5285fbbfccabb97444cb619e8652f4a06ca4639899c527da8962eddc5c1b47c3

Sharing

Copy URL Twitter E-mail

General

Target

5285fbbfccabb97444cb619e8652f4a06ca4639899c527da8962eddc5c1b47c3
Size

5.0MB
MD5

84a9b2a86da46a2520ccefb9ea3634f6
SHA1

df8f17ed2783caf43e09aa07fe9ccb56eba28d02
SHA256

5285fbbfccabb97444cb619e8652f4a06ca4639899c527da8962eddc5c1b47c3
SHA512

8879c8f08ba281a97913f3694491cac2c2446f7a565bfe69cdd864351d53292e9bf6d74fbead04520058cbca284ba836affdd566ebdc3fe2714d4992fd491c0e
SSDEEP

98304:cNWfgIKG7hQAkgMvV3mz6Uu1qOriWszkeQXjbtrMJ3LtQ+nXbbQITQZlv8+jCN82:cNWfLz6D5PokeQXHtrknrsXvTh6B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5285fbbfccabb97444cb619e8652f4a06ca4639899c527da8962eddc5c1b47c3

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

5285fbbfccabb97444cb619e8652f4a06ca4639899c527da8962eddc5c1b47c3
.exe windows:5 windows x86 arch:x86

c4cb61ed7e3460d564a151bf4e8e7b37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
CompareStringW
GetDriveTypeW
GetTimeZoneInformation
QueryPerformanceCounter
SetEnvironmentVariableA
GetProcessHeap
GetEnvironmentStringsW
WriteConsoleW
CreateFileW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoW
GetCurrentDirectoryW
SetHandleCount
GetStringTypeW
GetStdHandle
HeapCreate
LCMapStringW
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
ExitProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
CreateThread
ExitThread
DecodePointer
EncodePointer
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathA
GetProfileIntA
GetNumberFormatA
GetWindowsDirectoryA
GetTempFileNameA
SetErrorMode
GetFileSizeEx
GetFileAttributesExA
GetOEMCP
GetCPInfo
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetACP
GlobalFlags
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalGetAtomNameA
GlobalFindAtomA
LoadLibraryW
lstrcmpW
GetThreadLocale
GlobalAddAtomA
SuspendThread
ResumeThread
SetThreadPriority
GetPrivateProfileIntA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
CompareStringA
ActivateActCtx
DeactivateActCtx
InterlockedExchange
GetModuleHandleW
GlobalSize
lstrlenW
MulDiv
TlsFree
GlobalFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedIncrement
GetVersion
SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetFileSize
FileTimeToSystemTime
FileTimeToLocalFileTime
SetCurrentDirectoryA
GetCurrentDirectoryA
SetLastError
ReadFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
CreateDirectoryA
lstrcmpiA
GetFullPathNameA
lstrlenA
LocalFree
FormatMessageA
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
RemoveDirectoryA
GetFileAttributesA
SetFileAttributesA
WriteFile
CreateFileA
FreeResource
FindResourceA
CreateProcessA
GetCurrentProcess
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
GetExitCodeProcess
CreateEventA
TerminateProcess
Process32Next
lstrcmpA
Process32First
CreateToolhelp32Snapshot
lstrcpyA
CloseHandle
OpenProcess
GetUserDefaultLangID
GetTickCount
WinExec
WaitForMultipleObjects
WaitForSingleObject
SetEvent
GetLocalTime
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
CopyFileA
GetSystemDirectoryA
DeleteFileA
GetTempPathA
ReleaseMutex
CreateMutexA
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
WideCharToMultiByte
GetLastError

