66f9316efb709df846606e2b75cfeeab1a81dd3e307dc2f2cb7a1f0d63a577b3

Sharing

Copy URL

Twitter E-mail

General

Target

66f9316efb709df846606e2b75cfeeab1a81dd3e307dc2f2cb7a1f0d63a577b3
Size

15.1MB
MD5

5aa002e27453de285f42b8aeec3b3ccc
SHA1

99795ca10b8ff19a0b859745b5b0a6af1303a856
SHA256

66f9316efb709df846606e2b75cfeeab1a81dd3e307dc2f2cb7a1f0d63a577b3
SHA512

7be48797a283d0bf29e88921d400208df0b4d3792ec0d0cd29d0ac393ee82d3b7b05b980de54db723db0c3c8901068e5b177046ff2a974bafa4b52e6066346b0
SSDEEP

196608:asiW7NycQMgMKy6+aglM53lTZVXJ64soqWkwRpE7LXGfPTmpjh3BIUwerJDQ:aTW7NP3KpXgs1bYPWkv7LXGfPUHRwc6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66f9316efb709df846606e2b75cfeeab1a81dd3e307dc2f2cb7a1f0d63a577b3

Files

66f9316efb709df846606e2b75cfeeab1a81dd3e307dc2f2cb7a1f0d63a577b3
.exe windows:5 windows x86 arch:x86

6dc9b131e2b3a0c6fbfc91244347d571

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
ExpandEnvironmentStringsA
PeekNamedPipe
SleepEx
FormatMessageA
MapViewOfFile
ReadConsoleA
GetSystemTime
SystemTimeToFileTime
InterlockedCompareExchange
MulDiv
GetLastError
MultiByteToWideChar
LocalFree
FormatMessageW
GetFileAttributesW
MoveFileExW
SetFileTime
SetFileAttributesW
CompareFileTime
LocalFileTimeToFileTime
GetModuleHandleW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemInfo
FileTimeToLocalFileTime
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetVersionExW
WaitForMultipleObjects
WriteFile
SetEndOfFile
GetSystemDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
GetModuleHandleA
GetSystemWindowsDirectoryW
UnmapViewOfFile
DeviceIoControl
LocalAlloc
GetCurrentProcess
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetPrivateProfileIntW
GetPrivateProfileStringW
GetExitCodeProcess
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalFree
lstrcpyW
GetFileInformationByHandle
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetVolumeInformationW
DeleteFileA
GetLongPathNameW
GetEnvironmentVariableW
FileTimeToSystemTime
ReleaseMutex
CreateMutexW
SetPriorityClass
FlushInstructionCache
HeapCreate
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetLocalTime
GetVersionExA
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetFileType
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
WaitForSingleObjectEx
SetStdHandle
GetConsoleCP
FlushFileBuffers
WriteConsoleW
CreateFileMappingW
lstrlenA
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GlobalUnlock
GetFileSizeEx
GlobalLock
GlobalAlloc
DeleteFileW
GetTempPathW
SetCurrentDirectoryW
GetModuleFileNameW
WideCharToMultiByte
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
CreateFileW
WritePrivateProfileStringW
ReadFile
GetFileSize
CreateEventW
Sleep
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetExitCodeThread
TerminateThread
CreateThread
QueryDosDeviceW
GetWindowsDirectoryW
LoadLibraryW
GetLogicalDriveStringsW
lstrcmpiW
CloseHandle
OpenProcess
LoadLibraryA
lstrlenW
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
VirtualFree
VirtualAlloc
GetProcAddress
CopyFileW
FreeLibrary

