917d4475fc1e70d4db7b7c7451506305c960df70a4a003341601ed726e64b5d2

Sharing

Copy URL Twitter E-mail

General

Target

917d4475fc1e70d4db7b7c7451506305c960df70a4a003341601ed726e64b5d2
Size

4.5MB
MD5

ba1c8b320784e8f67c2bb7c2e55e7b36
SHA1

32e5735326eeac2ac349b90a72ccc0db06920665
SHA256

917d4475fc1e70d4db7b7c7451506305c960df70a4a003341601ed726e64b5d2
SHA512

1b9106a1e9ced13422b651b169e89d9e5b627111f37b6f941444ec3168c71981e4ca9429d0f41b14f146a32fd3d8fe7eca57ca66864c42c0b3671a61267924f7
SSDEEP

49152:5xsdoy1PAAOG+pGkD0KoHkWclIvpoTKZf7dKOX2YgQkK:5F4aJpfgKKkWDjd7gQk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
917d4475fc1e70d4db7b7c7451506305c960df70a4a003341601ed726e64b5d2

Files

917d4475fc1e70d4db7b7c7451506305c960df70a4a003341601ed726e64b5d2
.exe windows:4 windows x86 arch:x86

cf1ca68e517c42202e52b2a69c98bd85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecA
SHAutoComplete

winmm

waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
sndPlaySoundA
PlaySoundA
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveOutWrite

kernel32

IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
HeapCreate
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringW
SetEnvironmentVariableA
GetFileType
SetStdHandle
GetProfileStringA
HeapDestroy
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
ReadFile
GetFileSize
CreateFileA
CopyFileA
DeleteFileA
lstrcatA
GetModuleFileNameA
SetFileAttributesA
CreateDirectoryA
GetTickCount
CreateProcessA
lstrcpyA
GetLastError
GetFileAttributesA
GetTempPathA
GetLocalTime
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
LocalFree
SetFilePointer
LocalAlloc
lstrlenA
lstrcpynA
FindClose
FindNextFileA
HeapSize
TerminateProcess
GetSystemTime
GetTimeZoneInformation
GetACP
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RaiseException
ExitThread
HeapFree
HeapAlloc
RtlUnwind
SetErrorMode
GetProcessVersion
GlobalFlags
GetProfileIntA
TlsGetValue
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetCurrentThread
SetLastError
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FormatMessageA
lstrcmpiA
CompareStringA
GetTempFileNameA
GetPrivateProfileSectionNamesA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
GetVersion
GetCurrentProcessId
GetCurrentDirectoryA
GetCurrentThreadId
MulDiv
InterlockedIncrement
GetExitCodeThread
SetThreadPriority
ResetEvent
FreeLibrary
GetOEMCP
GetCPInfo
GetVersionExA
lstrcmpA
LocalSize
LocalReAlloc
GetModuleHandleA
GlobalSize
GlobalFree
OutputDebugStringA
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
ExitProcess
DeleteCriticalSection
CancelIo
InterlockedExchange
GetQueuedCompletionStatus
InterlockedDecrement
CreateIoCompletionPort
GetSystemInfo
EnterCriticalSection
PostQueuedCompletionStatus
LeaveCriticalSection
InitializeCriticalSection
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
MoveFileA
WriteFile
FindFirstFileA
GetEnvironmentVariableA

user32

SetWindowContextHelpId
TranslateAcceleratorA
ReuseDDElParam
UnpackDDElParam
DefFrameProcA
TranslateMDISysAccel
ValidateRect
GetNextDlgGroupItem
PostThreadMessageA
ShowOwnedPopups
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
DestroyMenu
LoadStringA
wvsprintfA
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
SetWindowTextA
SetDlgItemTextA
GetDlgItemTextA
SendDlgItemMessageA
ScrollWindow
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
WinHelpA
GetClassInfoA
RegisterClassA
SetWindowPlacement
CreateWindowExA
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
GetTabbedTextExtentA
DestroyWindow
GetClipboardFormatNameA
GetAsyncKeyState
MapDialogRect
GetScrollInfo
GetDoubleClickTime
CallWindowProcA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetCursorPos
UnionRect
DeferWindowPos
GetMenu
GetClassLongA
BeginDeferWindowPos
EndDeferWindowPos
GetMenuStringW
LookupIconIdFromDirectoryEx
GetWindowTextLengthA
GetWindowTextA
GetDialogBaseUnits
GetCursor
CharUpperA
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
LoadAcceleratorsA
CopyAcceleratorTableA
IsWindowEnabled
GetActiveWindow
DrawEdge
DrawFocusRect
DrawFrameControl
BringWindowToTop
IsZoomed
SetActiveWindow
DrawAnimatedRects
FindWindowA
EnumChildWindows
SetForegroundWindow
TrackPopupMenu
SetMenuDefaultItem
AdjustWindowRectEx
CreatePopupMenu
GetDlgItem
GetDCEx
InvertRect
MapWindowPoints
SetFocus
EqualRect
GetClassNameA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
ShowWindow
IsDialogMessageA
IsClipboardFormatAvailable
GetMenuDefaultItem
GetWindowRgn
HideCaret
ShowCaret
IsChild
IsMenu
GetMenuItemInfoA
GetMenuItemID
GrayStringA
TabbedTextOutA
CopyIcon
CreateIconIndirect
CreateIconFromResourceEx
RegisterClipboardFormatA
GetNextDlgTabItem
GetForegroundWindow
GetLastActivePopup
WaitMessage
UnregisterClassA
ExcludeUpdateRgn
DefDlgProcA
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
InvalidateRect
SendMessageA
EnableWindow
RegisterWindowMessageA
SetRect
MapVirtualKeyA
GetTopWindow
CopyRect
PeekMessageA
IsRectEmpty
DrawStateA
SetRectEmpty
MoveWindow
IsWindow
DefWindowProcA
GetSysColor
FillRect
GetCapture
CreateMenu
GetMenuStringA
InsertMenuA
PtInRect
LoadBitmapA
SetWindowRgn
GetSysColorBrush
IntersectRect
GetIconInfo
SystemParametersInfoA
GetClipboardData
DrawTextA
GetScrollBarInfo
ShowScrollBar
DrawIconEx
GetKeyState
GetMenuState
CheckMenuRadioItem
GetDC
ReleaseDC
SetClassLongA
ClipCursor
DestroyCursor
GetWindowLongA
SetWindowLongA
KillTimer
SetParent
GetFocus
PostMessageA
SetMenu
SetTimer
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBeep
InflateRect
OffsetRect
GetWindowRect
CharNextA
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
wsprintfA
RedrawWindow
IsWindowVisible
MessageBoxA
UpdateWindow
DestroyIcon
DrawMenuBar
LoadImageA
LockWindowUpdate
GetMenuItemCount
GetCursorPos
GetSubMenu
LoadMenuA
GetDesktopWindow
GetWindow
SetCapture
LoadCursorA
SetCursor
ScreenToClient
WindowFromPoint
ClientToScreen
ReleaseCapture
GetParent
SendMessageTimeoutA
SetWindowPos
GetDlgCtrlID
CheckMenuItem
EnableMenuItem
DeleteMenu

