ba196601578801ad9e6c45755733c316a0bd654230a5ddffc414472ff96ebc3e

Sharing

Copy URL

Twitter E-mail

General

Target

ba196601578801ad9e6c45755733c316a0bd654230a5ddffc414472ff96ebc3e
Size

8.6MB
MD5

7a6b35007c37cf775b00c660f3f42c75
SHA1

348ead0f99cabd58b2c1765206b309fa1f6d4a01
SHA256

ba196601578801ad9e6c45755733c316a0bd654230a5ddffc414472ff96ebc3e
SHA512

31b2dc80b93460abdbb79857199d97693d3bdf609b41adf87a9177b03e377979ce7c17044079bbe07047d520ffbbfae482e358d6058158d0e68d81b8800158de
SSDEEP

98304:T4TaEKMqoPo5A457bzeWG7/4L4p1mkrRlkyH9mMlQR:E1KMqoPEmWGr4LVQI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba196601578801ad9e6c45755733c316a0bd654230a5ddffc414472ff96ebc3e

Files

ba196601578801ad9e6c45755733c316a0bd654230a5ddffc414472ff96ebc3e
.dll windows:4 windows x86 arch:x86

53ca970fdaab292e6d6a985a9cfc09e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FatalAppExitA
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
SetConsoleCtrlHandler
SetStdHandle
SetEnvironmentVariableA
CopyFileA
CreateDirectoryA
DeleteFileA
GetFileAttributesA
SetFileAttributesA
GetTempPathW
GetTempPathA
ExpandEnvironmentStringsA
InterlockedExchangeAdd
CreateProcessA
ReadProcessMemory
GetThreadPriority
GetPriorityClass
SetPriorityClass
MoveFileA
HeapReAlloc
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DisconnectNamedPipe
CreateIoCompletionPort
CancelIo
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
InterlockedCompareExchange
SetThreadLocale
LoadLibraryExA
EnumResourceLanguagesW
UnmapViewOfFile
GetCurrentDirectoryA
AllocConsole
WriteConsoleW
FreeConsole
OutputDebugStringW
FormatMessageA
MoveFileExA
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
SleepEx
PulseEvent
BackupSeek
BackupRead
BackupWrite
CreateFileMappingA
GetWindowsDirectoryA
EnumResourceTypesW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
GetThreadContext
GetDriveTypeA
QueryDosDeviceA
SetVolumeLabelW
DefineDosDeviceW
GetDiskFreeSpaceW
GetFullPathNameA
HeapSize
ExitProcess
ExitThread
GetCommandLineA
GetSystemTimeAsFileTime
RaiseException
QueryPerformanceCounter
PeekNamedPipe
SetCurrentDirectoryA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
FindResourceExW
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalSize
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
VirtualProtect
GlobalAlloc
lstrcmpiA
SystemTimeToFileTime
LocalFileTimeToFileTime
GetShortPathNameW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetFullPathNameW
ReleaseMutex
SuspendThread
SetThreadPriority
ResumeThread
lstrcmpA
lstrlenA
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcpyW
GlobalLock
GlobalUnlock
GlobalFree
VirtualQueryEx
GetLogicalDriveStringsW
UnlockFile
LockFile
ExpandEnvironmentStringsW
GetLongPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetLogicalDrives
GetVersionExW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetPrivateProfileStringW
GetProfileStringW
InterlockedExchange
ReleaseSemaphore
CreateSemaphoreW
SetEndOfFile
FindResourceW
SizeofResource
LoadResource
LockResource
lstrlenW
WideCharToMultiByte
CreateMutexW
WaitForMultipleObjects
GetExitCodeThread
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
WriteConsoleA
SetErrorMode
RemoveDirectoryA
SetUnhandledExceptionFilter
GetCurrentThread
TerminateProcess
FormatMessageW
CompareFileTime
GetCurrentDirectoryW
SetCurrentDirectoryW
InterlockedDecrement
InterlockedIncrement
GetUserDefaultLangID
GetSystemDefaultLangID
SetEvent
CreateEventW
FileTimeToLocalFileTime
MultiByteToWideChar
MulDiv
GetExitCodeProcess
GetProcessTimes
FileTimeToSystemTime
GetDiskFreeSpaceExW
GetFileTime
SetFileTime
GetProcessHeap
HeapAlloc
HeapFree
VirtualQuery
CreateProcessW
GetComputerNameA
GetComputerNameW
FlushFileBuffers
GetFileAttributesExA
GetVolumeInformationW
MoveFileW
CopyFileW
lstrcmpW
RemoveDirectoryW
MoveFileExW
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
CreateThread
GetSystemDirectoryW
CreateFileA
GetFileInformationByHandle
EnumResourceNamesW
LoadLibraryExW
GetFileSize
TerminateThread
WriteFile
ReadFile
SetFilePointer
GetFileAttributesExW
OpenEventW
ResetEvent
WaitForSingleObject
GetCurrentThreadId
GetLocaleInfoW
lstrcpynW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
FreeLibrary
GetWindowsDirectoryW
SetFileAttributesW
DeleteFileW
CreateDirectoryW
QueryDosDeviceW
GetDriveTypeW
GetCommandLineW
DeviceIoControl
GetTickCount
CreateFileW
GetSystemDirectoryA
Sleep
OpenMutexW
LocalFree
OpenProcess
CloseHandle
GetCurrentProcess
DuplicateHandle
GetModuleFileNameW
OutputDebugStringA
GetVersion
GetFileAttributesW
GetModuleHandleA
LoadLibraryW
SetLastError
GetModuleHandleW
GetProcAddress
GetLastError
OpenSemaphoreW
GetCurrentProcessId

