908716a748cac6d5406fe6e52e7d639905f4cec95760ad5de98d8b8c29d2d64e

Sharing

Copy URL Twitter E-mail

General

Target

908716a748cac6d5406fe6e52e7d639905f4cec95760ad5de98d8b8c29d2d64e
Size

3.7MB
MD5

a69cf7bba1808c672ba9012d6256aa0b
SHA1

fba619eb9c832e891cd2945bc2f3b3cebd704c02
SHA256

908716a748cac6d5406fe6e52e7d639905f4cec95760ad5de98d8b8c29d2d64e
SHA512

9086c2d013ee3e2f16737bde6c629cf00c662a5a2a41552ac1de6c36210f9010e1699ff5c1384b95689c7ab1e1172182c526c945f111ba47da3909d7f5e93ae4
SSDEEP

49152:ljb9ruwKCqkX35/EpAHNMTok+qzbKHyceTGvFmuL75Vs3x80Bi5IRtNpMC3G:ljowKCF5/EpACToMQNL7oB7w+tpMh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
908716a748cac6d5406fe6e52e7d639905f4cec95760ad5de98d8b8c29d2d64e

Files

908716a748cac6d5406fe6e52e7d639905f4cec95760ad5de98d8b8c29d2d64e
.exe windows:4 windows x86 arch:x86

a51fb7daba40b070416d678d10da8524

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
DeviceIoControl
DefineDosDeviceA
SetLastError
CreateFileW
ResetEvent
WaitForMultipleObjects
DeleteCriticalSection
InitializeCriticalSection
CopyFileW
GetSystemWindowsDirectoryA
GetModuleHandleW
LocalFree
Module32First
Module32Next
GetCurrentThread
CreateProcessA
ProcessIdToSessionId
GetExitCodeProcess
GetStartupInfoA
Process32FirstW
Process32NextW
OpenProcess
GetLogicalDriveStringsA
QueryDosDeviceA
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateNamedPipeA
CreateEventA
ConnectNamedPipe
DisconnectNamedPipe
GetSystemInfo
GetVersionExA
GetFileTime
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileA
FlushConsoleInputBuffer
QueryPerformanceCounter
GlobalMemoryStatus
GetStdHandle
GetVersion
DuplicateHandle
GetFileType
MulDiv
FreeResource
SizeofResource
GetCurrentDirectoryA
GetACP
FindNextFileA
FindClose
RemoveDirectoryA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
lstrcmpiW
MoveFileExA
GetProcessHeap
HeapAlloc
HeapFree
GetSystemDirectoryA
EnterCriticalSection
LeaveCriticalSection
ReadFile
GetLocalTime
OutputDebugStringA
SetFilePointer
SetEndOfFile
CopyFileA
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
DosDateTimeToFileTime
LocalFileTimeToFileTime
GlobalAlloc
GetFileSize
CreateFileA
SetFileTime
SetFileAttributesA
lstrcpynA
lstrcpyA
lstrcatA
lstrcmpiA
GetFullPathNameA
GetModuleHandleA
GetTickCount
GetExitCodeThread
GetDiskFreeSpaceExA
TerminateThread
GetLogicalDrives
FreeLibrary
OpenEventA
SetEvent
VirtualQuery
LoadLibraryA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
CreateFileMappingA
MapViewOfFile
GetSystemTime
SystemTimeToFileTime
GlobalLock
GlobalUnlock
GetEnvironmentVariableA
CreateThread
WaitForSingleObject
ExpandEnvironmentStringsA
GetSystemDefaultLangID
SetUnhandledExceptionFilter
GetTempPathA
CreateDirectoryA
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
Sleep
CreateSemaphoreA
GetLastError
GetModuleFileNameA
GlobalFree
lstrlenA
WriteFile
CloseHandle

user32

GetClassNameA
GetWindowTextA
OpenInputDesktop
GetUserObjectInformationA
SwitchDesktop
GetWindowLongA
IsIconic
GetClientRect
OpenDesktopA
EnumDesktopWindows
GetThreadDesktop
CloseDesktop
CreateDesktopA
ExitWindowsEx
EnumWindows
GetWindowThreadProcessId
DestroyWindow
CreateWindowExA
SetWindowLongA
ShowWindow
PostQuitMessage
PostMessageA
IsWindow
GetCursorPos
MessageBoxA
ScreenToClient
SetWindowRgn
GetWindowRect
ClientToScreen
KillTimer
SetTimer
SendMessageA
TrackPopupMenu
SetForegroundWindow
ModifyMenuA
GetSubMenu
LoadMenuA
IsWindowEnabled
SetWindowPos
GetSystemMetrics
GetParent
GetMonitorInfoA
MonitorFromWindow
SendMessageTimeoutA
LoadIconA
DestroyIcon
GetForegroundWindow
GetProcessWindowStation
GetUserObjectInformationW
CreateAcceleratorTableA
InvalidateRgn
SetRect
CharPrevA
DrawTextA
FillRect
GetWindowRgn
UpdateLayeredWindow
GetSysColor
SetCaretPos
ShowCaret
HideCaret
CreateCaret
IntersectRect
GetWindowTextLengthA
SetWindowTextA
CharNextA
PtInRect
ReleaseCapture
SetCapture
GetFocus
GetUpdateRect
FindWindowA
LoadCursorA
BeginPaint
EndPaint
IsRectEmpty
InvalidateRect
MapWindowPoints
DefWindowProcA
GetKeyState
RegisterClassExA
GetDC
SetUserObjectInformationA
SetThreadDesktop
EnableWindow
GetDesktopWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetFocus
OffsetRect
wvsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
GetWindow
SystemParametersInfoA
RegisterClassA
GetClassInfoExA
CallWindowProcA
GetPropA
SetPropA
AdjustWindowRectEx
GetMenu
SetCursor
ReleaseDC
MoveWindow

