c2e275e36245f722dad578ab39706a38fd3036bd794a7b8c85bac59e154c9c16

Sharing

Copy URL Twitter E-mail

General

Target

c2e275e36245f722dad578ab39706a38fd3036bd794a7b8c85bac59e154c9c16
Size

15.7MB
MD5

0bf76e54e9cc24f87b92351f766a047e
SHA1

07e6eb151c5c70f9e769c515e8760ff0dd8b88f4
SHA256

c2e275e36245f722dad578ab39706a38fd3036bd794a7b8c85bac59e154c9c16
SHA512

4de1e63669c38307bf8b4b240ab9ce83ad0fd61039428360aef76e1fc916e2ca289be9e85a00793ec359dc37e062659ad97c7baee77222ab6577b214d65e0737
SSDEEP

393216:gGzbIL+4p6C6dHZUS1P8p0cvrqkbZLxQLP8uIH4z2RLPHjkHQpXXdWrcr3:lg88Vvrqk9G4uIHE2BPDkHQpXXdW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2e275e36245f722dad578ab39706a38fd3036bd794a7b8c85bac59e154c9c16

Files

c2e275e36245f722dad578ab39706a38fd3036bd794a7b8c85bac59e154c9c16
.exe windows:5 windows x86 arch:x86

4a6234e5fa7b9f423b85b0159e7c007b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\code2\rel\MasterPDF.pdb

Imports

kernel32

GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
LocalAlloc
LoadLibraryExW
lstrcmpiW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SetErrorMode
GetCommandLineW
GetSystemTimeAsFileTime
LocalFree
DecodePointer
FormatMessageW
GetFileAttributesW
GetCurrentProcess
FileTimeToSystemTime
MulDiv
FlushFileBuffers
OutputDebugStringA
LoadLibraryA
GetVersion
GetProcessId
ExitProcess
MoveFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
SetStdHandle
GetTempPathA
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
WriteConsoleW
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
ResetEvent
GlobalFree
FreeLibrary
LoadLibraryW
SetFilePointer
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalUnlock
GlobalLock
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetLocalTime
CreateDirectoryW
MoveFileExW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetTempFileNameW
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
CreatePipe
WriteFile
GetProcAddress
OutputDebugStringW
WaitForMultipleObjects
SetEvent
CreateEventW
SetEnvironmentVariableA
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
FindFirstFileExW
SetLastError
CreateThread
GetTempPathW
InterlockedIncrement
InterlockedDecrement
OpenProcess
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetCurrentProcessId
SystemTimeToFileTime
GetSystemTime
ReleaseMutex
RemoveDirectoryW
CreateMutexW
WaitForSingleObject
WideCharToMultiByte
lstrlenW
GetTickCount
GetModuleFileNameW
GetVersionExW
GetCurrentThreadId
Sleep
CopyFileW
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
CloseHandle
ReadFile
GetFileSize
CreateFileW
DeleteFileW
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
UnhandledExceptionFilter
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
WaitForSingleObjectEx
DuplicateHandle
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetCurrentThread
ReadDirectoryChangesW
QueueUserAPC
WaitForMultipleObjectsEx
CompareFileTime
CancelIo
FileTimeToDosDateTime
AllocConsole
SetCurrentDirectoryW
GetCurrentDirectoryW
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
GetLocaleInfoW
GetDriveTypeW
GetVolumePathNameW
GetShortPathNameW
SetThreadExecutionState
GetLogicalDrives
GetDateFormatW
GetTimeFormatW
GlobalAddAtomW
GlobalDeleteAtom
lstrcpynW
GetFullPathNameW
LockResource
SizeofResource
RaiseException
GetProcessHeap
HeapAlloc
HeapFree
GetFullPathNameA
CreateEventA
InterlockedCompareExchange
SetFilePointerEx
FileTimeToLocalFileTime
HeapDestroy
GetFileInformationByHandle
GetUserDefaultUILanguage
QueryPerformanceFrequency
GetEnvironmentVariableW
GetACP
TryEnterCriticalSection
GetFileTime
FlushConsoleInputBuffer
GlobalMemoryStatus
QueryPerformanceCounter
FindNextFileA
VerifyVersionInfoW
VerSetConditionMask
ExpandEnvironmentStringsA
PeekNamedPipe
FormatMessageA
GetModuleHandleA
GetFileType
HeapReAlloc
HeapSize
CreateProcessA
GetStdHandle
SleepEx
GetFileAttributesExA
InitializeCriticalSection
CreateFileA
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
lstrlenA
GetComputerNameW
GetThreadLocale
SetThreadLocale
SetEndOfFile
GetFileSizeEx
GetLongPathNameW
IsBadReadPtr
GetDiskFreeSpaceExW
GetNativeSystemInfo
PostQueuedCompletionStatus
GetExitCodeThread
TerminateThread
CreateIoCompletionPort
InterlockedExchange
GetQueuedCompletionStatus
GetWindowsDirectoryW
GetSystemDirectoryW
SetUnhandledExceptionFilter
DeviceIoControl
lstrcmpA

