4b494da538a6f5437611015fae50652f33bd3f285e35b9350eca84c8aeb6ba6b[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4b494da538a6f5437611015fae50652f33bd3f285e35b9350eca84c8aeb6ba6b.exe
Size

22.1MB
MD5

caeba9f81e883e9ba8be62067d79c602
SHA1

1fa1d3a56ffbd2589c63dcc59339a8dd0e477ae3
SHA256

4b494da538a6f5437611015fae50652f33bd3f285e35b9350eca84c8aeb6ba6b
SHA512

372c7c30855d089e30e421ae92ce03fe55e10101775f0cf91aed61ed6d09822b010a93aeb47e48d47e9fbb7eed5879fd7f3b45374bef7486e14cc358b2b77b86
SSDEEP

393216:ecn0JY95cTqWQxLnOs98Jsv6tWKFdu9CXcEJZxUYmAaXPK1b:e8J5QD4LOs9EVU3Aai

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b494da538a6f5437611015fae50652f33bd3f285e35b9350eca84c8aeb6ba6b.exe

Files

4b494da538a6f5437611015fae50652f33bd3f285e35b9350eca84c8aeb6ba6b.exe
.exe windows:6 windows x86 arch:x86

d789aac4639f212bc9194999020c5a6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmSetCandidateWindow
ImmGetVirtualKey
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd

oleaut32

VariantClear
VariantCopy
VariantChangeType
SafeArrayPutElement
SafeArrayCreateVector
SysAllocString
VarBstrFromDate
SysFreeString
LoadTypeLi
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrFormatKBSizeW
StrChrW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

gdi32

GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
GetObjectW
GetBitmapBits
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
OffsetRgn
BitBlt
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
CombineRgn
GetDIBits
CopyMetaFileW
SetBkColor
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
CreateHatchBrush
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
TextOutW
MoveToEx
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SelectPalette
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreatePatternBrush
CreatePen
GetRgnBox

uxtheme

DrawThemeParentBackground
DrawThemeText
GetWindowTheme
DrawThemeBackground
IsThemeActive
GetThemeSysColor
OpenThemeData
GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsAppThemed
GetCurrentThemeName

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled

ole32

CreateStreamOnHGlobal
CoDisconnectObject
CoGetMalloc
CoCreateGuid
OleDuplicateData
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoInitialize
CoLockObjectExternal
CoTaskMemAlloc
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoInitializeEx
CoUninitialize
OleUninitialize
OleInitialize
RevokeDragDrop
StringFromGUID2
RegisterDragDrop

advapi32

CryptDestroyHash
BuildTrusteeWithSidW
GetNamedSecurityInfoW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptEnumProvidersW
CryptSignHashW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
ReportEventW
RegisterEventSourceW
GetEffectiveRightsFromAclW
CryptHashData
CryptCreateHash
CryptDecrypt
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextW
SystemFunction036
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
OpenProcessToken
AccessCheck
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
GetTokenInformation
MapGenericMask
LookupAccountSidW
DeregisterEventSource

user32

GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
CreateMenu
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
MessageBoxW
GetSystemMetrics
ToAscii
SystemParametersInfoW
SetWindowRgn
DestroyWindow
GetDC
ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
IsWindow
MonitorFromWindow
GetKeyboardLayoutList
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
DrawIconEx
AttachThreadInput
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
RegisterDeviceNotificationW
UnregisterDeviceNotification
CharNextExA
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
EnableWindow
GetLastActivePopup
GetMessageW
GetActiveWindow
ValidateRect
GetWindowTextLengthW
CharUpperW
GetDlgCtrlID
PtInRect
GetClassNameW
RealChildWindowFromPoint
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetMessagePos
GetMessageTime
CallWindowProcW
GetClassInfoExW
IsMenu
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
UpdateWindow
SetActiveWindow
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
MapWindowPoints
CopyRect
EqualRect
GetClassLongW
GetTopWindow
SetScrollInfo
GetScrollInfo
WinHelpW
CheckDlgButton
IsDialogMessageW
PostQuitMessage
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
FillRect
InflateRect
CopyImage
SendDlgItemMessageA
SetRectEmpty
OffsetRect
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
MapDialogRect
ShowOwnedPopups
DeleteMenu
IntersectRect
GetNextDlgGroupItem
DrawFocusRect
IsRectEmpty
EnableScrollBar
InvertRect
NotifyWinEvent
GetMenuDefaultItem
GetKeyNameTextW
LoadMenuW
DrawStateW
SetClassLongW
DrawEdge
DrawFrameControl
BringWindowToTop
CopyIcon
FrameRect
DrawIcon
UnionRect
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
CharUpperBuffW
IsClipboardFormatAvailable
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
GetWindowRgn
MsgWaitForMultipleObjects
GetProcessWindowStation
GetUserObjectInformationW
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
DrawMenuBar
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
TranslateMessage
GetUpdateRect
ChangeWindowMessageFilterEx
RealGetWindowClassW
EnumWindows
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
EnumDisplayDevicesW
RegisterClassW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
DefWindowProcW

