799b86fe7424baa1747af6c7b53cb81b5905a71cd5b2136bed1c315dcaae0edb

Sharing

Copy URL Twitter E-mail

General

Target

799b86fe7424baa1747af6c7b53cb81b5905a71cd5b2136bed1c315dcaae0edb
Size

5.7MB
MD5

33d6b75777bb9d94bedd547cec7f925c
SHA1

3cf766bc535ed80e36edcc15fb2985f22e38cfd0
SHA256

799b86fe7424baa1747af6c7b53cb81b5905a71cd5b2136bed1c315dcaae0edb
SHA512

17dac293f2240cad28c28ae382b8bf7c4a89401908e239df8c23dd0cc2ff0f30e009dc4003825e1e0936a9995ca6935da97bce7d2ea74b5fa4c17d968e8b707d
SSDEEP

98304:0IIspgmypnQhk6b4wQ7I3lW35A3upETnYqW//1D2xhdWSGt8aRCmGgnkbVG7ehiR:LgJQhCx2XuCtVG7eYj5ycQxxv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
799b86fe7424baa1747af6c7b53cb81b5905a71cd5b2136bed1c315dcaae0edb

Files

799b86fe7424baa1747af6c7b53cb81b5905a71cd5b2136bed1c315dcaae0edb
.exe windows:5 windows x86 arch:x86

30c9411a277aa4b487a34fbdd189837f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConvertThreadToFiber
ConvertFiberToThread
GetModuleHandleExW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetSystemTime
CreateFiber
DeleteFiber
SwitchToFiber
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
VerifyVersionInfoA
LoadLibraryA
GetSystemDirectoryA
FormatMessageA
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
SleepEx
lstrcmpiW
lstrcpynW
GlobalAlloc
SystemTimeToFileTime
LocalFileTimeToFileTime
FormatMessageW
VerSetConditionMask
VerifyVersionInfoW
MulDiv
GetACP
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
GlobalUnlock
GlobalLock
lstrlenW
GetCurrentDirectoryW
GetModuleFileNameA
GetDriveTypeW
GetModuleHandleA
GetExitCodeProcess
GetProcessId
ExitProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
SetFileAttributesW
OpenProcess
GetEnvironmentVariableW
OutputDebugStringA
WritePrivateProfileStringW
GetDiskFreeSpaceExW
ReleaseMutex
GetLocaleInfoW
CreateMutexW
GetUserDefaultUILanguage
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateDirectoryA
CopyFileW
GetFileSize
SwitchToThread
CreateFileA
SetEndOfFile
InterlockedCompareExchange
InterlockedExchange
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
GetVersionExW
DeviceIoControl
InterlockedIncrement
SetLastError
ReadFile
GetFileAttributesExW
GetFileAttributesW
GetPrivateProfileIntW
GetTickCount
ResetEvent
CreateThread
TerminateThread
SetEvent
lstrcpyW
LocalFree
LocalAlloc
InterlockedDecrement
SetUnhandledExceptionFilter
VirtualQuery
WideCharToMultiByte
GetModuleHandleW
CreateProcessW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
VirtualAllocEx
GetProcAddress
DecodePointer
GetLocalTime
HeapAlloc
RaiseException
CloseHandle
DeleteFileW
OutputDebugStringW
GetLastError
Sleep
GetPrivateProfileStringW
CreateEventW
DuplicateHandle
GetCurrentThreadId
CreateFileW
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
EnumSystemLocalesW
IsValidLocale
WaitForSingleObject
FindClose
SetFilePointer
SetErrorMode
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleCP
SetStdHandle
VirtualAlloc
GetSystemInfo
HeapQueryInformation
SetConsoleCtrlHandler
SetFilePointerEx
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
LCMapStringW
GetCPInfo
QueryPerformanceFrequency
TryEnterCriticalSection
GetStringTypeW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetUserDefaultLCID
GetTempFileNameW
GetProfileIntW
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
TerminateProcess
WriteFile
GetCurrentProcess
FindNextFileW
EnterCriticalSection
HeapFree
WriteProcessMemory
SearchPathW
GetTempPathW
GetWindowsDirectoryW
FindResourceExW
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
VirtualProtect
GetCurrentThread
GlobalFlags
UnlockFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
EncodePointer
FileTimeToSystemTime
GlobalGetAtomNameW
lstrcmpA
CompareStringW
ResumeThread
SetThreadPriority
GlobalSize
LocalReAlloc
GlobalFree
GlobalHandle
GlobalReAlloc
HeapSize
HeapReAlloc
FindFirstFileW
CreateDirectoryW
MultiByteToWideChar

user32

MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
OffsetRect
PtInRect
ReleaseCapture
GetSysColor
InvalidateRect
TranslateMessage
DispatchMessageW
IsZoomed
GetFocus
SetCapture
GetParent
GetSystemMetrics
LoadCursorW
RegisterClassW
GetClassInfoExW
CallWindowProcW
SetPropW
GetPropW
AdjustWindowRectEx
GetMenu
InflateRect
SetCursor
FillRect
IsWindowVisible
CreateAcceleratorTableW
GetCaretBlinkTime
GetGUIThreadInfo
ClientToScreen
MoveWindow
MonitorFromPoint
UpdateLayeredWindow
GetWindowRgn
DrawTextW
SetRect
CharPrevW
CreateCaret
ShowCaret
HideCaret
GetCaretPos
SetCaretPos
CreatePopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
IsWindowEnabled
EqualRect
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
wsprintfA
DrawTextA
IntersectRect
UnionRect
IsRectEmpty
GetUpdateRect
EnableWindow
UnregisterClassW
RegisterClassExW
SetForegroundWindow
FindWindowW
GetCursorPos
EndPaint
BeginPaint
LoadImageW
BringWindowToTop
GetSubMenu
TrackPopupMenu
SetFocus
InvalidateRgn
IsWindow
GetMessageW
CallNextHookEx
GetActiveWindow
PeekMessageW
GetDC
ReleaseDC
CharNextW
GetKeyState
SetWindowRgn
SetParent
SetTimer
PostMessageW
IsIconic
SetWindowLongW
GetWindowLongW
UpdateWindow
ShowWindow
CreateWindowExW
DestroyWindow
DefWindowProcW
RegisterWindowMessageW
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
MapVirtualKeyExW
GetKeyboardLayout
GetKeyNameTextW
GetProcessWindowStation
GetUserObjectInformationW
GetWindow
ScreenToClient
GetClientRect
MessageBoxW
GetLastActivePopup
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
ValidateRect
GetSysColorBrush
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMessagePos
GetMessageTime
GetClassInfoW
IsMenu
IsChild
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
GetCapture
SetMenu
SetActiveWindow
GetForegroundWindow
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
RemovePropW
CopyRect
GetClassLongW
GetClassNameW
GetTopWindow
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
CheckDlgButton
IsDialogMessageW
DestroyIcon
CharUpperW
GetDesktopWindow
RealChildWindowFromPoint
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
GetMenuItemInfoW
SystemParametersInfoW
CopyImage
SendDlgItemMessageA
SetRectEmpty
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
TrackMouseEvent
ShowOwnedPopups
DeleteMenu
GetNextDlgGroupItem
WindowFromPoint
DrawFocusRect
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
InvertRect
NotifyWinEvent
GetMenuDefaultItem
KillTimer
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
GetSystemMenu
SetCursorPos
CopyIcon
FrameRect
DrawIcon
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
WaitMessage
IsCharLowerW
ToUnicodeEx
GetKeyboardState
DestroyAcceleratorTable
CopyAcceleratorTableW
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
DestroyCursor
PostQuitMessage
LoadMenuW
GetWindowRect
SetWindowPos
SendMessageW
GetWindowThreadProcessId
GetWindowPlacement
MapVirtualKeyW

gdi32

CopyMetaFileW
CreateDCW
CreateBitmap
CreateHatchBrush
GetPaletteEntries
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
SetBkColor
SetTextColor
SetBkMode
GetObjectA
LineTo
MoveToEx
CreatePenIndirect
CreateSolidBrush
SetStretchBltMode
Escape
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
PtInRegion
CreateRectRgn
CreateDIBSection
GetPixel
PlayEnhMetaFile
CreateCompatibleBitmap
GetDeviceCaps
GetEnhMetaFileHeader
CreateDIBitmap
AddFontMemResourceEx
GetTextMetricsW
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowOrgEx
ExcludeClipRect
RestoreDC
BitBlt
SaveDC
SelectObject
CreateCompatibleDC
DeleteDC
RemoveFontMemResourceEx
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
CreateRoundRectRgn
DeleteObject
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
PtVisible
RectVisible
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
GetSystemPaletteEntries
SetTextAlign
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
PatBlt
SetRectRgn
Rectangle
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
StretchBlt
SetROP2
GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
LPtoDP
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
GetBkColor
RealizePalette
DPtoLP

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyW
MapGenericMask
DuplicateToken
GetFileSecurityW
OpenProcessToken
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
AccessCheck
AdjustTokenPrivileges
LookupPrivilegeValueW
DeregisterEventSource
RegisterEventSourceW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ReportEventW

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderLocation
DragQueryFileW
SHAppBarMessage
DragFinish
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetFolderPathA

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
RevokeDragDrop
CoLockObjectExternal
OleGetClipboard
CoInitializeEx
CoDisconnectObject
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateGuid
CoUninitialize
CoCreateInstance
CLSIDFromProgID
StringFromGUID2
OleDuplicateData
DoDragDrop
RegisterDragDrop
OleLockRunning
CLSIDFromString
ReleaseStgMedium
CreateStreamOnHGlobal

oleaut32

VariantCopy
SysAllocString
SysFreeString
VariantClear
VariantChangeType
SysStringLen
VariantInit
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
LoadTypeLi

msimg32

TransparentBlt
AlphaBlend

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

shlwapi

PathAppendW
StrCmpNIW
PathGetDriveNumberW
PathBuildRootW
PathFindFileNameW
PathRemoveExtensionW
PathFileExistsW
PathIsDirectoryW
StrCmpIW
StrStrIW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFreeCertificateContext
CertCloseStore

ws2_32

getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
getnameinfo
shutdown
inet_addr
htonl
ntohl
WSAStartup
gethostbyname
gethostname
WSACleanup
WSAGetLastError
socket
__WSAFDIsSet
select
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError

gdiplus

GdipDeletePath
GdipCreatePath
GdipSetSmoothingMode
GdipDrawImageRectI
GdipCreatePen1
GdipAddPathEllipseI
GdipSetClipPath
GdipDrawEllipseI
GdipLoadImageFromStream
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusStartup
GdiplusShutdown
GdipDeletePen
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipImageSelectActiveFrame
GdipGetImageHeight
GdipGetImageWidth
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawString
GdipMeasureString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawPath
ord1
GdipAddPathLine
GdipDrawRectangleI
GdipSetPenMode
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

wldap32

ord143
ord217
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

netapi32

Netbios

dbghelp

MiniDumpWriteDump

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 961KB - Virtual size: 960KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 812KB - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

30c9411a277aa4b487a34fbdd189837f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

uxtheme

version

crypt32

ws2_32

gdiplus

imm32

winmm

wldap32

netapi32

dbghelp

oleacc

winspool.drv

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 961KB - Virtual size: 960KB

.data Size: 99KB - Virtual size: 137KB

.QMGuid Size: 512B - Virtual size: 32B

.rsrc Size: 376KB - Virtual size: 375KB

.reloc Size: 812KB - Virtual size: 816KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 961KB - Virtual size: 960KB

.data
Size: 99KB - Virtual size: 137KB

.QMGuid
Size: 512B - Virtual size: 32B

.rsrc
Size: 376KB - Virtual size: 375KB

.reloc
Size: 812KB - Virtual size: 816KB