29b380fabf2103399ba1fbd63a2d04e968ad50ccfd123db08042ac5fee5697f9

Sharing

Copy URL Twitter E-mail

General

Target

29b380fabf2103399ba1fbd63a2d04e968ad50ccfd123db08042ac5fee5697f9
Size

13.4MB
MD5

24adea9ecce532406a455013ce3b0a31
SHA1

36016e85921faa13d0195261188415042abc4231
SHA256

29b380fabf2103399ba1fbd63a2d04e968ad50ccfd123db08042ac5fee5697f9
SHA512

d3cd49d2754641baf51609150fb820e697012158f510b95c8ef838aaf5215caea49568d43cdbc42ddad55d040adafff7670cb3c3acaea901b9a1e105d19821d5
SSDEEP

196608:Sfl1vzc15GkefK86GOyT/791JOD2icMLeeuF9c3E5bj2PMMLuUk69GnfIrJQyzg9:qrc15INj0MNE5NXhJsv6tWKFdu9CS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29b380fabf2103399ba1fbd63a2d04e968ad50ccfd123db08042ac5fee5697f9

Files

29b380fabf2103399ba1fbd63a2d04e968ad50ccfd123db08042ac5fee5697f9
.exe windows:6 windows x86 arch:x86

95e8822d0cff645f7eb9a1b780214be8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateFontIndirectW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetObjectW
GetTextFaceW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
CreateDIBSection
GdiFlush
GetBitmapBits
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
BitBlt
CreateBitmap
CombineRgn
GetDIBits
GetRegionData
CreateRectRgn
DeleteObject
OffsetRgn
SelectClipRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
SelectObject
EnumFontFamiliesExW

oleaut32

SystemTimeToVariantTime
VariantChangeType
VariantInit
SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen

imm32

ImmGetVirtualKey
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetDefaultIMEWnd

winmm

PlaySoundW

ws2_32

WSAAsyncSelect
connect
ntohl
gethostbyname
WSAStartup
WSACleanup
bind
closesocket
htonl
socket
sendto
recvfrom
ntohs
htons

ole32

RegisterDragDrop
RevokeDragDrop
CoTaskMemFree
OleInitialize
OleUninitialize
CoInitialize
CoCreateGuid
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
ReleaseStgMedium
CoGetMalloc
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
DoDragDrop
CoLockObjectExternal

user32

GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
SetCaretPos
HideCaret
DestroyCaret
CreateCaret
RegisterWindowMessageW
GetKeyboardLayout
GetAsyncKeyState
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
LoadIconW
GetSysColor
EnumDisplayMonitors
GetMonitorInfoW
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
DestroyIcon
DestroyCursor
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
RealGetWindowClassW
AdjustWindowRectEx
GetWindowRect
TrackPopupMenuEx
InvalidateRect
RegisterClassW
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsIconic
SetWindowPlacement
GetWindowPlacement
FlashWindowEx
DestroyWindow
IsChild
CreateWindowExW
DefWindowProcW
AttachThreadInput
GetDesktopWindow
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
SystemParametersInfoW
SetSystemCursor
LoadCursorFromFileA
GetWindowThreadProcessId
GetSystemMetrics
EnumWindows
SetWindowLongA
GetWindowLongA
GetWindowTextA
IsWindowVisible
SetWindowPos
MoveWindow
PostMessageW
SendMessageW
SendMessageA
SetMenuItemInfoW
NotifyWinEvent
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
SetWindowTextW
GetCursorInfo
UnregisterHotKey
RegisterHotKey
MessageBoxW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
SetWindowRgn
GetWindowTextW
ShowWindow
SetCursor
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
DrawIconEx
FindWindowA
GetClassNameA

advapi32

RegGetValueW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
OpenProcessToken
CopySid
FreeSid
GetLengthSid
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW

vmprotectsdk32

VMProtectEnd
VMProtectDecryptStringA
VMProtectDecryptStringW
VMProtectBeginVirtualization

