abed5c3821389606fe8ba608be55dcff8654eaa657a8c7bc4eba7c97c378a3d7

Sharing

Copy URL

Twitter E-mail

General

Target

abed5c3821389606fe8ba608be55dcff8654eaa657a8c7bc4eba7c97c378a3d7
Size

10.0MB
MD5

42c1d4eb29cfbce1b6ab90ff43189617
SHA1

7df99838df4128642d8b9f655c89effe91d5cb98
SHA256

abed5c3821389606fe8ba608be55dcff8654eaa657a8c7bc4eba7c97c378a3d7
SHA512

e4dac102ec8b9a5ae65b84ffdafacaaedc29cea850101694ca9a497276ddd366355ab4e6e68def6179318c80de0706e5a40c2ca50346c3bbe3eb20635972da91
SSDEEP

196608:tD7F8fU+DgLqoe5UssYM1lyefAVTRuGgOkIvg3lWBdI5PM/:t587gLqoQsPyWURRp+Ei5PM/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abed5c3821389606fe8ba608be55dcff8654eaa657a8c7bc4eba7c97c378a3d7

Files

abed5c3821389606fe8ba608be55dcff8654eaa657a8c7bc4eba7c97c378a3d7
.exe windows:5 windows x86 arch:x86

667f6c1eff4f8d38ef2c745dc1757e07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerifyVersionInfoW
GlobalLock
GlobalUnlock
GetFileSize
ReadFile
lstrlenW
GetCurrentDirectoryW
CreateFileW
GetACP
ExitProcess
WriteFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
GetFileAttributesW
LocalFree
GlobalAlloc
GetModuleHandleA
GetLocalTime
lstrcpynW
lstrcpyW
WaitForSingleObject
VirtualQuery
MoveFileW
InitializeCriticalSection
FindClose
FileTimeToSystemTime
GetTempPathW
CreateFileA
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
VerSetConditionMask
GetSystemDirectoryW
LocalAlloc
VirtualAlloc
VirtualFree
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeviceIoControl
GetSystemDirectoryA
ReleaseMutex
CreateMutexW
SetErrorMode
GetVersionExW
SetCurrentDirectoryA
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
MulDiv
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlUnwind
GetTimeZoneInformation
GetModuleHandleExW
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
SetEndOfFile
WriteConsoleW
InitializeSListHead
GetEnvironmentVariableW
ReadConsoleA
SetConsoleMode
SwitchToFiber
DeleteFiber
CreateFiber
GlobalMemoryStatus
ConvertFiberToThread
ConvertThreadToFiber
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
EncodePointer
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
SetLastError
TryEnterCriticalSection
GetStringTypeW
WideCharToMultiByte
FormatMessageW
OutputDebugStringW
IsDebuggerPresent
GetSystemTime
LoadLibraryW
GetFullPathNameW
ExitThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
WaitForMultipleObjects
GetEnvironmentVariableA
CompareFileTime
SleepEx
OpenProcess
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetModuleHandleW
GetProcAddress
FreeResource
InterlockedDecrement
GetDriveTypeW
FindResourceExW
CreateThread
CloseHandle
GetCommandLineW
DeleteCriticalSection
GetCurrentThreadId
GetProcessHeap
GetCurrentProcessId
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
RaiseException
HeapReAlloc
LockResource
GetLastError
Sleep
HeapSize
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
HeapFree
SizeofResource
GetLogicalDriveStringsW
GetModuleFileNameA

user32

GetSystemMetrics
EnableWindow
ShowWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
wsprintfW
SetWindowRgn
LoadCursorW
InflateRect
SetCursor
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
OffsetRect
UnionRect
IntersectRect
GetSysColor
MapWindowPoints
GetCaretBlinkTime
GetCursorPos
GetWindowRect
GetClientRect
InvalidateRect
GetKeyNameTextW
EndPaint
BeginPaint
KillTimer
SetTimer
SetPropW
SetCapture
GetKeyState
GetFocus
SetFocus
IsZoomed
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
IsWindowEnabled
UpdateWindow
PrivateExtractIconsW
DestroyIcon
IsIconic
IsWindowVisible
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
PostMessageW
MonitorFromPoint
ReleaseDC
DrawIconEx
EqualRect
GetPropW
UpdateLayeredWindow
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetDC
GetProcessWindowStation
GetUserObjectInformationW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
AppendMenuW
TrackPopupMenu
ReleaseCapture
SetForegroundWindow
CreateCaret
GetCursor
ScreenToClient
MapVirtualKeyExW
GetMessageW
DispatchMessageW
PeekMessageW
CharNextW
TranslateMessage
MessageBoxW
SendMessageW
GetActiveWindow
ActivateKeyboardLayout
PostQuitMessage
GetUpdateRect
GetKeyboardLayout

advapi32

CryptGenRandom
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
RegCloseKey
RegQueryInfoKeyW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW
SHGetFileInfoW
DragQueryFileW
SHBrowseForFolderW

ole32

DoDragDrop
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
OleLockRunning

oleaut32

VariantInit
SysFreeString
VarUI4FromStr
VariantClear
SysAllocString

shlwapi

PathRemoveExtensionW
PathFileExistsW
PathCombineW
SHDeleteKeyW
PathStripToRootW
PathIsSameRootW
PathRemoveFileSpecW
PathIsDirectoryW
PathFindFileNameW

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules

dbghelp

MiniDumpWriteDump

urlmon

ObtainUserAgentString

gdi32

TextOutW
MoveToEx
GetObjectA
CreatePatternBrush
GetTextExtentPointA
SetBkColor
SetBkMode
ExtSelectClipRgn
SetTextColor
SetStretchBltMode
GdiFlush
StretchBlt
GetBitmapBits
SetBitmapBits
BitBlt
CreateCompatibleBitmap
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
CreateCompatibleDC
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
GetDeviceCaps

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdiplus

GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipAlloc
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdiplusShutdown
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipStringFormatGetGenericTypographic
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipDrawRectangleI
GdiplusStartup
GdipImageGetFrameDimensionsCount
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipMeasureString

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

crypt32

CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertOpenStore
CryptMsgClose
CertGetCertificateContextProperty
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CertOpenSystemStoreW
CertEnumCertificatesInStore

ws2_32

WSASetLastError
getnameinfo
sendto
gethostbyname
gethostname
WSAStartup
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAIoctl
shutdown
socket
setsockopt
ntohs
htons
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt

wldap32

ord147
ord219
ord46
ord301
ord145
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

667f6c1eff4f8d38ef2c745dc1757e07

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

dbghelp

urlmon

gdi32

comctl32

gdiplus

imm32

crypt32

ws2_32

wldap32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 564KB - Virtual size: 564KB

.data Size: 47KB - Virtual size: 73KB

.rsrc Size: 7.1MB - Virtual size: 7.1MB

.reloc Size: 108KB - Virtual size: 107KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 564KB - Virtual size: 564KB

.data
Size: 47KB - Virtual size: 73KB

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

.reloc
Size: 108KB - Virtual size: 107KB