185a1b1696220405765a9cf9b0d89d1b2b6735646fe8349a8902608a3f3fd158

Sharing

Copy URL

Twitter E-mail

General

Target

185a1b1696220405765a9cf9b0d89d1b2b6735646fe8349a8902608a3f3fd158
Size

4.8MB
MD5

29827004af906ef3369efbb2bf1f90f3
SHA1

00b8f3303fc1b7d7a9a80014bcae9fb9b53199e6
SHA256

185a1b1696220405765a9cf9b0d89d1b2b6735646fe8349a8902608a3f3fd158
SHA512

57d252f8f720ba48564f82a7ca5a6217a542a305b7d3f33d7e536d0d602f994ee98cf1e8a7537889affd2e9f3e0c30bc2e3692f6851d6026e61f2ed5dcc90de9
SSDEEP

98304:BR28rpxG9w/5ptahTLU+SaTjLL5dAkI6CKLHXrocDIjUuJcTb:umyMahHU+Sa3577CIH7ocGe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
185a1b1696220405765a9cf9b0d89d1b2b6735646fe8349a8902608a3f3fd158

Files

185a1b1696220405765a9cf9b0d89d1b2b6735646fe8349a8902608a3f3fd158
.exe windows:5 windows x86 arch:x86

e180d17cd681cdf0b98cc0ebf6395405

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\March\branches\stable6.0\Output\Release\March.pdb

Imports

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW
PathIsRelativeW
PathStripPathW
PathRemoveExtensionW
PathAddBackslashW

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipDeletePath
GdipFillRectangle
GdipDrawLineI
GdipDrawBezierI
GdipDrawRectangleI
GdipDrawPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipScaleMatrix
GdipMeasureString
GdipFillPath
GdipFillEllipseI
GdipDrawEllipseI
GdipDrawString
GdipDeleteFont
GdipTransformPath
GdipIsOutlineVisiblePathPointI
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipIsVisiblePathPointI
GdipGetPathWorldBoundsI
GdipAddPathPolygonI
GdipAddPathPieI
GdipAddPathArcI
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipAddPathCurveI
GdipAddPathBezierI
GdipAddPathLine2I
GdipAddPathLineI
GdipClosePathFigure
GdipDeleteStringFormat
GdipGetPathFillMode
GdipSetPathFillMode
GdipResetPath
GdipClonePath
GdipCreatePath
GdipCreateTexture
GdipCreateBitmapFromHBITMAP
GdipCreateSolidFill
GdipGetPenDashStyle
GdipSetPenDashStyle
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenColor
GdipGetPenWidth
GdipSetPenWidth
GdipClonePen
GdipLoadImageFromFile
GdipImageRotateFlip
GdipDrawImageRect
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipCreatePen2
GdipSetLineBlend
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRect
GdipDrawArc
GdipDeletePen
GdipCreatePen1
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusStartup
GdipSetStringFormatTrimming
GdipDeleteMatrix
GdipCreateMatrix
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipSetStringFormatLineAlign
GdiplusShutdown
GdipStartPathFigure

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

winmm

timeSetEvent
timeGetTime
timeKillEvent

msimg32

AlphaBlend

crypt32

CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CertGetNameStringW
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertFreeCertificateContext
CryptMsgClose
CertGetNameStringA
CertCreateCertificateContext
CertFreeCertificateChainEngine
CertGetCertificateContextProperty
CertFreeCertificateChain
CertDuplicateCertificateContext
CertGetCertificateChain
CertOpenStore

wldap32

ord26
ord22
ord41
ord50
ord32
ord60
ord211
ord46
ord217
ord143
ord27
ord33
ord35
ord45
ord79
ord30
ord200
ord301

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
setsockopt
ioctlsocket
freeaddrinfo
htons
htonl
getsockopt
WSARecv
WSAAddressToStringW
connect
ntohs
getsockname
getpeername
getaddrinfo
WSASocketW
WSASetLastError
listen
shutdown
gethostname
sendto
recvfrom
recv
socket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSASend
WSACreateEvent
WSACloseEvent
send
__WSAFDIsSet
accept
bind
WSAIoctl
closesocket
ntohl
select

