d7c5f0b0642012effdf3d13f08377169bf9d001930ef1c99c789cc421f119da9

Sharing

Copy URL Twitter E-mail

General

Target

d7c5f0b0642012effdf3d13f08377169bf9d001930ef1c99c789cc421f119da9
Size

12.8MB
MD5

48272c207c2171ef70ff7d4580cd1c18
SHA1

b3bf2049973bdaf96496c14afae789e1401c0004
SHA256

d7c5f0b0642012effdf3d13f08377169bf9d001930ef1c99c789cc421f119da9
SHA512

8821108ff14cf6a842fa234ef5e15d124e56a26d4d83ae0cb4dfbed9fb33510e848dacd173fc74043ae255d23dcaafcecdc969e2e057a1b5e7906b1577c4cdad
SSDEEP

393216:vijOiYHIaKfYzxeROPexNFkNpiRvyAwAL3v9B:vUuDzxQoiX+ilD3r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7c5f0b0642012effdf3d13f08377169bf9d001930ef1c99c789cc421f119da9

Files

d7c5f0b0642012effdf3d13f08377169bf9d001930ef1c99c789cc421f119da9
.exe windows:5 windows x86 arch:x86

d8d08f72aa57d8feb165ab677f784ee9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\pc\i4tools80\trunk\setup\i4_32or64\bin\Installer.pdb

Imports

kernel32

DeleteFileA
lstrcpyW
lstrcmpiW
GetTempPathW
WritePrivateProfileStringW
CopyFileW
OutputDebugStringW
CreateMutexW
FreeResource
DeleteFileW
RemoveDirectoryW
TerminateProcess
OpenProcess
GetPrivateProfileStringW
GetModuleFileNameW
GetEnvironmentVariableW
FindNextFileW
FindClose
lstrlenW
FindFirstFileW
GetTickCount
CloseHandle
GetDiskFreeSpaceExW
CreateToolhelp32Snapshot
Process32NextW
GetSystemInfo
Module32FirstW
DeviceIoControl
Process32FirstW
GetProcAddress
SetLastError
GetLastError
MultiByteToWideChar
CreateFileW
GetVersionExW
WideCharToMultiByte
WriteFile
GetModuleHandleW
WaitForSingleObject
CreateDirectoryW
GetLogicalDriveStringsW
GetCurrentProcess
GetDriveTypeW
LockResource
SizeofResource
LoadResource
FindResourceW
FindResourceExW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
WriteConsoleW
GetFullPathNameW
CreateFileA
GetFullPathNameA
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetConsoleCP
GetLocaleInfoW
HeapCreate
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalFree
FormatMessageW
CompareFileTime
SetFileAttributesW
SetFileTime
GetFileAttributesW
MoveFileExW
LocalFileTimeToFileTime
VirtualAlloc
VirtualFree
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
GetFileSize
GetCurrentDirectoryW
LoadLibraryW
GetACP
MulDiv
ExitProcess
SetFilePointer
SystemTimeToFileTime
VerifyVersionInfoW
VerSetConditionMask
lstrcpynW
GetLocalTime
FreeLibrary
GetSystemDirectoryW
QueryPerformanceFrequency
SleepEx
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
GetSystemTime
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedExchangeAdd
DeleteFiber
SwitchToFiber
CreateFiber
GetModuleHandleExW
GetVersion
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
ExitThread
CreateThread
FindFirstFileExW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
RtlUnwind
LCMapStringW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileExA
GetFileAttributesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetOEMCP
IsValidCodePage
SetHandleCount
IsProcessorFeaturePresent

