314ba5826197e5a407e1df14b1fdf9fb818be17759143df6413f1a21ebdd7716

Sharing

Copy URL

Twitter E-mail

General

Target

314ba5826197e5a407e1df14b1fdf9fb818be17759143df6413f1a21ebdd7716
Size

10.0MB
MD5

74877270ec5485bd0eb027a6c249964f
SHA1

86bdfb1265b3fb28821fddbfe0965bf32c649ff5
SHA256

314ba5826197e5a407e1df14b1fdf9fb818be17759143df6413f1a21ebdd7716
SHA512

d5c7e0858ad0ec828364455b43fab6f2ec1a7a3bb843a17837ed32644681978b23bacba2216df19cafc5b8cca38fb2009cbac70b60d2f1c77f67ea2e9afaf0dd
SSDEEP

196608:XB6/A3TxBuD7IA3KGtDixlwRXXyObt+qNGMyb1Gm1cssBREtGEzDDQd0iDfk48Kj:Q/AjbuD7IA3KGtDinyDWhg

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
314ba5826197e5a407e1df14b1fdf9fb818be17759143df6413f1a21ebdd7716

Files

314ba5826197e5a407e1df14b1fdf9fb818be17759143df6413f1a21ebdd7716
.exe windows:6 windows x86 arch:x86

2b74bcd31ebbb8b5fc033a2c425ca530

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
FileTimeToSystemTime
GetLocalTime
VerSetConditionMask
VerifyVersionInfoW
lstrcmpiW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
CreateSemaphoreW
CloseHandle
WaitForSingleObject
SetThreadPriority
SetEvent
GetQueuedCompletionStatus
CreateThread
GetSystemInfo
CreateIoCompletionPort
CreateEventW
PostQueuedCompletionStatus
ReleaseSemaphore
InitializeCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleOutputCP
SetEnvironmentVariableW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
ReadConsoleW
GetConsoleMode
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetStartupInfoW
SetUnhandledExceptionFilter
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
GetCPInfo
GetModuleHandleW
EncodePointer
LCMapStringEx
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
SetEndOfFile
GetFullPathNameW
GetFileInformationByHandle
FindFirstFileExW
InitOnceExecuteOnce
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
FormatMessageA
SetFileAttributesW
SetFileTime
CreateFileA
VerifyVersionInfoA
GetFileType
GetStdHandle
GetEnvironmentVariableA
VirtualQuery
SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalFlags
GetFileAttributesExW
GetFileAttributesW
PeekNamedPipe
RemoveDirectoryW
GetCurrentProcess
FindNextFileW
GetCommandLineW
SetLastError
CreateDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetUserDefaultLCID
ExitProcess
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
GlobalReAlloc
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
WaitForMultipleObjects
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
GetCurrentProcessId
CreateProcessW
LocalFree
FormatMessageW
SetWaitableTimer
CreateWaitableTimerW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentThreadId
ReadFile
FindClose
FindFirstFileW
GetModuleFileNameW
GetTempPathW
GetSystemDirectoryW
GetWindowsDirectoryW
GetTickCount
GetTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
GetFileSizeEx
WaitForSingleObjectEx
MoveFileExA
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
InitializeCriticalSectionEx
QueryPerformanceCounter
GetStringTypeW
IsDebuggerPresent
DeleteFileW
MoveFileW
Sleep
WriteFile
CreateFileW
SetFilePointerEx
HeapFree

