03a4fc438914a5161bb15b6f48aae1dcde689bae9f623efccfce608839c57697N

Sharing

Copy URL Twitter E-mail

General

Target

03a4fc438914a5161bb15b6f48aae1dcde689bae9f623efccfce608839c57697N
Size

6.6MB
MD5

33f95305cb6f664957d054a42a1805e0
SHA1

1ab13f00217c6f013b76fffd4b40a6ec23f428bd
SHA256

03a4fc438914a5161bb15b6f48aae1dcde689bae9f623efccfce608839c57697
SHA512

e83b66736c7f8390fcbc3d24fcc41a0d5f5576685c28ffb2bbe2ad62e8af08210facc17e7b91c49e963adc2cc237c20ba165353480ace795579922f35f3d82fe
SSDEEP

98304:0UXQj9mdgHoeoc12tVftjW08AVAlV4KE2icyazup:2HoeoOY008AOlVj49Qup

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03a4fc438914a5161bb15b6f48aae1dcde689bae9f623efccfce608839c57697N

Files

03a4fc438914a5161bb15b6f48aae1dcde689bae9f623efccfce608839c57697N
.exe windows:5 windows x64 arch:x64

958bfe1a6464970b3ad53ec915c7b7a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetTokenInformation
SetSecurityDescriptorDacl
RevertToSelf
ReportEventW
RegisterEventSourceW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
LookupAccountSidW
LookupAccountNameW
IsValidSid
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetTokenInformation
FreeSid
EqualSid
DuplicateTokenEx
DuplicateToken
DeregisterEventSource
AllocateAndInitializeSid
AdjustTokenPrivileges
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumServicesStatusW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaNtStatusToWinError
LsaRetrievePrivateData
LsaOpenPolicy
LsaClose
LsaFreeMemory
ConvertSidToStringSidW
CreateProcessAsUserW

user32

MessageBoxA
CharNextW
LoadStringW
GetWindowLongPtrW
wvsprintfW
WindowFromPoint
UnhookWindowsHookEx
TranslateMessage
SystemParametersInfoW
SetWindowsHookExW
SetThreadDesktop
SetProcessWindowStation
SendMessageA
SendMessageW
ReleaseDC
PostThreadMessageW
PeekMessageW
OpenWindowStationW
OpenDesktopW
OemToCharBuffW
OemToCharBuffA
OemToCharA
MsgWaitForMultipleObjects
MessageBoxIndirectW
MessageBoxW
LoadStringW
LoadIconW
IsWindowVisible
IsWindowUnicode
IsWindow
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetSystemMetrics
GetSysColor
GetProcessWindowStation
GetParent
GetMessageW
GetLastInputInfo
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetGUIThreadInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDC
GetCursorInfo
GetCursor
GetClipboardData
GetClassNameW
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindowStationsW
EnumDesktopsW
DrawTextExW
DrawTextW
DrawIconEx
DrawFocusRect
DispatchMessageW
DestroyIcon
CreateIcon
CloseWindowStation
CloseDesktop
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CallNextHookEx
CharLowerBuffA
CharUpperBuffA
CharToOemBuffA
CharToOemA
ToUnicodeEx

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenW
lstrcpynW
lstrcpyW
lstrcmpiA
lstrcmpiW
lstrcatW
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitNamedPipeW
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAllocEx
VirtualAlloc
VerLanguageNameW
UnmapViewOfFile
UnlockFile
TransactNamedPipe
SystemTimeToFileTime
SwitchToThread
SuspendThread
SleepEx
Sleep
SetWaitableTimer
SetVolumeLabelW
SetThreadPriority
SetNamedPipeHandleState
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
SetConsoleTitleW
SetCommTimeouts
SetCommState
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
ReadConsoleInputW
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
PurgeComm
PeekNamedPipe
OpenProcess
OpenMutexW
OpenFileMappingW
OpenEventW
MulDiv
MoveFileExW
MoveFileW
MapViewOfFile
LockFile
LocalFree
LocalFileTimeToFileTime
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapFree
HeapAlloc
GlobalUnlock
GlobalMemoryStatusEx
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetTempFileNameW
GetSystemPowerStatus
GetSystemDirectoryW
GetSystemDefaultLangID
GetStdHandle
GetLongPathNameW
GetProcessTimes
GetProcessHeap
GetProcAddress
GetPrivateProfileIntW
GetOverlappedResult
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameW
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetExitCodeThread
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCommState
GetCPInfoExW
GetCPInfo
GetACP
FreeLibrary
FreeConsole
FormatMessageW
FlushViewOfFile
FlushFileBuffers
FindNextFileW
FindNextChangeNotification
FindFirstFileW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DuplicateHandle
DisconnectNamedPipe
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateWaitableTimerW
CreateRemoteThread
CreateProcessW
CreateNamedPipeW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileExW
CopyFileW
ConnectNamedPipe
CompareStringA
CompareStringW
CloseHandle
CancelWaitableTimer
CancelIo
AllocConsole
Sleep
GetUserDefaultUILanguage
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
SetThreadExecutionState

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetWinMetaFileBits
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
RoundRect
Rectangle
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutW
ExtFloodFill
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetGetLastErrorW
WNetCancelConnection2W
WNetAddConnection2W

ole32

CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

msvcrt

memset
memcpy

shell32

SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer

oleacc

GetRoleTextW
AccessibleObjectFromPoint

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winmm

waveInUnprepareHeader
waveInStop
waveInStart
waveInReset
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveInGetErrorTextW
waveInGetDevCapsW
waveInClose
waveInAddBuffer

quartz

AMGetErrorTextW

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 45KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 432B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

958bfe1a6464970b3ad53ec915c7b7a0

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

version

mpr

ole32

msvcrt

shell32

secur32

oleacc

userenv

winmm

quartz

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.data Size: 3.4MB - Virtual size: 3.4MB

.bss Size: - Virtual size: 45KB

.idata Size: 18KB - Virtual size: 18KB

.didata Size: 1024B - Virtual size: 806B

.tls Size: - Virtual size: 432B

.rdata Size: 512B - Virtual size: 40B

.pdata Size: 147KB - Virtual size: 146KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 3.4MB - Virtual size: 3.4MB

.bss
Size: - Virtual size: 45KB

.idata
Size: 18KB - Virtual size: 18KB

.didata
Size: 1024B - Virtual size: 806B

.tls
Size: - Virtual size: 432B

.rdata
Size: 512B - Virtual size: 40B

.pdata
Size: 147KB - Virtual size: 146KB

.rsrc
Size: 17KB - Virtual size: 16KB