0dbee8f667350ef3ade35d97c0e9708e5c104c1777daceff725189410ffbb47c

Sharing

Copy URL Twitter E-mail

General

Target

0dbee8f667350ef3ade35d97c0e9708e5c104c1777daceff725189410ffbb47c
Size

6.4MB
MD5

2fd3544b283461ab389b76eafa89763e
SHA1

9590619c56591c98c20bfe6a4cb81d0a9b953989
SHA256

0dbee8f667350ef3ade35d97c0e9708e5c104c1777daceff725189410ffbb47c
SHA512

c901d7eaebf07ea11123c674e0e0c2465913f47255b022400cadc57f5fceab700643d526c0ae2100423536b187fe68fce0e8d9cf3dd671f983b25be92ca5405c
SSDEEP

196608:BUOk0fZocxdRsA9KX4wu6uiIfD87X4Ac2Expai:xZxzJDb6tciod2Eq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dbee8f667350ef3ade35d97c0e9708e5c104c1777daceff725189410ffbb47c

Files

0dbee8f667350ef3ade35d97c0e9708e5c104c1777daceff725189410ffbb47c
.exe windows:5 windows x86 arch:x86

cca3369c9b5e79afca02fc0dce2466e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
FormatMessageA
lstrlenA
lstrcmpiA
lstrcmpiW
GetStringTypeExA
GetStringTypeExW
lstrlenW
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
GetVersion
GetEnvironmentVariableW
OpenFile
GetFileSize
_lclose
ReadFile
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GlobalAlloc
GlobalFree
HeapFree
GetProcessHeap
HeapAlloc
GetQueuedCompletionStatus
GetCurrentThreadId
GetSystemInfo
CreateIoCompletionPort
PostQueuedCompletionStatus
TerminateThread
LoadLibraryA
GetProcAddress
FreeLibrary
OpenEventA
CreateEventA
ExitProcess
FindFirstFileA
SetEvent
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
SystemTimeToFileTime
FileTimeToSystemTime
OutputDebugStringA
WritePrivateProfileStringA
GetPrivateProfileStringA
Sleep
CreateThread
GetLastError
CloseHandle
VirtualQueryEx
GetModuleFileNameA
CreateFileA
GetCurrentProcess
GetCurrentThread
GetThreadContext
GetLocalTime
CreateDirectoryA
EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileIntA
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
SetEnvironmentVariableA
GetLocaleInfoW
SetConsoleCtrlHandler
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetStdHandle
GetStringTypeW
GetStringTypeA
WriteFile
LocalFree
lstrcpynA
GlobalUnlock
GlobalLock
GlobalSize
MulDiv
CopyFileA
SetLastError
RaiseException
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpA
GlobalFlags
SetThreadPriority
ResumeThread
SuspendThread
lstrcpyA
GetModuleHandleA
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeResource
EnumResourceLanguagesA
ConvertDefaultLocale
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
SetErrorMode
MoveFileA
DeleteFileA
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindClose
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
GetFileTime
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
TerminateProcess
VirtualProtect
VirtualAlloc
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetTimeZoneInformation
SetUnhandledExceptionFilter
FatalAppExitA
UnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SendDlgItemMessageA
SetDlgItemInt
IsDlgButtonChecked
IsDialogMessageA
ScrollWindowEx
SetWindowPos
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
CopyRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPlacement
RegisterClassA
GetClassInfoA
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
PostMessageA
GetMenu
ShowScrollBar
SetForegroundWindow
GetScrollRange
SetScrollRange
TrackPopupMenu
TrackPopupMenuEx
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
IsChild
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
GetCapture
GetDlgItemTextA
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
InflateRect
GetMenuItemInfoA
DestroyMenu
SetCursor
ShowOwnedPopups
DeleteMenu
DestroyIcon
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDialogBaseUnits
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
UnregisterClassA
GetSysColorBrush
GetSysColor
GetSystemMetrics
UnhookWindowsHookEx
GetActiveWindow
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
GetWindowTextA
GetWindowTextLengthA
GetClassNameA
GetDesktopWindow
GetFocus
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
GetDlgItemInt
CheckRadioButton
CheckDlgButton
wsprintfA
MessageBoxA
SetWindowLongA
GetScrollPos
SetScrollPos
CallNextHookEx
SetFocus
SetWindowsHookExA
WinHelpA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
CharUpperA
CharUpperW
CharLowerA
CharLowerW
SetRect
MoveWindow
DialogBoxParamA
DefWindowProcA
KillTimer
GetClientRect
DestroyWindow
PostQuitMessage
CreateWindowExA
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
SetTimer
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
SetWindowTextA
GetDC
CallWindowProcA
IsWindow
SendMessageA
SetDlgItemTextA
EndDialog
GetDlgItem
ShowWindow
CreateDialogParamA
FillRect
ReleaseDC
CharUpperBuffW