gdi32

StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCharWidthA
GetCurrentPositionEx
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SaveDC
RestoreDC
SetPolyFillMode
SetMapMode
SetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
SetTextAlign
SetPixel
GetWindowExtEx
LPtoDP
DPtoLP
GetMapMode
SetRectRgn
CopyMetaFileA
GetDIBits
Escape
RectVisible
PtVisible
GetDeviceCaps
SetStretchBltMode
CreateCompatibleBitmap
CreateBitmap
StretchBlt
GetTextMetricsA
GetTextExtentPointA
CreateDIBitmap
GetTextExtentPoint32A
GetTextAlign
Polygon
DeleteDC
DeleteObject
TextOutA
GetPixel
CreateRectRgn
CombineRgn
GetStockObject
CreateFontIndirectA
GetObjectA
SetBkColor
SetTextColor
ExtTextOutA
BitBlt
StretchDIBits
CreateCompatibleDC
GetViewportExtEx
RoundRect
CreatePolygonRgn
GetRgnBox
SetBrushOrgEx
Ellipse
ExtFloodFill
Polyline
CreateFontA
GetViewportOrgEx
GetBkColor
CreatePatternBrush
EnumFontFamiliesExA
CreatePen
ExtCreateRegion
GetBitmapBits
GetWindowOrgEx
CreateRectRgnIndirect
GetTextColor
GetCurrentObject
PtInRegion
PatBlt
CreateDIBSection
SelectObject
CreateSolidBrush
SetBkMode

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA
ChooseColorA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegEnumKeyA
RegOpenKeyA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA

shell32

ExtractIconA
SHAppBarMessage
ShellExecuteA
Shell_NotifyIconA
SHBrowseForFolderA
SHGetMalloc
DragFinish
DragQueryFileA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetFileInfoA

comctl32

ImageList_LoadImageA
ord17
ImageList_Remove
ImageList_GetImageInfo
ImageList_Add
ImageList_GetIcon
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Draw
ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ImageList_AddMasked
ImageList_ReplaceIcon

oledlg

ord8
ord1

ole32

OleInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoTaskMemFree
ReleaseStgMedium
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoTaskMemAlloc
OleDuplicateData
CoUninitialize
CoInitialize
CoRevokeClassObject
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleUninitialize

olepro32

ord253

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VariantChangeTypeEx
VarBstrFromDate
SysAllocStringLen
VariantTimeToSystemTime
VariantClear
SysFreeString
SysAllocString
VarDateFromStr
SysStringLen
LoadTypeLi
OleLoadPicturePath

urlmon

URLDownloadToFileA

ws2_32

WSASend
WSARecv
accept
WSAGetLastError
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAEventSelect
setsockopt
listen
inet_addr
gethostname
ntohs
shutdown
getsockname
WSAStartup
socket
ioctlsocket
__WSAFDIsSet
WSACloseEvent
WSAIoctl
recv
bind
gethostbyname
connect
htons
send
inet_ntoa
getpeername
closesocket
WSACleanup
select

avifil32

AVIStreamSetFormat
AVIStreamWrite
AVIFileOpenA
AVIFileCreateStreamA
AVIStreamRelease
AVIFileRelease
AVIFileExit
AVIFileInit

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibClose

wininet

InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetGetConnectedState
InternetGetLastResponseInfoA

imm32

ImmAssociateContext

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 602KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf1ca68e517c42202e52b2a69c98bd85

Headers

File Characteristics

Imports

shlwapi

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

ws2_32

avifil32

msvfw32

wininet

imm32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 112KB - Virtual size: 108KB

.rdata Size: 404KB - Virtual size: 403KB

.data Size: 148KB - Virtual size: 602KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 112KB - Virtual size: 108KB

.rdata
Size: 404KB - Virtual size: 403KB

.data
Size: 148KB - Virtual size: 602KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB