4e6caf12d3063726caea8148e0133b60N

Sharing

Copy URL Twitter E-mail

General

Target

4e6caf12d3063726caea8148e0133b60N
Size

7.5MB
MD5

4e6caf12d3063726caea8148e0133b60
SHA1

dc7d60027c2d4b7a31795baf48c15b07b4196c0a
SHA256

c005841a760656dbe84d8529129f246fb50d48877c310451bf896e4474758e22
SHA512

45d33d4570205530ab4d7c0bcad3416f5af3e6064275a281894d56e6bc7aaa6c1e4533dbb65871783fa697f9537411c7b13676333253066ac9bd95f37aeb7366
SSDEEP

98304:YOXduIBTjvoXQ9vjP4pQ6dKiBYaVAcwT43Z0LjnQdtgOpxrSeDE33UQ:/VvoAFJZiBYy+4ufQdtgO7rSem3UQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e6caf12d3063726caea8148e0133b60N

Files

4e6caf12d3063726caea8148e0133b60N
.exe windows:5 windows x86 arch:x86

ff4a38cde9aa1454aa7012883d070b73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesW
GetCommandLineW
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
HeapQueryInformation
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
IsValidCodePage
GetOEMCP
GetCPInfo
SetConsoleCtrlHandler
GetTimeZoneInformation
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
GetSystemDefaultLangID
GetTempFileNameW
CreateFileA
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetLogicalDrives
GetSystemDefaultLCID
GetSystemPowerStatus
GetSystemDirectoryA
GetTempPathW
CreateFileMappingW
QueryDosDeviceW
GetSystemInfo
GetTempPathA
FindResourceA
MoveFileExW
SystemTimeToFileTime
OpenProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
TryEnterCriticalSection
InterlockedCompareExchange
InterlockedExchange
FindVolumeClose
GetFileTime
SetVolumeMountPointW
GetDriveTypeA
GetVolumeInformationA
DeleteVolumeMountPointW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
DefineDosDeviceW
SetVolumeLabelW
DeviceIoControl
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
OpenFile
SystemTimeToTzSpecificLocalTime
CreateDirectoryW
GetFileAttributesA
FindFirstFileA
RemoveDirectoryW
FindNextFileW
GetLocalTime
lstrlenW
PeekNamedPipe
GetExitCodeProcess
CreatePipe
CreateProcessW
InterlockedDecrement
WaitForSingleObjectEx
FileTimeToSystemTime
lstrcmpiW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetExitCodeThread
WaitForMultipleObjects
CopyFileExW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetFullPathNameA
GetFileInformationByHandle
FindFirstFileExW
GetFileAttributesExW
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
DeleteFileW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CopyFileW
FormatMessageW
LocalFree
MulDiv
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
SetEvent
GlobalFree
GlobalUnlock
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
FreeResource
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
EncodePointer
FindResourceW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
LoadLibraryExW
FreeLibrary
GetVersionExW
GetCurrentThreadId
GetCurrentThread
LoadLibraryW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
SetLastError
OutputDebugStringA
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetThreadTimes
InitializeSListHead
CreateMutexW
HeapCompact
FlushViewOfFile
UnlockFileEx
FormatMessageA
HeapCreate
HeapValidate
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetVersionExA
GetSystemTime
DeleteFileA
SleepEx
ExpandEnvironmentStringsA
GlobalMemoryStatus
GetTickCount
FlushConsoleInputBuffer
ReadConsoleInputA
GetCurrentProcessId
CreateThread
CloseHandle
WaitForSingleObject
GetModuleHandleW
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetLogicalDriveStringsW
SetConsoleMode

user32

MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextW
RemovePropW
GetPropW
SetPropW
GetSysColor
EqualRect
PtInRect
GetWindowLongW
SetWindowLongW
GetClassLongW
GetClassNameW
GetTopWindow
GetLastActivePopup
GetWindow
SetWindowsHookExW
CallNextHookEx
WinHelpW
SetTimer
KillTimer
MessageBoxW
LoadIconW
GetClassInfoW
UnregisterClassW
MonitorFromWindow
ShowWindow
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
EnableWindow
CopyRect
LoadCursorW
ReleaseDC
DrawTextW
GetMonitorInfoW
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
GetDesktopWindow
CheckMenuItem
EnableMenuItem
SystemParametersInfoW
RealChildWindowFromPoint
InvalidateRect
GetSystemMetrics
DestroyMenu
GetSysColorBrush
IsIconic
DestroyIcon
CharUpperW
IntersectRect
OffsetRect
SetRect
GetAsyncKeyState
EnumWindows
ExitWindowsEx
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMessageW
TranslateMessage
SendDlgItemMessageA
GetParent
PostMessageW
PostQuitMessage
UnhookWindowsHookEx
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
SendMessageW
GetCursorPos
SetCursor
GetWindowThreadProcessId
MoveWindow
SetWindowTextW
IsDialogMessageW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
ClientToScreen
SetCapture
ReleaseCapture
GetCaretPos
SetWindowRgn
IsZoomed
DestroyCaret
WindowFromPoint
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoExW
CreateWindowExW
IsWindow
DestroyWindow
SetWindowPos
CreateDesktopW
RedrawWindow
ValidateRect
CloseDesktop
IsWindowVisible
GetDlgItem
GetDlgCtrlID
SetFocus
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetActiveWindow
GetWindowRgn
RegisterClassExW
SendMessageA
wsprintfW
GetDC

