c4c1b2dd69b137fd4cb6c6ccdc364cc3be40ee78ca458f31fce427b0da706c4b

Sharing

Copy URL Twitter E-mail

General

Target

c4c1b2dd69b137fd4cb6c6ccdc364cc3be40ee78ca458f31fce427b0da706c4b
Size

6.1MB
MD5

e0c56282e8dba792c53935c0e0fce738
SHA1

b64e5be6505bc62e587d5ed06841e1febb7926b0
SHA256

c4c1b2dd69b137fd4cb6c6ccdc364cc3be40ee78ca458f31fce427b0da706c4b
SHA512

b8043777f9edcbf7efbab2bf0f2830c9fef716b5d3ac8312f637eb892e30f8ac9b6d0736d0bd1b55da1c3b298bf8c1b809d7eb6a21a66f7347434fb018d6b06f
SSDEEP

98304:cDk2pxoNA2VNYUpvuurgcs5vx0Eg+UfXFXt0tAAQXcwv4pj99YVWvudYHe0SBS4:lNtGPvW1uAA1jjmWvudTr

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4c1b2dd69b137fd4cb6c6ccdc364cc3be40ee78ca458f31fce427b0da706c4b

Files

c4c1b2dd69b137fd4cb6c6ccdc364cc3be40ee78ca458f31fce427b0da706c4b
.exe windows:5 windows x86 arch:x86

ac20190d4220ff4b1f66b5c902035358

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\_api\xnd\out\Release\xnd.pdb

Imports

wininet

InternetSetStatusCallbackW
FtpPutFileW
InternetSetOptionExW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
InternetOpenW
InternetConnectW
FtpGetFileW
InternetGetLastResponseInfoW
InternetCloseHandle

msimg32

AlphaBlend
TransparentBlt

ws2_32

connect
getsockopt
ntohl
recv
socket
setsockopt
recvfrom
htons
ioctlsocket
sendto
shutdown
closesocket
accept
select
__WSAFDIsSet
inet_addr
gethostbyname
WSAGetLastError
WSAStartup
WSACleanup
send

winmm

PlaySoundW
timeGetTime

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
StrCpyW

kernel32

SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
lstrlenA
GetFileAttributesExW
GetFileSizeEx
GetFileTime
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetSystemDirectoryW
SetErrorMode
GetUserDefaultLCID
lstrcmpiW
GetTempFileNameW
GetTempPathW
GetNumberFormatW
GetProfileIntW
SearchPathW
VirtualProtect
FindResourceExW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
DecodePointer
EncodePointer
RaiseException
RtlUnwind
DeleteFileA
GetCPInfo
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetFileAttributesA
GetTimeFormatA
GetDateFormatA
ExitProcess
GetConsoleCP
GetConsoleMode
GetDriveTypeW
GetFullPathNameA
HeapReAlloc
ExitThread
HeapSize
HeapQueryInformation
SetStdHandle
GetFileType
VirtualAlloc
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
WriteConsoleW
CreateFileA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
lstrcmpA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
GlobalGetAtomNameW
LocalAlloc
FileTimeToLocalFileTime
GetThreadLocale
GetCurrentProcessId
ReleaseActCtx
CreateActCtxW
GetCurrentThreadId
GlobalAddAtomW
UnlockFile
GlobalDeleteAtom
CompareStringW
InitializeCriticalSectionAndSpinCount
lstrcmpW
GlobalSize
MulDiv
UnmapViewOfFile
GetLocalTime
SystemTimeToFileTime
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandle
ReadFile
FileTimeToSystemTime
FreeResource
GlobalFree
FormatMessageW
LocalFree
GetWindowsDirectoryW
FreeLibrary
CopyFileW
QueryPerformanceCounter
WinExec
CreateProcessW
GlobalAlloc
GlobalLock
GlobalUnlock
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenW
GetVersionExW
GlobalMemoryStatus
GetSystemInfo
GetModuleFileNameW
CreateDirectoryW
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
FindClose
CreateFileW
GetFileSize
SetFilePointer
WriteFile
CreateEventW
GetCurrentDirectoryW
SetCurrentDirectoryW
FormatMessageA
GetTickCount
ActivateActCtx
DeactivateActCtx
SetLastError
LoadLibraryW
lstrcpyW
CreateThread
Sleep
DeleteFileW
HeapCreate
HeapDestroy
GetModuleHandleW
GetProcAddress
lstrcpyA
GetVersion
MultiByteToWideChar
WideCharToMultiByte
GetLastError
WaitForMultipleObjects
WaitForSingleObject
SetEvent
CreateEventA
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
ReleaseSemaphore
CreateSemaphoreA
GetSystemTimeAsFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
GetModuleHandleA
OutputDebugStringA
CreateMutexW
ReleaseMutex
ResetEvent
LockFile
FlushFileBuffers
GlobalFindAtomW
OpenEventA
LCMapStringA
GetStringTypeExA
LoadLibraryA
lstrcpynW
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW

gdi32

GetStretchBltMode
GetROP2
SetPixelV
GetTextFaceW
GetBitmapBits
ExtCreateRegion
BeginPath
GetTextExtentPoint32A
FillPath
StrokeAndFillPath
EndPath
CloseFigure
GetTextAlign
GetPolyFillMode
GetBkMode
GetNearestColor
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPaletteEntries
ExtFloodFill
EnumFontFamiliesExW
SetPixel
GetDIBits
SetDIBColorTable
OffsetRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Polygon
Polyline
CreatePolygonRgn
GetCurrentObject
StretchDIBits
GetCharWidthW
GetRgnBox
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetMapMode
CombineRgn
SetRectRgn
CreateDIBSection
Ellipse
LPtoDP
DPtoLP
CreateEllipticRgn
PatBlt
CreateRectRgnIndirect
GetTextColor
GetBkColor
CreateHatchBrush
GetObjectType
SelectPalette
CreateBitmap
CreatePatternBrush
ExtSelectClipRgn
PolyBezierTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
GetClipRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
CreateRoundRectRgn
GetTextMetricsW
SetBkColor
ExtTextOutW
CreateFontIndirectW
CreateFontW
SetBkMode
GetStockObject
SetTextColor
CreateSolidBrush
GetTextExtentPoint32W
GetObjectW
CreatePen
StretchBlt
SelectObject
TextOutW
DeleteObject
Rectangle
BitBlt
CreateCompatibleDC
CreateFontIndirectA
StrokePath

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

comdlg32

GetFileTitleW

advapi32

RegEnumKeyExW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetFileInfoW
DragQueryFileW
DragFinish
Shell_NotifyIconW
SHAppBarMessage
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW
ExtractIconExW
SHBrowseForFolderW

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateGuid
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard

oleaut32

SafeArrayDestroy
OleCreateFontIndirect
VarCmp
VarUdateFromDate
VariantChangeTypeEx
OleLoadPicturePath
VariantChangeType
SysStringByteLen
VarBstrFromDate
LoadTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VariantClear
SysAllocString
SysStringLen
SysFreeString
SysAllocStringByteLen
VarDateFromStr
VariantInit
VariantCopy

user32

CopyIcon
MessageBeep
CopyRect
SetRect
FrameRect
DrawStateW
GetWindowTextW
LoadImageA
SetWindowRgn
SystemParametersInfoW
keybd_event
GetDesktopWindow
RemoveMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetFocus
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindow
GetMenu
CallWindowProcW
GetDlgCtrlID
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
MessageBoxW
ValidateRect
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetSysColor
ScrollWindow
MapWindowPoints
MonitorFromWindow
PeekMessageW
GetMessagePos
UnhookWindowsHookEx
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageW
GetLastActivePopup
GetForegroundWindow
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
CheckDlgButton
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
SetWindowTextW
MoveWindow
IsWindowEnabled
GetWindowThreadProcessId
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
CharNextW
GetKeyNameTextW
MapVirtualKeyW
GetMenuItemInfoW
DestroyMenu
TranslateAcceleratorW
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemW
IsIconic
LoadAcceleratorsW
DestroyIcon
ReuseDDElParam
UnpackDDElParam
TranslateMessage
GetMessageW
ShowOwnedPopups
CharUpperW
MapDialogRect
SetWindowContextHelpId
IsRectEmpty
DrawIcon
SetCursorPos
DestroyCursor
GetSysColorBrush
RealChildWindowFromPoint
CopyImage
EnumDisplayMonitors
SetLayeredWindowAttributes
UnregisterClassW
DeleteMenu
GetSystemMenu
NotifyWinEvent
GetAsyncKeyState
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
IsMenu
GetMenuDefaultItem
CopyAcceleratorTableW
InvalidateRgn
SetParent
WaitMessage
GetNextDlgGroupItem
IsClipboardFormatAvailable
GetTabbedTextExtentW
DestroyAcceleratorTable
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
LockWindowUpdate
InvertRect
HideCaret
GetIconInfo
RegisterClipboardFormatW
CharUpperBuffW
PostThreadMessageW
GetDCEx
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
GetUpdateRect
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetWindowRgn
GetClipboardData
mouse_event
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
CreateIconIndirect
GetCursor
GetTabbedTextExtentA
LoadStringA
InflateRect
RedrawWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PostQuitMessage
SetMenuDefaultItem
LoadIconW
SetForegroundWindow
FindWindowExW
IsZoomed
LoadMenuW
GetSubMenu
FillRect
GetParent
UpdateWindow
SetActiveWindow
InvalidateRect
SendMessageW
KillTimer
SetTimer
PostMessageW
GetCursorPos
LoadImageW
LoadBitmapW
IntersectRect
OffsetRect
PtInRect
EnableWindow
MonitorFromRect
GetMonitorInfoW
SetWindowPos
SetWindowPlacement
GetWindowPlacement
ShowWindow
RegisterWindowMessageW
CreateWindowExW
LoadCursorW
GetAncestor
GetWindowRect
GetWindowLongW
GetMessageTime
GetSystemMetrics
GetDoubleClickTime
BeginPaint
EndPaint
SetCapture
SetFocus
DefWindowProcW
GetCapture
ReleaseCapture
WindowFromPoint
ScreenToClient
SetClassLongW
SetCursor
ClientToScreen
GetClientRect
GetKeyState
SetWindowLongW
ReleaseDC
GetDC
IsWindow
DestroyWindow
TrackPopupMenu
IsWindowVisible

