5b43cbdbef8e541a0fa91059b2653a2a261ac56421392adec75f97470fd7aebe

Sharing

Copy URL Twitter E-mail

General

Target

5b43cbdbef8e541a0fa91059b2653a2a261ac56421392adec75f97470fd7aebe
Size

12.6MB
MD5

69f0d6d80827ce75293a3943001c5271
SHA1

ddab58c07b49a4badfe8e43c768250ad5f7db509
SHA256

5b43cbdbef8e541a0fa91059b2653a2a261ac56421392adec75f97470fd7aebe
SHA512

6e031d0117cf2edac6be35b701869f8c8bf55dcd659a23866670c136553e4c54f655021b749dbb83a449941f2fa0011810a7cafd5b8b6c87c9d1ef9dd668d4c6
SSDEEP

196608:OCmdZJm7TgGJes+PsZvhH/RO4Um4mv0pYdbyNspW5z19Cwh/B85uW1gniOe5:OC6K7sq/c4uhYoNsp69CwxBiu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b43cbdbef8e541a0fa91059b2653a2a261ac56421392adec75f97470fd7aebe

Files

5b43cbdbef8e541a0fa91059b2653a2a261ac56421392adec75f97470fd7aebe
.exe windows:5 windows x86 arch:x86

7d43e76398fb334210e12637e15ab74c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
getaddrinfo
recv
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
WSAStartup
WSASetLastError
select
__WSAFDIsSet
getservbyname
gethostbyname
htonl
socket
WSAGetLastError
freeaddrinfo
WSACleanup
shutdown

kernel32

GetUserDefaultLCID
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetTimeZoneInformation
SetErrorMode
EnumSystemLocalesW
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
VirtualQuery
QueryPerformanceFrequency
HeapQueryInformation
SetStdHandle
GetCommandLineW
GetCommandLineA
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
GetStringTypeW
LCMapStringW
GetCPInfo
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
GlobalGetAtomNameW
FindResourceExW
GetProfileIntW
ExitProcess
SearchPathW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileTime
GetFileSizeEx
GetFileAttributesExW
LocalAlloc
GetThreadLocale
lstrcmpiW
DuplicateHandle
UnlockFile
LockFile
GetFullPathNameW
FlushFileBuffers
ResumeThread
SetThreadPriority
GetPrivateProfileIntW
GetCurrentThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
lstrcmpA
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
EncodePointer
LoadLibraryA
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleA
FreeResource
OutputDebugStringA
GlobalSize
VerifyVersionInfoW
VerSetConditionMask
FormatMessageA
PeekNamedPipe
GetFileType
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetTickCount
SleepEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetFileSize
CreateMutexA
VirtualAlloc
InterlockedCompareExchange
VirtualFree
lstrcpynW
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CopyFileExW
SetVolumeLabelW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GetFirmwareEnvironmentVariableW
ReadFile
CreatePipe
GetCurrentProcess
GlobalUnlock
GlobalLock
FindClose
FindNextFileW
FindFirstFileW
SetLastError
MoveFileExW
CopyFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
RemoveDirectoryW
GetFileAttributesW
LocalFree
FormatMessageW
GetTempPathW
GetLongPathNameW
GetTempFileNameW
ReleaseMutex
CreateMutexW
CreateEventW
GetWindowsDirectoryW
GetSystemDirectoryW
MulDiv
WriteFile
GetStdHandle
WriteConsoleW
OutputDebugStringW
SetEndOfFile
SetFilePointer
MoveFileW
DeleteFileW
GetVolumeInformationW
DefineDosDeviceW
CreateDirectoryW
DeviceIoControl
CreateFileW
GlobalFree
GlobalAlloc
GetLocalTime
SetFileAttributesW
CloseHandle
GetLastError
GetPrivateProfileSectionNamesW
SetConsoleMode
WritePrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetCurrentDirectoryW
GetModuleFileNameW
WinExec
lstrlenW
lstrcatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
GlobalMemoryStatusEx
GetModuleHandleW
GetVersionExW
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcpyW
SetEvent
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
GetSystemTime
FlushConsoleInputBuffer
GlobalMemoryStatus
ReadConsoleInputA

