29fdc7b0dd11741f9bf996ca58b6bb0425c4babc4c8ece1a2beb7f49608c29d7

Sharing

Copy URL Twitter E-mail

General

Target

29fdc7b0dd11741f9bf996ca58b6bb0425c4babc4c8ece1a2beb7f49608c29d7
Size

947KB
MD5

c73ef7eb08e82fab9a99d459e49f9360
SHA1

0fde5733aff3d26790e9068c53a6feda3d7cc5bd
SHA256

29fdc7b0dd11741f9bf996ca58b6bb0425c4babc4c8ece1a2beb7f49608c29d7
SHA512

40c3d70286145309ffeb0583ebd1b0014fa0861a4cff4763911e435217055f99634adef052910e779a46cd8d518b78980bf5aee14c609bb73857d7fd0e1d129d
SSDEEP

24576:NbMYEsIpNvXXA0AKqGFLfkxqPeUTEEd0lgv+Xl3:NYYLmR5AE4xqPFd0lg213

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29fdc7b0dd11741f9bf996ca58b6bb0425c4babc4c8ece1a2beb7f49608c29d7

Files

29fdc7b0dd11741f9bf996ca58b6bb0425c4babc4c8ece1a2beb7f49608c29d7
.exe windows:5 windows x86 arch:x86

40110d1e7aee9cfb66e62b731dcd2e6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_ReplaceIcon
ImageList_Remove
ImageList_Create

winhttp

WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexW
CreateEventW
Sleep
CreateSemaphoreW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
SwitchToThread
CreateThread
GetCurrentThreadId
GetExitCodeThread
GetThreadTimes
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetVersionExW
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
VirtualAllocEx
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateTimerQueueTimer
DeleteTimerQueueTimer
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesW
OpenProcess
CreateToolhelp32Snapshot
GetLastError
Process32NextW
GlobalAlloc
GlobalLock
GlobalUnlock
IsValidCodePage
GetModuleHandleW
GetProcessHeap
GetFileSize
ReadFile
GetEnvironmentVariableW
SetEnvironmentVariableW
VirtualQueryEx
VirtualFreeEx
CreateRemoteThread
ReadProcessMemory
WriteProcessMemory
WriteFile
ConnectNamedPipe
CreateNamedPipeW
Module32FirstW
Module32NextW
IsDBCSLeadByteEx
FlushFileBuffers
IsValidLocale
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwind
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetModuleHandleA
FreeLibraryAndExitThread
GetProcessAffinityMask
ChangeTimerQueueTimer
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetCPInfo
TlsFree
RaiseException
DuplicateHandle
CloseHandle
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
GetCurrentThread
GetStringTypeW
DeleteCriticalSection
TryEnterCriticalSection
AreFileApisANSI
GetFileAttributesW
CreateFileW
GetConsoleCP
FindFirstFileExA
FindNextFileA
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
HeapSize
FindClose
GetCurrentDirectoryW
FormatMessageW
SetLastError
SetEndOfFile
Process32FirstW

user32

SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DefWindowProcW
PostQuitMessage
RegisterClassW
CreateWindowExW
GetSystemMetrics
GetWindowRect
GetWindowTextW
SetForegroundWindow
TrackPopupMenu
ShowWindow
MessageBoxW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
wsprintfW
DestroyIcon
GetWindowTextLengthW
AppendMenuW
DestroyMenu
CreatePopupMenu
MoveWindow
SetWindowLongW
GetWindowLongW
SetWindowTextW

gdi32

CreateFontW

shell32

SHGetFileInfoW

comdlg32

GetOpenFileNameW
ChooseFontW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

Exports

Exports

OnNewSentence
QtFreeLibrary
QtLoadLibraryBatch
QtStartUp

Sections

.text
Size: 560KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40110d1e7aee9cfb66e62b731dcd2e6f

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

winhttp

version

kernel32

user32

gdi32

shell32

comdlg32

advapi32

psapi

Exports

Exports

Sections

.text Size: 560KB - Virtual size: 559KB

.rdata Size: 139KB - Virtual size: 138KB

.data Size: 23KB - Virtual size: 28KB

.rsrc Size: 193KB - Virtual size: 193KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 560KB - Virtual size: 559KB

.rdata
Size: 139KB - Virtual size: 138KB

.data
Size: 23KB - Virtual size: 28KB

.rsrc
Size: 193KB - Virtual size: 193KB

.reloc
Size: 30KB - Virtual size: 30KB