c43d4c593ed8a91559adf72c645bc2855d26cf18c884c5d0438a8ee0871568c0

Sharing

Copy URL

Twitter E-mail

General

Target

c43d4c593ed8a91559adf72c645bc2855d26cf18c884c5d0438a8ee0871568c0
Size

1.6MB
MD5

d926f34b5cec177a9789b7e93faef69d
SHA1

2015f970f0922c6d70dfe4caee56d274971dad92
SHA256

c43d4c593ed8a91559adf72c645bc2855d26cf18c884c5d0438a8ee0871568c0
SHA512

0713f7b90400bbdfd4e27140c2d07b48079033a06ff17f1d0d403d1c5aac7c74ecf22353fe637af5d3500b5c4dcbea63bf8538060c10ee53915c76f5c1b644b8
SSDEEP

49152:2y3FwkaGmeQmp/g2cR2UeW/sbADT0DAy5rhclCr:2y3aNGmezp/g2l7M0DA4lH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c43d4c593ed8a91559adf72c645bc2855d26cf18c884c5d0438a8ee0871568c0

Files

c43d4c593ed8a91559adf72c645bc2855d26cf18c884c5d0438a8ee0871568c0
.exe windows:5 windows x64 arch:x64

bfdbdd3d5297f4f1441976b8b73be998

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wininet

HttpQueryInfoW
InternetOpenW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetReadFile
InternetOpenUrlW
InternetConnectW
InternetCloseHandle

libeayx

ord3212
ord497
ord227
ord223
ord468
ord269
ord268
ord267
ord333
ord486
ord492
ord498
ord501
ord785
ord802
ord809
ord2144

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wtsapi32

WTSQuerySessionInformationW
WTSRegisterSessionNotification
WTSFreeMemory

kernel32

IsWow64Process
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
ReleaseSemaphore
CreateSemaphoreW
GetComputerNameExW
OpenProcess
TerminateProcess
CreatePipe
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileInformationByHandle
SetFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
VirtualQueryEx
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetSystemTimeAsFileTime
GetACP
OutputDebugStringA
EncodePointer
DecodePointer
DeleteCriticalSection
GetSystemDirectoryW
FreeResource
GlobalDeleteAtom
FindNextFileW
GlobalAddAtomW
GlobalFindAtomW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GlobalFree
SetEvent
CreateEventW
SetThreadPriority
SuspendThread
ResumeThread
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
lstrcmpA
GetPrivateProfileIntW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FileTimeToLocalFileTime
GetFileSizeEx
SetErrorMode
RtlLookupFunctionEntry
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
ExitThread
RtlPcToFileHeader
RaiseException
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
HeapQueryInformation
GetStdHandle
GetProcessHeap
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsValidCodePage
GetOEMCP
GetCPInfo
Sleep
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
GetStringTypeW
OutputDebugStringW
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
FindFirstFileW
SetEnvironmentVariableW
GetFileTime
FindClose
GetCurrentThread
GetExitCodeProcess
GetCurrentProcess
GetFileAttributesExW
FileTimeToSystemTime
GetModuleHandleExW
GetModuleFileNameW
GetLogicalDrives
LoadLibraryExW
GetUserDefaultLangID
GetEnvironmentVariableW
lstrlenW
lstrcatW
lstrcpyW
FormatMessageW
LocalFree
LocalAlloc
SetLastError
GetComputerNameW
MoveFileW
DeleteFileW
GetFileAttributesW
CreateFileW
CreateDirectoryW
SetFilePointer
ReadFile
WriteFile
GetFileSize
CreateThread
ProcessIdToSessionId
CloseHandle
OpenThread
GetVersionExW
GetCommandLineW
GetProcessVersion
LoadLibraryW
TerminateThread
GetProcAddress
FreeLibrary
CreateProcessW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
CreateMutexW
WaitForSingleObject
ExitProcess
GetCurrentProcessId
GetTickCount
GetLocalTime
CopyFileW
lstrcpynW
FindResourceW
SizeofResource
LoadResource
LockResource
GetSystemTime
GetLastError
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
lstrcmpW
LoadLibraryA

