8b740fe9abc0a4eae9c26caa75fa3c30be0556bb2902f1fe5c5b501125c10f86

Sharing

Copy URL

Twitter E-mail

General

Target

8b740fe9abc0a4eae9c26caa75fa3c30be0556bb2902f1fe5c5b501125c10f86
Size

10.6MB
MD5

cd0d50b2cfb53ff6ec114e54142c81dc
SHA1

2d54c168df990d61873027c14c40f4cd14f28df4
SHA256

8b740fe9abc0a4eae9c26caa75fa3c30be0556bb2902f1fe5c5b501125c10f86
SHA512

5bbf9aff0160b00d83d2e2200af0030aded9c8fe7f545824a42d950fdc221abaaf693b79b308360bc1ea90ca19819cc92cbdfb906394257fe768559023f9843f
SSDEEP

196608:3hfWzJmlfnB9x2lOXZJsv6tWKFdu9Ciu:QJmJQgXZJsv6tWKFdu9C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b740fe9abc0a4eae9c26caa75fa3c30be0556bb2902f1fe5c5b501125c10f86

Files

8b740fe9abc0a4eae9c26caa75fa3c30be0556bb2902f1fe5c5b501125c10f86
.exe windows:5 windows x86 arch:x86

e52ea2bfe6c9090f906fc53c8492c760

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Parent
CM_Get_DevNode_Status
CM_Get_Device_IDW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

gdi32

SwapBuffers
GetBitmapBits
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetPixelFormat
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
CombineRgn
CreateCompatibleDC
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
GetTextFaceW
GetObjectW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
CreateFontIndirectW
EnumFontFamiliesExW
SetBkMode
CreateDCW
CreateBitmap
GetDIBits
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap

ole32

CoCreateGuid
CoInitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
DoDragDrop
CoTaskMemFree
ReleaseStgMedium
CoGetMalloc
CoTaskMemAlloc
CoUninitialize
StringFromGUID2
OleSetClipboard

imm32

ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetVirtualKey
ImmSetCandidateWindow

winmm

PlaySoundW

oleaut32

SystemTimeToVariantTime
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
SHGetSpecialFolderPathW

ws2_32

__WSAFDIsSet
WSAIoctl
setsockopt
WSAAsyncSelect
socket
htons
WSACleanup
WSACloseEvent
send
getsockopt
WSAStartup
WSASetLastError
ntohs
gethostname
WSACreateEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
accept
bind
closesocket
select
ioctlsocket
getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
connect
getsockname

user32

RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
DestroyIcon
DestroyCursor
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsIconic
IsZoomed
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
ShowWindow
IsChild
CreateWindowExW
AttachThreadInput
GetAsyncKeyState
SendMessageW
GetDesktopWindow
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
SetWindowRgn
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSysColor
GetSystemMetrics
EnableMenuItem
GetSystemMenu
ReleaseDC
GetDC
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu
TrackPopupMenuEx
SetMenuItemInfoW
NotifyWinEvent
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
RegisterClassW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetKeyboardLayout
RegisterWindowMessageW
CreateCaret
DestroyCaret
HideCaret
SetCaretPos
CharNextExA
PostThreadMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
TranslateMessage
DrawIconEx
MessageBoxW
PostMessageW
PeekMessageW
GetWindowTextW
EnumWindows
RealGetWindowClassW
IsWindowVisible

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

advapi32

RegOpenKeyExW
RegEnumValueW
RegCloseKey
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
OpenProcessToken
CopySid
FreeSid
GetLengthSid
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW

kernel32

GetStringTypeW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
SetFileAttributesW
SetStdHandle
WriteFileEx
ReadFileEx
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
GetConsoleMode
FindNextFileW
FindFirstFileExW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
SetFilePointerEx
ReadConsoleW
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MoveFileW
CopyFileW
GetTempPathW
RemoveDirectoryW
GetLogicalDrives
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
TerminateProcess
CreateNamedPipeW
ConnectNamedPipe
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameW
GetStartupInfoW
GetUserDefaultUILanguage
GetCurrencyFormatW
GetTimeFormatW
DecodePointer
CreateSemaphoreW
CreateMutexW
ReleaseMutex
ReleaseSemaphore
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
LCMapStringW
WaitForSingleObjectEx
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
SwitchToThread
GetCurrentProcess
SetEvent
DuplicateHandle
GetLocalTime
GetSystemTime
OutputDebugStringW
GetCommandLineW
GetUserDefaultLCID
CompareStringW
ExitProcess
GetConsoleWindow
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetFilePointer
GlobalSize
GetLocaleInfoW
GlobalUnlock
GlobalLock
GlobalAlloc
OpenProcess
CheckRemoteDebuggerPresent
GetUserDefaultLangID
CreateProcessW
ExpandEnvironmentStringsW
SetErrorMode
IsValidLocale
IsValidLanguageGroup
GetCurrentThreadId
WaitCommEvent
SetCommTimeouts
SetCommState
SetCommMask
SetCommBreak
GetCommTimeouts
GetCommState
GetCommModemStatus
EscapeCommFunction
ClearCommError
ClearCommBreak
GetDriveTypeW
GetLongPathNameW
lstrcmpW
GetVolumeInformationW
CreateFileW
GetFileSizeEx
VerifyVersionInfoW
GetModuleHandleA
VerSetConditionMask
VirtualAlloc
VirtualFree
GetDateFormatW
EncodePointer
SetEndOfFile
GetConsoleOutputCP
HeapAlloc
HeapFree
HeapReAlloc
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
GetModuleHandleExW
LocalFree
GetLastError
FreeLibrary
GetProcAddress
HeapSize
ResetEvent
WaitForSingleObject
WriteFile
ReadFile
DeviceIoControl
CloseHandle
FormatMessageW
CreateEventW
LoadLibraryA
CancelIo
SetLastError
GetTickCount
QueryPerformanceCounter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LoadLibraryW
GetModuleHandleW
GetSystemDirectoryW
QueryPerformanceFrequency
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExW
GetEnvironmentVariableA
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
GetCurrentProcessId
SleepEx

vmprotectsdk32

VMProtectDecryptStringA

wldap32

ord145
ord219
ord14
ord216
ord73
ord208
ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord46

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChain

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e52ea2bfe6c9090f906fc53c8492c760

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

gdi32

ole32

imm32

winmm

oleaut32

shell32

ws2_32

user32

iphlpapi

advapi32

kernel32

vmprotectsdk32

wldap32

crypt32

Sections

.text Size: 7.2MB - Virtual size: 7.2MB

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 114KB - Virtual size: 162KB

.qtmetad Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 512B - Virtual size: 424B

_RDATA Size: 1024B - Virtual size: 560B

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 237KB - Virtual size: 236KB

.text
Size: 7.2MB - Virtual size: 7.2MB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 114KB - Virtual size: 162KB

.qtmetad
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 512B - Virtual size: 424B

_RDATA
Size: 1024B - Virtual size: 560B

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 237KB - Virtual size: 236KB