9a161671f616c6c2cd54e77927633a5a7c981c1bc53e08ebd50afe21a4fb85f8

Sharing

Copy URL Twitter E-mail

General

Target

9a161671f616c6c2cd54e77927633a5a7c981c1bc53e08ebd50afe21a4fb85f8
Size

4.2MB
MD5

621c2ef26f2be9dc8681cadc536a400f
SHA1

4594231b6fc3a1bc29eced790768280400253bb8
SHA256

9a161671f616c6c2cd54e77927633a5a7c981c1bc53e08ebd50afe21a4fb85f8
SHA512

c036bf3381f3613d2f215c57f7df04464700ca59f91672559da02503725518917f52c6fcc76ec2f8cbc021896aad3a93c17124dc180fcd3b56913fabd5c98fa5
SSDEEP

98304:OVnxG34aqu/gs5JOc6X4ZQjqqVk9zFq7NisFWw0:ixGyuIs5Js4F7VFZw0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a161671f616c6c2cd54e77927633a5a7c981c1bc53e08ebd50afe21a4fb85f8

Files

9a161671f616c6c2cd54e77927633a5a7c981c1bc53e08ebd50afe21a4fb85f8
.exe windows:5 windows x86 arch:x86

b31c43473a72bc61b7c8a8ea41105f3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
ReadConsoleInputA
SetConsoleMode
GetCurrentDirectoryW
MulDiv
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryW
GetFileSize
WriteFile
ReadFile
lstrcpyW
CreateFileW
SetFileAttributesW
GetFileAttributesExW
GlobalFree
GetExitCodeProcess
GetModuleFileNameW
WaitForSingleObject
CreateProcessW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetPrivateProfileIntW
WritePrivateProfileStringW
GetVolumeInformationW
GetVersionExW
GetLongPathNameW
GetTickCount
DeviceIoControl
SetPriorityClass
FlushInstructionCache
HeapCreate
InitializeCriticalSection
FreeResource
LockResource
SetLastError
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetLocalTime
GetVersionExA
SetCurrentDirectoryW
GetModuleHandleA
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
WaitForSingleObjectEx
SetStdHandle
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
SetEndOfFile
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SystemTimeToFileTime
GetSystemTime
GlobalMemoryStatus
FlushConsoleInputBuffer
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
QueryPerformanceFrequency
GetSystemDirectoryA
VerSetConditionMask
SleepEx
GetFileAttributesExA
ResetEvent
SetEvent
lstrlenA
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
GetFileInformationByHandle
InterlockedCompareExchange
CreateEventW
LoadLibraryA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
Sleep
WideCharToMultiByte
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
GetModuleHandleW
GetLogicalDriveStringsW
GetLastError
GetCurrentProcessId
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
CopyFileW
GetPrivateProfileStringW
TerminateProcess
OpenProcess
lstrlenW
GetTempPathW
CreateThread
MoveFileExW
FindNextFileW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
FindClose
GetSystemDirectoryW
LoadLibraryW
CloseHandle
GetProcAddress
FreeLibrary

user32

GetMessageW
LoadImageW
CreateIconFromResource
LoadBitmapW
GetClassNameW
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
GetCursorPos
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
TrackMouseEvent
IsMenu
MonitorFromWindow
GetWindow
GetParent
MapWindowPoints
GetWindowRect
GetClientRect
GetDlgItem
SetWindowPos
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetWindowLongW
GetFocus
SetFocus
DestroyIcon
CharNextW
MsgWaitForMultipleObjects
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
PostMessageW
ShowWindow
SetWindowTextW
SendMessageW
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
IsWindowVisible
PtInRect
EqualRect
TrackPopupMenu
AppendMenuW
GetSystemMetrics
GetSysColor
EnableMenuItem
ClientToScreen
UnregisterClassW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
GetActiveWindow
IsWindowEnabled
PeekMessageW
DispatchMessageW
GetMonitorInfoW
TranslateMessage
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
SystemParametersInfoW
GetDC
ReleaseDC
InflateRect
OffsetRect
SetWindowLongW
DrawIconEx
GetIconInfo
LoadStringW
GetKeyState
wsprintfW
GetForegroundWindow
SetForegroundWindow
LoadCursorW
DestroyCursor
IsWindow
DestroyWindow
SetTimer
KillTimer
SetCursor
SetRect
CopyRect
IntersectRect
UnionRect
IsRectEmpty

advapi32

ControlService
CloseServiceHandle
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
RegEnumKeyW
RegCreateKeyExA
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
DeleteService
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
DuplicateTokenEx
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegCloseKey
CryptSignHashA
CryptEnumProvidersA

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CLSIDFromString
OleLockRunning
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CreateBindCtx
CoCreateGuid
OleInitialize
OleUninitialize
CLSIDFromProgID

shlwapi

PathFileExistsW
SHDeleteKeyW
StrToIntExW

psapi

GetModuleFileNameExW
EnumProcessModules
GetProcessImageFileNameW

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertDuplicateCertificateContext

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipAlloc
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipFree
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipGetImageEncoders
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGraphicsClear
GdipDrawImageRectI
GdipGetPropertyItemSize

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

gdi32

GetCharABCWidthsW
EnumFontFamiliesExW
DeleteDC
GetViewportOrgEx
GetCurrentObject
StretchBlt
SetBkMode
Rectangle
GetStockObject
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
GetDeviceCaps
CreateBitmap
CreateRoundRectRgn
EnumFontsW
BitBlt
SetViewportOrgEx
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
IntersectClipRect
GetRegionData
ExtCreateRegion
DeleteObject
CreateCompatibleDC
GdiFlush
GetTextFaceW
ExtTextOutW
SetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsW
GetGlyphOutlineW
GetFontData

oleaut32

SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

wldap32

ord143
ord217
ord46
ord211
ord32
ord33
ord35
ord79
ord60
ord50
ord41
ord22
ord27
ord30
ord200
ord301
ord26

ws2_32

__WSAFDIsSet
select
getservbyname
gethostbyname
htonl
shutdown
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
WSAGetLastError
getaddrinfo
freeaddrinfo
accept
listen
gethostname
ioctlsocket
sendto
socket
recvfrom

usp10

ScriptFreeCache
ScriptItemize
ScriptShape

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 739KB - Virtual size: 738KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b31c43473a72bc61b7c8a8ea41105f3e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

psapi

crypt32

gdiplus

imm32

gdi32

oleaut32

iphlpapi

wldap32

ws2_32

usp10

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 739KB - Virtual size: 738KB

.data Size: 98KB - Virtual size: 207KB

.gfids Size: 512B - Virtual size: 452B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 247KB - Virtual size: 246KB

.reloc Size: 168KB - Virtual size: 167KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 739KB - Virtual size: 738KB

.data
Size: 98KB - Virtual size: 207KB

.gfids
Size: 512B - Virtual size: 452B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 247KB - Virtual size: 246KB

.reloc
Size: 168KB - Virtual size: 167KB