ad73a96f0860715c92d1b2411cee11dfe52bc6512c8f2bb162fd698c17972ec8

Sharing

Copy URL Twitter E-mail

General

Target

ad73a96f0860715c92d1b2411cee11dfe52bc6512c8f2bb162fd698c17972ec8
Size

1.1MB
MD5

b86a32b795216ed912e2b39d7cc518b1
SHA1

b474f834f3583aacc7ded7e96c2713ed5052c6b4
SHA256

ad73a96f0860715c92d1b2411cee11dfe52bc6512c8f2bb162fd698c17972ec8
SHA512

6b586cb17359159e3073a20d7d22ec557f05991246770c256110e140daae2962eece289ece235eca7cdf674bde985eb368cf06b696b87581585b1c12cff4e178
SSDEEP

24576:XSBff08UUo+uFGSkVh32yT1tU08R1CWabP8db:iff08Usr92yT1608R1m8Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad73a96f0860715c92d1b2411cee11dfe52bc6512c8f2bb162fd698c17972ec8

Files

ad73a96f0860715c92d1b2411cee11dfe52bc6512c8f2bb162fd698c17972ec8
.exe windows:4 windows x86 arch:x86

614a47bfdc78be6a485d85ae3ea67590

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\fhsource\zip\product\win32\dbginfo\update.pdb

Imports

kernel32

WritePrivateProfileStringW
TerminateThread
CreateThread
Sleep
ReadProcessMemory
TerminateProcess
GetExitCodeProcess
GetWindowsDirectoryW
GetSystemDirectoryW
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
VirtualFree
VirtualAlloc
GetSystemTimeAsFileTime
GetDiskFreeSpaceExW
LocalFree
InterlockedIncrement
GetCurrentProcessId
GetExitCodeThread
InterlockedDecrement
OutputDebugStringW
CreatePipe
GetStartupInfoW
SleepEx
DuplicateHandle
ReleaseMutex
FormatMessageW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateProcessA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
DeleteCriticalSection
GetStringTypeA
FlushFileBuffers
GetCurrentDirectoryA
ResetEvent
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileAttributesA
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
HeapCreate
ExitProcess
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetThreadLocale
GetLocaleInfoA
GetACP
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
CreateEventW
WaitForMultipleObjects
CreateMutexW
OutputDebugStringA
GetPrivateProfileStringW
InitializeCriticalSection
FreeLibrary
GetCommandLineW
GetLastError
GlobalUnlock
GetVersionExW
FindResourceExW
GlobalFree
SetFilePointer
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
SetEndOfFile
QueryDosDeviceW
GetLogicalDriveStringsW
SetEvent
OpenEventW
CreateProcessW
MoveFileExW
CopyFileW
MoveFileW
GetLocalTime
DeleteFileW
SetFileAttributesW
ExpandEnvironmentStringsW
Module32NextW
Module32FirstW
OpenProcess
GetTickCount
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateDirectoryW
GetFileAttributesW
WaitForSingleObject
WriteFile
lstrlenW
GetModuleHandleW
LockResource
LoadResource
SizeofResource
RaiseException
FindResourceW
GetCurrentProcess
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
GetFullPathNameA
SetLastError
GetProcAddress
GlobalLock
GetCurrentThreadId
LoadLibraryW
GlobalAlloc
FlushInstructionCache
GetModuleFileNameW
GetPrivateProfileIntW
CloseHandle
InterlockedExchange
ReadFile
GetFileSize
MultiByteToWideChar
CreateFileW
lstrlenA
FreeResource
GetStringTypeW

user32

KillTimer
GetActiveWindow
SetRect
GetNextDlgTabItem
OffsetRect
MonitorFromWindow
GetWindowRect
DestroyIcon
GetMonitorInfoW
SetFocus
IntersectRect
GetDlgCtrlID
ShowWindow
DefWindowProcW
EnableWindow
LoadCursorW
SetWindowPos
GetWindowThreadProcessId
RegisterClassExW
GetForegroundWindow
InvalidateRect
GetParent
SystemParametersInfoW
CopyRect
AttachThreadInput
IsWindowEnabled
SetActiveWindow
SendMessageW
RegisterWindowMessageW
FindWindowW
GetDC
LoadIconW
SetWindowLongW
LoadBitmapW
LoadImageW
MoveWindow
InflateRect
GetWindow
DestroyWindow
PostMessageW
GetClientRect
GetClassInfoExW
GetWindowLongW
MapWindowPoints
CreateWindowExW
GetDesktopWindow
IsWindow
BringWindowToTop
SetForegroundWindow
ExitWindowsEx
PostThreadMessageW
DispatchMessageW
PeekMessageW
TranslateMessage
GetMessageW
GetLastInputInfo
IsWindowVisible
EnumWindows
ClientToScreen
GetDlgItem
EqualRect
GetFocus
UpdateLayeredWindow
IsChild
GetCursorPos
IsIconic
DrawTextW
ScreenToClient
IsDialogMessageW
SetCapture
CallWindowProcW
SetWindowRgn
IsRectEmpty
SetTimer
PostQuitMessage
EndPaint
ReleaseCapture
SetRectEmpty
BeginPaint
SetCursor
DrawIconEx
PtInRect
ReleaseDC
UnregisterClassA