kernel32

GetConsoleMode
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
ExitProcess
LoadLibraryExW
RtlUnwind
RaiseException
ReadConsoleW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
GetConsoleCP
SetFileAttributesW
SetStdHandle
GetStdHandle
GetACP
PeekNamedPipe
InitializeSListHead
EnumSystemLocalesW
SetEnvironmentVariableA
WriteConsoleW
FindFirstFileExA
FindNextFileA
lstrcmpW
GetDriveTypeW
GetVolumeInformationW
GetExitCodeProcess
GetModuleHandleExW
GetUserGeoID
IsValidCodePage
GetTimeZoneInformation
FindNextFileW
FindFirstFileExW
GetStartupInfoW
MoveFileExW
CreateFileMappingW
SetFilePointerEx
SetEndOfFile
ReadFile
GetFileType
SystemTimeToTzSpecificLocalTime
MoveFileW
CopyFileW
GetTempPathW
RemoveDirectoryW
GetLongPathNameW
GetFullPathNameW
GetFileAttributesW
FindFirstFileW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetFileAttributesExW
CreateFileW
GetUserDefaultUILanguage
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
ResetEvent
GetSystemDirectoryW
WaitForSingleObjectEx
GetConsoleWindow
OutputDebugStringW
GetSystemInfo
TlsFree
GetThreadPriority
GetCurrentThread
GetCommandLineW
GetUserDefaultLCID
CompareStringW
FlushFileBuffers
OutputDebugStringA
SetThreadPriority
GetComputerNameW
TlsAlloc
HeapAlloc
DeviceIoControl
DeleteFiber
ResumeThread
InterlockedDecrement
WriteFile
SwitchToThread
GetDriveTypeA
ReleaseMutex
HeapFree
HeapReAlloc
FileTimeToSystemTime
GetProcessHeap
ConvertFiberToThread
CreateFiberEx
InterlockedIncrement
InterlockedCompareExchange
SwitchToFiber
GetWindowsDirectoryA
ConvertThreadToFiber
GetProcessTimes
GetEnvironmentVariableA
GetVersionExA
OpenMutexA
UnmapViewOfFile
WaitForSingleObject
GetFileInformationByHandle
CreateFileA
GetLogicalDrives
LocalAlloc
TlsSetValue
CreateFileMappingA
SystemTimeToFileTime
DeleteCriticalSection
GetSystemTime
DuplicateHandle
GetVolumeInformationA
MapViewOfFile
TlsGetValue
GetCurrentProcessId
GlobalSize
LoadLibraryA
GetLocaleInfoW
GlobalUnlock
GlobalLock
GlobalAlloc
CheckRemoteDebuggerPresent
GetUserDefaultLangID
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
VirtualAlloc
VirtualFree
FindCloseChangeNotification
FindFirstChangeNotificationW
GetGeoInfoW
CloseHandle
CreateProcessW
ExpandEnvironmentStringsW
SetErrorMode
IsValidLocale
IsValidLanguageGroup
FormatMessageW
LocalFree
GetModuleHandleW
GetCurrentThreadId
GetTempPathA
SetCurrentDirectoryA
FindClose
FindFirstFileA
FindNextChangeNotification
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentProcess
TerminateProcess
CreateProcessA
OpenProcess
GetLocalTime
GetTickCount
GetVersionExW
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetEvent
CreateEventW
WaitForMultipleObjects
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexA
CreateThread
TerminateThread
WinExec
GlobalAddAtomW
CreateMutexW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
SHAppBarMessage
Shell_NotifyIconW

Sections

.text
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95e8822d0cff645f7eb9a1b780214be8

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

oleaut32

imm32

winmm

ws2_32

ole32

user32

advapi32

vmprotectsdk32

kernel32

shell32

Sections

.text Size: 8.4MB - Virtual size: 8.4MB

.rdata Size: 4.1MB - Virtual size: 4.1MB

.data Size: 196KB - Virtual size: 279KB

.qtmetad Size: 512B - Virtual size: 272B

.tls Size: 512B - Virtual size: 13B

.gfids Size: 512B - Virtual size: 376B

_RDATA Size: 512B - Virtual size: 304B

.rsrc Size: 423KB - Virtual size: 423KB

.reloc Size: 245KB - Virtual size: 244KB

.text
Size: 8.4MB - Virtual size: 8.4MB

.rdata
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 196KB - Virtual size: 279KB

.qtmetad
Size: 512B - Virtual size: 272B

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 512B - Virtual size: 376B

_RDATA
Size: 512B - Virtual size: 304B

.rsrc
Size: 423KB - Virtual size: 423KB

.reloc
Size: 245KB - Virtual size: 244KB