user32

GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
GetDlgItem
IsWindowEnabled
LoadStringW
WaitForInputIdle
UnregisterHotKey
OpenClipboard
EmptyClipboard
CloseClipboard
RegisterHotKey
ClientToScreen
TrackPopupMenu
ValidateRect
IntersectRect
GetWindow
DrawIcon
IsIconic
IsChild
IsRectEmpty
FrameRect
CopyImage
GetFocus
DestroyWindow
SystemParametersInfoW
DrawStateW
WindowFromPoint
EnumDesktopsW
SwitchDesktop
OpenDesktopA
CreateDesktopW
MapWindowPoints
GetAsyncKeyState
CreateIconIndirect
GetMenuStringW
LoadMenuW
GetSubMenu
ModifyMenuW
GetMenuItemCount
GetMenuItemID
EnableMenuItem
RemoveMenu
RegisterWindowMessageW
GetMessageW
UnregisterClassW
GetLastActivePopup
GetMessagePos
GetMessageTime
RemovePropW
GetPropW
UnhookWindowsHookEx
SetPropW
CallNextHookEx
SetWindowsHookExW
GetDlgCtrlID
GetWindowTextLengthW
GetMenu
RegisterClassW
GetClassInfoExW
RegisterClassExW
LoadIconW
MsgWaitForMultipleObjects
DefWindowProcW
ExitWindowsEx
SetRectEmpty
wsprintfW
AttachThreadInput
ShowWindow
SetWindowPos
GetWindowTextA
GetDesktopWindow
EnumChildWindows
EnumWindows
GetWindowTextW
EnumDesktopWindows
SendMessageTimeoutW
MessageBoxW
OpenWindowStationW
MessageBoxA
SetProcessWindowStation
CloseWindowStation
GetForegroundWindow
GetClassInfoW
WinHelpW
GetCapture
GetTopWindow
SetScrollPos
GetScrollPos
GetClassNameW
GetProcessWindowStation
GetUserObjectInformationW
SetScrollRange
GetScrollRange
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
EqualRect
AdjustWindowRectEx
SetFocus
SendDlgItemMessageA
SendDlgItemMessageW
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageW
SetWindowTextW
MoveWindow
wvsprintfW
GetWindowDC
TabbedTextOutW
GrayStringW
CharUpperW
OpenInputDesktop
OpenDesktopW
GetThreadDesktop
CharToOemBuffA
OemToCharBuffA
CloseWindow
EnumWindowStationsW
SetThreadDesktop
CloseDesktop
GetClassLongW
CopyIcon
GetIconInfo
SetRect
IsWindowVisible
PeekMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
BeginPaint
EndPaint
LoadImageW
SetClassLongW
ShowScrollBar
DestroyIcon
LoadCursorW
SetCursor
SetForegroundWindow
GetKeyState
ScreenToClient
PostQuitMessage
ShowOwnedPopups
DestroyMenu
GetDialogBaseUnits
MapDialogRect
InsertMenuW
AppendMenuW
DeleteMenu
CreateWindowExW
GetSystemMetrics
GetDC
ReleaseDC
GetCursorPos
DrawFrameControl
DrawTextW
DrawFocusRect
SetWindowLongW
CallWindowProcW
GetWindowLongW
GetSysColorBrush
GetWindowRect
LoadBitmapW
OffsetRect
IsWindow
RedrawWindow
PtInRect
SetCapture
ReleaseCapture
UpdateWindow
SendMessageW
DrawIconEx
CopyRect
InvalidateRect
GetClientRect
GetSysColor
FillRect
InflateRect
SetTimer
KillTimer
FindWindowW
FindWindowExW
GetWindowThreadProcessId
EnableWindow
GetParent
PostMessageW
SetWindowPlacement

