9ca8256acca2b51ac0096aa52377cc99b8cbfde1dcdea80e301be315a672d6d1

Sharing

Copy URL Twitter E-mail

General

Target

9ca8256acca2b51ac0096aa52377cc99b8cbfde1dcdea80e301be315a672d6d1
Size

2.1MB
MD5

ec084dc6d2e7e82e67b5839b7de15623
SHA1

bc53a9d3067f497b760a93cdbb8f721f9024dc8e
SHA256

9ca8256acca2b51ac0096aa52377cc99b8cbfde1dcdea80e301be315a672d6d1
SHA512

bf5ff0da733ad22ae137f4afe8c49b367e5e82878ce4612c144d1ac977f433543f6e8a86d347cdbe3f3eab9c31722121972621db82c5850a91993cb3c235910f
SSDEEP

49152:nr7yiWVow1eV9LFc2/4Pu6qBWzoTJkpuCI2:r7PW+2eV9LXmCWzwJS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ca8256acca2b51ac0096aa52377cc99b8cbfde1dcdea80e301be315a672d6d1

Files

9ca8256acca2b51ac0096aa52377cc99b8cbfde1dcdea80e301be315a672d6d1
.exe windows:5 windows x86 arch:x86

ec2ae278be0f11e6fd1bb7c6d6dc7a28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tyb-elf\elf\Release\elf.pdb

Imports

onlogco

OnLogCollectorTask
LogCollectorGetLogLevel
LogCollectorInit

wininet

InternetGetCookieA
InternetSetCookieA

kernel32

MultiByteToWideChar
lstrcmpiW
ExitProcess
GetCommandLineW
CreateMutexA
OpenMutexA
CreateDirectoryW
ReadFile
WriteFile
SetFilePointer
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
DeleteFileW
GetModuleFileNameW
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
FormatMessageW
MoveFileExA
GetFileType
GetStdHandle
PeekNamedPipe
GetEnvironmentVariableA
VerifyVersionInfoA
GetCurrentProcessId
TerminateThread
SetEvent
Sleep
CreateEventW
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
InterlockedCompareExchange
SetLastError
TlsSetValue
SetWaitableTimer
OutputDebugStringA
VirtualFreeEx
CreateProcessW
ReadProcessMemory
VirtualAllocEx
Process32FirstW
Process32NextW
OpenProcess
lstrcmpA
WriteProcessMemory
GlobalUnlock
WideCharToMultiByte
GlobalLock
CreateDirectoryA
GetLongPathNameA
GetTempPathA
CreateThread
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
GetDriveTypeW
LoadLibraryW
GetVersionExW
GlobalFree
GlobalAlloc
CloseHandle
CreateFileW
DeviceIoControl
GetModuleHandleW
HeapSize
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
CreateToolhelp32Snapshot
GetTickCount
GetPrivateProfileIntW
OutputDebugStringW
LoadLibraryExW
FreeLibrary
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
TlsFree
InterlockedIncrement
LocalFree
InterlockedExchangeAdd
TlsAlloc
GetLastError
PostQueuedCompletionStatus
LeaveCriticalSection
InterlockedDecrement
CreateIoCompletionPort
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapReAlloc
HeapFree
FlushFileBuffers
HeapAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetEnvironmentVariableA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
EnterCriticalSection
InterlockedExchange
GetCurrentThreadId
lstrlenW
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetSystemTimeAsFileTime
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetStringTypeW
SwitchToThread
WaitForSingleObjectEx
TryEnterCriticalSection
MoveFileExW
AreFileApisANSI
SetFilePointerEx
SetEndOfFile
RemoveDirectoryW
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindClose
lstrcpynW
RaiseException
lstrcpyW
DecodePointer
FindResourceW
SizeofResource
LoadResource
LockResource
TlsGetValue
VerifyVersionInfoW
SleepEx
VerSetConditionMask
SetStdHandle
QueueUserAPC
FreeResource
MulDiv
GetACP
GetFileSize
GetLocalTime