user32

SetFocus
DestroyWindow
InvalidateRect
KillTimer
PostMessageW
GetActiveWindow
ClientToScreen
IsWindowVisible
IsRectEmpty
EqualRect
SetTimer
LoadIconW
UpdateWindow
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
GetDC
ReleaseDC
GetDesktopWindow
BringWindowToTop
SetCapture
ReleaseCapture
SetWindowsHookExW
UnhookWindowsHookEx
GetSystemMetrics
CallNextHookEx
GetWindowThreadProcessId
GetForegroundWindow
AttachThreadInput
CreateAcceleratorTableW
DestroyAcceleratorTable
GetCursorPos
IsWindow
IsIconic
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
SetForegroundWindow
SetActiveWindow
OpenClipboard
GetClipboardData
CloseClipboard
RegisterClipboardFormatW
SystemParametersInfoW
SetWindowTextW
OffsetRect
IsZoomed
EnableWindow
SetCursor
GetCapture
IntersectRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
MoveWindow
FindWindowW
GetKeyState
UnregisterClassW
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SendMessageW
GetDlgItem
PtInRect
ShowWindow
SetRectEmpty
ScreenToClient
CopyRect
SendMessageTimeoutW
CopyImage
SetRect
RegisterWindowMessageW
DrawTextW
TranslateAcceleratorW
CreateIconIndirect
MonitorFromRect
MsgWaitForMultipleObjects
wsprintfW
GetWindowTextLengthW
GetWindowTextW
GetMessageW
AllowSetForegroundWindow
FindWindowExW
DispatchMessageW
PeekMessageW
LoadBitmapW
CharNextW
TranslateMessage
SetParent
SetScrollInfo
ShowScrollBar
MapVirtualKeyW
PostQuitMessage
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
BeginPaint
EndPaint
TrackMouseEvent
SetLayeredWindowAttributes
LoadImageW
GetIconInfo
DrawIconEx
GetDoubleClickTime
MonitorFromPoint
FillRect
UpdateLayeredWindow
GetCaretBlinkTime
GetSysColor
GetUpdateRect
ValidateRect
InvalidateRgn
CharLowerW
GetScrollInfo
GetCursor
EmptyClipboard
IsCharAlphaNumericW
UnpackDDElParam
IsWindowUnicode
ShowWindowAsync
ReuseDDElParam
GetWindowDC
DestroyIcon
CreateMenu
AppendMenuW
InsertMenuW
SetMenuItemInfoW
TrackPopupMenu
CreatePopupMenu
GetMenuItemCount
GetMenuItemID
CheckMenuRadioItem
ModifyMenuW
GetMenuItemInfoW
IsDlgButtonChecked
SetDlgItemTextW
CheckRadioButton
SetClassLongW
HideCaret
RedrawWindow
GetMessagePos
DrawFrameControl
EnableMenuItem
RemoveMenu
SetMenuDefaultItem
GetSystemMenu
CheckMenuItem
SetClipboardData
EndDeferWindowPos
GetWindowInfo
BeginDeferWindowPos
EnumDisplayMonitors
AdjustWindowRectEx
DeferWindowPos
MessageBoxW
GetScrollPos
SetMenu
EnumWindows
DestroyMenu
GetClassNameW
CharLowerBuffW
GetAncestor
IsCharUpperW
SetWindowRgn
DestroyCaret
ShowCaret
SetCaretPos
CreateCaret
IsClipboardFormatAvailable
GetFocus