user32

TranslateMessage
GetMessageW
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
LoadMenuW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoW
MonitorFromWindow
WinHelpW
SetScrollInfo
GetTopWindow
GetClassLongW
EqualRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
GetScrollRange
SetScrollRange
GetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
GetMessageTime
PeekMessageW
DispatchMessageW
IsDialogMessageW
GetWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetFocus
GetDlgCtrlID
CheckDlgButton
SetWindowPos
MoveWindow
ShowWindow
MapVirtualKeyW
GetKeyNameTextW
CallNextHookEx
ShowOwnedPopups
SetWindowsHookExW
EndPaint
BeginPaint
GetWindowDC
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxW
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
GetSystemMenu
DeleteMenu
SetWindowRgn
ReuseDDElParam
CopyIcon
PostThreadMessageW
WaitMessage
GetDoubleClickTime
LoadBitmapW
GetClassNameW
DrawStateW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
SetRect
ShowScrollBar
SetScrollPos
SetCapture
SystemParametersInfoW
GetDesktopWindow
GetClassInfoW
DefWindowProcW
DrawFrameControl
IsRectEmpty
FrameRect
FillRect
GetFocus
BringWindowToTop
GetNextDlgGroupItem
ReleaseCapture
MessageBeep
NotifyWinEvent
CreatePopupMenu
GetMenuItemInfoW
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
DestroyMenu
EnableScrollBar
UnionRect
MonitorFromPoint
CopyImage
CharNextW
CopyAcceleratorTableW
InvalidateRgn
DestroyIcon
ClientToScreen
WindowFromPoint
GetCursorPos
GetCapture
GetWindowLongW
UnregisterClassW
CharUpperW
SetLayeredWindowAttributes
GetSysColorBrush
EnumDisplayMonitors
SendDlgItemMessageA
RealChildWindowFromPoint
TrackMouseEvent
IsZoomed
UnhookWindowsHookEx
GetAsyncKeyState
GetIconInfo
IsCharLowerW
MapVirtualKeyExW
ExitWindowsEx
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
UnpackDDElParam
CreateMenu
HideCaret
InvertRect
DestroyCursor
GetComboBoxInfo
GetWindowRgn
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
InsertMenuItemW
TranslateAcceleratorW
ModifyMenuW
CharUpperBuffW
RegisterClipboardFormatW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
LoadImageW
SetClassLongW
SetParent
SetCursorPos
RegisterWindowMessageW
InvalidateRect
SendMessageW
GetSysColor
GetWindowRect
GetSystemMetrics
LockWindowUpdate
DestroyAcceleratorTable
PostMessageW
EnableWindow
RedrawWindow
GetClientRect
GetParent
InflateRect
DrawTextW
IntersectRect
KillTimer
SetTimer
LoadCursorW
SetWindowLongW
SetCursor
IsWindow
GetDC
ReleaseDC
SetRectEmpty
PtInRect
OffsetRect
GetScrollInfo
UpdateWindow
CopyRect
TabbedTextOutW
DrawTextExW
GrayStringW
GetMessagePos
ScreenToClient
EnumWindows
SendMessageTimeoutW
LoadIconW
RegisterDeviceNotificationW
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawIconEx
DrawFocusRect
IsIconic
DrawIcon
SetForegroundWindow
DrawEdge

gdi32

GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkColor
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
GetObjectType
CreateRectRgnIndirect
CombineRgn
SetRectRgn
DPtoLP
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
GetRgnBox
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
OffsetRgn
EnumFontFamiliesExW
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceW
GetClipBox
ExcludeClipRect
CreatePatternBrush
CreateHatchBrush
CreateBitmap
DeleteDC
GetDeviceCaps
CreateDCW
CopyMetaFileW
GetTextMetricsW
GetCurrentObject
CreateRectRgn
DeleteObject
Rectangle
GetBkColor
GetTextColor
Escape
ExtTextOutW
RectVisible
PtVisible
TextOutW
GetMapMode
GetTextExtentPoint32W
GetStockObject
SetBkMode
SetTextColor
SelectObject
BitBlt
RoundRect
CreatePen
PatBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
CreateFontIndirectW
ScaleWindowExtEx
CreateSolidBrush

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
CryptEnumProvidersA
CryptSignHashA
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegQueryValueW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegCloseKey
RegEnumValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptDecrypt

shell32

DragFinish
DragQueryFileW
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderLocation
SHGetDesktopFolder

comctl32

InitCommonControlsEx
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_GetImageInfo
_TrackMouseEvent

shlwapi

UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathIsDirectoryW
PathCombineW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
StrFormatKBSizeW

uxtheme

GetThemePartSize
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsAppThemed
DrawThemeParentBackground
DrawThemeText
GetThemeSysColor
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
OpenThemeData

ole32

CoInitializeEx
CoUninitialize
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoSetProxyBlanket
CoInitializeSecurity
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
VariantChangeType
SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
VariantInit
SysStringLen
VarBstrCat

oledlg

OleUIBusyW

gdiplus

GdipLoadImageFromStream
GdipSetInterpolationMode
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusShutdown
GdiplusStartup
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipGetDpiY
GdipDeleteStringFormat
GdipCreateStringFormat
GdipGraphicsClear
GdipSetSolidFillColor
GdipAddPathEllipseI
GdipResetPath
GdipDrawPath
GdipClosePathFigure
GdipAddPathArcI
GdipDeletePen
GdipCreatePen1
GdipDeletePath
GdipCreatePath
GdipFillPath
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipReleaseDC
GdipDrawImageRectI
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCloneImage
GdipDisposeImage
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipFree

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

wininet

InternetQueryDataAvailable
InternetQueryOptionW
InternetGetLastResponseInfoW
InternetWriteFile
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetSetStatusCallbackW
HttpQueryInfoW

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d43e76398fb334210e12637e15ab74c

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

setupapi

version

oleacc

wininet

imm32

winmm

crypt32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 68KB - Virtual size: 109KB

.gfids Size: 105KB - Virtual size: 105KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 6.8MB - Virtual size: 6.8MB

.reloc Size: 218KB - Virtual size: 217KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 68KB - Virtual size: 109KB

.gfids
Size: 105KB - Virtual size: 105KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 6.8MB - Virtual size: 6.8MB

.reloc
Size: 218KB - Virtual size: 217KB