e5147d309ea7ef22a96f3684946bbbf16f58d992ce653ae3532d4b06cd378aee

Sharing

Copy URL Twitter E-mail

General

Target

e5147d309ea7ef22a96f3684946bbbf16f58d992ce653ae3532d4b06cd378aee
Size

1.3MB
MD5

ada4e29e783c2e349478ccf1a18ed861
SHA1

40bd244456a52d3dc229fb2c7945160201cebfc7
SHA256

e5147d309ea7ef22a96f3684946bbbf16f58d992ce653ae3532d4b06cd378aee
SHA512

06f87b7a85942f96d62d707d11aa8dedfeabd94c791b019af4d546d10920dc7bb4e0a3cdd06df310af064bdb77b3c43640c96daa7ee177e2e7bbd1e3a2a8773b
SSDEEP

24576:YnxtwW7s+Zmr+l/GsQvO8rTsoiKjDOaLwN6ARzcrczsxjq3:sXsTu8nNDvlARWmGY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e5147d309ea7ef22a96f3684946bbbf16f58d992ce653ae3532d4b06cd378aee

Files

e5147d309ea7ef22a96f3684946bbbf16f58d992ce653ae3532d4b06cd378aee
.exe windows:4 windows x86 arch:x86

aaecdd9903b15a5acd0de288d4fd0e36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

uninstall.pdb

Imports

kernel32

GetLocalTime
GetComputerNameA
lstrlenA
GetDiskFreeSpaceExW
GetFileSizeEx
GetPrivateProfileStringW
InterlockedExchange
InterlockedDecrement
RaiseException
InterlockedIncrement
FreeResource
GetCurrentThreadId
GetWindowsDirectoryW
GetPrivateProfileIntW
FlushInstructionCache
CreateProcessW
lstrcmpW
SetFileAttributesW
GetCurrentProcessId
OutputDebugStringW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetCommandLineW
lstrcmpiW
MapViewOfFileEx
LoadLibraryExW
CreateEventW
ResetEvent
SetEvent
SetThreadPriority
WaitForMultipleObjects
FindFirstFileA
FormatMessageW
GetExitCodeThread
CreateMutexW
ReleaseMutex
DuplicateHandle
SleepEx
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoW
GetCurrentProcess
FileTimeToLocalFileTime
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
HeapCreate
SetFilePointer
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitThread
GetFileType
SetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetThreadLocale
GetLocaleInfoA
GetACP
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
CloseHandle
FreeLibrary
GetSystemTimeAsFileTime
FileTimeToSystemTime
FlushFileBuffers
SetFilePointerEx
SetEndOfFile
CopyFileW
MoveFileExW
SetLastError
GetLongPathNameW
CreateFileMappingW
UnmapViewOfFile
WriteFile
GetTickCount
InterlockedCompareExchange
LocalFree
LocalAlloc
MultiByteToWideChar
GetFileSize
CreateFileW
WideCharToMultiByte
lstrlenW
ReadFile
GetVersionExW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetStringTypeA
InitializeCriticalSection
GetProcAddress
LoadLibraryW
OpenProcess
QueryDosDeviceW
Sleep
GetLogicalDriveStringsW
FindResourceW
WaitForSingleObject
LeaveCriticalSection
CreateThread
EnterCriticalSection
TerminateThread
TerminateProcess
Process32NextW
DeleteCriticalSection
Process32FirstW
CreateToolhelp32Snapshot
ReadProcessMemory
GetModuleHandleW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
FindResourceExW
GetLastError
CreateDirectoryW
GetModuleFileNameW
LoadResource
GetFileAttributesW
LockResource
SizeofResource
GetStringTypeW
VirtualQuery

