319fadf323d263960cb5c419f1692f4b3767d85c9662754dc86aeec9e0fc0eaa

Sharing

Copy URL Twitter E-mail

General

Target

319fadf323d263960cb5c419f1692f4b3767d85c9662754dc86aeec9e0fc0eaa
Size

1.7MB
MD5

ad8f6a1a825de168464fde01055dad6a
SHA1

89fbe7add45bfbd6530806f6877566ba0fe7aab6
SHA256

319fadf323d263960cb5c419f1692f4b3767d85c9662754dc86aeec9e0fc0eaa
SHA512

cba72d9ede8444e634779e7364bf2588fe1dc46f3fdad95831fe210c5e055e8c5928bec36c8dde4029e8cdf3dd022874040b26b271239fcd7032052bc099ec2d
SSDEEP

24576:4jffcYt5Tsgn2ojw2y8++ntwSOpo5NPOcz1ZA5SJQEMrWMGhHXm0Q:owh+7Op8W6TZ2rW9Xm0Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
319fadf323d263960cb5c419f1692f4b3767d85c9662754dc86aeec9e0fc0eaa

Files

319fadf323d263960cb5c419f1692f4b3767d85c9662754dc86aeec9e0fc0eaa
.exe windows:4 windows x86 arch:x86

2d8f791c81f1f3aa3eb7bd854521f3e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
ResumeThread
SetThreadPriority
SuspendThread
GetCurrentThread
GetCPInfo
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
RaiseException
GetACP
HeapReAlloc
HeapSize
ExitThread
FatalAppExitA
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
GetLocaleInfoW
GlobalAddAtomA
CompareStringW
SetEnvironmentVariableA
SleepEx
SetThreadLocale
LoadLibraryExW
GetWindowsDirectoryW
OpenMutexA
OpenFileMappingA
GlobalFindAtomA
GlobalDeleteAtom
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcatA
SetErrorMode
GlobalFlags
OutputDebugStringA
DefineDosDeviceA
GetDiskFreeSpaceExA
SetVolumeLabelA
QueryDosDeviceW
GetLogicalDrives
GetDriveTypeW
GetDriveTypeA
GetExitCodeThread
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceLanguagesA
EnumResourceTypesA
EnumResourceNamesA
SizeofResource
LoadLibraryExA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualProtectEx
WriteProcessMemory
VirtualProtect
QueryPerformanceCounter
VirtualQueryEx
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
ReadProcessMemory
GetThreadPriority
GetPriorityClass
SetPriorityClass
TerminateThread
LoadLibraryW
MoveFileW
GetEnvironmentVariableW
GetTempPathW
GetTempPathA
GetSystemDirectoryW
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
FormatMessageW
FindResourceExA
GlobalSize
SetLastError
WaitForMultipleObjects
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreA
SystemTimeToFileTime
LocalFileTimeToFileTime
GetShortPathNameA
lstrcmpiA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
lstrcpyA
SetEndOfFile
UnlockFile
LockFile
DuplicateHandle
lstrlenW
GlobalLock
GlobalUnlock
lstrlenA
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
AllocConsole
GetStdHandle
WriteConsoleA
FreeConsole
OutputDebugStringW
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
GetProfileStringA
WideCharToMultiByte
CreateProcessA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
FormatMessageA
ResetEvent
SetEvent
WaitForSingleObject
SetConsoleCtrlHandler
CreateMutexA
GetVersionExA
PulseEvent
CreateEventA
GetVersion
GetUserDefaultLangID
GetSystemDefaultLangID
FreeLibrary
FileTimeToLocalFileTime
MultiByteToWideChar
MulDiv
GetExitCodeProcess
GetProcessTimes
FileTimeToSystemTime
CopyFileW
GetDiskFreeSpaceExW
GetFileTime
SetFileTime
GetProcessHeap
HeapAlloc
HeapFree
VirtualQuery
CreateProcessW
WriteFile
CreateFileW
GetFileSize
GetComputerNameA
GetComputerNameW
FlushFileBuffers
GetFileAttributesW
CreateDirectoryW
CreateDirectoryA
GetFileAttributesExA
GetFileAttributesExW
GetVolumeInformationW
QueryDosDeviceA
DeviceIoControl
ReadFile
Sleep
MoveFileA
SetFileAttributesW
RemoveDirectoryW
MoveFileExW
DeleteFileW
SetFileAttributesA
lstrcmpA
RemoveDirectoryA
MoveFileExA
DeleteFileA
GetSystemInfo
FindFirstFileA
FindNextFileA
LoadLibraryA
LocalFree
OpenProcess
GetLastError
GetCurrentProcess
CreateThread
GetSystemDirectoryA
GetModuleHandleW
GetFileInformationByHandle
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
GetTickCount
GetLocalTime
GetCurrentProcessId
FindFirstFileW
lstrcmpW
FindNextFileW
FindClose
CreateFileA
CloseHandle
CopyFileA
GetFileAttributesA
GetCurrentDirectoryW
GetModuleFileNameW
GetCurrentDirectoryA
CompareStringA
GetModuleFileNameA

