49d37f9b7892fa9b15f368a7ae2ac199d3da8ddf4184a3a496786270a393b878

Sharing

Copy URL Twitter E-mail

General

Target

49d37f9b7892fa9b15f368a7ae2ac199d3da8ddf4184a3a496786270a393b878
Size

2.8MB
MD5

a78c79a5fa1274228b0ae66a91710e81
SHA1

54bfb1e5d6ad6bef858ec6535347d2fc84d59194
SHA256

49d37f9b7892fa9b15f368a7ae2ac199d3da8ddf4184a3a496786270a393b878
SHA512

bffc454e817dd34d5325341717cad998455e15a7bc391bb2df05e572a67b2183dc8819d49d192eb19afd8d1595884d82a278c4d8822746882456777b671d2ae5
SSDEEP

49152:mVF8AWpHRvFpsyeeWsGmgn63FsJdfhzOpcPTX/04NiYZjtDEj:mfCRvFp5mu3FsZi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49d37f9b7892fa9b15f368a7ae2ac199d3da8ddf4184a3a496786270a393b878

Files

49d37f9b7892fa9b15f368a7ae2ac199d3da8ddf4184a3a496786270a393b878
.dll regsvr32 windows:4 windows x86 arch:x86

cfd5d5c6c3af4c48f987da374f915568

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathIsDirectoryW

comctl32

PropertySheetW
ImageList_Read
ImageList_Merge
ImageList_LoadImageW
ImageList_Create
ImageList_Destroy
ord14
ord13
ord17
ImageList_Write
CreatePropertySheetPageW
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Draw
ImageList_AddMasked
ImageList_GetIconSize
ImageList_GetIcon

kernel32

GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
CompareStringA
CompareStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA
GetComputerNameW
FlushFileBuffers
FatalAppExitA
HeapSize
TerminateProcess
SetThreadLocale
OutputDebugStringA
LoadLibraryExA
EnumResourceLanguagesW
GetWindowsDirectoryW
QueryPerformanceCounter
OpenSemaphoreW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DisconnectNamedPipe
CreateIoCompletionPort
CancelIo
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
ExitProcess
ExitThread
GetCommandLineA
RaiseException
HeapReAlloc
CreateDirectoryW
GetFileAttributesExA
GetFileAttributesExW
GetVolumeInformationW
DeviceIoControl
ReadFile
GetEnvironmentVariableA
MoveFileW
CopyFileW
SetFileAttributesW
lstrcmpW
GetLocalTime
GetFullPathNameA
SetCurrentDirectoryW
SetEnvironmentVariableW
DefineDosDeviceW
SetVolumeLabelW
QueryDosDeviceA
GetLogicalDrives
GetDriveTypeA
VirtualQueryEx
InterlockedExchangeAdd
InterlockedCompareExchange
CreateProcessA
ReadProcessMemory
GetThreadPriority
GetPriorityClass
SetPriorityClass
PulseEvent
InterlockedExchange
SleepEx
AllocConsole
WriteConsoleW
FreeConsole
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileExA
RemoveDirectoryA
CopyFileA
CreateDirectoryA
MoveFileA
DeleteFileA
GetFileAttributesA
SetFileAttributesA
GetEnvironmentVariableW
GetTempPathW
GetTempPathA
GetCurrentDirectoryA
ExpandEnvironmentStringsW
GetSystemDirectoryA
ExpandEnvironmentStringsA
GetExitCodeThread
TerminateThread
OutputDebugStringW
FormatMessageA
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetDiskFreeSpaceW
GetTempFileNameW
GlobalGetAtomNameW
LocalLock
LocalUnlock
FindResourceExW
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalSize
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
GetModuleFileNameA
LCMapStringW
GetTickCount
LCMapStringA
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpiA
GetCurrentThread
FileTimeToLocalFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetThreadLocale
GetStringTypeExW
GetFullPathNameW
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
DuplicateHandle
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreW
lstrcmpA
SuspendThread
SetThreadPriority
ResumeThread
SetLastError
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GlobalFree
LockResource
FormatMessageW
GlobalAlloc
GetVersionExW
GetPrivateProfileStringW
GetProfileStringW
WideCharToMultiByte
WaitForMultipleObjects
GlobalLock
GlobalUnlock
lstrcatW
lstrcpyW
DeleteFileW
MoveFileExW
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
LocalFree
OpenProcess
GetLastError
GetCurrentProcess
CreateThread
GetSystemDirectoryW
GetModuleHandleA
CreateFileA
GetFileInformationByHandle
GetCurrentProcessId
GetModuleHandleW
GetCurrentThreadId
HeapDestroy
CreateFileW
CloseHandle
GetDriveTypeW
QueryDosDeviceW
Sleep
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
GetProcAddress
GetCurrentDirectoryW
GetModuleFileNameW
lstrcpynW
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrlenA
GetShortPathNameW
DisableThreadLibraryCalls
lstrlenW
GetLongPathNameA
GetLongPathNameW
VirtualProtect
LoadLibraryA
WaitForSingleObject
CreateEventW
OpenEventW
SetEvent
ResetEvent
OpenMutexW
CreateMutexW
InterlockedDecrement
InterlockedIncrement
GetVersion
GetUserDefaultLangID
GetSystemDefaultLangID
BackupWrite
BackupRead
BackupSeek
MultiByteToWideChar
MulDiv
GetExitCodeProcess
GetProcessTimes
FileTimeToSystemTime
GetDiskFreeSpaceExW
GetFileTime
SetFileTime
GetProcessHeap
HeapAlloc
HeapFree
VirtualQuery
CreateProcessW
WriteFile
GetFileSize
RemoveDirectoryW
GetComputerNameA

