4cd00987ecf99ccfc281d231ea632901b8392f61ebc020cc8baff804aee0f551

Sharing

Copy URL

Twitter E-mail

General

Target

4cd00987ecf99ccfc281d231ea632901b8392f61ebc020cc8baff804aee0f551
Size

3.0MB
MD5

4ce274d61766f02d56fc4a60d682722f
SHA1

354fd5423b187e31af2542d00058c024396cf9b8
SHA256

4cd00987ecf99ccfc281d231ea632901b8392f61ebc020cc8baff804aee0f551
SHA512

692b65b209a3eac1a4f5d7ace158e98a294c70b4e4fa56fd28bbd1c626b6696ac3426f00fabd62f8afacad91cc3baccb611ec91807a377440258839617bf8636
SSDEEP

49152:XFwj7LlRdhAL6dDa8kCofP6oOmbU0rqNQo4kgBvLVFEsPgFl0u9Cxk3ot1NFcS8z:XFwjGfTO3SqOjFLA1Flf2k3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cd00987ecf99ccfc281d231ea632901b8392f61ebc020cc8baff804aee0f551

Files

4cd00987ecf99ccfc281d231ea632901b8392f61ebc020cc8baff804aee0f551
.exe windows:5 windows x86 arch:x86

2ddf6f5b7dec782b3cd82ddc2c59e740

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

freeaddrinfo
accept
listen
recvfrom
sendto
getaddrinfo
gethostname
gethostbyname
WSAIoctl
setsockopt
ntohs
WSACleanup
htons
getsockopt
getsockname
getpeername
getnameinfo
shutdown
connect
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
ioctlsocket
closesocket
WSAStartup

kernel32

FindNextFileA
lstrcmpA
FindFirstFileA
GetLongPathNameA
MoveFileA
MultiByteToWideChar
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
GetLogicalDrives
GetCurrentProcess
GetModuleHandleA
GetProcAddress
LoadLibraryA
OutputDebugStringA
SetConsoleMode
GetEnvironmentVariableW
FreeLibrary
FormatMessageW
GetSystemTime
WriteConsoleW
SetEnvironmentVariableA
lstrlenA
lstrcpynA
lstrcpyA
GetModuleFileNameA
SetEndOfFile
SetFilePointer
CopyFileA
Sleep
GetTickCount
WaitForSingleObject
TerminateThread
CreateThread
ReadConsoleA
FormatMessageA
PeekNamedPipe
ReadFile
GetStdHandle
GetFileType
WaitForMultipleObjects
ExpandEnvironmentStringsA
QueryPerformanceCounter
VerifyVersionInfoW
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryW
VerSetConditionMask
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
ExitProcess
LockResource
SizeofResource
LoadResource
FindResourceA
lstrcatA
GetEnvironmentVariableA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenMutexA
WideCharToMultiByte
DeviceIoControl
SleepEx
SetLastError
lstrcmpiA
lstrcpyW
CreateProcessA
LocalFree
ConvertThreadToFiber
ConvertFiberToThread
FindFirstFileW
CloseHandle
CreateFileMappingA
CreateFileA
GetLastError
DeleteFileA
SwitchToFiber
DeleteFiber
FindClose
TryEnterCriticalSection
GetCurrentThreadId
GetStringTypeW
EncodePointer
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
GetExitCodeThread
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
IsDebuggerPresent
OutputDebugStringW
GetACP
GlobalLock
GlobalUnlock
GetFileSize
GetCurrentDirectoryA
MulDiv
FreeResource
GlobalAlloc
WriteFile
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetCurrentProcessId
IsDBCSLeadByte
GetLocalTime
InterlockedIncrement
InterlockedDecrement
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
FreeEnvironmentStringsW
GetModuleHandleExW
CreateFileW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetFileAttributesExW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
MoveFileExW
CreateDirectoryW
GetTimeZoneInformation
GetCurrentDirectoryW
GetFullPathNameW
SetConsoleCtrlHandler
FindFirstFileExA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
CreateFiber

user32

SetWindowLongA
GetParent
GetWindow
LoadCursorA
LoadImageA
MonitorFromWindow
GetMonitorInfoA
IsIconic
SetWindowRgn
ScreenToClient
OffsetRect
SetCursor
InflateRect
UnionRect
DestroyWindow
IsWindowVisible
CharNextA
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
MapWindowPoints
GetSysColor
IntersectRect
IsRectEmpty
PtInRect
IsWindowEnabled
CharPrevA
GetWindowLongA
DrawTextW
FillRect
SetRect
UpdateLayeredWindow
MoveWindow
GetWindowRgn
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuA
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
EqualRect
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
CreateAcceleratorTableA
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextA
MapVirtualKeyExA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetWindowRect
GetClientRect
MessageBoxA
GetDesktopWindow
PostQuitMessage
IsZoomed
GetPropA
LoadStringW
wsprintfA
SetPropA
GetSystemMetrics
EnableWindow
SetFocus
SetWindowPos
ShowWindow
IsWindow
CreateWindowExA
GetClassInfoExA
RegisterClassExA
RegisterClassA
CallWindowProcA
DefWindowProcA
PostMessageA
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
DrawTextA

gdi32

CreateRectRgnIndirect
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectA
CreatePen
DeleteDC
GetDeviceCaps
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileA
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsA
SetWindowOrgEx
CombineRgn
CreatePenIndirect
CreateSolidBrush
GetCharABCWidthsA
GetClipBox
GetTextExtentPoint32A
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
MoveToEx
TextOutA
GdiFlush
CreateRectRgn
PtInRegion
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
CreateRoundRectRgn
GetObjectA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
DragQueryFileA

ole32

CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
CreateStreamOnHGlobal
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoInitialize
CoCreateInstance
CoUninitialize
OleLockRunning

oleaut32

SysFreeString
SysAllocString
VariantClear
SysAllocStringLen
VariantInit

shlwapi

PathAppendA
PathRemoveFileSpecA
StrCmpNIA
PathCombineA
StrToIntA
PathFileExistsW
PathFindExtensionA
SHSetValueA
PathRemoveBackslashA
StrStrIA
PathStripPathA
wnsprintfA
PathRemoveExtensionA
PathFileExistsA
StrFormatByteSizeA
SHGetValueA

sensapi

IsNetworkAlive

wldap32

ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord118
ord41
ord208
ord216
ord14
ord46
ord219
ord145
ord301

crypt32

CertEnumCertificatesInStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

gdiplus

GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 636KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ddf6f5b7dec782b3cd82ddc2c59e740

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

sensapi

wldap32

crypt32

comctl32

gdiplus

imm32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 636KB - Virtual size: 636KB

.data Size: 35KB - Virtual size: 61KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 117KB - Virtual size: 117KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 636KB - Virtual size: 636KB

.data
Size: 35KB - Virtual size: 61KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 117KB - Virtual size: 117KB