user32

IsWindowEnabled
SetWindowTextW
IsDialogMessageW
CreateDialogIndirectParamW
GetNextDlgTabItem
GetMessageW
TranslateMessage
BeginPaint
EndPaint
WindowFromPoint
CharUpperW
PostQuitMessage
UnregisterClassW
RealChildWindowFromPoint
GetSysColorBrush
GetPropW
SetPropW
ShowScrollBar
SetScrollRange
ValidateRect
GetMenuItemCount
GetMenuItemID
SetMenu
GetMenu
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
PeekMessageW
DispatchMessageW
LoadBitmapW
GetMenuCheckMarkDimensions
CheckMenuItem
SendDlgItemMessageA
DdeFreeStringHandle
DdeCreateStringHandleW
DdeClientTransaction
DdeDisconnect
DdeConnect
SendDlgItemMessageW
EndDialog
DialogBoxParamW
LockWorkStation
EnumThreadWindows
EnumWindows
IsClipboardFormatAvailable
GetClipboardData
ExitWindowsEx
SetClipboardData
CloseClipboard
OpenClipboard
GetIconInfo
DrawIconEx
DrawIcon
AdjustWindowRectEx
SetMenuItemBitmaps
CreatePopupMenu
TrackMouseEvent
RealGetWindowClassW
IsIconic
CloseWindow
OpenIcon
OffsetRect
SetCursor
SystemParametersInfoW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetActiveWindow
MapVirtualKeyW
GetKeyboardState
GetAsyncKeyState
GetWindowTextLengthW
GetDlgItemTextW
SetCursorPos
InvalidateRect
SendInput
mouse_event
SetDlgItemTextW
wsprintfW
RegisterWindowMessageW
GetGUIThreadInfo
LockSetForegroundWindow
VkKeyScanW
SetFocus
GetAncestor
FindWindowW
SetMenuDefaultItem
SetMenuItemInfoW
InsertMenuItemW
TrackPopupMenu
GetSubMenu
EnableMenuItem
DestroyMenu
UnhookWinEvent
GetWindow
FindWindowExW
EnumChildWindows
UpdateWindow
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
DestroyIcon
SetWinEventHook
LoadImageW
LoadIconW
GetThreadDesktop
BlockInput
GetParent
GetWindowLongW
ChildWindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
RedrawWindow
SetForegroundWindow
GetSystemMetrics
ReleaseCapture
SetCapture
GetLastInputInfo
SetWindowPos
GetMessagePos
KillTimer
GetDesktopWindow
SetWindowLongW
GetWindowRect
SetLayeredWindowAttributes
PostMessageW
VkKeyScanExW
ShowWindow
GetKeyboardLayout
GetForegroundWindow
keybd_event
GetKeyState
GetFocus
GetActiveWindow
GetDlgCtrlID
MoveWindow
ReleaseDC
GetDC
GetWindowTextW
SetTimer
GetWindowInfo
CheckDlgButton
SetDlgItemInt
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetLastActivePopup
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
PtInRect
CopyRect
DestroyWindow
MapWindowPoints
GetWindowThreadProcessId
GetClassNameW
GetDlgItem
IsWindowVisible
IsWindow
SendMessageTimeoutW
SetRect
FillRect
GetSysColor
GetClientRect
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
SendMessageW
MessageBoxW
LoadCursorW
EnableWindow
SetMenuInfo
RemovePropW
LoadMenuW

gdi32

GetDIBits
CreateBitmap
GetClipBox
RestoreDC
SaveDC
CreateDCW
SetTextAlign
DPtoLP
GetDIBColorTable
SetTextColor
StretchBlt
GetDeviceCaps
SetViewportOrgEx
Rectangle
GetViewportOrgEx
CreateFontIndirectW
MoveToEx
SetDCPenColor
SetDCBrushColor
LineTo
GetStockObject
GetObjectW
SetDIBColorTable
CreateDIBSection
SelectObject
DeleteDC
SetBkMode
SetBkColor
PatBlt
DeleteObject
ExtTextOutW
TextOutW
RectVisible
PtVisible
Escape
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SetMapMode
BitBlt
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportExtEx

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegQueryValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetUserNameW
RegDisablePredefinedCache

shell32

ExtractIconW
SHAppBarMessage
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW

shlwapi

PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoInitializeEx
CoUninitialize
CoCreateInstance
CoCreateGuid

oleaut32

OleLoadPicture
VariantClear
VariantChangeType
VariantInit
SysAllocString
SysFreeString

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipDrawImageI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGetImageGraphicsContext

ws2_32

gethostbyname
send
recv
WSAStartup
WSAGetLastError
gethostbyaddr
shutdown
socket
connect
closesocket
htons
inet_addr

oleacc

WindowFromAccessibleObject
AccessibleObjectFromWindow
AccessibleChildren
LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 1016KB - Virtual size: 1015KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfdbdd3d5297f4f1441976b8b73be998

Headers

DLL Characteristics

File Characteristics

Imports

wininet

libeayx

version

wtsapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

gdiplus

ws2_32

oleacc

Sections

.text Size: 1016KB - Virtual size: 1015KB

.rdata Size: 418KB - Virtual size: 418KB

.data Size: 16KB - Virtual size: 92KB

.pdata Size: 37KB - Virtual size: 36KB

.rsrc Size: 124KB - Virtual size: 123KB

.text
Size: 1016KB - Virtual size: 1015KB

.rdata
Size: 418KB - Virtual size: 418KB

.data
Size: 16KB - Virtual size: 92KB

.pdata
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 124KB - Virtual size: 123KB