user32

BringWindowToTop
MessageBoxW
SetTimer
GetWindowRect
GetDC
SendMessageW
MessageBoxA
LoadIconW
KillTimer
EnableWindow
InflateRect
FillRect
GetSysColor
GetClientRect
UnpackDDElParam
ReuseDDElParam
SetMenu
LoadMenuW
TranslateAcceleratorW
LoadAcceleratorsW
IsClipboardFormatAvailable
GetTabbedTextExtentW
DeleteMenu
RemoveMenu
GetMenuStringW
InsertMenuW
GetDialogBaseUnits
UnregisterClassW
DestroyMenu
MapDialogRect
ShowOwnedPopups
PostQuitMessage
LoadStringW
CharUpperW
wvsprintfW
MsgWaitForMultipleObjects
WindowFromPoint
GetMessageW
GrayStringW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
SetWindowTextW
IsDialogMessageW
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
InvalidateRect
CopyRect
DrawIconEx
UpdateWindow
ReleaseCapture
SetCapture
PtInRect
RedrawWindow
IsWindow
GetParent
OffsetRect
LoadBitmapW
DrawTextW
GetSysColorBrush
SetParent
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopW
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
WinHelpW
wsprintfW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthW
GetDlgCtrlID
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetMessagePos
GetLastActivePopup
GetWindow
SetWindowLongW
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
OpenInputDesktop
GetUserObjectInformationW
GetProcessWindowStation
FindWindowExW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetSystemMetrics
GetClipboardData
SetWindowRgn
SetRect
SystemParametersInfoW
EnableMenuItem
GetFocus
EnableScrollBar
IsChild
GetCapture
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetAsyncKeyState
MessageBeep
InvertRect
GetKeyState
UnionRect
CreatePopupMenu
AppendMenuW
RegisterWindowMessageW
IntersectRect
SetCursor
MapWindowPoints
ClientToScreen
HideCaret
EqualRect
IsRectEmpty
ReleaseDC
SetRectEmpty
FrameRect
DrawFocusRect
LoadCursorW
GetClassInfoW
DefWindowProcW
PeekMessageW
TranslateMessage
DispatchMessageW
PostMessageW
GetCursorPos
ScreenToClient
CharNextW
CreateWindowExW
AttachThreadInput
ShowWindow
SetWindowPos
SetForegroundWindow
GetWindowTextW
GetWindowTextA
GetDesktopWindow
EnumChildWindows
EnumWindows
GetWindowLongW
IsWindowVisible
EnumDesktopWindows
SendMessageTimeoutW
OpenWindowStationW
SetProcessWindowStation
CloseWindow
FindWindowW
EnumWindowStationsW
EnumDesktopsW
OemToCharBuffA
CharToOemBuffA
CloseWindowStation
GetForegroundWindow
GetClassNameW
GetWindowThreadProcessId
ValidateRect