gdi32

IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
ExcludeClipRect
SelectClipPath
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
StartDocA
PtVisible
RectVisible
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
CreateRectRgn
SetMapMode
ScaleViewportExtEx
SetStretchBltMode
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SetBkMode
SelectObject
CreateFontA
SetTextColor
TextOutA
GetStockObject
CreateSolidBrush
DeleteObject
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateCompatibleDC
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateHatchBrush
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
GetClipBox
GetDCOrgEx
CreateBitmap
CreateDCA
CopyMetaFileA
GetDeviceCaps
SetWindowOrgEx
GetTextMetricsA
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateFontIndirectA

mumsg

?Get@CMsg@@QAEPADH@Z
?LoadWTF@CMsg@@QAEXPAD@Z
??0CMsg@@QAE@XZ
??1CMsg@@QAE@XZ

comctl32

ord17

shlwapi

PathIsUNCA
PathFindFileNameA
PathRemoveExtensionA
PathStripToRootA
PathFindExtensionA

wsock32

bind
listen
closesocket
WSAStartup
WSAAsyncSelect
htons
inet_addr
recvfrom
ntohs
ioctlsocket
connect
send
setsockopt
shutdown
WSACleanup
WSAGetLastError
socket
recv
accept
sendto
gethostbyname
gethostname
htonl

ws2_32

WSARecv
WSASendTo
WSAAccept
WSASocketA
WSASend

imagehlp

SymLoadModule
SymGetOptions
SymSetOptions
SymInitialize
SymFunctionTableAccess
StackWalk
SymGetModuleInfo
SymGetSymFromAddr
SymGetLineFromAddr

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

advapi32

RegSetValueA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyA
RegCloseKey

shell32

ExtractIconA
SHGetFileInfoA

ole32

WriteClassStg
WriteFmtUserTypeStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
CoTaskMemAlloc
ReleaseStgMedium
OleDuplicateData
CoDisconnectObject
SetConvertStg
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CLSIDFromString

oleaut32

VarBstrFromDec
VarDateFromStr
SysReAllocStringLen
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
VarDecFromStr
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantChangeType
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VariantInit
SafeArrayGetElement

