fa7a05631088a0b7a9610f4fe9c776c5d79f4ae2dd5c857a183dcc35718a19e6

Sharing

Copy URL

Twitter E-mail

General

Target

fa7a05631088a0b7a9610f4fe9c776c5d79f4ae2dd5c857a183dcc35718a19e6
Size

9.2MB
MD5

ade2f39e9aa842b510df7ba69329ef9a
SHA1

36491772a615f1fef09a6115307ecde2b3968dd8
SHA256

fa7a05631088a0b7a9610f4fe9c776c5d79f4ae2dd5c857a183dcc35718a19e6
SHA512

40fbc5064bd6d2bcc4f0929877af2dd5a5a80618a6ac6e9f3644ae83496803978900b89a659f036488c89ada252ab0bab93e8502518a1d8cb8e33d4583b4aed1
SSDEEP

196608:7EpPqitlegevcAbzxWUklvP4EeRDc6aKiL6oBJsZZF6lPE5UQI:YciCguXkp4EeRHZiLPSFqlQI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa7a05631088a0b7a9610f4fe9c776c5d79f4ae2dd5c857a183dcc35718a19e6

Files

fa7a05631088a0b7a9610f4fe9c776c5d79f4ae2dd5c857a183dcc35718a19e6
.exe windows:5 windows x86 arch:x86

4f88e13e036e5d8bd8ae3100b3ad4a59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
GetModuleHandleA
lstrcpyW
lstrcpynW
GetLocalTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
ConvertThreadToFiber
ConvertFiberToThread
GlobalMemoryStatus
CreateFiber
DeleteFiber
SwitchToFiber
SetConsoleMode
ReadConsoleA
SetFilePointer
ExitProcess
GetACP
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
MulDiv
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
WriteConsoleW
SetEndOfFile
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
FormatMessageW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
ReadConsoleW
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileAttributesExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
PeekNamedPipe
GetStdHandle
GetFileType
WaitForMultipleObjects
GetEnvironmentVariableA
CompareFileTime
GetVersionExW
lstrlenW
TerminateProcess
GlobalAlloc
GetSystemDirectoryA
DeviceIoControl
SetErrorMode
SetUnhandledExceptionFilter
CreateMutexW
ReleaseMutex
VerifyVersionInfoW
GetSystemDirectoryW
GetNativeSystemInfo
GetSystemTime
VerSetConditionMask
MoveFileExW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
CreateFileW
CreateFileA
FindClose
ReadFile
WriteFile
GetFileSize
GetCurrentProcess
WaitForSingleObject
CreateDirectoryW
GetTempPathW
GetEnvironmentVariableW
GetTickCount
InitializeCriticalSection
MoveFileW
WideCharToMultiByte
VirtualQuery
LoadLibraryW
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
FreeResource
InterlockedDecrement
GetDriveTypeW
FindResourceExW
CreateThread
MultiByteToWideChar
GetModuleFileNameW
GetCommandLineW
GetCurrentThreadId
FindResourceW
LoadResource
LockResource
Sleep
SizeofResource
GetModuleFileNameA
DeleteCriticalSection
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
LocalFree
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
Process32FirstW
Process32NextW
GetLastError
CreateToolhelp32Snapshot
GetLogicalDriveStringsW
HeapSize
OpenProcess
LocalAlloc
InitializeCriticalSectionAndSpinCount
VirtualAlloc
VirtualFree
SleepEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
SetLastError
QueryPerformanceFrequency
QueryPerformanceCounter
GetStringTypeW
TryEnterCriticalSection
HeapFree
IsValidLocale
IsDebuggerPresent
OutputDebugStringW
QueryDosDeviceW

user32

RegisterClassExW
CreateWindowExW
DestroyWindow
SetTimer
KillTimer
GetCursor
GetUserObjectInformationW
GetProcessWindowStation
UpdateWindow
GetDC
ReleaseDC
MonitorFromPoint
IsWindow
SetWindowPos
IsWindowVisible
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
DefWindowProcW
PostMessageW
GetMessageW
DispatchMessageW
PeekMessageW
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
CharNextW
TranslateMessage
MessageBoxW
SendMessageW
GetActiveWindow
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
SetCursor
InflateRect
LoadCursorW
SetWindowRgn
wsprintfW
ActivateKeyboardLayout
PostQuitMessage
CallWindowProcW
RegisterClassW
GetClassInfoExW
ShowWindow
EnableWindow
GetSystemMetrics
IsZoomed
SetPropW
GetPropW
UpdateLayeredWindow
MoveWindow
GetWindowRgn
CharPrevW
IsIconic
DrawTextW
FillRect
SetRect
CreatePopupMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
DestroyMenu
HideCaret
DrawIconEx
DestroyIcon
PrivateExtractIconsW
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
SetForegroundWindow
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
IsWindowEnabled
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret

gdi32

CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
CreateRectRgnIndirect
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
SetBitmapBits
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
GetBitmapBits
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreatePenIndirect
CreatePatternBrush
RestoreDC
GetTextExtentPointA
StretchBlt

advapi32

CryptGetUserKey
CryptExportKey
CryptEnumProvidersW
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptSignHashW
CryptDestroyHash
FreeSid
AllocateAndInitializeSid
LookupAccountSidW
GetTokenInformation
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
OpenProcessToken
GetUserNameW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
CryptDecrypt
CryptCreateHash
CryptGenRandom

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetFolderPathW
DragQueryFileW
SHGetPathFromIDListW
CommandLineToArgvW
SHGetFileInfoW
ShellExecuteExW

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CoTaskMemRealloc
CoCreateInstance
CoInitialize

oleaut32

VariantInit
SysAllocString
VarUI4FromStr
SysFreeString
VariantClear

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathRemoveExtensionW
SHDeleteKeyW
PathCombineW
PathIsDirectoryW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

gdiplus

GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipDeleteBrush
GdipCloneBrush
GdipCreatePen1
GdipCreateFromHDC
GdipImageSelectActiveFrame
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipFillPath
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
ord1
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

crypt32

CertFindCertificateInStore
CertGetNameStringW
CertGetCertificateContextProperty
CertCloseStore
CryptMsgGetParam
CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CryptQueryObject
CertOpenStore
CryptMsgClose
CertFreeCertificateContext
CertDuplicateCertificateContext

ws2_32

getsockname
getpeername
connect
WSAEnumNetworkEvents
getsockopt
recvfrom
WSAStartup
gethostname
gethostbyname
sendto
htons
shutdown
ntohs
setsockopt
socket
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAEventSelect
WSASetLastError
getnameinfo
WSAIoctl
closesocket
recv
send
WSAGetLastError
bind

psapi

EnumProcessModules
GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcesses

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

urlmon

ObtainUserAgentString

wldap32

ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord301
ord219
ord145

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f88e13e036e5d8bd8ae3100b3ad4a59

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

imm32

crypt32

ws2_32

psapi

dbghelp

version

urlmon

wldap32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 564KB - Virtual size: 564KB

.data Size: 48KB - Virtual size: 74KB

.rsrc Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 107KB - Virtual size: 107KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 564KB - Virtual size: 564KB

.data
Size: 48KB - Virtual size: 74KB

.rsrc
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 107KB - Virtual size: 107KB