kernel32

GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileAttributesExW
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
ResetEvent
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
SwitchToThread
WaitForMultipleObjects
GetLastError
InitializeCriticalSectionEx
ExitProcess
VirtualAlloc
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalUnlock
GlobalLock
lstrlenA
CreateFileW
CloseHandle
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
VirtualProtect
WriteProcessMemory
GetModuleFileNameW
lstrcmpiW
lstrcatW
lstrcmpW
GetModuleHandleW
LocalFree
FormatMessageW
WTSGetActiveConsoleSessionId
SetErrorMode
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
OpenProcess
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetUserDefaultLangID
GetFileSize
ReadFile
SetFilePointer
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
Sleep
WaitForSingleObject
DuplicateHandle
GetSystemDirectoryW
CreateEventW
WaitForSingleObjectEx
SetEvent
IsProcessorFeaturePresent
TerminateProcess
OutputDebugStringW
GetLocalTime
GetSystemTime
GetCommandLineW
CompareStringEx
GetConsoleWindow
GetDriveTypeW
CreateMutexW
ReleaseMutex
GetLongPathNameW
GetVolumeInformationW
LCMapStringW
GetStartupInfoW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetEnvironmentVariableW
EnumSystemLocalesW
IsValidLocale
SetConsoleCtrlHandler
PeekNamedPipe
VirtualQuery
HeapQueryInformation
GetConsoleOutputCP
SetStdHandle
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
InterlockedPushEntrySList
RtlUnwind
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
RemoveDirectoryW
SetFileTime
GetTempPathW
GetACP
GetEnvironmentVariableW
GetStdHandle
VirtualFree
GetSystemDirectoryA
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
lstrlenW
MapViewOfFileEx
GetVolumePathNamesForVolumeNameW
DeviceIoControl
CopyFileW
MoveFileW
InitializeSRWLock
InitializeSListHead
GetSystemTimeAsFileTime
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointerEx
UnregisterWaitEx
RegisterWaitForSingleObject
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
MultiByteToWideChar
FindFirstFileExW
FindNextFileW
FreeLibrary
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetExitCodeProcess
FormatMessageA
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
OutputDebugStringA
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
LoadResource
LockResource
SizeofResource
FindResourceW
GlobalFree
MulDiv
InitializeCriticalSection
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
lstrcmpA
GlobalGetAtomNameW
GlobalAddAtomW
LockFile
UnlockFile
LoadLibraryExW
GlobalFlags
GlobalDeleteAtom
GlobalFindAtomW
GetVersionExW
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
SetFileAttributesW
SystemTimeToTzSpecificLocalTime
GetUserDefaultUILanguage
lstrcpyW
FindResourceExW
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetProfileIntW
SearchPathW
GetTempFileNameW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
IsDebuggerPresent
CompareStringW

shell32

SHGetKnownFolderPath
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHAppBarMessage
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
CommandLineToArgvW

msimg32

TransparentBlt
AlphaBlend

ws2_32

select
send
setsockopt
shutdown
WSASetLastError
WSAIoctl
WSAStringToAddressW
getaddrinfo
freeaddrinfo
InetNtopW
bind
ntohl
connect
recv
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
getservbyname
htons
htonl
getsockopt
getsockname
WSACleanup
ioctlsocket
closesocket
__WSAFDIsSet
WSAGetLastError
ntohs
WSAAsyncSelect
socket
WSAStartup

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

gdiplus

GdipCloneImage
GdiplusStartup
GdipGetImageWidth
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipFree
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc
GdiplusShutdown
GdipGetImagePaletteSize

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

bcrypt

BCryptGenRandom

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

winmm

timeBeginPeriod
timeGetDevCaps
timeGetTime
PlaySoundW
timeKillEvent
timeSetEvent
timeEndPeriod

netapi32

NetApiBufferFree
NetShareEnum

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d789aac4639f212bc9194999020c5a6a

Headers

DLL Characteristics

File Characteristics

Imports

imm32

oleaut32

shlwapi

wtsapi32

gdi32

uxtheme

dwmapi

ole32

advapi32

user32

kernel32

shell32

msimg32

ws2_32

crypt32

gdiplus

oleacc

bcrypt

winspool.drv

winmm

netapi32

userenv

version

Sections

.text Size: 10.6MB - Virtual size: 10.6MB

.rdata Size: 7.8MB - Virtual size: 7.8MB

.data Size: 3.3MB - Virtual size: 3.3MB

.qtmetad Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 457KB - Virtual size: 457KB

.text
Size: 10.6MB - Virtual size: 10.6MB

.rdata
Size: 7.8MB - Virtual size: 7.8MB

.data
Size: 3.3MB - Virtual size: 3.3MB

.qtmetad
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 457KB - Virtual size: 457KB