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_DrawEx
InitCommonControlsEx

libcef

cef_v8context_get_current_context
cef_cookie_manager_get_global_manager
cef_string_list_alloc
cef_string_list_free
cef_v8value_create_function
cef_v8value_create_array
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_uint
cef_v8value_create_int
cef_v8value_create_bool
cef_v8value_create_null
cef_string_map_free
cef_post_task
cef_register_scheme_handler_factory
cef_initialize
cef_api_hash
cef_execute_process
cef_string_map_alloc
cef_browser_host_create_browser
cef_time_delta
cef_time_now
cef_string_wide_to_utf8
cef_string_utf8_cmp
cef_string_utf8_set
cef_string_utf8_clear
cef_currently_on
cef_shutdown
cef_process_message_create
cef_string_userfree_utf8_free
cef_string_list_append
cef_string_map_append
cef_string_multimap_append
cef_string_list_value
cef_string_list_size
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_multimap_free
cef_string_multimap_alloc
cef_string_list_copy
cef_list_value_create

oledlg

OleUIBusyW

gdiplus

GdipSetImageAttributesWrapMode
GdiplusStartup
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusShutdown
GdipFillPolygonI
GdipSetSmoothingMode
GdipCreateLineBrushI
GdipDeleteBrush
GdipCloneImage
GdipDrawImageRectRect
GdipReleaseDC
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromFile
GdipAlloc
GdipFree
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipCreateFromHWND
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertyIdList
GdipGetPropertyCount
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipGetImageGraphicsContext
GdipImageGetFrameDimensionsCount

libcurl

curl_global_init
curl_global_cleanup
curl_easy_cleanup
curl_easy_perform
curl_easy_setopt
curl_easy_init
curl_easy_getinfo
curl_slist_free_all
curl_slist_append

libeay32

ord89
ord109
ord1958
ord1219
ord1214
ord909
ord1654
ord1653
ord1186
ord657
ord579
ord578
ord566
ord2442
ord84
ord680
ord641
ord222
ord485
ord484
ord204
ord82
ord395
ord2206
ord66
ord200
ord202
ord181
ord1804
ord197
ord188
ord2254
ord469
ord467
ord510
ord3212
ord223
ord2291
ord227
ord248
ord1022
ord1016
ord254

ssleay32

ord6
ord75
ord42
ord48
ord58
ord83
ord157
ord78
ord8
ord108
ord76
ord90
ord43
ord166
ord61
ord111
ord12
ord141
ord73
ord16
ord74
ord142
ord222
ord235
ord17
ord24
ord21
ord225
ord31
ord242
ord96
ord182
ord183

sqlite3

sqlite3_config
sqlite3_open
sqlite3_column_text
sqlite3_column_int64
sqlite3_column_double
sqlite3_column_int
sqlite3_transfer_bindings
sqlite3_bind_parameter_index
sqlite3_bind_text
sqlite3_bind_int64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_reset
sqlite3_step
sqlite3_finalize
sqlite3_prepare_v2
sqlite3_busy_timeout
sqlite3_exec
sqlite3_errmsg
sqlite3_last_insert_rowid
sqlite3_close

zlibwrap

ZWZipExtract

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 923KB - Virtual size: 922KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac20190d4220ff4b1f66b5c902035358

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

msimg32

ws2_32

winmm

shlwapi

kernel32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

user32

comctl32

libcef

oledlg

gdiplus

libcurl

libeay32

ssleay32

sqlite3

zlibwrap

oleacc

imm32

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 923KB - Virtual size: 922KB

.data Size: 72KB - Virtual size: 152KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 386KB - Virtual size: 385KB

.reloc Size: 418KB - Virtual size: 417KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 923KB - Virtual size: 922KB

.data
Size: 72KB - Virtual size: 152KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 386KB - Virtual size: 385KB

.reloc
Size: 418KB - Virtual size: 417KB