user32

DrawTextW
GetKeyState
SetWindowPos
SetWindowLongW
GetWindowLongW
InvalidateRect
UnionRect
IsWindow
SetCapture
ReleaseCapture
ScreenToClient
GetWindowRect
LoadImageW
GetCursorPos
DestroyWindow
IsZoomed
SetFocus
GetFocus
CreateWindowExW
MapWindowPoints
GetSysColor
GetMonitorInfoW
MonitorFromWindow
IsWindowVisible
GetUpdateRect
EndPaint
BeginPaint
GetWindow
GetActiveWindow
IsIconic
GetParent
DispatchMessageW
TranslateMessage
GetMessageW
InflateRect
SetCursor
LoadCursorW
DefWindowProcW
EnableWindow
GetSystemMetrics
CallWindowProcW
GetPropW
RegisterClassW
IsRectEmpty
GetClassInfoExW
SetWindowRgn
MessageBoxW
PtInRect
UpdateLayeredWindow
IsWindowEnabled
CreateCaret
HideCaret
ShowCaret
GetWindowRgn
GetCaretPos
DestroyMenu
TrackPopupMenu
EnableMenuItem
AppendMenuW
CreatePopupMenu
GetCaretBlinkTime
InvalidateRgn
GetGUIThreadInfo
CreateAcceleratorTableW
UpdateWindow
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
SetWindowTextW
SetForegroundWindow
DrawTextA
wsprintfA
GetWindowTextW
GetWindowTextLengthW
EqualRect
GetUserObjectInformationW
GetProcessWindowStation
MoveWindow
GetClientRect
ClientToScreen
KillTimer
SetTimer
wsprintfW
PostQuitMessage
ShowWindow
ReleaseDC
GetDC
PostMessageW
SendMessageW
CharNextW
SetRect
CharPrevW
FillRect
IntersectRect
OffsetRect
RegisterClassExW
CharPrevExA
SetPropW
SetCaretPos

gdi32

GetTextExtentPointA
CreatePatternBrush
CreateFontIndirectW
GetTextMetricsW
GdiFlush
GetObjectA
SetBkMode
SetBitmapBits
GetBitmapBits
CreateRectRgn
PtInRegion
SaveDC
RestoreDC
Rectangle
CreateEnhMetaFileW
CloseEnhMetaFile
SetWindowOrgEx
RemoveFontMemResourceEx
SetTextColor
DeleteObject
AddFontMemResourceEx
CreatePen
CreateDIBitmap
SetBkColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
CreatePenIndirect
MoveToEx
LineTo
SelectClipRgn
CreateCompatibleBitmap
CreateSolidBrush
SetStretchBltMode
CreateCompatibleDC
CreateDIBSection
SelectObject
StretchBlt
BitBlt
GetEnhMetaFileHeader
GetDeviceCaps
PlayEnhMetaFile
GetStockObject
DeleteDC
CreateRoundRectRgn
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
GetObjectW

advapi32

AdjustTokenPrivileges
CryptExportKey
CryptDestroyHash
CryptSignHashW
CryptSetHashParam
CryptCreateHash
CryptDecrypt
CryptGetProvParam
CryptDestroyKey
CryptEnumProvidersW
RegDeleteKeyW
RegOpenKeyW
RegSetValueW
RegCreateKeyW
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptGetUserKey

shell32

DragQueryFileW
SHCreateDirectoryExW
SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW

ole32

CLSIDFromString
CLSIDFromProgID
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantClear
VariantCopy
SysAllocStringLen
VariantInit

shlwapi

PathFileExistsW
PathAddBackslashW
PathCombineW
SHDeleteKeyW
PathFindFileNameW
PathIsDirectoryEmptyW
SHCreateStreamOnFileEx

wininet

HttpSendRequestW
InternetConnectW
HttpOpenRequestW
InternetOpenW

ws2_32

gethostbyname
gethostname
WSAStartup
getnameinfo
shutdown
ioctlsocket
htonl
getaddrinfo
freeaddrinfo
__WSAFDIsSet
select
closesocket
send
WSAGetLastError
listen
accept
WSACreateEvent
WSAEventSelect
WSACloseEvent
WSAEnumNetworkEvents
recvfrom
sendto
WSASetLastError
WSACleanup
recv
WSAIoctl
getsockname
ntohs
bind
htons
getsockopt
getpeername
socket
connect
setsockopt

wldap32

ord14
ord219
ord147
ord26
ord133
ord145
ord208
ord117
ord127
ord142
ord79
ord167
ord216
ord46
ord41
ord27
ord301

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdiplus

GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCreatePath
GdipDeletePath
GdipDeleteGraphics
GdipDeleteFont
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCreateSolidFill
GdipSetPenMode
GdipSetStringFormatFlags
GdipAlloc
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipAddPathLine
ord1
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectI
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipFree
GdipSetStringFormatAlign

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

crypt32

CertCloseStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228.4MB - Virtual size: 228.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 707KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8d08f72aa57d8feb165ab677f784ee9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

ws2_32

wldap32

comctl32

gdiplus

imm32

crypt32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 620KB - Virtual size: 620KB

.data Size: 31KB - Virtual size: 82KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 228.4MB - Virtual size: 228.4MB

.reloc Size: 707KB - Virtual size: 706KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 620KB - Virtual size: 620KB

.data
Size: 31KB - Virtual size: 82KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 228.4MB - Virtual size: 228.4MB

.reloc
Size: 707KB - Virtual size: 706KB