gdi32

CreatePen
LineTo
MoveToEx
SelectObject
DeleteObject
EnumFontFamiliesExW
DeleteDC
StretchDIBits
SetDIBitsToDevice
GetPixel
GetObjectW
GetObjectA
CombineRgn
CreateRectRgn
SetPixel
SetStretchBltMode
SetBitmapBits
SetBkMode
SetTextColor
CreateSolidBrush
SetBkColor
GetTextColor
GetCurrentObject
SetTextCharacterExtra
Rectangle
ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
RestoreDC
GetViewportOrgEx
ExtTextOutW
SelectClipRgn
GetTextExtentPoint32W
SetWorldTransform
IntersectClipRect
GetObjectType
CreateHatchBrush
GetStockObject
SetViewportOrgEx
GetCharWidthW
CreateFontIndirectW
GetRegionData
GetTextFaceA
PolyBezierTo
WidenPath
StrokePath
StrokeAndFillPath
SetMiterLimit
SelectClipPath
FillPath
EndPath
CloseFigure
BeginPath
GetTextMetricsW
SetPolyFillMode
GetFontData
GetClipRgn
ExtEscape
CreateFontA
CreateFontIndirectA
EnumFontFamiliesExA
GetClipBox
TextOutW
CreateRoundRectRgn
ExtCreatePen
CreateCompatibleBitmap
BitBlt
SelectPalette
RealizePalette
GetDIBits
CreateDIBSection
GetBitmapBits
CreateBitmapIndirect
CreateDCW
StartDocW
GetDeviceCaps
SetMapMode
EndPage
StartPage
EndDoc
StretchBlt
AbortDoc
CreateCompatibleDC
SetGraphicsMode
SetDIBits
SetDIBColorTable
GetOutlineTextMetricsW
SetBrushOrgEx
PatBlt
CreatePatternBrush
CreateBitmap
SetROP2
GetDIBColorTable
SetLayout

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW
DeviceCapabilitiesW
SetPrinterW
GetPrinterW
EnumPrintersW
ord203

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegEnumKeyW
AllocateAndInitializeSid
CloseServiceHandle
ControlService
StartServiceW
ChangeServiceConfigW
QueryServiceConfigW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
CryptDecrypt
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptAcquireContextW
GetUserNameW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
CheckTokenMembership
FreeSid
LookupAccountNameW
ConvertSidToStringSidW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptGetHashParam

shell32

SHFileOperationW
ord165
ShellExecuteExW
SHBindToParent
DragFinish
DragQueryFileW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateDirectoryExW
SHGetFolderPathW
DragAcceptFiles
SHChangeNotify
SHAddToRecentDocs
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderPathW

ole32

RevokeDragDrop
StgCreateDocfile
ReleaseStgMedium
CoGetMalloc
StringFromCLSID
OleInitialize
CoTaskMemFree
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CoLockObjectExternal
RegisterDragDrop
CoCreateGuid
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
OleUninitialize
CLSIDFromProgID
CoCreateInstance

oleaut32

VarBstrCmp
SysAllocStringLen
VariantClear
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
SafeArrayCreateVector
SafeArrayPutElement
SysAllocString
VarUI4FromStr
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
LoadTypeLi
VariantInit
SysStringLen
SysFreeString

ws2_32

WSAIoctl
getaddrinfo
freeaddrinfo
socket
listen
recvfrom
sendto
ioctlsocket
gethostname
shutdown
setsockopt
gethostbyname
ntohs
htons
getsockopt
getsockname
htonl
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
getservbyname
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
accept

psapi

GetModuleFileNameExW

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

winmm

mciGetErrorStringW
mciSendCommandW

wldap32

ord79
ord133
ord127
ord147
ord301
ord142
ord167
ord145
ord46
ord14
ord216
ord208
ord41
ord118
ord26
ord27

netapi32

Netbios

iphlpapi

GetIpAddrTable
GetAdaptersInfo

secur32

GetUserNameExW

riched20

ord4

Sections

.text
Size: 9.3MB - Virtual size: 9.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data:
Size: 733KB - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a6234e5fa7b9f423b85b0159e7c007b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

ws2_32

psapi

crypt32

winmm

wldap32

netapi32

iphlpapi

secur32

riched20

Sections

.text Size: 9.3MB - Virtual size: 9.3MB

.data: Size: 733KB - Virtual size: 733KB

.rdata Size: 4.6MB - Virtual size: 4.6MB

.data Size: 362KB - Virtual size: 541KB

.gfids Size: 4KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 319KB - Virtual size: 318KB

.reloc Size: 411KB - Virtual size: 411KB

.text
Size: 9.3MB - Virtual size: 9.3MB

.data:
Size: 733KB - Virtual size: 733KB

.rdata
Size: 4.6MB - Virtual size: 4.6MB

.data
Size: 362KB - Virtual size: 541KB

.gfids
Size: 4KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 319KB - Virtual size: 318KB

.reloc
Size: 411KB - Virtual size: 411KB