5899ebc4599d16345ec7d6b3d9522383faaef6e5f97e8a7ef7e87a3cb568eb57

Sharing

Copy URL Twitter E-mail

General

Target

5899ebc4599d16345ec7d6b3d9522383faaef6e5f97e8a7ef7e87a3cb568eb57
Size

26.4MB
MD5

fe8726af632969e0c3b9895171d5dddd
SHA1

1449f1d53f4842cea012307118d557af8322c17b
SHA256

5899ebc4599d16345ec7d6b3d9522383faaef6e5f97e8a7ef7e87a3cb568eb57
SHA512

fef00d73b325a699630af46b8ab60fc6293eb6e39b45cd4e4737b0e818ce798095c316e7cb65c51c05504620be38ca6a0c47c3dec8e10ac6d2aaedc3b886171e
SSDEEP

393216:QkoBs9SMHwF280DI6mWooqBgp8QSgJsv6tWKFdu9C3ivRGqyKsqyKz:NovDbsiUq1sq1z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5899ebc4599d16345ec7d6b3d9522383faaef6e5f97e8a7ef7e87a3cb568eb57

Files

5899ebc4599d16345ec7d6b3d9522383faaef6e5f97e8a7ef7e87a3cb568eb57
.exe windows:5 windows x64 arch:x64

7dabbe0f88035e3df4fcfd5d168c38d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

StrChrW
PathRemoveFileSpecW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

uxtheme

GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
GetThemePartSize
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName
OpenThemeData
ord47

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmEnableBlurBehindWindow

oleaut32

SysFreeString
SafeArrayCreateVector
SysAllocString
SafeArrayPutElement

imm32

ImmGetVirtualKey
ImmSetCandidateWindow
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow

gdi32

SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
DeleteObject
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetRegionData
DeleteDC
CreateRectRgn
CreateCompatibleDC
CombineRgn
CreateFontIndirectW
GetDIBits

kernel32

LocalFree
FormatMessageW
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetUserDefaultLangID
GetFileSize
ReadFile
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
HeapReAlloc
GetConsoleMode
GetSystemTimeAsFileTime
GetACP
GetEnvironmentVariableW
GetStdHandle
HeapFree
HeapSize
GetLastError
lstrcmpW
lstrcatW
lstrcmpiW
LoadLibraryW
GetProcAddress
GetModuleFileNameW
WriteProcessMemory
VirtualProtect
HeapAlloc
GetProcessHeap
GetQueuedCompletionStatus
PostQueuedCompletionStatus
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
FindResourceExW
LoadResource
LockResource
HeapDestroy
SetLastError
GetCurrentThreadId
SetConsoleMode
ReadConsoleA
ReadConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EnterCriticalSection
UnhandledExceptionFilter
SleepConditionVariableSRW
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
VirtualQuery
LCIDToLocaleName
AreFileApisANSI
PeekNamedPipe
LoadLibraryExW
InitializeCriticalSection
ReleaseMutex
CreateMutexW
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
GetCurrentProcessId
InitializeCriticalSectionEx
LeaveCriticalSection
GetCurrentProcess
GetLongPathNameW
GetVolumeInformationW
GetDriveTypeW
GetConsoleWindow
CompareStringEx
GetCommandLineW
GetSystemTime
GetLocalTime
OutputDebugStringW
TerminateProcess
IsProcessorFeaturePresent
SetEvent
WaitForSingleObjectEx
CreateEventW
GetNativeSystemInfo
GetSystemDirectoryW
DuplicateHandle
WaitForSingleObject
Sleep
WaitForMultipleObjects
SwitchToThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
ResetEvent
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetFileAttributesExW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetStartupInfoW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
SizeofResource
GetLogicalDrives
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointerEx
UnregisterWaitEx
RegisterWaitForSingleObject
CompareStringW
MultiByteToWideChar
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
FindNextFileW
FreeLibrary
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetExitCodeProcess
FormatMessageA
GetLocaleInfoEx
RaiseException
SetUnhandledExceptionFilter
CloseHandle
CreateFileW
VirtualAlloc
ExitProcess
HeapCreate
GetModuleHandleW
VirtualFree
GetSystemDirectoryA
WakeAllConditionVariable
AcquireSRWLockShared
ReleaseSRWLockShared
CreateIoCompletionPort
lstrlenW
MapViewOfFileEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FindResourceW

ole32

CoLockObjectExternal
CoCreateGuid
CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoInitialize
CoInitializeEx
CoUninitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
StringFromGUID2

shell32

SHCreateItemFromIDList
ShellExecuteW
Shell_NotifyIconW
SHGetMalloc
SHGetFileInfoW
CommandLineToArgvW
Shell_NotifyIconGetRect
SHGetKnownFolderPath
SHCreateItemFromParsingName
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHGetStockIconInfo
SHBrowseForFolderW
ord727

