4470c32a9444329dc0a5f87954cead943be3c9c3b6944687365c6c1dee1bee52

Sharing

Copy URL Twitter E-mail

General

Target

4470c32a9444329dc0a5f87954cead943be3c9c3b6944687365c6c1dee1bee52
Size

13.3MB
MD5

083b4a7369ccaaeee50fb11cb5f4eefe
SHA1

c74815e7c3feb4462a27afa140d81a8aa1630c12
SHA256

4470c32a9444329dc0a5f87954cead943be3c9c3b6944687365c6c1dee1bee52
SHA512

cb17fd90edbe0764e8a4aeb593cd0d222a5305a601e1addbf6fec1e78f44226580410bf96e1906534df17526e2276620967d750189f143287965e3d4ccf81e36
SSDEEP

393216:nDD/wm0GyFYa7hT2HVI6IIjYBcgFlWQNZIII23+lhOfB4QWyIPINHCx7mJ/cgCxj:sGyFYa7hTIVI6IIjYBcgFlWEZIII23+Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4470c32a9444329dc0a5f87954cead943be3c9c3b6944687365c6c1dee1bee52

Files

4470c32a9444329dc0a5f87954cead943be3c9c3b6944687365c6c1dee1bee52
.exe windows:4 windows x86 arch:x86

fca4260ffc072dc1cf530fe29dfe1298

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNW
ChrCmpIW
StrToIntExW
StrChrW
StrCmpNIW
StrStrIW
StrRChrW
PathFindExtensionW
PathIsDirectoryW
PathRemoveBackslashW
PathRenameExtensionW
PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW
PathRemoveExtensionW
PathFindFileNameW
StrChrA
PathCombineW

kernel32

GetSystemTime
GetLocalTime
HeapReAlloc
CreateThread
ExitThread
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
Sleep
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetSystemTimeAsFileTime
ReleaseSemaphore
CreateSemaphoreA
GetSystemInfo
InitializeCriticalSectionAndSpinCount
CreateFileMappingA
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
HeapSize
HeapAlloc
HeapFree
RaiseException
RtlUnwind
ExitProcess
GetStartupInfoW
GetPrivateProfileIntW
GetProcessVersion
SetErrorMode
GetCurrentProcessId
GetDriveTypeA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindResourceA
GlobalAddAtomA
GetProfileStringA
IsDBCSLeadByte
ConvertDefaultLocale
CreateMutexW
CreateFileMappingW
MapViewOfFile
ResetEvent
WaitForMultipleObjects
GetExitCodeProcess
ReleaseMutex
UnmapViewOfFile
lstrcpynA
CreateFileA
GetTickCount
CreateEventA
GetFullPathNameA
DeleteFileA
InterlockedCompareExchange
InterlockedExchange
GlobalSize
SizeofResource
LockResource
LoadResource
FindResourceW
lstrlenW
lstrlenA
lstrcmpW
GetPrivateProfileStringW
lstrcpyW
lstrcatW
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
GetVersionExW
MoveFileW
lstrcmpiW
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
GetModuleHandleW
SetThreadLocale
GetTimeZoneInformation
GetCurrentThreadId
MultiByteToWideChar
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WritePrivateProfileStringW
lstrcpynW
GetTempFileNameW
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTempPathW
CreateDirectoryW
GetCurrentDirectoryW
GetVersion
SetLastError
GetModuleHandleA
MulDiv
GetLastError
lstrcmpA
WideCharToMultiByte
DuplicateHandle
lstrcmpiA
GetCurrentThread
SystemTimeToFileTime
GetFileTime
GetFileSize
GetFileAttributesW
CreateEventW
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
LoadLibraryA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LocalFree
GetCurrentProcess
GetFullPathNameW
GetVolumeInformationW
DeleteFileW
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW

user32

SetParent
GetDCEx
DestroyMenu
GetSysColorBrush
GetDesktopWindow
SetRectEmpty
GetMessageW
ValidateRect
GetActiveWindow
CreateDialogIndirectParamW
GetCursorPos
WindowFromPoint
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
wvsprintfW
SendDlgItemMessageA
MapWindowPoints
SetActiveWindow
AdjustWindowRectEx
DeferWindowPos
MessageBoxA
GetWindowRect
ReleaseDC
GetDC
PtInRect
EqualRect
IsClipboardFormatAvailable
CloseClipboard
OpenClipboard
IsWindowVisible
GetScrollInfo
GetTopWindow
IsChild
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
DestroyWindow
SetPropW
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetForegroundWindow
IntersectRect
GetWindowPlacement
MoveWindow
GetWindowTextLengthW
SetClipboardData
EmptyClipboard
wsprintfW
EnableWindow
SetRect
GetParent
GetSystemMetrics
DrawFocusRect
GetSysColor
OffsetRect
InflateRect
DrawEdge
DrawFrameControl
CopyRect
RedrawWindow
IsWindow
SendMessageW
UnregisterClassW
GetWindowTextLengthA
HideCaret
IsDialogMessageW
SetDlgItemTextW
CharUpperW
LoadStringW
GrayStringW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
DrawTextExW
FillRect
DrawTextW
LoadIconW
RegisterWindowMessageW
DrawIcon
SetTimer
KillTimer
GetLastActivePopup
SetForegroundWindow
IsIconic
FindWindowExW
UpdateWindow
AdjustWindowRect
ClientToScreen
ShowWindow
ScreenToClient
CreateWindowExW
GetWindowTextW
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
EndDialog
MessageBeep
DestroyCursor
LockWindowUpdate
MessageBoxW
SendDlgItemMessageW
SetWindowsHookExW
CallNextHookEx
GetDlgCtrlID
UnhookWindowsHookEx
GetClassNameW
SetWindowTextW
GetDlgItem
PeekMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
GetWindow
PostMessageW
GetFocus
IsWindowEnabled
SetFocus
GetKeyState
GetWindowLongW
SetCursor
LoadImageW
DestroyIcon
SetWindowPos
SetWindowLongW
LoadCursorW
SystemParametersInfoW
GetMessagePos
InvalidateRect
ReleaseCapture
GetClientRect
GetCapture
SetCapture
CharNextW
GetPropA
SetPropA
SetWindowLongA
GetClassNameA
IsWindowUnicode
SendMessageA
GetWindowLongA
SetWindowsHookExA
RemovePropA
CallWindowProcA
CharNextA
DefWindowProcA
DefDlgProcA
GetClassInfoA
DrawTextA
ModifyMenuW

gdi32

Rectangle
SetStretchBltMode
SetBrushOrgEx
StretchDIBits
SetDIBitsToDevice
CreateDIBitmap
DeleteObject
CreateHalftonePalette
GetPaletteEntries
GetObjectW
GetStockObject
SelectPalette
RealizePalette
GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
CreatePalette
IntersectClipRect
MoveToEx
LineTo
SelectObject
CreateRectRgn
CreatePen
CreatePatternBrush
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateBitmap
PatBlt
SetRectRgn
CombineRgn
GetCharWidthW
CreateFontW
GetTextMetricsW
CreateDCW
SetBkColor
SetBkMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetTextExtentPoint32W
CreateFontIndirectW
GetTextExtentPointW
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
SaveDC
RestoreDC
SetBitmapDimensionEx
CreateDIBSection
StretchBlt
ExtTextOutA
GetTextExtentPointA
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetFileTitleW
ChooseColorW
GetSaveFileNameW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderW
DragFinish
ShellExecuteExW
SHFileOperationW
DragQueryFileW
ShellExecuteW

comctl32

ImageList_Destroy
ord17

ole32

CoInitialize
CoCreateInstance
CoUninitialize
OleGetClipboard

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
VariantClear
SysAllocStringLen

ws2_32

ntohs
htonl
htons

Sections

.text
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 452KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 572KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fca4260ffc072dc1cf530fe29dfe1298

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

ws2_32

Sections

.text Size: 10.8MB - Virtual size: 10.8MB

.text1 Size: 304KB - Virtual size: 301KB

.rdata Size: 452KB - Virtual size: 449KB

.data Size: 572KB - Virtual size: 1.7MB

.data1 Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 80KB - Virtual size: 79KB

.text
Size: 10.8MB - Virtual size: 10.8MB

.text1
Size: 304KB - Virtual size: 301KB

.rdata
Size: 452KB - Virtual size: 449KB

.data
Size: 572KB - Virtual size: 1.7MB

.data1
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 80KB - Virtual size: 79KB