shell32

SHGetFileInfoW
DragQueryFileW
ShellExecuteW
ord165
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteExW
DragAcceptFiles

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFileExistsA
PathIsRootA
PathCanonicalizeW
PathIsRootW
PathFileExistsW
PathIsDirectoryW

oleacc

LresultFromObject
CreateStdAccessibleObject

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imagehlp

MakeSureDirectoryPathExists

winmm

timeKillEvent
timeGetDevCaps
timeSetEvent

gdi32

MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateFontW
GetDIBits
CreateDIBSection
PtInRegion
CreateRoundRectRgn
SetPixel
CreatePolygonRgn
FillRgn
SetMapMode
SetBkMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
GetDeviceCaps
GetClipBox
Escape
DeleteObject
EnumFontFamiliesExW
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateCompatibleDC
BitBlt
CreateBitmap
GetObjectW
SetTextColor
SetViewportOrgEx
GetStockObject
SetBkColor

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

LookupAccountNameW
RegOpenKeyExW
LsaFreeMemory
LsaRetrievePrivateData
LsaNtStatusToWinError
LsaClose
LsaOpenPolicy
RegOpenKeyExA
RegQueryValueExA
RevertToSelf
ImpersonateLoggedOnUser
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
GetSidSubAuthorityCount
GetUserNameW
ControlService
UnlockServiceDatabase
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
LockServiceDatabase
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW

ole32

CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
CoInitializeSecurity
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType
VarDateFromStr
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayCreate
VariantTimeToSystemTime

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

gdiplus

GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsCount
GdipGetImageWidth
GdipGetImageHeight
GdipDeletePath
GdipDrawPath
GdipDeletePen
GdipCreatePen1
GdipResetClip
GdipSetClipPath
GdipAddPathEllipseI
GdipResetPath
GdipDrawImageRectRect
GdipSetSmoothingMode
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromStream
GdipCreateSolidFill
GdipDeleteBrush
GdipFillPath
GdipSetPenDashStyle
GdipDrawLineI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDrawString
GdipCreatePath
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipAddPathRectangleI

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

ws2_32

inet_addr
WSAGetLastError
htons
shutdown
setsockopt
WSACleanup
recv
socket
closesocket
gethostbyname
send
WSASetLastError
bind
getpeername
getsockname
getsockopt
ntohs
getaddrinfo
freeaddrinfo
accept
listen
WSAStartup
connect
ioctlsocket
recvfrom
sendto
gethostname
select
__WSAFDIsSet

iphlpapi

GetAdaptersInfo

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA

wlanapi

WlanGetProfileList
WlanFreeMemory
WlanEnumInterfaces
WlanOpenHandle
WlanCloseHandle
WlanGetProfile

rpcrt4

UuidToStringW
UuidFromStringW
RpcStringFreeW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

crypt32

CryptStringToBinaryW
CryptUnprotectData

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 766KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 506KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27.1MB - Virtual size: 27.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff4a38cde9aa1454aa7012883d070b73

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

oleacc

version

imagehlp

winmm

gdi32

winspool.drv

advapi32

ole32

oleaut32

msimg32

comctl32

gdiplus

imm32

ws2_32

iphlpapi

wininet

wlanapi

rpcrt4

setupapi

crypt32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 766KB - Virtual size: 765KB

.data Size: 225KB - Virtual size: 276KB

.vmp0 Size: 506KB - Virtual size: 506KB

.reloc Size: 241KB - Virtual size: 241KB

.rsrc Size: 27.1MB - Virtual size: 27.1MB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 766KB - Virtual size: 765KB

.data
Size: 225KB - Virtual size: 276KB

.vmp0
Size: 506KB - Virtual size: 506KB

.reloc
Size: 241KB - Virtual size: 241KB

.rsrc
Size: 27.1MB - Virtual size: 27.1MB