user32

RealGetWindowClassW
EnumWindows
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
EnumDisplayDevicesW
RegisterClassW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
GetQueueStatus
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
RemoveMenu
TranslateMessage
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
ShowWindow
IsChild
CreateWindowExW
AttachThreadInput
PostMessageW
SendMessageW
UpdateLayeredWindowIndirect
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
GetDesktopWindow
GetSysColor
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSystemMetrics
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
MsgWaitForMultipleObjects
GetProcessWindowStation
GetUserObjectInformationW
DispatchMessageW
MessageBoxW
DrawIconEx
ChangeWindowMessageFilterEx
TrackPopupMenu

winmm

timeSetEvent
PlaySoundW
timeBeginPeriod
timeGetDevCaps
timeGetTime
timeEndPeriod
timeKillEvent

ws2_32

WSAGetLastError
__WSAFDIsSet
closesocket
ioctlsocket
WSAAsyncSelect
getsockname
getsockopt
htonl
htons
ntohl
send
setsockopt
shutdown
WSASetLastError
WSACleanup
WSARecv
WSASend
WSAStringToAddressW
getaddrinfo
freeaddrinfo
InetNtopW
bind
listen
socket
WSAGetOverlappedResult
connect
recv
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAStartup
ntohs
WSAIoctl
getpeername
select
WSAResetEvent
WSAWaitForMultipleEvents
getservbyname
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport

crypt32

CertOpenStore
CertCloseStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

msvcrt

_mbsicmp
_mbscspn
_mbscmp
_mbschr
_stricmp
tolower
___mb_cur_max_func
strcspn
islower
_wcsdup
___lc_codepage_func
isupper
__pctype_func
_write
_read
fgets
_getdrive
_open_osfhandle
_close
_fileno
feof
_get_osfhandle
_wchmod
_waccess
asin
_lseeki64
ceilf
_endthreadex
_beginthreadex
_tzset
_mktime64
fputs
acosf
isxdigit
isspace
acos
sinf
isdigit
floorf
_gmtime64
_itoa
ferror
abort
strerror
_errno
log10
atan2
rand
log
exp
floor
bsearch
atoi
calloc
ceil
sqrt
ftell
fseek
fread
fopen
getenv
strtol
qsort
strncpy
strncmp
realloc
pow
wcsncmp
tan
sin
_ismbcspace
atan
toupper
fflush
malloc
free
strcmp
_wsplitpath
strlen
_setjmp
_local_unwind
__DestructExceptionObject
_amsg_exit
__C_specific_handler
wcsstr
strchr
memchr
longjmp
strrchr
_CxxThrowException
strstr
memmove
wcsrchr
memset
memcpy
memcmp
_time64
_wcsicmp
strtoul
setvbuf
_setmode
strspn
_wfopen
raise
signal
_callnewh
_initterm
wcstol
_lock
_clearfp
_sys_nerr
_sys_errlist
_strtoui64
_wcstoui64
_isatty
mbtowc
_msize
_commode
?_set_new_mode@@YAHH@Z
_fmode
__getmainargs
__set_app_type
_XcptFilter
_wfullpath
wcspbrk
__doserrno
_mbsupr
_mbslwr
_ismbblead
___lc_handle_func
fsetpos
_hypot
fgetpos
?terminate@@YAXXZ
_wgetenv
_localtime64
__CxxFrameHandler
_mbsspn
_strnicmp
_mbsrchr
cos
_tzname
_timezone
__argv
__argc
_acmdln
iswctype
_iob
_mkgmtime64
_unlock
fclose

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetShareEnum

advapi32

FreeSid
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
GetLengthSid
DuplicateToken
CopySid
AllocateAndInitializeSid
AccessCheck
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
SystemFunction036
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9.3MB - Virtual size: 26.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 571KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dabbe0f88035e3df4fcfd5d168c38d8

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wtsapi32

uxtheme

dwmapi

oleaut32

imm32

gdi32

kernel32

ole32

shell32

user32

winmm

ws2_32

crypt32

bcrypt

msvcrt

userenv

version

netapi32

advapi32

Sections

.text Size: 11.3MB - Virtual size: 11.3MB

.rdata Size: 4.9MB - Virtual size: 4.9MB

.data Size: 9.3MB - Virtual size: 26.5MB

.pdata Size: 571KB - Virtual size: 570KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 315KB - Virtual size: 315KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 86KB - Virtual size: 86KB

.text
Size: 11.3MB - Virtual size: 11.3MB

.rdata
Size: 4.9MB - Virtual size: 4.9MB

.data
Size: 9.3MB - Virtual size: 26.5MB

.pdata
Size: 571KB - Virtual size: 570KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 86KB - Virtual size: 86KB