59a96e1a4184b1a980448432414a3febcb62564a573a2365864b9ce48a27eb55

Sharing

Copy URL Twitter E-mail

General

Target

59a96e1a4184b1a980448432414a3febcb62564a573a2365864b9ce48a27eb55
Size

3.5MB
MD5

a21b00580f8b2959265761d6ceed7730
SHA1

c4c1dadb57c5ea34196ea68de69ab27c4dbaa489
SHA256

59a96e1a4184b1a980448432414a3febcb62564a573a2365864b9ce48a27eb55
SHA512

3d96c4bfe2f78fc0ef094ed277083f79c7dfd8082a1c8c1bebb7d4553ccb3fd3c5dfe89b6c8fce7b3d32c2f7728e4c01e97d8da148d2ca6a276e4463465fecc1
SSDEEP

98304:EvbHw9D+w0/EplRULl9TNBcDZaAww+RpL3:Ev7WbULHBBSsAcJ3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59a96e1a4184b1a980448432414a3febcb62564a573a2365864b9ce48a27eb55

Files

59a96e1a4184b1a980448432414a3febcb62564a573a2365864b9ce48a27eb55
.exe windows:4 windows x86 arch:x86

d22cbf8a53856e831df4012c545e280f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
LocalAlloc
ResetEvent
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
CopyFileW
GetSystemWindowsDirectoryA
GetModuleHandleW
LocalFree
Module32First
Module32Next
GetCurrentThread
CreateProcessA
ProcessIdToSessionId
GetExitCodeProcess
GetStartupInfoA
Process32FirstW
Process32NextW
OpenProcess
GetLogicalDriveStringsA
QueryDosDeviceA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetSystemInfo
GetVersionExA
GetFileTime
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileA
FindNextFileA
FindClose
FlushConsoleInputBuffer
QueryPerformanceCounter
GetStdHandle
GetVersion
DuplicateHandle
GetFileType
MulDiv
FreeResource
SizeofResource
GetCurrentDirectoryA
GetACP
RemoveDirectoryA
FindResourceA
LoadResource
LockResource
lstrcmpiW
MoveFileExA
GetProcessHeap
HeapAlloc
HeapFree
GetSystemDirectoryA
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
OutputDebugStringA
SetFilePointer
CreateFileW
SetEndOfFile
CopyFileA
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
lstrcpynA
SetLastError
GlobalMemoryStatus
lstrcpyA
lstrcatA
LoadLibraryA
lstrcmpiA
GetFullPathNameA
GetModuleHandleA
GetTickCount
GetExitCodeThread
GetDiskFreeSpaceExA
TerminateThread
GetLogicalDrives
FreeLibrary
OpenEventA
SetEvent
VirtualQuery
LoadLibraryExA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
GlobalLock
GlobalUnlock
GetEnvironmentVariableA
CreateThread
WaitForSingleObject
ExpandEnvironmentStringsA
GetSystemDefaultLangID
SetUnhandledExceptionFilter
GetTempPathA
CreateDirectoryA
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
Sleep
CreateSemaphoreA
GetLastError
GetModuleFileNameA
GlobalFree
lstrlenA
WriteFile
CreateFileA
GetFileSize
GlobalAlloc
ReadFile
DefineDosDeviceA
CloseHandle

user32

GetClassNameA
GetWindowTextA
OpenInputDesktop
GetUserObjectInformationA
SwitchDesktop
GetWindowLongA
IsIconic
GetClientRect
OpenDesktopA
EnumDesktopWindows
GetThreadDesktop
CloseDesktop
CreateDesktopA
ExitWindowsEx
EnumWindows
GetWindowThreadProcessId
DestroyWindow
CreateWindowExA
SetWindowLongA
ShowWindow
PostQuitMessage
PostMessageA
IsWindow
FindWindowA
GetCursorPos
ScreenToClient
SetWindowRgn
GetWindowRect
ClientToScreen
KillTimer
SetTimer
SendMessageA
TrackPopupMenu
SetForegroundWindow
ModifyMenuA
GetSubMenu
LoadMenuA
IsWindowEnabled
SetWindowPos
GetSystemMetrics
GetParent
GetMonitorInfoA
MonitorFromWindow
SendMessageTimeoutA
LoadIconA
DestroyIcon
GetForegroundWindow
GetProcessWindowStation
GetUserObjectInformationW
CreateAcceleratorTableA
InvalidateRgn
SetRect
CharPrevA
DrawTextA
FillRect
GetWindowRgn
UpdateLayeredWindow
GetSysColor
SetCaretPos
ShowCaret
HideCaret
CreateCaret
IntersectRect
GetWindowTextLengthA
SetWindowTextA
CharNextA
PtInRect
ReleaseCapture
SetCapture
GetFocus
GetUpdateRect
MessageBoxA
RegisterClassExA
MoveWindow
BeginPaint
EndPaint
IsRectEmpty
InvalidateRect
DefWindowProcA
LoadCursorA
MapWindowPoints
GetDC
SetUserObjectInformationA
SetThreadDesktop
EnableWindow
GetDesktopWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetFocus
OffsetRect
wvsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
GetWindow
SystemParametersInfoA
RegisterClassA
GetClassInfoExA
CallWindowProcA
GetPropA
SetPropA
AdjustWindowRectEx
GetMenu
SetCursor
ReleaseDC
GetKeyState