gdi32

SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
ExtCreatePen
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
ExcludeClipRect
Escape
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
CopyMetaFileW
CreateDCW
EnumFontFamiliesExW
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
SelectPalette
StartDocW
PatBlt
BitBlt
CreateRectRgn
CreateCompatibleDC
DeleteObject
SelectObject
CreateDIBSection
CreateSolidBrush
CreateFontIndirectW
GetObjectW
CreateRectRgnIndirect
GetTextExtentPoint32W
ExtTextOutW
SetTextColor
GetTextMetricsW
SetBkColor
GetStockObject
CreateHatchBrush
DeleteDC
SetPixel
GetDeviceCaps
GetPaletteEntries
GdiFlush
StretchBlt
SetStretchBltMode
SetDIBColorTable
SetDIBits
GetDIBits
GetObjectType
LineTo
MoveToEx
CreatePen
GetTextColor
SetBkMode
GetPixel
SetWorldTransform
GetWorldTransform
SetViewportOrgEx
SetWindowOrgEx
EnumFontFamiliesW
GetClipRgn
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
OffsetClipRgn
CreateCompatibleBitmap
IntersectClipRect
GetTextCharsetInfo
FillRgn
CreateDCA
GetObjectA
GetBitmapBits
CreatePolygonRgn
RestoreDC
SaveDC
GetDCOrgEx
TextOutW
CreateBitmap
GetClipBox

comdlg32

GetSaveFileNameW
GetOpenFileNameW
GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegSetKeySecurity
RegCreateKeyExA
RegOpenKeyA
QueryServiceStatus
EnumServicesStatusW
DeregisterEventSource
ReportEventA
RegSetValueW
GetSecurityDescriptorSacl
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExW
RegOpenKeyExW
RegConnectRegistryW
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
AddAce
AddAccessAllowedAce
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
GetFileSecurityW
SetFileSecurityW
RegSetValueExW
RegOpenKeyW
GetUserNameW
LookupAccountSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegQueryValueExW
RegCloseKey
ControlService
StartServiceW
DeleteService
LockServiceDatabase
CreateServiceW
UnlockServiceDatabase
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
CloseServiceHandle
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegisterEventSourceA
RegCreateKeyA

shell32

DragAcceptFiles
SHBrowseForFolderW
SHGetMalloc
SHGetDesktopFolder
ShellExecuteW
Shell_NotifyIconW
SHChangeNotify
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetFileInfoW

comctl32

ImageList_DrawIndirect
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ImageList_Write
ImageList_Read
ImageList_Merge
ImageList_LoadImageW
ImageList_Create
ImageList_Destroy
ord14
ord13
ord17
ImageList_Duplicate

ole32

CoTaskMemFree
CreateBindCtx
CoInitializeEx
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
CoUninitialize
ReadClassStg
StringFromCLSID
CoTreatAsClass
CoCreateGuid
ReleaseStgMedium
CoDisconnectObject
CoCreateInstance
CoInitialize
OleDuplicateData
ReadFmtUserTypeStg
CoTaskMemAlloc

oleaut32

GetErrorInfo
SysReAllocStringLen
SysAllocStringLen
SystemTimeToVariantTime
SetErrorInfo
CreateErrorInfo
VarCyFromStr
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VariantInit
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysFreeString
SysStringLen
VariantClear

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

getsockname
getsockopt
send
recv
sendto
WSAGetLastError
recvfrom
inet_addr
ioctlsocket
getservbyport
gethostbyaddr
getservbyname
inet_ntoa
select
gethostbyname
ntohl
WSAStartup
WSACleanup
setsockopt
accept
bind
htonl
htons
WSAIoctl
socket
connect
closesocket
shutdown
listen
ntohs
gethostname
__WSAFDIsSet
WSASetLastError
getpeername
WSACancelBlockingCall

mpr

WNetGetConnectionW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeA
UuidToStringA
UuidFromStringW
RpcStringFreeW

wldap32

ord27
ord45
ord22
ord211
ord143
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord41
ord46

Exports

Exports

CancelCommitUser
ChangePwd
GetUserInfo
RunAgent32SetupHelper
RunAgent32SetupHelper2
RunAgent32SetupHelper3
RunConnectProc
RunCreateDesktop
RunOAgentTray32
Start
Stop
UserAutoLogin
UserLogin
UserLogonEx
UserLogout
UserLogoutEx
UserRegister

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 660KB - Virtual size: 657KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 840KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1008KB - Virtual size: 1006KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53ca970fdaab292e6d6a985a9cfc09e3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

version

ws2_32

mpr

rpcrt4

wldap32

Exports

Exports

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 660KB - Virtual size: 657KB

.data Size: 840KB - Virtual size: 1.0MB

.idata Size: 24KB - Virtual size: 23KB

.rsrc Size: 1008KB - Virtual size: 1006KB

.reloc Size: 452KB - Virtual size: 451KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 660KB - Virtual size: 657KB

.data
Size: 840KB - Virtual size: 1.0MB

.idata
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 1008KB - Virtual size: 1006KB

.reloc
Size: 452KB - Virtual size: 451KB