user32

IsChild
CallWindowProcW
UnregisterClassA
LoadImageW
GetMonitorInfoW
WindowFromPoint
IsDialogMessageW
ClientToScreen
ScreenToClient
LoadIconW
CopyRect
DestroyIcon
GetScrollPos
RegisterClassExW
RegisterWindowMessageW
SetFocus
LoadCursorW
SetWindowLongW
DrawTextW
IsWindowVisible
PostMessageW
EndPaint
GetActiveWindow
IsRectEmpty
GetDesktopWindow
BeginPaint
IsWindowEnabled
IsIconic
IntersectRect
UpdateLayeredWindow
EnableWindow
SetRect
SetRectEmpty
GetDlgCtrlID
GetParent
CreateWindowExW
GetWindowThreadProcessId
GetWindow
DestroyWindow
GetForegroundWindow
GetWindowRect
ReleaseDC
GetWindowLongW
OffsetRect
SystemParametersInfoW
GetClientRect
GetDC
DrawIconEx
InflateRect
SetWindowPos
MapWindowPoints
SetTimer
AttachThreadInput
PeekMessageW
FindWindowW
ReleaseCapture
EqualRect
PtInRect
SetForegroundWindow
IsWindow
InvalidateRect
SendMessageW
GetMessageW
KillTimer
SetActiveWindow
TranslateMessage
MoveWindow
SetCapture
ShowWindow
DispatchMessageW
GetClassInfoExW
GetDlgItem
PostThreadMessageW
SetCursor
DefWindowProcW
GetKeyState
MonitorFromWindow
GetFocus
LoadBitmapW
SetWindowTextW
GetCursorPos
DrawFrameControl
CharNextW
GetNextDlgTabItem

gdi32

ExtSelectClipRgn
GetViewportOrgEx
SetViewportOrgEx
GetClipRgn
DeleteDC
SelectClipRgn
SetTextColor
CreateRectRgnIndirect
GetDeviceCaps
SetBkMode
TextOutW
RectInRegion
CombineRgn
SelectObject
DeleteObject
Rectangle
RestoreDC
BitBlt
OffsetRgn
CreateCompatibleBitmap
CreateFontIndirectW
CreateBitmap
StretchBlt
SaveDC
CreateCompatibleDC
GetTextColor
CreatePen
MoveToEx
LineTo
RoundRect
ExtTextOutW
GetObjectW
CreateDIBSection
SetBkColor
GetStockObject
GetCurrentObject
CreateRectRgn
SetStretchBltMode
GetTextExtentPoint32W
CreateRoundRectRgn

advapi32

LookupPrivilegeValueW
QueryServiceStatus
DeleteService
ChangeServiceConfig2W
ChangeServiceConfigW
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
CreateProcessAsUserW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
DeleteAce
GetAce
GetNamedSecurityInfoW
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
RegSetValueExW
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegOpenKeyW
ControlService
StartServiceW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW
SHGetFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitializeEx
CoCreateGuid

oleaut32

SysStringLen
SysAllocString
VarUI4FromStr
SysFreeString

shlwapi

PathAppendW
StrToIntW
StrToIntA
SHEnumKeyExW
PathAddBackslashW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipSetCompositingQuality
GdipGetFamily
GdipDrawPath
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipFillRectangle
GdipDrawImagePointsRectI
GdipSetPenDashStyle
GdipAddPathStringI
GdipDrawRectangleI
GdipGetImagePixelFormat
GdipAddPathArcI
GdipCreateBitmapFromScan0
GdipGetFontSize
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGraphicsClear
GdipDrawLine
GdipDrawImageRectI
GdipCreateLineBrushFromRectWithAngleI
GdipSetPenMode
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCloneBitmapArea
GdipSetPenStartCap
GdipCreateHBITMAPFromBitmap
GdipSetPenEndCap
GdipImageRotateFlip
GdipSetClipPath
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipGetFontCollectionFamilyList
GdipSetImageAttributesColorMatrix
GdipCloneFontFamily
GdipGetImageHeight
GdipCreateStringFormat
GdipMeasureString
GdipGetImageWidth
GdipFree
GdipDeleteStringFormat
GdipCloneBrush
GdipCreatePen1
GdipDisposeImage
GdipAlloc
GdipSetStringFormatFlags
GdipCloneImage
GdipDeletePen
GdipDeleteBrush
GdipSetStringFormatAlign
GdipLoadImageFromFileICM
GdipSetStringFormatLineAlign
GdipLoadImageFromFile
GdipDrawLinesI
GdipDeleteFontFamily
GdipSetStringFormatTrimming
GdipCreatePath
GdipSetTextRenderingHint
GdipDeletePath
GdipDrawString
GdipCreateFromHDC
GdipCreateSolidFill
GdipAddPathPieI
GdipCreateFont
GdipDeleteGraphics
GdipClosePathFigure
GdiplusShutdown
GdipNewPrivateFontCollection
GdipDeleteFont
GdipAddPathRectangleI
GdipTranslateWorldTransform
GdipDeletePrivateFontCollection
GdipCreateFontFromLogfontW
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateImageAttributes
GdipRotateWorldTransform
GdipPrivateAddFontFile
GdipDisposeImageAttributes
GdipResetWorldTransform
GdiplusStartup
GdipGetFontCollectionFamilyCount
GdipSetSmoothingMode
GdipFillPath