gdi32

CreateRoundRectRgn
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
GetObjectA
SelectObject
CreateCompatibleDC
DeleteObject
CreatePen
CreateFontIndirectA
GetStockObject
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
CreateCompatibleBitmap
GetTextMetricsA
CreateSolidBrush
SetTextColor
SetBkMode
GetDeviceCaps
PtInRegion
SelectClipRgn
ExtSelectClipRgn
GetClipBox
StretchBlt
SetStretchBltMode
ExtTextOutA
SetBkColor
LineTo
MoveToEx
RoundRect
TextOutA
GetTextExtentPoint32A
GetCharABCWidthsA
DeleteDC
CreateDIBSection
GetPixel

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

DuplicateTokenEx
RegDeleteValueA
AddAccessAllowedAce
RegSetKeySecurity
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
LookupAccountNameA
ConvertSidToStringSidA
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
CloseServiceHandle
LookupPrivilegeNameA
OpenThreadToken
GetTokenInformation
EqualSid
DeregisterEventSource
SetTokenInformation
OpenProcessToken
CreateProcessAsUserA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
FreeSid
CryptDecrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
ReportEventA
RegisterEventSourceA

shell32

StrChrIA
StrStrIA
StrCmpNIA
SHGetSpecialFolderPathA
SHChangeNotify
ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
Shell_NotifyIconA

ole32

CoCreateInstance
CLSIDFromString
CoCreateGuid
CoInitialize
OleInitialize
OleUninitialize
CLSIDFromProgID
OleLockRunning

ws2_32

accept
WSAEnumNetworkEvents
bind
WSAEventSelect
listen
shutdown
WSASend
WSAGetOverlappedResult
WSAAddressToStringA
WSASocketA
setsockopt
getsockname
WSAIoctl
WSACleanup
WSAStartup
getservbyport
gethostbyaddr
getservbyname
WSAGetLastError
WSASetLastError
ntohl
htonl
ntohs
gethostbyname
inet_ntoa
socket
ioctlsocket
closesocket
htons
inet_addr
connect
select
WSARecv

comctl32

ord17
_TrackMouseEvent

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext

dbghelp

MiniDumpWriteDump

msvcp60

??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
??_7runtime_error@std@@6B@
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@D@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1ios_base@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@

shlwapi

PathRemoveFileSpecA
StrTrimW
StrTrimA

crypt32

CertFindCertificateInStore
CryptDecryptMessage
CryptEncryptMessage
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindChainInStore
CertGetIntendedKeyUsage
CertNameToStrA
CertGetNameStringA
CertFreeCertificateContext
CertCloseStore
CertOpenSystemStoreA
CertAddCertificateContextToStore
CertOpenStore

psapi

GetProcessImageFileNameA
GetModuleFileNameExA

iphlpapi

SetTcpEntry
GetIpForwardTable
GetIpAddrTable
GetTcpTable

msvcrt

_ismbcalnum
_itoa
_stricmp
_controlfp
_iob
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
signal
_getch
isupper
isxdigit
_except_handler3
_strnicmp
_setmode
fflush
_wfopen
isspace
tolower
getenv
qsort
strcmp
memset
fprintf
wcsstr
raise
_exit
gmtime
_fileno
_mbsnbcmp
isdigit
strtol
toupper
_mbsstr
_mbslwr
_mbscmp
_mbsnbcpy
realloc
strpbrk
_ftol
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
_strdup
fgets
fputs
rewind
fread
wcscpy
wcscat
iscntrl
_wcsicmp
ftell
strtoul
calloc
_vsnprintf
remove
_errno
_lseek
_close
_write
_read
_CxxThrowException
_open
printf
exit
fwrite
wcsncpy
strchr
fopen
fseek
atoi
strncat
strncpy
_strrev
??2@YAPAXI@Z
strrchr
_purecall
__p___argv
__p___argc
strstr
_access
sprintf
_snprintf
strncmp
fclose
rand
srand
time
memchr
__CxxFrameHandler
free
malloc
memmove
atof
sscanf
wcslen
fgetws

wininet

InternetQueryOptionA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile

setupapi

SetupIterateCabinetA

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain

riched20

ord4

Exports

Exports

strdup

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d22cbf8a53856e831df4012c545e280f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

ws2_32

comctl32

version

imm32

dbghelp

msvcp60

shlwapi

crypt32

psapi

iphlpapi

msvcrt

wininet

setupapi

wintrust

riched20

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 203KB - Virtual size: 203KB

.data Size: 80KB - Virtual size: 336KB

.rsrc Size: 580KB - Virtual size: 579KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 203KB - Virtual size: 203KB

.data
Size: 80KB - Virtual size: 336KB

.rsrc
Size: 580KB - Virtual size: 579KB