegroundWindow
GetSysColorBrush
LoadStringA
DestroyMenu
CopyAcceleratorTableA
GetNextDlgGroupItem
FrameRect
InflateRect
FillRect
DrawStateA
DrawFocusRect
GetSysColor
PtInRect
IsWindowVisible
GetWindowRect
GetWindow
GetParent
EnableWindow
InvalidateRect
GetSystemMetrics
MessageBeep
SetCursor
EnumChildWindows
GetFocus
GetKeyState
GetClientRect
LoadCursorA
OffsetRect
IntersectRect
SetTimer
KillTimer
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetDC
ReleaseDC
MessageBoxA
GrayStringA
DrawTextA
TabbedTextOutA
SetWindowPos
IsWindow
GetCursorPos
ScreenToClient
PostMessageA
CopyRect
SetFocus
SetRect
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
EnableMenuItem
EmptyClipboard
SetClipboardData
GetWindowLongA
SetWindowLongA
RedrawWindow
SendMessageA
PostThreadMessageA
CallNextHookEx

gdi32

MoveToEx
Ellipse
SetBkMode
SetTextAlign
GetStockObject
PatBlt
CreatePatternBrush
CreateBitmap
CreateDIBSection
DeleteObject
DPtoLP
GetTextColor
GetBkColor
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
RestoreDC
SaveDC
GetObjectA
GetClipBox
GetMapMode
GetWindowExtEx
GetTextExtentPoint32A
SelectObject
SetMapperFlags
CreateFontIndirectA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
StretchDIBits
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
StretchBlt
CreateRectRgn
SetPixel
GetPixel
CreateSolidBrush
CreateFontA
SetBkColor
SetTextColor
DeleteEnhMetaFile
LineTo
GetViewportExtEx
GetWindowOrgEx
GetViewportOrgEx
LPtoDP
CreateDIBitmap
GetDIBits
GetTextMetricsA
SetTextCharacterExtra
RemoveFontResourceA
AddFontResourceA
EnumFontFamiliesExA
EndDoc
EndPage
SetWindowOrgEx
SetViewportExtEx
SetMapMode
SetWindowExtEx
SetViewportOrgEx
CreateDCA
StartDocA
StartPage
CreatePolygonRgn
CreateRoundRectRgn
CreateEllipticRgn
ExtSelectClipRgn
SetStretchBltMode
GetDeviceCaps
RectInRegion
GetAspectRatioFilterEx
ExtFloodFill
Arc
Chord
Pie
Polygon
RoundRect
Rectangle
LineDDA
SetROP2
CreateBitmapIndirect
CreatePen
SelectClipRgn
SelectPalette
RealizePalette
DeleteDC

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
PageSetupDlgA
PrintDlgA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA

shell32

DragAcceptFiles
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA

comctl32

ord17
ImageList_Destroy

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
OleIsCurrentClipboard
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard

olepro32

ord253

oleaut32

VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
SysFreeString
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType

wininet

InternetGetLastResponseInfoA
FtpGetFileA
FtpPutFileA
InternetConnectA
InternetOpenA
InternetCloseHandle
InternetSetStatusCallback

ws2_32

inet_ntoa
WSAStartup
gethostname
gethostbyname
WSACleanup

ltkrn11n

ord108
ord133
ord150
ord124
ord144
ord145
ord112
ord218
ord115
ord151
ord104
ord125
ord197

ltfil11n

ord104
ord106
ord111
ord100
ord110
ord101
ord145
ord103
ord108
ord109

ltefx11n

ord103
ord100
ord107

ltdis11n

ord115
ord116
ord113
ord118
ord111
ord125
ord122
ord132
ord137

ltimg11n

ord106
ord104
ord103
ord105
ord117
ord111
ord100
ord122
ord118
ord101
ord119
ord120

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

220b0580b42d16cd5afb20ee41e58be7

Headers

File Characteristics

Imports

winmm

imm32

msvfw32

version

msimg32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

ws2_32

ltkrn11n

ltfil11n

ltefx11n

ltdis11n

ltimg11n

Exports

Exports

Sections

.text Size: 584KB - Virtual size: 583KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 40KB - Virtual size: 61KB

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 48KB - Virtual size: 44KB

.text
Size: 584KB - Virtual size: 583KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 40KB - Virtual size: 61KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 48KB - Virtual size: 44KB