51844150[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

51844150.exe
Size

23.6MB
MD5

91a60c9b467ad3cf0f8237690fd697b2
SHA1

b030d79026a0017f6ef7779ffc1d8be13049a530
SHA256

ee48b58845a97b08f6e82f2f6e32c34d662a31a8849c3cab8e241ebb62944f83
SHA512

b9b0ade9afa4b90c7fce8af1f8cf423930b408c7b09eab6ae10b83d733e9cda894b7f00ffd8ded8b2e99b35d658b79f55c60c7ac55ec675cfff90ffe93c4a200
SSDEEP

393216:1Yrkt3m7XEZcjHt9QSbBUbps9+NzJsv6tWKFdu9CwKVpzIquIEpjv3:2rdEajHt9QSbBUbpsoNlOuw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51844150.exe

Files

51844150.exe
.exe windows:5 windows x86 arch:x86

a606f7b39db4f65ac731536d477f03d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetVirtualKey
ImmAssociateContextEx
ImmGetDefaultIMEWnd
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW

oleaut32

SysAllocString
SafeArrayPutElement
SafeArrayCreateVector

shlwapi

StrChrW
PathRemoveFileSpecW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

gdi32

RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetStockObject
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
AddFontResourceExW
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
GetObjectW
GetBitmapBits
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
OffsetRgn
BitBlt
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
CombineRgn
GetDIBits
GetTextFaceW

uxtheme

IsAppThemed
IsThemeActive
SetWindowTheme
GetThemeBool
OpenThemeData
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
ord47
GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetCurrentThemeName
GetThemeMargins
CloseThemeData
GetThemeTransitionDuration
GetThemePropertyOrigin

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow

ole32

CoLockObjectExternal
CoCreateGuid
CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoInitialize
CoInitializeEx
CoUninitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
StringFromGUID2

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
OpenProcessToken
CryptGetProvParam
CryptSetHashParam
SystemFunction036
RegCreateKeyExW
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
GetTokenInformation
GetLengthSid
FreeSid
DuplicateToken
CopySid
AllocateAndInitializeSid
AccessCheck
RegDeleteKeyW

user32

DrawIconEx
TranslateMessage
DispatchMessageW
EnumWindows
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
GetMessageExtraInfo
CallNextHookEx
RealGetWindowClassW
ChangeWindowMessageFilterEx
GetAsyncKeyState
TrackMouseEvent
RegisterDeviceNotificationW
UnregisterDeviceNotification
CharNextExA
MsgWaitForMultipleObjects
GetProcessWindowStation
GetUserObjectInformationW
GetTouchInputInfo
CloseTouchInputHandle
UnhookWindowsHookEx
GetClipboardFormatNameW
EnumDisplayDevicesW
RegisterClassW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
GetWindowTextW
GetQueueStatus
MessageBoxW
GetSystemMetrics
SystemParametersInfoW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
GetSysColor
TrackPopupMenuEx
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
GetAncestor
GetKeyboardLayoutList
UnregisterClassW
GetClassInfoW
RegisterClassExW
GetFocus
GetClientRect
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu

kernel32

GetConsoleMode
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
CreateMutexW
GetSystemTimeAsFileTime
GetProcessAffinityMask
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
ReleaseMutex
LoadLibraryExW
LoadLibraryExA
WakeConditionVariable
SleepConditionVariableSRW
WakeAllConditionVariable
InitializeConditionVariable
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceComplete
InitOnceBeginInitialize
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoEx
FormatMessageA
GetExitCodeProcess
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
GetModuleHandleExW
FreeLibrary
FindNextFileW
FindFirstFileExW
MultiByteToWideChar
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
RegisterWaitForSingleObject
UnregisterWaitEx
SetFilePointerEx
SetConsoleMode
GetFileType
FlushFileBuffers
GetFileInformationByHandleEx
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
MoveFileExW
MoveFileW
CopyFileW
DeviceIoControl
GetVolumePathNamesForVolumeNameW
GetTempPathW
SetFileTime
RemoveDirectoryW
GetLogicalDrives
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetStartupInfoW
CompareStringW
GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileAttributesExW
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
ResetEvent
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
SwitchToThread
WaitForMultipleObjects
WaitForSingleObject
DuplicateHandle
GetSystemDirectoryW
CreateEventW
WaitForSingleObjectEx
SetEvent
IsProcessorFeaturePresent
TerminateProcess
OutputDebugStringW
GetLocalTime
GetSystemTime
GetCommandLineW
CompareStringEx
GetConsoleWindow
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
ReadConsoleA
ReadConsoleW
UnhandledExceptionFilter
InitializeSListHead
IsDebuggerPresent
VirtualQuery
RtlUnwind
LCIDToLocaleName
AreFileApisANSI
HeapCreate
VirtualAlloc
Sleep
ExitProcess
WriteProcessMemory
VirtualProtect
GetCurrentProcess
GetModuleFileNameW
CreateFileW
GetCurrentThreadId
lstrcatW
CloseHandle
LoadLibraryW
GetProcAddress
GetCurrentProcessId
lstrcmpiW
SetUnhandledExceptionFilter
lstrcmpW
GetLastError
GetModuleHandleW
LocalFree
FormatMessageW
WTSGetActiveConsoleSessionId
SetErrorMode
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetUserDefaultLangID
GetFileSize
ReadFile
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
PeekNamedPipe
InitializeCriticalSection
GetProcessHeap
InitializeCriticalSectionAndSpinCount
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MapViewOfFileEx
lstrlenW
ReleaseSRWLockShared
AcquireSRWLockShared
GetEnvironmentVariableW
GetSystemDirectoryA
VirtualFree
GetACP
SetEndOfFile

