b1bb32886a961da96739a56b25b050cbbb22204f41a5a8d5db4f75b5b651901d

Sharing

Copy URL

Twitter E-mail

General

Target

b1bb32886a961da96739a56b25b050cbbb22204f41a5a8d5db4f75b5b651901d
Size

3.9MB
MD5

58b18fca47c6e5dd3c4c17d4b80b776c
SHA1

bcf6f10b61819e4d323b3705b39cb066c63ac6d1
SHA256

b1bb32886a961da96739a56b25b050cbbb22204f41a5a8d5db4f75b5b651901d
SHA512

bb474753180406d40e1130e34d30e50ebb804ffc1fa7b8bafd49e91b4a52dc1869f40c5fca7b284512cf2c22efb0d66d1ddb9610e6a4c00cf0493f75d04a4cfd
SSDEEP

98304:/g9zTxNM1UgFPmig+C1Ub47wnb4HVdQk:/+TxcVuig+C88HzQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1bb32886a961da96739a56b25b050cbbb22204f41a5a8d5db4f75b5b651901d

Files

b1bb32886a961da96739a56b25b050cbbb22204f41a5a8d5db4f75b5b651901d
.exe windows:6 windows x86 arch:x86

c8698c49ffcb072d8642b7ad6bc492b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files (x86)\semDownloaderPackageTool\newdownloader\Release\newdownloader.pdb

Imports

kernel32

GetCurrentDirectoryW
GetFileSize
ExitProcess
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
GetFileAttributesW
MulDiv
GetLocalTime
GlobalAlloc
GlobalUnlock
GlobalLock
HeapSize
GetTimeZoneInformation
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
SetStdHandle
FlushFileBuffers
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetPrivateProfileStringW
GetFileSizeEx
HeapFree
SwitchToFiber
GetConsoleOutputCP
SetConsoleCtrlHandler
ConvertThreadToFiber
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RaiseException
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetACP
VirtualFree
FormatMessageA
LoadLibraryA
GetSystemDirectoryA
TlsFree
TlsSetValue
TlsGetValue
ConvertFiberToThread
GetModuleHandleExW
FindNextFileW
FindFirstFileW
FindClose
TlsAlloc
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
SystemTimeToFileTime
GetSystemTime
CreateFiber
FileTimeToSystemTime
DeleteFiber
GetVersionExA
MultiByteToWideChar
GetModuleFileNameW
CreateThreadpoolWork
lstrcpyW
GetModuleHandleW
MoveFileExW
SetFilePointerEx
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
ExpandEnvironmentStringsA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VerifyVersionInfoW
GetModuleHandleA
VerSetConditionMask
SleepEx
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetCurrentProcessId
GetEnvironmentVariableA
GetSystemTimeAsFileTime
CompareFileTime
FormatMessageW
SetLastError
LoadLibraryW
FreeLibrary
GetSystemDirectoryW
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DosDateTimeToFileTime
CreateProcessW
OutputDebugStringW
LocalFileTimeToFileTime
SetFileTime
WritePrivateProfileStringW
CreateDirectoryW
lstrcmpW
WideCharToMultiByte
GetProcAddress
SubmitThreadpoolWork
GetSystemInfo
GetNativeSystemInfo
DeleteFileW
lstrcatW
Sleep
SetEndOfFile
GetCurrentProcess
CloseThreadpoolWork
CloseHandle
ReadFile
GetLastError
CreateFileW
SetFilePointer
WriteFile
HeapAlloc
WriteConsoleW

user32

GetActiveWindow
SetProcessDPIAware
MessageBoxA
GetDC
LoadImageW
UpdateWindow
PostQuitMessage
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
MessageBoxW
KillTimer
SetWindowLongW
FindWindowW
SetTimer
SendMessageW
SetWindowPos
GetProcessWindowStation
GetUserObjectInformationW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
CreateWindowExW
IsWindow
DestroyWindow
IsWindowVisible
IsIconic
CharNextW
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
PtInRect
GetWindowLongW
GetParent
GetWindow
wvsprintfW
SetCursor
OffsetRect
LoadCursorW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
ShowWindow
EnableWindow
SetPropW
GetPropW
MonitorFromWindow
GetMonitorInfoW
IsZoomed
SetWindowRgn
CharPrevW
DrawTextW
GetCaretBlinkTime
FillRect
SetRect
CreatePopupMenu
AppendMenuW
GetSysColor
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
TrackPopupMenu
SetForegroundWindow
CreateCaret

gdi32

GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
LineTo
RestoreDC
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
MoveToEx
TextOutW
GdiFlush
GetObjectA
SaveDC
CreatePatternBrush

advapi32

CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
SystemFunction036
RegCloseKey
RegCreateKeyExW
RegSetValueExW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptSignHashW
CryptEnumProvidersW
CryptDestroyKey

shell32

SHGetSpecialFolderPathW
ord165
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CLSIDFromString

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

shlwapi

PathFileExistsW
PathRemoveFileSpecW

gdiplus

GdipGetImageHeight
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRect
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDrawImageI
GdipAlloc
GdipDrawLine
GdipSetPenEndCap
GdipSetPenStartCap
GdipDeletePen
GdipCreatePen2
GdipSetSolidFillColor
GdipGetFamily
GdipDeleteFontFamily
GdipDrawImageRectI
GdipDrawImage
GdipGraphicsClear
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipGetImageGraphicsContext
GdipCreateLineBrushI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipFillRegion
GdipSetPageUnit
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetPathGradientFocusScales
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipDeleteBrush
GdipCloneBrush
GdipCombineRegionRegion
GdipDeleteRegion
GdipCreateRegionPath
GdipCreateRegionRect
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipFree
GdipFillRectangleI

iphlpapi

GetUnicastIpAddressTable
GetAdaptersAddresses
FreeMibTable
GetBestRoute2

bcrypt

BCryptGenRandom

comctl32

_TrackMouseEvent
ord17

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext

ws2_32

WSAStartup
WSACleanup
closesocket
htons
socket
setsockopt
WSAIoctl
__WSAFDIsSet
select
WSAGetLastError
htonl
ntohs
getservbyname
accept
bind
getsockname
listen
recvfrom
sendto
connect
getpeername
recv
getservbyport
ioctlsocket
gethostbyname
inet_addr
inet_ntoa
gethostbyaddr
shutdown
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
WSASetLastError
gethostname
ntohl

wldap32

ord79
ord142
ord167
ord26
ord301
ord147
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145
ord127
ord133
ord27

crypt32

CertGetIntendedKeyUsage
CertFindCertificateInStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertOpenStore
CertDuplicateCertificateContext
CertGetEnhancedKeyUsage
CertGetCertificateContextProperty

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 716KB - Virtual size: 715KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

unique
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8698c49ffcb072d8642b7ad6bc492b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

iphlpapi

bcrypt

comctl32

imm32

ws2_32

wldap32

crypt32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 716KB - Virtual size: 715KB

.data Size: 29KB - Virtual size: 41KB

unique Size: 512B - Virtual size: 4B

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 134KB - Virtual size: 133KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 716KB - Virtual size: 715KB

.data
Size: 29KB - Virtual size: 41KB

unique
Size: 512B - Virtual size: 4B

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 134KB - Virtual size: 133KB