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

psapi

GetModuleFileNameExW

Exports

Exports

??0?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@ABU012@@Z
??0?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@XZ
??0?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@XZ
??0?$kxThreadBase@VLocker@kbase@@@kbase@@QAE@XZ
??0ReportHelper@business_publish@@AAE@XZ
??1?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAE@XZ
??1?$kxThreadBase@VLocker@kbase@@@kbase@@UAE@XZ
??1ReportHelper@business_publish@@UAE@XZ
??4?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEAAU012@ABU012@@Z
??_7?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@6B@
??_7?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@6B@
??_7?$kxThreadBase@VLocker@kbase@@@kbase@@6B@
??_7ReportHelper@business_publish@@6B?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@@
??_7ReportHelper@business_publish@@6B?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@@
?AddItem@ReportHelper@business_publish@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@@Z
?AddItem@ReportHelper@business_publish@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HAAV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@@Z
?AfterThreadFun@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEXH@Z
?AfterThreadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@MAEXH@Z
?BeginThreadFun@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEXXZ
?BeginThreadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@MAEXXZ
?GetHandle@?$kxThreadBase@VLocker@kbase@@@kbase@@QBEPAXXZ
?GetInstance@ReportHelper@business_publish@@SAPAV12@XZ
?Init@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEXPAU?$_CallBack@VKSimpleDirectInfoc@@@12@K@Z
?Initialzie@ReportHelper@business_publish@@QAE_NW4ReportType@2@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Insert@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE_NABVKSimpleDirectInfoc@@@Z
?IsRunning@?$kxThreadBase@VLocker@kbase@@@kbase@@QAE_NXZ
?KCreateThread@?$kxThreadBase@VLocker@kbase@@@kbase@@SAPAXHP6GKPAX@Z0PAK0II@Z
?Kill@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAEHXZ
?Kill@?$kxThreadBase@VLocker@kbase@@@kbase@@UAEHXZ
?QueueThreadCallback@ReportHelper@business_publish@@MAEHKAAVKSimpleDirectInfoc@@@Z
?Report@ReportHelper@business_publish@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@PBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?ReportDirect@ReportHelper@business_publish@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@PBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?SetPriority@?$kxThreadBase@VLocker@kbase@@@kbase@@QAEHH@Z
?SetTimeOut@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEXK@Z
?Start@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEHXZ
?StartThread@?$kxThreadBase@VLocker@kbase@@@kbase@@IAEHPAX@Z
?Thread@?$kxThreadBase@VLocker@kbase@@@kbase@@AAEIPAX@Z
?Uninitialize@ReportHelper@business_publish@@QAEXXZ
?WaitKill@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAEHK@Z
?WaitKill@?$kxThreadBase@VLocker@kbase@@@kbase@@UAEHK@Z
?size@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEIXZ
?threadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@CGIPAX@Z
?threadFunImpl@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEHKPAX@Z

Sections

.text
Size: 880KB - Virtual size: 877KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aaecdd9903b15a5acd0de288d4fd0e36

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

wtsapi32

psapi

Exports

Exports

Sections

.text Size: 880KB - Virtual size: 877KB

.rdata Size: 140KB - Virtual size: 136KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 252KB - Virtual size: 248KB

.text
Size: 880KB - Virtual size: 877KB

.rdata
Size: 140KB - Virtual size: 136KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 252KB - Virtual size: 248KB