kernel32

GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
CreateTimerQueueTimer
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetExitCodeThread
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
SetConsoleCtrlHandler
ExitThread
InitializeSListHead
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
ExitProcess
GetACP
GetConsoleCP
HeapFree
HeapAlloc
CreateTimerQueue
SignalObjectAndWait
CreateThread
GetThreadPriority
GetThreadTimes
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FlushFileBuffers
GetFileAttributesExW
SetStdHandle
GetLogicalProcessorInformation
SetEndOfFile
GetFullPathNameW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
HeapSize
SetUnhandledExceptionFilter
GetFileType
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GlobalMemoryStatus
ConvertFiberToThread
DeleteFiber
GetModuleHandleExW
FindClose
GetSystemTimeAsFileTime
FileTimeToSystemTime
VirtualQuery
GetVersionExW
TryEnterCriticalSection
GetCurrentThreadId
SetThreadPriority
ResetEvent
GetEnvironmentVariableW
SystemTimeToFileTime
LoadLibraryW
GetFileAttributesW
MulDiv
GlobalSize
GetCurrentDirectoryW
GlobalFree
GetFileSizeEx
DeleteFileW
WriteFile
CreateFileW
MultiByteToWideChar
CloseHandle
WideCharToMultiByte
GetTickCount
InterlockedExchange
EnterCriticalSection
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateMutexW
PostQueuedCompletionStatus
GetLastError
TlsAlloc
InterlockedExchangeAdd
RaiseException
DecodePointer
LocalFree
DeleteCriticalSection
InterlockedIncrement
TlsFree
FormatMessageA
CreateDirectoryW
ReadFile
SetFilePointer
GetFileSize
SizeofResource
GetModuleFileNameW
WaitForSingleObject
FreeResource
CreateEventW
SetEvent
GetDiskFreeSpaceExW
GlobalAlloc
LoadResource
FindResourceW
GetProcAddress
GlobalLock
GetCurrentProcessId
GetModuleHandleW
GlobalUnlock
SetFileTime
LocalFileTimeToFileTime
CreateFileA
DosDateTimeToFileTime
GetFileTime
GetCurrentProcess
ExpandEnvironmentStringsW
GetTempPathW
GetWindowsDirectoryW
GetDriveTypeW
SetWaitableTimer
TlsSetValue
SetLastError
CreateWaitableTimerW
InterlockedCompareExchange
WaitForMultipleObjects
GetQueuedCompletionStatus
GetModuleHandleA
Sleep
TerminateThread
QueueUserAPC
SleepEx
TlsGetValue
CreateIoCompletionPort
QueryPerformanceCounter
InitializeCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
FormatMessageW
MoveFileExA
GetEnvironmentVariableA
GetStdHandle
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoW

user32

WaitMessage
GetUserObjectInformationW
MessageBoxW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetQueueStatus
TranslateMessage
GetDesktopWindow
FindWindowW
GetParent
MapWindowPoints
GetClipboardData
IsClipboardFormatAvailable
GetAsyncKeyState
GetSysColor
GetProcessWindowStation
PostMessageW
UnregisterClassW
EnableWindow
KillTimer
SetTimer
PostQuitMessage
SetClipboardData
BringWindowToTop
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowTextW
GetCursorPos
PtInRect
GetClientRect
ScreenToClient
DefWindowProcW
DestroyWindow
ReleaseDC
LoadCursorW
RegisterClassW
GetClassInfoExW
RegisterClassExW
SetWindowLongW
IsWindow
CreateWindowExW
GetWindowLongW
GetWindow
SetFocus
ShowWindow
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
IsIconic
SetWindowPos
LoadImageW
GetSystemMetrics
SendMessageW
CallWindowProcW
SetPropW
GetPropW
GetDC
InvalidateRect
GetKeyState
GetFocus
SetCapture
ReleaseCapture
BeginPaint
EndPaint
MoveWindow
GetUpdateRect
IsRectEmpty
IntersectRect
UpdateLayeredWindow
OffsetRect
UnionRect
SetCursor
CharNextW
IsZoomed
MonitorFromPoint
SetWindowRgn
IsWindowVisible
SetForegroundWindow
ClientToScreen

gdi32

ExtSelectClipRgn
CreateRectRgnIndirect
GetObjectA
SetStretchBltMode
SetWindowOrgEx
GetWindowOrgEx
RestoreDC
SaveDC
DeleteDC
CreateCompatibleDC
StretchBlt
CreateDIBSection
GetDeviceCaps
CreateRoundRectRgn
BitBlt
SelectObject
DeleteObject
CreateFontIndirectW
GetObjectW
GetStockObject

advapi32

CryptHashData
CryptGetHashParam
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptReleaseContext
CryptGetUserKey
CryptAcquireContextA
CryptGetProvParam
CryptSetHashParam
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptCreateHash

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteA
ShellExecuteExW
SHCreateDirectoryExW

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e180d17cd681cdf0b98cc0ebf6395405

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

comctl32

gdiplus

imm32

winmm

msimg32

crypt32

wldap32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 541KB - Virtual size: 540KB

.data Size: 60KB - Virtual size: 75KB

.rsrc Size: 6.6MB - Virtual size: 6.6MB

.reloc Size: 109KB - Virtual size: 109KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 541KB - Virtual size: 540KB

.data
Size: 60KB - Virtual size: 75KB

.rsrc
Size: 6.6MB - Virtual size: 6.6MB

.reloc
Size: 109KB - Virtual size: 109KB