gdi32

CreateDIBitmap
CreatePen
CreatePatternBrush
GetStockObject
GetDeviceCaps
CreateRectRgnIndirect
GetObjectW
CreateFontIndirectW
CreateSolidBrush
CreateDIBSection
SelectObject
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextExtentPoint32W
SetAbortProc
SetROP2
GetTextMetricsW
GetTextColor
GetCurrentObject
GetBkColor
CombineRgn
CreatePolygonRgn
GetDCOrgEx
GetClipBox
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetTextColor
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
ExtCreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
PatBlt
GetMapMode
SetRectRgn
DPtoLP
CopyMetaFileW
CreateDCW
SetBkColor
CreateBitmap
DeleteDC
StartDocW
SaveDC
RestoreDC
SelectPalette
SetBkMode
OffsetWindowOrgEx
StartPage
SetPolyFillMode
EnumFontFamiliesExW
GetCharWidthW
AbortDoc
EndDoc
EndPage
GetBitmapBits
GetObjectA
CreateDCA

comdlg32

GetFileTitleW
FindTextW
PageSetupDlgW
PrintDlgW
CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW
ReplaceTextW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegisterEventSourceA
RegCloseKey
RegQueryValueExW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidW
GetTokenInformation
GetUserNameW
RegOpenKeyW
RegSetValueExW
SetFileSecurityW
FreeSid
EqualSid
AllocateAndInitializeSid
GetFileSecurityW
LookupAccountNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
AddAccessAllowedAce
GetAce
AddAce
InitializeAcl
GetLengthSid
GetAclInformation
RegDeleteValueW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
UnlockServiceDatabase
CloseServiceHandle
CreateServiceW
LockServiceDatabase
OpenSCManagerW
DeleteService
OpenServiceW
StartServiceW
ControlService
RegSetValueW
RegConnectRegistryW
RegQueryValueExA
RegSetValueExA
RegEnumKeyW
RegCreateKeyA
RegCreateKeyExA
RegSetKeySecurity
RegOpenKeyA
QueryServiceStatus
QueryServiceConfigW
ChangeServiceConfigW
EnumServicesStatusW
DeregisterEventSource
ReportEventA

shell32

DragFinish
SHGetFileInfoW
DragAcceptFiles
DragQueryFileW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoTaskMemRealloc
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
OleDuplicateData
CreateBindCtx
SetConvertStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
CoUninitialize
CoDisconnectObject

oleaut32

SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SystemTimeToVariantTime
VarUI4FromStr
SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SysStringByteLen
SysAllocStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy

imm32

ImmReleaseContext
ImmGetContext
ImmAssociateContext

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW
RpcStringFreeA
UuidToStringA
UuidCreate

ws2_32

sendto
recvfrom
WSAGetLastError
WSAStartup
WSACleanup
setsockopt
accept
bind
htonl
htons
WSAIoctl
socket
connect
closesocket
shutdown
listen
ntohs
ntohl
getpeername
getsockname
getsockopt
send
recv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
PopupSDPropertyDlg
SetAGroupLib
SetAgentLib
SetGlobalInfo
SetGroupIDInfo
SetPolicyInfo
SetRelationship
SetSecurityRegion
SetUGroupLib
SetUserCfgInfo
SetUserLib

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 183KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdfleatr
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfd5d5c6c3af4c48f987da374f915568

Headers

File Characteristics

Imports

shlwapi

comctl32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

ole32

oleaut32

imm32

version

rpcrt4

ws2_32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 297KB - Virtual size: 296KB

.data Size: 183KB - Virtual size: 263KB

sdfleatr Size: 512B - Virtual size: 40B

.rsrc Size: 108KB - Virtual size: 107KB

.reloc Size: 155KB - Virtual size: 154KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 297KB - Virtual size: 296KB

.data
Size: 183KB - Virtual size: 263KB

sdfleatr
Size: 512B - Virtual size: 40B

.rsrc
Size: 108KB - Virtual size: 107KB

.reloc
Size: 155KB - Virtual size: 154KB