gdi32

DeleteObject
CreateRoundRectRgn
CombineRgn
CreateRectRgnIndirect
GetPixel
GetObjectA
SelectObject
CreateCompatibleDC
CreateRectRgn
DeleteDC
CreateDIBSection
CreateFontIndirectA
GetStockObject
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
CreateCompatibleBitmap
GetTextMetricsA
CreateSolidBrush
SetTextColor
SetBkMode
GetDeviceCaps
PtInRegion
SelectClipRgn
ExtSelectClipRgn
GetClipBox
StretchBlt
SetStretchBltMode
ExtTextOutA
SetBkColor
LineTo
MoveToEx
RoundRect
TextOutA
GetTextExtentPoint32A
GetCharABCWidthsA
CreatePen

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

SetSecurityDescriptorDacl
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptDestroyHash
CryptDestroyKey
RegDeleteValueA
AddAccessAllowedAce
RegSetKeySecurity
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
LookupAccountNameA
ConvertSidToStringSidA
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
CloseServiceHandle
LookupPrivilegeNameA
OpenThreadToken
GetTokenInformation
EqualSid
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
CreateProcessAsUserA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
CryptEncrypt
SetFileSecurityA
FreeSid
CryptDecrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptReleaseContext

shell32

StrChrIA
StrStrIA
StrCmpNIA
ShellExecuteA
SHGetSpecialFolderPathA
SHChangeNotify
ShellExecuteExA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
Shell_NotifyIconA

ole32

CoCreateInstance
CLSIDFromString
CoCreateGuid
CoInitialize
OleInitialize
OleUninitialize
CLSIDFromProgID
OleLockRunning

ws2_32

accept
WSAEnumNetworkEvents
bind
WSAEventSelect
listen
shutdown
WSASend
WSARecv
WSASocketA
setsockopt
getsockname
WSAIoctl
WSACleanup
WSAStartup
getservbyport
gethostbyaddr
getservbyname
WSASetLastError
WSAAddressToStringA
WSAGetLastError
ntohl
htonl
ntohs
gethostbyname
inet_ntoa
socket
ioctlsocket
closesocket
htons
inet_addr
connect
select
WSAGetOverlappedResult

comctl32

ord17
_TrackMouseEvent

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext

dbghelp

MiniDumpWriteDump

msvcp60

??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
??_7runtime_error@std@@6B@
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@D@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1ios_base@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@

shlwapi

PathRemoveFileSpecA
StrTrimW
PathIsDirectoryA
SHGetValueA
StrTrimA

crypt32

CertFreeCertificateContext
CryptDecryptMessage
CryptEncryptMessage
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindChainInStore
CertGetIntendedKeyUsage
CertNameToStrA
CertOpenStore
CertAddCertificateContextToStore
CertOpenSystemStoreA
CertFindCertificateInStore
CertGetNameStringA
CertCloseStore

psapi

GetProcessImageFileNameA
GetModuleFileNameExA

iphlpapi

SetTcpEntry
GetIpForwardTable
GetIpAddrTable
GetTcpTable

msvcrt

_mbsnbcmp
_itoa
_stricmp
_controlfp
_iob
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
signal
_getch
isupper
isxdigit
_except_handler3
_strnicmp
_setmode
fflush
_wfopen
isspace
tolower
getenv
qsort
strcmp
memset
fprintf
wcsstr
raise
_exit
gmtime
_ismbcalnum
_fileno
isdigit
strtol
toupper
_mbsstr
_mbslwr
_mbscmp
_mbsnbcpy
realloc
strpbrk
_ftol
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
_strdup
fgets
fputs
rewind
fread
wcscpy
wcscat
iscntrl
_wcsicmp
ftell
strtoul
calloc
_vsnprintf
remove
_errno
_lseek
_close
_write
_read
_CxxThrowException
_open
printf
exit
fwrite
wcsncpy
strchr
fopen
fseek
fgetws
wcslen
atoi
strncat
strncpy
_strrev
??2@YAPAXI@Z
strrchr
_purecall
__p___argv
__p___argc
strstr
_access
sprintf
_snprintf
strncmp
fclose
rand
srand
time
memchr
__CxxFrameHandler
free
malloc
memmove
atof
sscanf

wininet

HttpSendRequestA
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetCloseHandle
InternetQueryOptionA
InternetSetOptionA
InternetReadFile

setupapi

SetupIterateCabinetA

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

riched20

ord4

Exports

Exports

strdup

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 819KB - Virtual size: 819KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a51fb7daba40b070416d678d10da8524

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

ws2_32

comctl32

version

imm32

dbghelp

msvcp60

shlwapi

crypt32

psapi

iphlpapi

msvcrt

wininet

setupapi

wintrust

riched20

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 203KB - Virtual size: 203KB

.data Size: 82KB - Virtual size: 339KB

.rsrc Size: 819KB - Virtual size: 819KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 203KB - Virtual size: 203KB

.data
Size: 82KB - Virtual size: 339KB

.rsrc
Size: 819KB - Virtual size: 819KB