c34476e289c48a6c45524d6d8f5249caedf79e111724a79d0dccc10fcfe060aeN

Sharing

Copy URL Twitter E-mail

General

Target

c34476e289c48a6c45524d6d8f5249caedf79e111724a79d0dccc10fcfe060aeN
Size

9.8MB
MD5

240dd1fad223044a8d4bcd442fe54110
SHA1

7be0b0dfd9dd226adc2879f21b132783da4a7031
SHA256

c34476e289c48a6c45524d6d8f5249caedf79e111724a79d0dccc10fcfe060ae
SHA512

3de1a6edce67fe3a31d1e3181a55c044581adf892cc96e3ea8e0fc6d8a64b7eb228aed8a7f843a18fac3ba168cbc01641eec98d16571ab2e6ab6ada11da9d356
SSDEEP

98304:UaqiM1slnyES2B1Ty6c1DPni7aeeKhXcyboWU0qfRyPOiwJsv6tWKFdu9CHDy4:v2slnyuB7aeVQfRFiwJsv6tWKFdu9CH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c34476e289c48a6c45524d6d8f5249caedf79e111724a79d0dccc10fcfe060aeN

Files

c34476e289c48a6c45524d6d8f5249caedf79e111724a79d0dccc10fcfe060aeN
.exe windows:5 windows x86 arch:x86

911b75962e71d864eafdabc53b263fbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
InitializeAcl
CopySid
RegSetValueExW
RegNotifyChangeKeyValue
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
InitializeSecurityDescriptor

ole32

CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoCreateGuid
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoInitialize
CoCreateInstance
CoUninitialize
StringFromGUID2

gdi32

CreateDCW
EnumFontFamiliesExW
CreateFontIndirectW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
CreateCompatibleBitmap
GetTextFaceW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
OffsetRgn
BitBlt
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
CombineRgn
SetDeviceGammaRamp
GetDeviceGammaRamp
GetDeviceCaps
CreateBitmap
GetObjectW
GetDIBits

imm32

ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd

shell32

ShellExecuteExA
Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
CommandLineToArgvW

user32

CreateCursor
LoadCursorW
GetCursor
SetCursorPos
SetMenuItemInfoW
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
SetCaretPos
HideCaret
DestroyCaret
CreateCaret
GetKeyboardLayout
GetAsyncKeyState
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
DestroyCursor
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsIconic
RealGetWindowClassW
EnumWindows
GetWindowTextW
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
RegisterClassW
GetCursorInfo
GetDC
ReleaseDC
GetSystemMenu
EnableMenuItem
RegisterWindowMessageW
SendMessageW
DefWindowProcW
IsWindowVisible
SetWindowPlacement
CreateIconIndirect
GetIconInfo
CreateWindowExW
DestroyWindow
GetSystemMetrics
GetWindowThreadProcessId
DestroyIcon
GetSysColor
SystemParametersInfoW
SetWindowRgn
GetDoubleClickTime
MessageBeep
GetCaretBlinkTime
GetDesktopWindow
PostMessageW
AttachThreadInput
IsChild
ShowWindow
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
CharNextExA
PostThreadMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
MessageBoxW
DrawIconEx
TranslateMessage
DispatchMessageW
GetQueueStatus

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

kernel32

HeapReAlloc
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
HeapAlloc
HeapFree
AreFileApisANSI
RtlUnwind
RaiseException
GetStringTypeW
DecodePointer
EncodePointer
VirtualFree
VirtualAlloc
CreateMutexW
ReleaseMutex
LoadLibraryExW
ExitThread
SetFileAttributesW
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
EnumSystemLocalesW
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetProcessHeap
GetModuleFileNameA
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
GetModuleHandleExW
FindNextFileW
FindFirstFileExW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
WideCharToMultiByte
MoveFileExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteFile
SetFilePointerEx
SetEndOfFile
ReadFile
GetFileType
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MoveFileW
CopyFileW
SetErrorMode
GetTempPathW
RemoveDirectoryW
GetLogicalDrives
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetFileAttributesExW
GetExitCodeProcess
TerminateProcess
SetFilePointer
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStartupInfoW
WriteFileEx
GetModuleHandleA
SleepEx
SetEnvironmentVariableA
WriteConsoleW
GetCommandLineA
VerSetConditionMask
VerifyVersionInfoW
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
GetLastError
WaitForSingleObject
GetCurrentProcess
Wow64EnableWow64FsRedirection
GetVolumeInformationA
GetModuleFileNameW
MultiByteToWideChar
OpenProcess
GetModuleHandleW
lstrcmpW
GetVolumeInformationW
GetLongPathNameW
GetDriveTypeW
GetCurrentThreadId
LocalFree
FormatMessageW
IsValidLanguageGroup
IsValidLocale
ExpandEnvironmentStringsW
CreateProcessW
GetUserDefaultLangID
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoW
GlobalSize
GetCurrentProcessId
GetConsoleWindow
ExitProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateFileW
DeviceIoControl
DisconnectNamedPipe
WaitNamedPipeW
CreateEventW
GlobalFree
WaitForMultipleObjects
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
SetEvent
ResetEvent
LoadLibraryW
SetHandleInformation
CompareStringW
GetUserDefaultLCID
GetCommandLineW
OutputDebugStringW
GetSystemTime
GetLocalTime
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
GetSystemDirectoryW
LCMapStringW
DuplicateHandle
Sleep
SwitchToThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultUILanguage
ReadFileEx
PeekNamedPipe
CancelIo

ws2_32

WSAAsyncSelect
WSACleanup
WSAStartup
gethostname
gethostbyname
gethostbyaddr
inet_addr
WSASocketW
WSASendTo
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
WSAAccept
WSAGetLastError
setsockopt
select
ntohl
listen
htons
getsockname
closesocket
bind
__WSAFDIsSet
getsockopt
htonl
getpeername

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

911b75962e71d864eafdabc53b263fbe

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

gdi32

imm32

shell32

user32

iphlpapi

kernel32

ws2_32

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 2.9MB - Virtual size: 2.9MB

.data Size: 54KB - Virtual size: 99KB

.qtmetad Size: 1KB - Virtual size: 1KB

_RDATA Size: 512B - Virtual size: 292B

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 213KB - Virtual size: 212KB

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 54KB - Virtual size: 99KB

.qtmetad
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 512B - Virtual size: 292B

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 213KB - Virtual size: 212KB