user32

GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CallWindowProcA
GetMenu
GetWindowTextLengthA
MoveWindow
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
GetDlgCtrlID
CharNextA
GetLastActivePopup
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
ValidateRect
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
MessageBeep
IsChild
GetTopWindow
GetNextDlgGroupItem
CreateDialogIndirectParamA
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
GetParent
MapDialogRect
RegisterClipboardFormatA
PostQuitMessage
GetMenuState
GetMenuStringA
AppendMenuA
InsertMenuA
GetMenuItemCount
RemoveMenu
ReleaseCapture
SetFocus
GetDesktopWindow
GetFocus
SetCapture
InvalidateRgn
InvalidateRect
ReleaseDC
EqualRect
BeginPaint
EndPaint
InflateRect
GetDC
IntersectRect
HideCaret
EnableScrollBar
PostMessageA
RegisterWindowMessageW
LoadIconW
OffsetRect
SetRect
IsRectEmpty
CopyRect
IsWindowEnabled
IsWindowVisible
CopyAcceleratorTableA
ShowWindow
DrawAnimatedRects
SetParent
SystemParametersInfoA
EnumChildWindows
GetClassNameA
DefWindowProcA
GetMenuItemID
TrackPopupMenu
DestroyMenu
LoadMenuA
IsWindow
KillTimer
SetTimer
LoadIconA
DestroyIcon
LoadImageA
DestroyWindow
CreateWindowExA
RegisterClassExA
RegisterWindowMessageA
GetMenuItemInfoA
GetSysColorBrush
LoadCursorA
WindowFromPoint
LoadCursorW
WaitMessage
DeleteMenu
RealChildWindowFromPoint
SetRectEmpty
EnumDisplayMonitors
SetLayeredWindowAttributes
PostThreadMessageA
CharUpperA
UnregisterClassA
TranslateAcceleratorA
BringWindowToTop
GetWindowTextA
GetWindow
FindWindowA
GetWindowThreadProcessId
GetWindowLongA
EnumWindows
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
PtInRect
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
IsZoomed
SetWindowRgn
RedrawWindow
SendMessageA
GetIconInfo
CopyImage
GetKeyNameTextA
UnionRect
SetWindowLongA
GetClientRect
GetWindowRect
IsIconic
GetSystemMetrics
DrawIcon
GetActiveWindow
SetWindowPos
SetActiveWindow
SetForegroundWindow
LoadMenuW
GetSubMenu
DefFrameProcA
DefMDIChildProcA
ModifyMenuA
SetMenuItemInfoA
LoadBitmapW
SetMenuItemBitmaps
SetMenuDefaultItem
GetCursorPos
EnableWindow
MessageBoxA
GetAsyncKeyState
GetKeyState
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UpdateLayeredWindow
IsMenu
CreateMenu
IsClipboardFormatAvailable
InvertRect
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
CopyIcon
CharUpperBuffA
GetDoubleClickTime
IsCharLowerA
MapVirtualKeyExA
SubtractRect
DestroyCursor
GetWindowRgn
GetMenuDefaultItem
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateA
GetSystemMenu
SetClassLongA
NotifyWinEvent
DestroyAcceleratorTable

gdi32

ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectA
GetTextExtentPoint32A
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetTextColor
GetBkColor
GetObjectA
GetStockObject
CreateBitmap
CreateDCA
GetDeviceCaps
GetRgnBox
CreatePalette
CopyMetaFileA
CreateRectRgnIndirect

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyA
RegCreateKeyA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegEnumKeyA
RegQueryValueA

shell32

SHGetDesktopFolder
ShellExecuteExA
SHGetFolderPathA
SHFileOperationA
Shell_NotifyIconA
SHAppBarMessage
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
DragQueryFileA
DragFinish
SHGetFileInfoA

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW

ole32

OleGetClipboard
RegisterDragDrop
DoDragDrop
RevokeDragDrop
CoRevokeClassObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
OleUninitialize
CoCreateGuid
OleDuplicateData
ReleaseStgMedium
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoInitialize
OleFlushClipboard
OleIsCurrentClipboard
CoLockObjectExternal

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocStringLen
VarBstrFromDate
VariantChangeType
OleCreateFontIndirect
SysAllocString
SafeArrayDestroy
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
SysStringByteLen
SysAllocStringByteLen

oledlg

ord8

gdiplus

GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdiplusStartup
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdiplusShutdown
GdipFree
GdipCreateBitmapFromHBITMAP

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetCanonicalizeUrlA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle
InternetCrackUrlA

psapi

EnumProcessModules
GetModuleFileNameExA
EnumProcesses

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertCloseStore
CertFreeCertificateContext
CertCreateCertificateContext

cabinet

ord20
ord23
ord21
ord22

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24.7MB - Virtual size: 24.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4cb61ed7e3460d564a151bf4e8e7b37

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

wininet

psapi

crypt32

cabinet

version

oleacc

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 290KB - Virtual size: 290KB

.data Size: 38KB - Virtual size: 92KB

.rsrc Size: 24.7MB - Virtual size: 24.7MB

.reloc Size: 234KB - Virtual size: 234KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 290KB - Virtual size: 290KB

.data
Size: 38KB - Virtual size: 92KB

.rsrc
Size: 24.7MB - Virtual size: 24.7MB

.reloc
Size: 234KB - Virtual size: 234KB