fbefcec22ca56b208ce8b4b196785b88b1af70e66778ad259d6f47ffde32b3a4

Sharing

Copy URL

Twitter E-mail

General

Target

fbefcec22ca56b208ce8b4b196785b88b1af70e66778ad259d6f47ffde32b3a4
Size

15.5MB
MD5

56cf116ba0f15a0f7dc442ebb4ecda08
SHA1

1e384ae1553eb59934b14d7d2a2aa9fcb13e77b8
SHA256

fbefcec22ca56b208ce8b4b196785b88b1af70e66778ad259d6f47ffde32b3a4
SHA512

15c87ce07d492d528e1140c2ae98c8aea417c43053633105c9c9affe880d58d7844144fdee6ef6ab88df63891f996e506a39bf44991131efda73de00c1669651
SSDEEP

393216:BNyi2Gdm5ymCg/xAo5ubo2jTH2pDmNPs0uS39bMP6bx23DU/9Q6o09glX:Si36ymCgZAos02jTyD+k2EuEg/p6lX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbefcec22ca56b208ce8b4b196785b88b1af70e66778ad259d6f47ffde32b3a4

Files

fbefcec22ca56b208ce8b4b196785b88b1af70e66778ad259d6f47ffde32b3a4
.exe windows:5 windows x86 arch:x86

c03bebaa819e1c24276a539bab5c27dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetThreadLocale
SetThreadLocale
SetFileAttributesW
lstrlenW
MoveFileExW
SetEndOfFile
GetSystemInfo
GetWindowsDirectoryW
GetFileAttributesExW
GetNativeSystemInfo
ResetEvent
SetEvent
PostQueuedCompletionStatus
GetExitCodeThread
TerminateThread
CreateEventW
CreateIoCompletionPort
InterlockedExchange
GetQueuedCompletionStatus
lstrcmpA
InitializeCriticalSection
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetStdHandle
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetACP
SystemTimeToFileTime
ExitProcess
GetModuleHandleExW
ExitThread
FindFirstFileExW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
Sleep
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
GetStringTypeW
TryEnterCriticalSection
WaitForSingleObjectEx
DuplicateHandle
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetSystemTime
lstrlenA
GetVersionExW
FlushFileBuffers
GetFileSize
DeviceIoControl
LocalAlloc
GetCurrentThread
SetThreadPriority
GetCurrentProcess
ReadFile
GetStartupInfoW
CreatePipe
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileW
GetStdHandle
WritePrivateProfileStringW
DeleteFileW
CloseHandle
WriteFile
CreateFileW
GetTempPathW
GetTickCount
MulDiv
GetCurrentProcessId
OpenProcess
GetModuleHandleA
FreeResource
GlobalFree
GlobalAlloc
WideCharToMultiByte
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
lstrcmpiW
GetProcAddress
FreeLibrary
GetVersion
GetModuleHandleW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
DecodePointer
LocalFree
CreateThread
SetFilePointer
GetPrivateProfileStringW
GetLogicalProcessorInformation
GetPrivateProfileIntW
WriteConsoleW

user32

CreateWindowExW
IsWindow
DestroyWindow
SetTimer
KillTimer
GetWindowLongW
SetWindowLongW
LoadCursorW
SendMessageW
PostQuitMessage
ShowWindow
MoveWindow
SetWindowPos
GetDlgItem
GetClientRect
GetWindowRect
MessageBoxW
MapWindowPoints
GetClassInfoExW
GetWindow
LoadIconW
MonitorFromWindow
GetMonitorInfoW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
SetRectEmpty
EqualRect
SetCursor
ClientToScreen
GetCursorPos
PtInRect
ScreenToClient
GetDoubleClickTime
CopyRect
IntersectRect
PostMessageW
LoadImageW
IsRectEmpty
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetIconInfo
DrawIconEx
FillRect
DrawTextW
SystemParametersInfoW
BeginPaint
EndPaint
IsIconic
InvalidateRect
TrackMouseEvent
SetFocus
SetCapture
ReleaseCapture
SetWindowRgn
EnableWindow
GetForegroundWindow
GetWindowTextW
CharLowerBuffW
wsprintfW
UnregisterClassW
GetParent
UpdateWindow
UpdateLayeredWindow
SetActiveWindow
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
ReleaseDC
GetDC
GetWindowTextLengthW
SetWindowTextW
SetLayeredWindowAttributes
OffsetRect
MonitorFromRect
IsZoomed
IsWindowVisible
SetForegroundWindow

gdi32

GetCurrentObject
GetTextColor
CreateFontIndirectW
RestoreDC
Rectangle
CreatePen
SaveDC
CreateRectRgnIndirect
ExtSelectClipRgn
GetStockObject
SetBkColor
CreateRectRgn
CombineRgn
CreateRoundRectRgn
SetTextColor
SetBkMode
CreateSolidBrush
SetBitmapBits
GetBitmapBits
StretchBlt
SetStretchBltMode
DeleteDC
BitBlt
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
DeleteObject
CreateDIBSection
SetTextCharacterExtra

advapi32

GetUserNameW
RegCreateKeyExW
RegDeleteKeyW
ConvertSidToStringSidW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountNameW
DeleteService
ControlService
ChangeServiceConfigW
QueryServiceConfigW
QueryServiceStatus
RegEnumKeyW
CloseServiceHandle
CreateServiceW
StartServiceW
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetFolderPathW
SHGetSpecialFolderLocation
ord165
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ShellExecuteW
SHGetMalloc
SHCreateDirectoryExW
CommandLineToArgvW
ShellExecuteExW
SHChangeNotify

ole32

CoInitializeSecurity
OleRun
CreateStreamOnHGlobal
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc

oleaut32

GetErrorInfo
VariantClear
VariantCopy
VariantInit
SysFreeString
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysAllocString
VarBstrCmp

shlwapi

wnsprintfA
PathRemoveBackslashW
PathSearchAndQualifyW
PathIsDirectoryW
SHDeleteValueW
SHSetValueW
SHDeleteKeyW
SHGetValueW
PathIsRootW
StrCmpIW
PathCombineW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathRemoveExtensionW

comctl32

ord17
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdiplusStartup
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics

wininet

InternetSetOptionW
InternetConnectW
InternetOpenW
HttpSendRequestW
InternetCloseHandle
InternetCrackUrlW
HttpOpenRequestW
HttpQueryInfoW
InternetReadFile

psapi

GetModuleFileNameExW

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

netapi32

Netbios

iphlpapi

GetAdaptersInfo
GetIpAddrTable

secur32

GetUserNameExW

Sections

.text
Size: 789KB - Virtual size: 789KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14.5MB - Virtual size: 14.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c03bebaa819e1c24276a539bab5c27dc

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

wininet

psapi

crypt32

netapi32

iphlpapi

secur32

Sections

.text Size: 789KB - Virtual size: 789KB

.rdata Size: 181KB - Virtual size: 180KB

.data Size: 16KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 14.5MB - Virtual size: 14.5MB

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 789KB - Virtual size: 789KB

.rdata
Size: 181KB - Virtual size: 180KB

.data
Size: 16KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 14.5MB - Virtual size: 14.5MB

.reloc
Size: 40KB - Virtual size: 39KB