user32

DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
MessageBoxW
GetWindowLongW
SendMessageW
SetWindowPos
SetWindowLongW
InvalidateRect
DestroyWindow
IsWindow
DefWindowProcW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
ShowWindow
EnableWindow
GetWindowRect
GetParent
ScreenToClient
GetFocus
SetFocus
GetKeyState
SetCursor
GetWindow
AdjustWindowRectEx
MsgWaitForMultipleObjects
ReleaseDC
GetClientRect
GetWindowDC
GetSystemMetrics
GetDC
LoadImageW
GetDesktopWindow
LoadCursorW
LoadIconW
SetPropW
RegisterClassW
SetTimer
GetClassInfoW
GetActiveWindow
LoadStringW
RemovePropW
CreateWindowExW
GetPropW
PostMessageW
EnumWindows
MoveWindow
GetMonitorInfoW
WaitForInputIdle
SetActiveWindow
MonitorFromWindow
GetWindowThreadProcessId
TranslateAcceleratorW
DestroyMenu
DestroyAcceleratorTable
DeleteMenu
wsprintfW
GetNextDlgTabItem
DrawTextW
GetSysColor
DrawFocusRect
FrameRect
DrawStateW
ClientToScreen
CopyRect
OffsetRect
WindowFromPoint
FillRect
InflateRect
CallWindowProcW
CharNextW
GetClassInfoExW
PostQuitMessage
RegisterClassExW
PtInRect
RedrawWindow
FindWindowExW
EndPaint
BeginPaint
IsIconic
GetDlgItem
GetClassNameW
IntersectRect
IsRectEmpty
WinHelpW
SetMenu
IsWindowEnabled
DestroyIcon
GetTopWindow
IsZoomed
SetRect
KillTimer
GetCapture
SetCapture
UpdateWindow
ReleaseCapture
MessageBeep
SetParent
UnregisterClassW
GetLastActivePopup
GetSystemMenu
IsWindowVisible
SetWindowRgn
DrawIcon
IsDialogMessageW
GetDlgCtrlID
IsChild

gdi32

SetPixel
ExtCreateRegion
CreateRectRgn
CombineRgn
PatBlt
GetTextMetricsW
ExcludeClipRect
GetClipBox
CreateRoundRectRgn
CreateEllipticRgn
GetPixel
SetTextColor
SetBkMode
LineTo
CreatePen
MoveToEx
SetBkColor
CreateSolidBrush
CreateBitmap
RoundRect
ExtTextOutW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GdiAlphaBlend
StretchBlt
GetStockObject
GetDeviceCaps
DeleteDC
GetObjectW
SetStretchBltMode
CreateFontIndirectW
DeleteObject

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
DragQueryFileW
DragFinish
Shell_NotifyIconW

ole32

CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemRealloc

oleaut32

SysStringLen
SysAllocString
SysFreeString
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUI4FromStr

comctl32

ImageList_Destroy
InitCommonControlsEx
ImageList_AddMasked
ImageList_Create
_TrackMouseEvent

bcrypt

BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptEncrypt
BCryptDestroyKey
BCryptDecrypt

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipGetImagePaletteSize
GdipCloneImage
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipGetImageWidth
GdipSetCompositingMode
GdipGetImagePalette
GdipDeleteGraphics
GdipBitmapLockBits
GdipGetImageGraphicsContext

winhttp

WinHttpSetStatusCallback
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpOpen
WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpSetOption
WinHttpReadData
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpCrackUrl

wldap32

ord143
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

ws2_32

getsockopt
getsockname
getpeername
connect
bind
WSASetLastError
select
__WSAFDIsSet
inet_pton
WSAGetLastError
WSACleanup
WSAStartup
htons
ntohs
setsockopt
WSAIoctl
accept
closesocket
recv
send
socket
htonl
listen
ioctlsocket
ntohl
getaddrinfo
freeaddrinfo
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
recvfrom
sendto
gethostname

uxtheme

SetWindowTheme

dsound

ord11

winmm

PlaySoundW

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

Exports

Exports

?get_active_implementation@simdutf@@YAAAV?$atomic_ptr@$$CBVimplementation@simdutf@@@internal@1@XZ
?get_available_implementations@simdutf@@YAABVavailable_implementation_list@internal@1@XZ

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15.0MB - Virtual size: 15.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b74bcd31ebbb8b5fc033a2c425ca530

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

bcrypt

gdiplus

winhttp

wldap32

ws2_32

uxtheme

dsound

winmm

crypt32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 363KB - Virtual size: 362KB

.data Size: 23KB - Virtual size: 99KB

.rsrc Size: 15.0MB - Virtual size: 15.0MB

.reloc Size: 90KB - Virtual size: 90KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 363KB - Virtual size: 362KB

.data
Size: 23KB - Virtual size: 99KB

.rsrc
Size: 15.0MB - Virtual size: 15.0MB

.reloc
Size: 90KB - Virtual size: 90KB