c9dd7a85e010130ecaa824e856542bf9dd643ba76c737dbdaa5faa7f390d284a

Sharing

Copy URL Twitter E-mail

General

Target

c9dd7a85e010130ecaa824e856542bf9dd643ba76c737dbdaa5faa7f390d284a
Size

4.1MB
MD5

75edd7bb4088c2eac1bb9d4038a3946b
SHA1

14579e08ed80c3bde2c03147ee44a9b77cbcebf6
SHA256

c9dd7a85e010130ecaa824e856542bf9dd643ba76c737dbdaa5faa7f390d284a
SHA512

1b31476160f3ee0221830217556d0085d52dfa6e7d4e080646120b833241077d2f3c1e3d136e64d90ce711f0c898c4e25173734a09a53c3b284fa56711115022
SSDEEP

98304:3LbqBM96xbqNFMtHUI0zOtqZx4+ce9Bsyg4Ow+EkKY:3/KMx+lNtqZyXWGw+B7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9dd7a85e010130ecaa824e856542bf9dd643ba76c737dbdaa5faa7f390d284a

Files

c9dd7a85e010130ecaa824e856542bf9dd643ba76c737dbdaa5faa7f390d284a
.exe windows:6 windows x86 arch:x86

5af1b9516ddb7379ff367b74d7a3296a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntW
GetTickCount
GetTempPathW
FindResourceW
GetFileAttributesW
Sleep
GetComputerNameA
GetLocalTime
TerminateThread
ResumeThread
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalUnlock
GlobalMemoryStatusEx
GetFileSize
WritePrivateProfileStringW
GlobalLock
GetSystemInfo
GlobalAlloc
OutputDebugStringW
GetTimeZoneInformation
GetModuleHandleA
WaitForSingleObject
FindClose
SetFilePointer
GetShortPathNameW
WriteFile
FindNextFileW
ReadFile
GetStartupInfoW
WinExec
FreeLibrary
LCMapStringEx
LocalFree
GetModuleHandleW
CreateProcessW
DeleteCriticalSection
GetProcAddress
DecodePointer
LoadResource
LoadLibraryW
Process32FirstW
LockResource
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
FreeResource
GetSystemDirectoryW
InitializeCriticalSectionEx
TerminateProcess
GetCurrentProcess
SizeofResource
CreateSemaphoreA
GetSystemTimeAsFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
GetLastError
MultiByteToWideChar
WriteConsoleW
GetFullPathNameW
SetEndOfFile
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
CloseHandle
DeleteFileW
GetFileAttributesExW
CreateFileW
GetModuleFileNameW
GetFileSizeEx
CreateDirectoryW
GetCommandLineW
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RaiseException
GetCurrentDirectoryW
GetACP
SetFileTime
SystemTimeToFileTime
MulDiv
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetLastError
FormatMessageW
QueryPerformanceFrequency
MoveFileExW
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
InitializeConditionVariable
WakeAllConditionVariable
CreateThread
ExpandEnvironmentStringsA
GetVersionExA
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetDriveTypeW
GetFileInformationByHandle
SetFilePointerEx
HeapFree
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
VirtualProtect
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
IsValidCodePage
GetOEMCP
GetCPInfo
SleepConditionVariableSRW

user32

SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
PtInRect
GetParent
GetWindow
wvsprintfW
SetCursor
OffsetRect
LoadCursorW
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
SetPropW
GetPropW
GetActiveWindow
SetCapture
FillRect
SetRect
CreatePopupMenu
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
IsWindow
MonitorFromWindow
SetWindowPos
GetWindowRect
FindWindowW
ShowWindow
SetForegroundWindow
SetFocus
CharNextW
IsWindowVisible
DestroyWindow
CreateWindowExW
ReleaseCapture
GetKeyState
DrawTextW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
BringWindowToTop
MessageBoxW
GetWindowLongW
SetWindowLongW
ScreenToClient
GetClientRect
SetWindowRgn
PostMessageW
GetFocus
GetMonitorInfoW
wsprintfW
IsIconic
CharPrevW

gdi32

GdiFlush
GetDeviceCaps
CreatePatternBrush
CreateDIBSection
TextOutW
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SetStretchBltMode
SetWindowOrgEx
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
GetStockObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectClipRgn
CreateRoundRectRgn
GetObjectW
DeleteObject
RoundRect
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
GetObjectA
MoveToEx
SetTextColor

advapi32

CryptImportKey
RegEnumKeyExA
SystemFunction036
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExA
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExA

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromString
CLSIDFromProgID
OleLockRunning
OleInitialize
CreateStreamOnHGlobal

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

shlwapi

PathIsDirectoryW

iphlpapi

GetBestRoute2
if_indextoname
GetUnicastIpAddressTable
FreeMibTable
if_nametoindex
GetIfTable
GetAdaptersInfo
GetAdaptersAddresses

crypt32

CertEnumCertificatesInStore
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertFreeCertificateContext
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertGetNameStringW
CertFindExtension
CertFindCertificateInStore
CryptQueryObject
CertCloseStore
CertAddCertificateContextToStore

ws2_32

ioctlsocket
recv
getpeername
connect
htonl
listen
getservbyname
accept
gethostname
WSAStartup
WSACleanup
sendto
WSADuplicateSocketW
WSASocketW
getsockname
recvfrom
bind
WSAGetLastError
select
__WSAFDIsSet
socket
htons
closesocket
WSAIoctl
setsockopt
inet_ntop
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
ntohl
inet_pton
ntohs
WSASetLastError

gdiplus

GdipSetInterpolationMode
GdipFree
GdipGetImageGraphicsContext
GdipDisposeImage
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipDrawImageRectI
GdipCloneImage
GdipDrawImageRect
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDrawImageI
GdipFillRectangleI
GdiplusStartup
GdiplusShutdown
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCreateRegionRect
GdipCreateRegionPath
GdipDeleteRegion
GdipCombineRegionRegion
GdipCloneBrush
GdipDeleteBrush
GdipCreatePathGradientFromPath
GdipSetPathGradientCenterColor
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientFocusScales
GdipCreateFromHDC
GdipSetPageUnit
GdipFillRegion
GdipCreateLineBrushI
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipGraphicsClear
GdipDrawImage
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateSolidFill
GdipSetSolidFillColor
GdipCreatePen2
GdipDeletePen
GdipSetPenStartCap
GdipSetPenEndCap
GdipDrawLine
GdipAlloc

normaliz

IdnToUnicode
IdnToAscii

comctl32

ord17
_TrackMouseEvent

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fptable
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5af1b9516ddb7379ff367b74d7a3296a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

crypt32

ws2_32

gdiplus

normaliz

comctl32

imm32

bcrypt

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 372KB - Virtual size: 371KB

.data Size: 9KB - Virtual size: 13KB

.fptable Size: 512B - Virtual size: 128B

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 55KB - Virtual size: 55KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 372KB - Virtual size: 371KB

.data
Size: 9KB - Virtual size: 13KB

.fptable
Size: 512B - Virtual size: 128B

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 55KB - Virtual size: 55KB