gdi32

CreateRoundRectRgn
CreateRectRgnIndirect
CombineRgn
LineTo
MoveToEx
GetTextExtentPoint32W
TextOutW
RoundRect
ExtSelectClipRgn
GetClipRgn
SetViewportOrgEx
GetViewportOrgEx
CreateFontIndirectW
GetTextColor
GetCurrentObject
SetBkMode
CreateRectRgn
StretchBlt
GetStretchBltMode
OffsetRgn
DeleteDC
ExtTextOutW
SetBkColor
SelectObject
Rectangle
CreateCompatibleDC
GetObjectW
CreatePen
DeleteObject
SetStretchBltMode
GetDeviceCaps
SelectClipRgn
RestoreDC
SaveDC
SetTextColor
CreateBitmap
GetStockObject
CreateCompatibleBitmap
CreateDIBSection
BitBlt
RectInRegion

advapi32

RegSetValueExW
OpenEventLogW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
LookupPrivilegeValueW
OpenProcessToken
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegOpenKeyW
CloseEventLog
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
ReadEventLogW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal

shlwapi

PathIsDirectoryW
StrToIntA
PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
StrToIntW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipDeletePath
GdipSetPenEndCap
GdipSetPenStartCap
GdipCreateSolidFill
GdipGetFamily
GdipCreatePath
GdipCloneBrush
GdipDeletePen
GdipDeleteBrush
GdipDeleteFont
GdipAddPathStringI
GdipCloneBitmapArea
GdipFree
GdipCreateImageAttributes
GdipAlloc
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImage
GdipCreatePen1
GdipSetClipHrgn
GdipSetClipPath
GdipDrawRectangleI
GdipSetStringFormatTrimming
GdipGetFontSize
GdipDrawLinesI
GdipSetStringFormatLineAlign
GdipCreateFont
GdipSetStringFormatAlign
GdipCreateFontFromLogfontW
GdipDrawLine
GdipAddPathPieI
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAddPathRectangleI
GdipAddPathRectangle
GdipDrawImageI
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipSetPenDashStyle
GdipResetWorldTransform
GdipCreateLineBrushFromRectWithAngleI
GdipPrivateAddFontFile
GdipMeasureString
GdipDeletePrivateFontCollection
GdipDrawString
GdipSetPixelOffsetMode
GdipNewPrivateFontCollection
GdipSetSmoothingMode
GdipFillPath
GdipAddPathArcI
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipSetTextRenderingHint
GdipGetFontCollectionFamilyCount
GdipSetCompositingQuality
GdipSetPenMode
GdipFillRectangleI
GdipFillRectangle
GdipClosePathFigure
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipDrawImagePointsRectI
GdipDeleteFontFamily
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDrawImageRectI
GdipImageRotateFlip
GdipGetImagePixelFormat
GdipSetInterpolationMode
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdipGraphicsClear
GdiplusStartup
GdipCloneImage
GdipLoadImageFromStream
GdipDeleteGraphics
GdipLoadImageFromFile
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDrawPath

ws2_32

ioctlsocket
select
__WSAFDIsSet
WSASetLastError
socket
connect
setsockopt
gethostbyname
inet_ntoa
inet_addr
WSAStartup
WSACleanup
closesocket
WSAGetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt

psapi

GetModuleFileNameExW

iphlpapi

IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 580KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 384KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

614a47bfdc78be6a485d85ae3ea67590

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

msimg32

gdiplus

ws2_32

psapi

iphlpapi

version

Sections

.text Size: 580KB - Virtual size: 578KB

.rdata Size: 128KB - Virtual size: 124KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 384KB - Virtual size: 381KB

.text
Size: 580KB - Virtual size: 578KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 384KB - Virtual size: 381KB