689b3d562de618ed71a7a0eba0ef455a7a6af4d33fb7d78f8c6ba477b45a6ded

Sharing

Copy URL Twitter E-mail

General

Target

689b3d562de618ed71a7a0eba0ef455a7a6af4d33fb7d78f8c6ba477b45a6ded
Size

5.7MB
MD5

ff212841cabd3d86abf58c2050c264e1
SHA1

9d23ac02d3a5763854ea372e5528c5e7cd7c8355
SHA256

689b3d562de618ed71a7a0eba0ef455a7a6af4d33fb7d78f8c6ba477b45a6ded
SHA512

0396476e807537773a414f3dd360a2d15189fc615f8f9f79826266238989c7579087aab0486a28378088cfbf7eeebd1f132f73264000e65a326aa5bd995d40cd
SSDEEP

98304:WMwKZAN4aoKJNKv8UvpLoJGa4AEDeTfI9Hy1ZeZgY+94DBzWTF:WMwiaoYKv8U1cgppZ19zWTF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
689b3d562de618ed71a7a0eba0ef455a7a6af4d33fb7d78f8c6ba477b45a6ded

Files

689b3d562de618ed71a7a0eba0ef455a7a6af4d33fb7d78f8c6ba477b45a6ded
.exe windows:5 windows x86 arch:x86

b8656b2712176b8f402e2633d0a826f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

CareUEyes.pdb

Imports

winmm

timeSetEvent
mciSendStringW
timeKillEvent

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

DeleteFileW
GetFileAttributesExW
GetCurrentDirectoryW
MapViewOfFile
GetVolumeInformationW
GetFileAttributesW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
GetFileInformationByHandle
CreateToolhelp32Snapshot
GetFileSizeEx
FormatMessageW
TryEnterCriticalSection
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetVersionExW
GetSystemInfo
GetSystemDirectoryW
GetTimeZoneInformation
GetUserDefaultLangID
FindFirstChangeNotificationW
FindCloseChangeNotification
WaitForMultipleObjects
FindNextChangeNotification
Process32FirstW
Process32NextW
ResetEvent
OpenFileMappingW
IsBadReadPtr
GetSystemTime
GetCurrentDirectoryA
GetModuleFileNameA
GetVersionExA
HeapCreate
FreeResource
GetFullPathNameW
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
VerifyVersionInfoW
QueryPerformanceCounter
MoveFileExA
CompareFileTime
GetFileType
GetStdHandle
PeekNamedPipe
FormatMessageA
InterlockedDecrement
GetFileSize
WriteFile
UnmapViewOfFile
SuspendThread
lstrlenA
InterlockedIncrement
GlobalAlloc
GetThreadContext
VirtualFree
VirtualAlloc
FlushInstructionCache
VirtualProtect
GetEnvironmentVariableW
GetEnvironmentVariableA
CreateProcessW
ResumeThread
TerminateProcess
FindNextFileW
ReadProcessMemory
LoadLibraryExA
LoadLibraryA
GetComputerNameA
GetLocalTime
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
ReadConsoleA
SetConsoleMode
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetDriveTypeW
SetStdHandle
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
LocalFree
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
OutputDebugStringW
IsBadWritePtr
SetLastError
lstrcmpW
GetCurrentThreadId
ExitProcess
GlobalAddAtomA
Sleep
GetTickCount
InterlockedCompareExchange
LoadLibraryW
FindFirstFileW
FindClose
ReadFile
CreateFileW
GlobalLock
CreateFileMappingW
GlobalUnlock
MulDiv
WideCharToMultiByte
OutputDebugStringA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GetProcAddress
FreeLibrary
GetLastError
GetCurrentProcess
GetCurrentProcessId
GetCommandLineA
GetModuleHandleW
SetUnhandledExceptionFilter
VirtualQuery
GetModuleFileNameW
GetCurrentThread
LoadLibraryExW
GetModuleHandleA
CloseHandle
SetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCommandLineW
SetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
FindResourceW
lstrcmpiW
LockResource
SizeofResource
FindResourceExW
DecodePointer
RaiseException
MultiByteToWideChar
LoadResource