Exports

Exports

��p%��A�PT��/�vJ��%�+�!�}�sk��sRqǚ�w�ƛHX_�Vк�Z؅�}�t�q��ܥ��3x�%t��|��Z��޾��n�q�]��4y]�Bg�x�:+�%t��ضi��G�P͵�w��-a��Uϻ��y�s/s=k �'��?�(��,z��L�MPa�B�57˾(z��kr�܆.W��~�;��<�(�&_��=㏵^��`dL��]��i:� 悔�y*��E��4^x��2�ꤗ�z�)�1S�Z\��Z��/DܩRe��f��q�:��>��$�Z%�iL��%Z42��Š�Q@| C*`l��"U<��=F��/=--��a�]a꛲��y}0�9�W�fIs^`]VD�=�j7�Q#G*��p�%��|T =�,^�1��N7��v�9�Fh� ��7 ��ǣ�HD��LK�jQ�Z/�=V*+��X�Ĥ�=e8�{��Q^� �E��C��!��~h&�' ��Ѝ��0�W��ϟK�2WbJY�O�=�q�4z�x� O�^�=TRH�*Aeb~��#U�Q/��`Q�Zv�۪�u#�@E�4@O��p<Cf��w�#� z.N�5$��!Ǎ��eESn�o�%RL9Z]��!l,3��)��@c5ҴD�E4J��8�Z��0�Allw8��oK�%Y\ӗ��f��mG'�g��d�8$G�(�q��*�_g5��y��:J��E��_�r�� R��!, Q�� {��%�OY[\��hd3�+��+4!��k��fFG=��+��A�6B:06H�/�5�`��wY��Y�̓�]��m��3��)"��L�ud��(>��?:[~��\�&�!N�S�Gz)��᰽>� L̐��J!s�K8�Y^p9��u� ��T(��|Y3"<�]��@�s(,��`�S�Q�|^ TqB�y��P��;�JŒ3��~�/[i��%f��STHEd�ؓY�~{{��^�J��OO�� Wr hѻN�R@��?�Sb�/��k�ɞ�Rt��p��Yl��H<çׂ��]fHB��{N�OD�W�MP(�\� 2��i k˷~�!O�o*��GaR��䓬0�� M ��5R��Ob#LV~i��21\q��]Xp��+>5�K^�ۥe$��% ^��= �խ1xz[�W�ho�җg��t^&y�^�}B$0�x��(2bA��X:�ǎXF~b��d��O�A��X�j��M�(�Q��};��@7�=�ǋ�D�3�E�J�?Gc�� >�"[Gpc)�@�]�Ϻ�<s$L��8��7DmY��T�� jB��=�0C�<��^��]g�R"G<�t��4CV�k�w�l�c`:ޠ��}ǡϫ^�ckb��?P�>�dp@��h� �j�sRA��^��&��?��%��m��2��0��u�~�g!�G8�u-��-�(L1��c�+{��筆@/�y��DY�Nvq�U�`�{ַ��-ay�n��h��a��ˊ1��N�}�.�Q턹'��e��P�/��\��̡=�7��:�v��j��a��;��>��5V)��b��"#0m��F��tw�I1�)�G�!�y|A��!s�A(��8xS�m��W�r&:8d��O>�p�� F��n�)R�T"�]>D+�7*'��5|�>ȩ�{iO^��#�QKlKĴ��LT��ݷ��&��;��(0s[��j�0Ϝ�!�"D��%�c��p�$hI$��\ۛ ��hs� LA@<��;�׻�Ë�"AX#��gw�� #ʮ �S�I��d&R��YO�)w+��&N8�6��M��&J -�l��y��#Z��b[�Jo�hޮl��!�Ap�#ONm��Xޣ/�� a2��8|\�v��8��#�W�׹��\�S��T(_�W�@�+��^ԙx;�fԧ�;�<�.ծ֞HF'Y�*�jr�(uI��@M�n�8��{|L�aHrG�(�H��z��π.J�鋹��Sҭ��.jP��ڕx��Z��٪U��+�-�<O,��>�|Hʐ��0��V�LL��,o��߭��b�7b��낈��.-�u��4�S�-[� =@��oF"_�U4��T��.��n�Np�@ǶLG�w��H3u�8J�i�Lt��F[gH��hI�7{M�%��rL��W�#e�6�M�ư��@�f(��$:)�� b\�q�� 8a��T,h��&J��xp��ik�j5�*&��k<�<9�< � �RV��V�㦛y_�!i��ïB24�0��i8�f#��~�6�C��E��1�� x��F�m�TT9m5ޘÀ>�=��,�C�� &� �C[�S��#�: ��v"r-S��h�_�%�6 kUF�q��x�ypd��?��~��x!�)��z�WFK*�؊��?�D�<7 ��ޕo�D�DHb@~��S�+u�&��f"��U��N��聝xv�&#.�}+��MM��^V��u�h_T!L&�ha��D��<��Ð��v�f�Cy�0��_].��C�x��5\Y ��Z�_��O��:ҥ�m,#�i�!�\t�W@��w�-@�=��4 nK0��M�G��M�3A��~�~��\�D^N�[g�!G@�� Z��B�c� P�?��~� ��̦��Y�O�@!�FuN�u.W��~XXSE��^��r�v2d��},\wC^��s`*-X�K�8Yk�u� f�ǝK�`�;EX[lE��%�ӊ��Lo��`��yӹ�A�

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 225.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mu0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mu1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mu2
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cca3369c9b5e79afca02fc0dce2466e5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

mumsg

comctl32

shlwapi

wsock32

ws2_32

imagehlp

oleacc

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 1.8MB

.rdata Size: - Virtual size: 251KB

.data Size: - Virtual size: 225.2MB

.mu0 Size: - Virtual size: 3.1MB

.mu1 Size: 4KB - Virtual size: 2KB

.mu2 Size: 6.3MB - Virtual size: 6.3MB

.rsrc Size: 24KB - Virtual size: 25KB

.text
Size: - Virtual size: 1.8MB

.rdata
Size: - Virtual size: 251KB

.data
Size: - Virtual size: 225.2MB

.mu0
Size: - Virtual size: 3.1MB

.mu1
Size: 4KB - Virtual size: 2KB

.mu2
Size: 6.3MB - Virtual size: 6.3MB

.rsrc
Size: 24KB - Virtual size: 25KB