91a91e1f073e17fa6d4a946ff28d63de7cfd214d0e9aa41b074dfad1fa719ada

Sharing

Copy URL

Twitter E-mail

General

Target

91a91e1f073e17fa6d4a946ff28d63de7cfd214d0e9aa41b074dfad1fa719ada
Size

10.0MB
MD5

d04fdc221c2a9360eb1a2f1377a25eae
SHA1

58e2c65943c2d4ab82f5777209821361fcb35ba5
SHA256

91a91e1f073e17fa6d4a946ff28d63de7cfd214d0e9aa41b074dfad1fa719ada
SHA512

275b2ec8022b61c84a4d33a2a5271e16193fd6f509d84bf8590f6241559541feb5da89bd14ac4021ea53f1f40fddb0a14ea229cac71324a7949c056a85e0a977
SSDEEP

196608:hdbC3wwyoSIDWqJuSEUjLc1U0YpfgiH+ghTRXWSKbZ7G8h/AIdlxEL9AVtYSEAEf:XbC3wwyoSIDWqJuSEUjLc+0qp+ghTwZo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91a91e1f073e17fa6d4a946ff28d63de7cfd214d0e9aa41b074dfad1fa719ada

Files

91a91e1f073e17fa6d4a946ff28d63de7cfd214d0e9aa41b074dfad1fa719ada
.exe windows:5 windows x86 arch:x86

489bd839bd86aa9ee41094c6f8c906ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\UIDownloader\bin\Release\setup_1_237148.pdb

Imports

kernel32

SetConsoleMode
ReadConsoleA
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
GetEnvironmentVariableW
GetCommandLineW
DecodePointer
RaiseException
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
LoadLibraryW
GetModuleFileNameW
GetCurrentProcess
GetCurrentThread
DeleteCriticalSection
InitializeCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
GetProcessHeap
HeapAlloc
GetNativeSystemInfo
LoadLibraryA
VirtualAlloc
VirtualFree
SetLastError
HeapFree
VirtualProtect
GetSystemTimeAsFileTime
GetModuleHandleA
IsBadWritePtr
WinExec
InitializeCriticalSectionAndSpinCount
SetEndOfFile
GetModuleHandleW
GetProcAddress
OutputDebugStringW
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetLocalTime
FileTimeToSystemTime
lstrcpynW
Sleep
lstrcpyW
LoadResource
FindResourceW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
MulDiv
FormatMessageW
CopyFileW
OutputDebugStringA
EncodePointer
GetSystemDirectoryW
FreeResource
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
SetErrorMode
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalGetAtomNameW
SetEvent
WaitForSingleObject
CreateEventW
SetThreadPriority
ResumeThread
GetVersionExW
lstrcmpA
GetLocaleInfoW
GetUserDefaultUILanguage
GlobalFlags
FindClose
FindFirstFileW
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
UnlockFile
DuplicateHandle
lstrcmpiW
FindResourceExW
GetWindowsDirectoryW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetFileAttributesW
SystemTimeToTzSpecificLocalTime
VerSetConditionMask
VerifyVersionInfoW
GetTempPathW
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
TryEnterCriticalSection
SwitchToThread
GetExitCodeThread
LCMapStringW
GetCPInfo
GetACP
InterlockedIncrement
InterlockedDecrement
MoveFileExW
CompareFileTime
FindNextFileW
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
SleepEx
GetSystemDirectoryA
MoveFileExA
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
HeapQueryInformation
VirtualQuery
SetStdHandle
ExitProcess
GetModuleFileNameA
GetDriveTypeW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
WriteConsoleW
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
GetFileSize
FreeLibrary
lstrlenW
GetLastError
WideCharToMultiByte
SystemTimeToFileTime
GetCurrentDirectoryW
CloseHandle
LocalFileTimeToFileTime
MultiByteToWideChar
GetFileAttributesW
CreateFileW
SetFilePointer
SetFileTime
WriteFile
ReadFile
CreateDirectoryW
LockResource
SizeofResource