shell32

SHGetKnownFolderIDList
SHGetPathFromIDListW
Shell_NotifyIconW
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
Shell_NotifyIconGetRect
SHBrowseForFolderW
SHGetKnownFolderPath
CommandLineToArgvW
SHGetMalloc

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider

ws2_32

shutdown
WSASetLastError
getservbyname
getservbyport
gethostbyname
setsockopt
inet_ntoa
inet_addr
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
recv
connect
socket
bind
InetNtopW
freeaddrinfo
getaddrinfo
WSAIoctl
WSAStringToAddressW
WSAStartup
WSACleanup
WSAAsyncSelect
ntohs
getsockname
send
select
ntohl
htons
htonl
gethostbyaddr
getsockopt
ioctlsocket
closesocket
__WSAFDIsSet
WSAGetLastError

crypt32

CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

msvcrt

log10
_strtoui64
_wcstoui64
mbtowc
pow
_control87
_msize
?_set_new_mode@@YAHH@Z
_fmode
_acmdln
__getmainargs
__set_app_type
_XcptFilter
_wfullpath
wcspbrk
__doserrno
_mbsupr
_mbslwr
_ismbblead
_strtoi64
_hypot
_assert
___lc_handle_func
fsetpos
fgetpos
?terminate@@YAXXZ
_wgetenv
_tzname
_timezone
iswctype
_iob
_unlock
_lock
sqrt
wcstol
_isatty
__p__commode
_initterm
_callnewh
signal
raise
_wfopen
_setmode
setvbuf
_wcsicmp
_itoa
_mbsrchr
_strnicmp
_ismbcspace
_mbsspn
_mbsicmp
_mbscspn
_mbscmp
_mbschr
_stricmp
clock
__p__timezone
tan
sinh
sin
log
fabs
exp
cosh
cos
asin
acos
_aligned_realloc
_aligned_malloc
_aligned_free
_CIcosh
_time64
strftime
_localtime64
strspn
strtoul
ldexp
tolower
___mb_cur_max_func
strcspn
strtod
islower
_wcsdup
___lc_codepage_func
isupper
__pctype_func
_write
_read
fgets
_getdrive
_open_osfhandle
_close
_fileno
feof
_get_osfhandle
_wchmod
_waccess
_lseeki64
_endthreadex
_beginthreadex
_tzset
_mktime64
fputs
__p___argv
__p___argc
isspace
isdigit
_gmtime64
ferror
frexp
abort
strerror
_errno
_CIatan2
rand
floor
bsearch
atoi
calloc
ceil
ftell
fseek
fopen
fclose
getenv
strtol
qsort
strncpy
strncmp
realloc
wcsncmp
toupper
_sys_errlist
tanh
fflush
malloc
free
strcmp
_wsplitpath
strlen
_amsg_exit
__CxxFrameHandler
strchr
_setjmp3
memchr
longjmp
strrchr
_CxxThrowException
strstr
wcsstr
wcsrchr
_sys_nerr
_CIlog10
atan
memset
memcmp
memcpy
memmove
_clearfp
__p__dstbias
fread

winmm

timeBeginPeriod
timeGetDevCaps
timeGetTime
timeKillEvent
timeSetEvent
timeEndPeriod

netapi32

NetApiBufferFree
NetShareEnum

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 15.5MB - Virtual size: 15.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 937KB - Virtual size: 25.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a606f7b39db4f65ac731536d477f03d8

Headers

DLL Characteristics

File Characteristics

Imports

imm32

oleaut32

shlwapi

wtsapi32

gdi32

uxtheme

dwmapi

ole32

advapi32

user32

kernel32

shell32

bcrypt

ws2_32

crypt32

msvcrt

winmm

netapi32

userenv

version

Sections

.text Size: 15.5MB - Virtual size: 15.5MB

.rdata Size: 6.7MB - Virtual size: 6.7MB

.data Size: 937KB - Virtual size: 25.5MB

.qtmetad Size: 1KB - Virtual size: 1KB

_RDATA Size: 512B - Virtual size: 48B

.reloc Size: 496KB - Virtual size: 495KB

.text
Size: 15.5MB - Virtual size: 15.5MB

.rdata
Size: 6.7MB - Virtual size: 6.7MB

.data
Size: 937KB - Virtual size: 25.5MB

.qtmetad
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 512B - Virtual size: 48B

.reloc
Size: 496KB - Virtual size: 495KB