user32

MapWindowPoints
GetSysColor
UnionRect
GetWindowLongW
RegisterWindowMessageW
InvalidateRect
ReleaseCapture
GetClientRect
GetMonitorInfoW
OffsetRect
FillRect
MonitorFromWindow
SetWindowPos
InflateRect
GetWindowRect
MoveWindow
IsWindowVisible
DestroyWindow
SetWindowLongW
IsRectEmpty
GetWindow
CallWindowProcW
DefWindowProcW
SendMessageTimeoutW
GetCursorPos
PtInRect
PostQuitMessage
KillTimer
IsZoomed
FindWindowW
IntersectRect
SetTimer
GetSystemMetrics
ScreenToClient
GetParent
SystemParametersInfoW
EnumDisplaySettingsW
GetDesktopWindow
ClientToScreen
SendMessageW
FindWindowExW
GetWindowThreadProcessId
IsWindow
SendNotifyMessageW
RegisterClassW
CreateWindowExW
PostMessageW
TranslateMessage
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
IsWindowEnabled
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
SetRect
DrawTextW
CharPrevW
GetWindowRgn
UpdateLayeredWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
UpdateWindow
SetForegroundWindow
MonitorFromPoint
MessageBoxW
SetWindowRgn
SetPropW
EnableWindow
ShowWindow
GetClassInfoExW
RegisterClassExW
LoadCursorW
SetCursor
EnumDisplayMonitors
GetUpdateRect
GetPropW
EnumWindows
GetMessageW
LoadAcceleratorsW
DispatchMessageW
TranslateAcceleratorW
ReleaseDC
IsIconic
EqualRect
EndPaint
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
GetDC
BeginPaint
LoadImageW

gdi32

SetBitmapBits
GetBitmapBits
GetTextExtentPointA
GetClipBox
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CreatePatternBrush
SetBkMode
SetTextColor
CreateRectRgn
PtInRegion
CreateDIBSection
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
GetCharABCWidthsW
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
StretchBlt
SetStretchBltMode
GetObjectA
MoveToEx
TextOutW
GdiFlush

advapi32

CryptDestroyHash
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegSetValueExW
CryptAcquireContextA
CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptDestroyKey
RegQueryValueExW
CryptHashData
CryptCreateHash
CryptGetHashParam

shell32

SHGetFolderPathW
DragQueryFileW

ole32

CLSIDFromString
CLSIDFromProgID
OleLockRunning
OleDuplicateData
DoDragDrop
RegisterDragDrop
CreateStreamOnHGlobal
CoCreateInstance
ReleaseStgMedium
CoInitializeEx

ws2_32

sendto
recvfrom
WSAStartup
WSACleanup
gethostname
gethostbyname
WSAGetLastError
setsockopt
ioctlsocket
htons
htonl
getsockopt
WSARecv
connect
ntohs
getsockname
WSASocketW
WSASetLastError
listen
ntohl
select
WSASend
closesocket
WSAIoctl
bind
accept
__WSAFDIsSet
WSAStringToAddressW
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
recv
getpeername
socket
getaddrinfo
freeaddrinfo

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipGetPropertyItem
GdipGetPropertyItemSize
GdipLoadImageFromStream
GdipDeleteGraphics
GdipCreateFromHDC
GdipFree
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipImageSelectActiveFrame
GdipAlloc
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectI
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

iphlpapi

GetAdaptersInfo

shlwapi

StrCmpW
PathFileExistsA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

oleaut32

SysFreeString
VariantClear
SysAllocString
VariantInit

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec2ae278be0f11e6fd1bb7c6d6dc7a28

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

onlogco

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

comctl32

gdiplus

imm32

iphlpapi

shlwapi

version

oleaut32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 288KB - Virtual size: 288KB

.data Size: 30KB - Virtual size: 40KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 84KB - Virtual size: 83KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 288KB - Virtual size: 288KB

.data
Size: 30KB - Virtual size: 40KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 84KB - Virtual size: 83KB