user32

GetMenu
TrackPopupMenu
GetKeyState
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
MoveWindow
SetWindowLongA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
GetClassInfoA
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetSysColor
GetSysColorBrush
LoadCursorA
GrayStringA
DrawTextA
OpenInputDesktop
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ScreenToClient
UnhookWindowsHookEx
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetScrollPos
SetScrollPos
WinHelpA
GetCapture
IsChild
SetDlgItemInt
GetUserObjectInformationA
wvsprintfA
SetFocus
GetProcessWindowStation
FindWindowExA
GetWindowThreadProcessId
GetClassNameW
GetForegroundWindow
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
MessageBoxA
MessageBoxW
SendMessageTimeoutA
EnumDesktopWindows
IsWindowVisible
SetWindowPlacement
GetWindowLongA
GetUserObjectInformationW
GetParent
EnumWindows
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
CloseDesktop
GetTopWindow
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
DeferWindowPos
EqualRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
MapWindowPoints
UpdateWindow
PostMessageA
LoadIconA
GetCursorPos
ValidateRect
GetActiveWindow
GetMessageA
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
EnumChildWindows
GetDesktopWindow
GetWindowTextA
GetWindowTextW
PostQuitMessage
DestroyMenu
ShowOwnedPopups
SetCursor
DeleteMenu
TabbedTextOutA
GetFocus
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
RemoveMenu
GetMenuItemCount
GetSubMenu
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
LoadStringA
MsgWaitForMultipleObjects
GetSystemMetrics
CharUpperA
wsprintfA
GetWindowTextLengthA
OemToCharA
CharToOemA
PeekMessageA
TranslateMessage
DispatchMessageA
RegisterClassA
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClientRect
SendMessageA
AttachThreadInput
ShowWindow
SetWindowPos
SetForegroundWindow

gdi32

Escape
GetDCOrgEx
GetObjectA
CreateBitmap
RectVisible
PtVisible
CreateDIBPatternBrushPt
CreatePatternBrush
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
GetWindowExtEx
GetViewportExtEx
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
ExtTextOutA
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
CreateFontIndirectW
GetDeviceCaps
GetObjectW
GetStockObject
CopyMetaFileA
CreateDCA
DeleteObject
DeleteDC
StartDocA
SaveDC
RestoreDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
GetCurrentPositionEx
TextOutA
GetBitmapBits
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegisterEventSourceA
DeregisterEventSource
LookupAccountSidW
RegSetKeySecurity
RegCreateKeyW
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegConnectRegistryA
RegCreateKeyExA
RegSetValueA
RegDeleteKeyA
RegOpenKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceA
RegDeleteValueA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceCtrlDispatcherA
LookupAccountNameA
IsValidSid
CopySid
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
AddAce
AddAccessAllowedAce
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
GetFileSecurityW
SetFileSecurityW
GetFileSecurityA
AllocateAndInitializeSid
EqualSid
FreeSid
SetFileSecurityA
RegSetValueExA
RegOpenKeyA
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegSetValueExW
RegCloseKey
ReportEventA

shell32

SHGetFileInfoA
SHGetPathFromIDListW
SHGetSpecialFolderPathA
DragAcceptFiles

comctl32

ord17

ole32

OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
ReadFmtUserTypeStg
CoTaskMemAlloc
OleDuplicateData
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
ReadClassStg
CoTreatAsClass
ReleaseStgMedium
CoDisconnectObject
CreateBindCtx
StringFromCLSID

oleaut32

SafeArrayCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SysReAllocStringLen
SysAllocStringLen
SysStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SystemTimeToVariantTime
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysStringByteLen
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

RpcStringFreeW
UuidToStringW
RpcStringFreeA
UuidToStringA
UuidFromStringW
UuidCreate

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d8f791c81f1f3aa3eb7bd854521f3e2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

version

rpcrt4

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 196KB - Virtual size: 193KB

.data Size: 100KB - Virtual size: 153KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 196KB - Virtual size: 193KB

.data
Size: 100KB - Virtual size: 153KB

.rsrc
Size: 4KB - Virtual size: 1KB