user32

ReleaseDC
MessageBoxW
GetActiveWindow
IsWindowVisible
GetFocus
GetParent
ShowWindow
SetWindowPos
DestroyWindow
SendMessageW
UnregisterClassW
CharNextW
PtInRect
GetDC
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindow
MsgWaitForMultipleObjects
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetClassLongW
GetClassLongW
RemovePropW
GetPropW
SetPropW
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
DrawTextW
SystemParametersInfoA
CharLowerBuffW
MapVirtualKeyA
UpdateLayeredWindow
OffsetRect
PeekMessageW
FindWindowW
GetWindowRect
MonitorFromRect
PostMessageW
UnhookWinEvent
SetWinEventHook
GetForegroundWindow
GetCursorPos
WindowFromPoint
GetMonitorInfoW
SetActiveWindow
GetUserObjectInformationW
GetProcessWindowStation
DrawIconEx
PostQuitMessage
ClientToScreen
MonitorFromWindow
CopyRect
GetSystemMetrics
BringWindowToTop
SetWindowLongW
SetForegroundWindow
MonitorFromPoint
GetAsyncKeyState
UnregisterHotKey
RegisterHotKey
EnumDisplayMonitors
ScreenToClient
GetWindowLongW
GetClassNameW
GetShellWindow
GetAncestor
GetWindowThreadProcessId
SystemParametersInfoW
AttachThreadInput
LockWorkStation
SetCursor
SetCapture
ReleaseCapture
GetDesktopWindow
CreateWindowExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
GetClientRect
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetFocus
GetWindow
IsChild
GetDlgCtrlID
GetDlgItem
GetSysColor
DestroyAcceleratorTable
FillRect
CreateAcceleratorTableW
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreatePopupMenu
IsMenu
IsWindowEnabled
EnableWindow
LoadImageW
CreateIconFromResource
LoadBitmapW
GetIconInfo
MapWindowPoints
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
UpdateWindow
GetCapture
AnimateWindow
TrackMouseEvent
SetRect
DispatchMessageW
CallWindowProcW
SetTimer
KillTimer
GetWindowLongA
SetLayeredWindowAttributes
IsIconic
EnumDisplayDevicesW
DestroyIcon
SendMessageA
GetWindowDC
GetWindowRgn
IsZoomed
SetSysColors
DestroyCursor
GetKeyState
TranslateMessage
GetMessageW
EqualRect
IsRectEmpty
UnionRect
IntersectRect
InflateRect
EnableMenuItem

gdi32

SetDeviceGammaRamp
GetObjectW
GetStockObject
DeleteDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SelectObject
SetBkMode
SaveDC
SetViewportOrgEx
CreateFontIndirectW
EnumFontsW
CreateRectRgn
CreatePen
SetROP2
CreateHatchBrush
FrameRgn
Rectangle
SetGraphicsMode
CreateRoundRectRgn
ExcludeClipRect
GetDeviceCaps
RestoreDC
ExtCreateRegion
GetRegionData
IntersectClipRect
SelectClipRgn
CreateDIBSection
GetCurrentObject
GetViewportOrgEx
CreateBitmap
StretchBlt
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextColor
SetTextAlign
GetTextMetricsW
SetWorldTransform
ExtTextOutW
GetTextFaceW
GdiFlush
BitBlt
CreateCompatibleDC
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW

comdlg32

GetOpenFileNameW
ChooseColorW

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegNotifyChangeKeyValue
RegQueryValueExW
GetUserNameA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
CryptEnumProvidersW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ord680
ShellExecuteW

ole32

CoTaskMemAlloc
CoCreateInstance
OleUninitialize
CoTaskMemRealloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemFree
OleLockRunning
IIDFromString
CoCreateGuid
CreateBindCtx
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize

oleaut32

SysAllocString
VarUI4FromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
SysAllocStringLen
SysStringLen
LoadTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
DispCallFunc
SysFreeString
LoadRegTypeLi
VarUdateFromDate

shlwapi

PathFileExistsW
PathIsDirectoryW
PathFindExtensionW
PathRemoveFileSpecW
PathAppendW
StrToIntExW
PathQuoteSpacesW

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipImageGetFrameCount
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipGraphicsClear
GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipBitmapLockBits

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW

dwmapi

DwmGetWindowAttribute

ws2_32

getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
getsockopt
htons
ntohs
setsockopt
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
shutdown
sendto
gethostname
socket
getnameinfo

iphlpapi

GetAdaptersInfo

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore

wldap32

ord208
ord41
ord46
ord145
ord216
ord14
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord301
ord133
ord147
ord219

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8656b2712176b8f402e2633d0a826f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

wtsapi32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

version

dwmapi

ws2_32

iphlpapi

imm32

crypt32

wldap32

usp10

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 92KB - Virtual size: 197KB

.rsrc Size: 361KB - Virtual size: 361KB

.reloc Size: 228KB - Virtual size: 227KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 92KB - Virtual size: 197KB

.rsrc
Size: 361KB - Virtual size: 361KB

.reloc
Size: 228KB - Virtual size: 227KB