user32

TrackPopupMenu
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
MsgWaitForMultipleObjects
GetCaretBlinkTime
CreateCaret
GetCursorPos
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
PostMessageW
TrackMouseEvent
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
MapWindowPoints
GetWindowRect
GetClientRect
GetActiveWindow
GetDlgItem
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetFocus
SetFocus
PtInRect
EqualRect
IsRectEmpty
CopyRect
SetRect
KillTimer
SetTimer
DestroyWindow
DestroyCursor
LoadCursorW
IntersectRect
wsprintfW
GetKeyState
LoadStringW
SetWindowLongW
GetWindowLongW
GetForegroundWindow
UnregisterClassW
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsWindowEnabled
SendMessageW
ShowWindow
SetWindowPos
SetWindowTextW
IsWindow
GetClassNameW
PeekMessageW
DispatchMessageW
TranslateMessage
CharPrevExA
CharUpperW
GetIconInfo
DrawIconEx
OffsetRect
InflateRect
ReleaseDC
GetDC
SetForegroundWindow
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
HideCaret
SystemParametersInfoA
DrawTextW
IsWindowVisible
MessageBoxW
GetSystemMetrics
FindWindowW
GetSysColor
EnableMenuItem
ClientToScreen
GetMessageW
CharNextW
LoadImageW
CreateIconFromResource
LoadBitmapW
DestroyIcon
ScreenToClient
SetCaretPos
UnionRect
SystemParametersInfoW
GetUserObjectInformationW
GetProcessWindowStation
SetCursor

advapi32

RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
RegSetValueExW
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW
OpenProcessToken
GetTokenInformation
ReportEventW
LookupAccountSidW
RegDeleteKeyW
SetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateProcessAsUserW
DuplicateTokenEx
RevertToSelf
ImpersonateLoggedOnUser
RegEnumKeyW
RegOpenKeyW

shell32

SHBrowseForFolderW
SHChangeNotify
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHFileOperationW

ole32

CoCreateGuid
CoInitialize
CreateBindCtx
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance
CoUninitialize

psapi

GetProcessImageFileNameW
EnumProcessModules
EnumProcesses
GetModuleFileNameExW

shlwapi

StrStrIW
SHGetValueW
SHCreateStreamOnFileEx
PathAppendW
SHDeleteKeyW
SHDeleteValueW
PathFileExistsW
StrToIntExW
SHSetValueW

gdiplus

GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdiplusShutdown
GdipGetImageWidth
GdipFree
GdipAlloc
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipSaveImageToFile
GdipGraphicsClear
GdipDrawImageRectI

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

gdi32

CreateDIBSection
SetViewportOrgEx
GetCurrentObject
DeleteDC
DeleteObject
ExtCreateRegion
GetRegionData
IntersectClipRect
SelectClipRgn
SelectObject
GetViewportOrgEx
BitBlt
EnumFontsW
CreateRoundRectRgn
CreateBitmap
StretchBlt
SetBkMode
Rectangle
GetStockObject
GdiFlush
GetTextFaceW
ExtTextOutW
SetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsW
GetGlyphOutlineW
GetFontData
GetCharABCWidthsW
EnumFontFamiliesExW
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
GetObjectW
GetDeviceCaps
CreateCompatibleDC

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantClear
VariantCopy
SysAllocStringLen

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptQueryObject

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wldap32

ord35
ord200
ord301
ord79
ord30
ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33

ws2_32

sendto
accept
listen
ioctlsocket
gethostname
WSAStartup
WSACleanup
recv
send
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
bind
closesocket
connect
getpeername
getsockname
getsockopt
recvfrom
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo

usp10

ScriptFreeCache
ScriptItemize
ScriptShape

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 952KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16.7MB - Virtual size: 16.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dc9b131e2b3a0c6fbfc91244347d571

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

psapi

shlwapi

gdiplus

imm32

gdi32

oleaut32

crypt32

userenv

wldap32

ws2_32

usp10

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 952KB - Virtual size: 952KB

.data Size: 83KB - Virtual size: 218KB

.gfids Size: 512B - Virtual size: 432B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 16.7MB - Virtual size: 16.7MB

.reloc Size: 195KB - Virtual size: 194KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 952KB - Virtual size: 952KB

.data
Size: 83KB - Virtual size: 218KB

.gfids
Size: 512B - Virtual size: 432B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 16.7MB - Virtual size: 16.7MB

.reloc
Size: 195KB - Virtual size: 194KB