a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4

Sharing

Copy URL

Twitter E-mail

General

Target

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4
Size

10.5MB
MD5

99f4956e54717c033294558697b73fc6
SHA1

f528e2da3b2006420fd9cadc8a89f05c6a344c5c
SHA256

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4
SHA512

a1bdd9958df6568b8193519bb468d25811d66f7a137fbd6f7e560cb6e926500f322bee8e5dd696a0f71b5a40c2c45c1c5d56c527ddfb61af0f777265c448fb09
SSDEEP

196608:Hw5QgkALtDhMedzjecdLJsv6tWKFdu9C7:DALhh3CcdLJsv6tWKFdu9C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4

Files

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4
.exe windows:5 windows x86 arch:x86

806fc0b96bbb7d4a7bfec088168e0468

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

ExtTextOutW
GetTextFaceW
GetObjectW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
CreateFontIndirectW
EnumFontFamiliesExW
CreateDCW
CreateCompatibleBitmap
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetBitmapBits
CombineRgn
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
CreateBitmap
GetDIBits
GetDeviceCaps
OffsetRgn
BitBlt
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
ChoosePixelFormat

ole32

StringFromGUID2
CoTaskMemAlloc
CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoCreateGuid
CoInitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoUninitialize

imm32

ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmSetCandidateWindow
ImmNotifyIME
ImmSetCompositionWindow
ImmGetVirtualKey

winmm

PlaySoundW

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantChangeType
SystemTimeToVariantTime

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW

ws2_32

gethostname
ioctlsocket
setsockopt
WSAAsyncSelect
socket
htons
WSACleanup
WSAIoctl
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
bind
accept
select
WSAStartup
__WSAFDIsSet

advapi32

RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
GetLengthSid
FreeSid
CopySid
OpenProcessToken
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

kernel32

RaiseException
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetConsoleMode
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReleaseMutex
CreateMutexW
VirtualAlloc
ReadConsoleW
GetConsoleOutputCP
SetFileAttributesW
SetStdHandle
HeapFree
HeapAlloc
HeapReAlloc
EnumSystemLocalesW
DecodePointer
GetCPInfo
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
WriteConsoleW
VirtualFree
GetLastError
SetLastError
FormatMessageW
GetTickCount
QueryPerformanceCounter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetSystemDirectoryW
QueryPerformanceFrequency
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExW
WaitForSingleObject
CloseHandle
GetEnvironmentVariableA
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
GetCurrentProcessId
SleepEx
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
GetFileSizeEx
CreateFileW
GetVolumeInformationW
lstrcmpW
GetLongPathNameW
GetDriveTypeW
GetCurrentThreadId
LocalFree
IsValidLanguageGroup
IsValidLocale
SetErrorMode
ExpandEnvironmentStringsW
CreateProcessW
GetUserDefaultLangID
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoW
LoadLibraryA
GlobalSize
SetFilePointer
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetConsoleWindow
ExitProcess
OutputDebugStringW
CompareStringW
GetUserDefaultLCID
GetSystemTime
GetLocalTime
GetCommandLineW
SetEvent
WaitForSingleObjectEx
CreateEventW
DuplicateHandle
GetCurrentProcess
SwitchToThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
LCMapStringW
ResetEvent
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultUILanguage
GetFileAttributesExW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
RemoveDirectoryW
GetTempPathW
DeviceIoControl
CopyFileW
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
GetStartupInfoW
GetModuleFileNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
ConnectNamedPipe
CreateNamedPipeW
TerminateProcess
GetExitCodeProcess
GetProcessId
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
FindNextFileW
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ReadFileEx
CancelIo
WriteFileEx
HeapSize

wldap32

ord14
ord216
ord73
ord208
ord41
ord117
ord46
ord27
ord127
ord167
ord142
ord79
ord219
ord133
ord26
ord145
ord147
ord301

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

user32

CharNextExA
PostThreadMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
TranslateMessage
DrawIconEx
MessageBoxW
GetDC
ReleaseDC
GetSystemMenu
EnableMenuItem
GetSystemMetrics
GetSysColor
SystemParametersInfoW
DefWindowProcW
DestroyWindow
SetWindowRgn
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
GetDesktopWindow
SendMessageW
PostMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
SetWindowTextW
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetParent
SetParent
GetWindowThreadProcessId
DestroyCursor
DestroyIcon
GetAncestor
GetKeyboardLayoutList
UnregisterClassW
GetClassInfoW
RegisterClassExW
GetFocus
GetClientRect
GetCursorPos
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetAsyncKeyState
GetKeyboardLayout
RegisterWindowMessageW
CreateCaret
DestroyCaret
HideCaret
SetCaretPos
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu
TrackPopupMenuEx
SetMenuItemInfoW
NotifyWinEvent
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
RegisterClassW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetWindowTextW
EnumWindows
RealGetWindowClassW

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

806fc0b96bbb7d4a7bfec088168e0468

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

ole32

imm32

winmm

oleaut32

shell32

ws2_32

advapi32

kernel32

wldap32

crypt32

user32

Sections

.text Size: 7.0MB - Virtual size: 7.0MB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.data Size: 112KB - Virtual size: 151KB

.qtmetad Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 512B - Virtual size: 364B

_RDATA Size: 1024B - Virtual size: 560B

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 227KB - Virtual size: 227KB

.text
Size: 7.0MB - Virtual size: 7.0MB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 112KB - Virtual size: 151KB

.qtmetad
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 512B - Virtual size: 364B

_RDATA
Size: 1024B - Virtual size: 560B

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 227KB - Virtual size: 227KB