user32

GetDC
ReleaseDC
GetSysColorBrush
LoadCursorW
GetWindowThreadProcessId
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
ClientToScreen
FillRect
DestroyMenu
GetMenuItemInfoW
InflateRect
SystemParametersInfoW
CopyImage
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetMessageW
TranslateMessage
GetCursorPos
RealChildWindowFromPoint
GetAsyncKeyState
MapDialogRect
DestroyIcon
CharUpperW
IntersectRect
TrackMouseEvent
InvalidateRect
LoadImageW
ShowOwnedPopups
SetCursor
DeleteMenu
SetTimer
KillTimer
CreatePopupMenu
GetMenuDefaultItem
GetNextDlgGroupItem
SetCapture
ReleaseCapture
WindowFromPoint
DrawFocusRect
IsRectEmpty
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
IsWindowEnabled
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
IsWindow
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsDialogMessageW
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
InvalidateRgn
GetCaretBlinkTime
GetGUIThreadInfo
RegisterClassExW
CreateCaret
ShowCaret
SetCaretPos
GetCaretPos
CharPrevW
wsprintfA
DrawTextA
CharPrevExA
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetParent
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
SetWindowTextW
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
CheckDlgButton
MoveWindow
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
IsClipboardFormatAvailable
GetDlgCtrlID
GetDlgItem
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
CheckMenuItem
DestroyWindow
IsChild
UnionRect
IsMenu
MessageBoxW
PostQuitMessage
LoadIconW
EnableWindow
SendMessageW
ShowWindow
MonitorFromWindow
GetMonitorInfoW
GetDesktopWindow
wsprintfW
CharNextW
UnpackDDElParam
CreateWindowExW

gdi32

GetBitmapBits
SetBitmapBits
GetViewportOrgEx
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
GetObjectW
GdiFlush
GetObjectA
GetCharABCWidthsW
CreatePenIndirect
PlayEnhMetaFile
GetEnhMetaFileHeader
GetTextExtentPointA
CreateEnhMetaFileW
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
GetClipBox
ExcludeClipRect
Escape
DeleteObject
DeleteDC
CreateSolidBrush
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn
GetTextMetricsW
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
CreateBitmap
SetTextColor
SetBkColor
GetTextExtentPoint32W
CreateFontIndirectW
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
CloseEnhMetaFile
RemoveFontMemResourceEx
AddFontMemResourceEx
LPtoDP
ScaleWindowExtEx
GetTextFaceW
GetDeviceCaps
CreateDCW
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
CopyMetaFileW

advapi32

RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHCreateDirectoryExW
SHFileOperationW
SHAppBarMessage
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW

ole32

OleLockRunning
CoTaskMemFree
CoCreateInstance
CoInitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CLSIDFromProgID
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CLSIDFromString
CoInitializeEx
CoUninitialize
OleInitialize
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
IsAccelerator

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VariantClear
VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
LoadTypeLi
VariantInit

msimg32

AlphaBlend
TransparentBlt

shlwapi

wnsprintfA
SHSetValueW
SHGetValueW
StrChrA
StrCmpIW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
SHCreateStreamOnFileEx
wnsprintfW

uxtheme

DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize
DrawThemeText

winhttp

WinHttpSendRequest
WinHttpReadData
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpSetStatusCallback
WinHttpCloseHandle

gdiplus

GdipDrawLine
GdipSetPenEndCap
GdipSetPenStartCap
GdipCreatePen2
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRect
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipResetWorldTransform
GdipSetWorldTransform
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipReleaseDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenDashStyle
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCloneBrush
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipCreateMatrix

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

iphlpapi

GetAdaptersInfo

snmpapi

SnmpUtilOidCpy
SnmpUtilVarBindFree
SnmpUtilOidNCmp

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

ws2_32

WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSACleanup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
getnameinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
htons
gethostbyname
gethostname
WSAStartup
send
WSACloseEvent
WSACreateEvent
shutdown

winmm

PlaySoundW

wldap32

ord46
ord211
ord60
ord45
ord50
ord217
ord143
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

crypt32

CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1018KB - Virtual size: 1017KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14.8MB - Virtual size: 14.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

489bd839bd86aa9ee41094c6f8c906ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

shlwapi

uxtheme

winhttp

gdiplus

imm32

iphlpapi

snmpapi

oleacc

ws2_32

winmm

wldap32

crypt32

winspool.drv

comctl32

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 1018KB - Virtual size: 1017KB

.data Size: 14.8MB - Virtual size: 14.9MB

.rsrc Size: 179KB - Virtual size: 178KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 1018KB - Virtual size: 1017KB

.data
Size: 14.8MB - Virtual size: 14.9MB

.rsrc
Size: 179KB - Virtual size: 178KB